1
0

Standardize Part3 #115

This commit is contained in:
Thorin-Oakenpants 2017-05-25 07:40:40 +12:00 committed by GitHub
parent e6628e56df
commit 7c87abbe78

40
user.js
View File

@ -444,6 +444,7 @@ user_pref("ghacks_user.js.parrot", "0900 syntax error: the parrot's expired!");
// user_pref("signon.rememberSignons", false); // user_pref("signon.rememberSignons", false);
/* 0902: use a master password (recommended if you save passwords) /* 0902: use a master password (recommended if you save passwords)
* There are no preferences for this. It is all handled internally. * There are no preferences for this. It is all handled internally.
* [SETTING] Options>Security>Logins>Use a master password
* [1] https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins ***/ * [1] https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins ***/
/* 0903: set how often Firefox should ask for the master password /* 0903: set how often Firefox should ask for the master password
* 0=the first time (default), 1=every time it's needed, 2=every n minutes (as per the next pref) ***/ * 0=the first time (default), 1=every time it's needed, 2=every n minutes (as per the next pref) ***/
@ -464,9 +465,8 @@ user_pref("signon.storeWhenAutocompleteOff", true);
/* 0907: display warnings for logins on non-secure (non HTTPS) pages /* 0907: display warnings for logins on non-secure (non HTTPS) pages
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1217156 ***/ * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1217156 ***/
user_pref("security.insecure_password.ui.enabled", true); user_pref("security.insecure_password.ui.enabled", true);
/* 0908: When attempting to fix an entered URL (see 0802: browser.fixup.alternate.enabled), /* 0908: remove user & password info when attempting to fix an entered URL (i.e 0802 is true)
* do not fix an entered password along with it: i.e do not turn ~http://user:password@foo into * e.g //user:password@foo -> //user@(prefix)foo(suffix) NOT //user:password@(prefix)foo(suffix) ***/
* ~http://user:password@(prefix)foo(suffix) but instead ~http://user@(prefix)foo(suffix) ***/
user_pref("browser.fixup.hide_user_pass", true); user_pref("browser.fixup.hide_user_pass", true);
/* 0909: disable formless login capture for Password Manager (FF51+) ***/ /* 0909: disable formless login capture for Password Manager (FF51+) ***/
user_pref("signon.formlessCapture.enabled", false); user_pref("signon.formlessCapture.enabled", false);
@ -518,8 +518,8 @@ user_pref("browser.sessionstore.max_windows_undo", 0);
user_pref("browser.sessionstore.privacy_level", 2); user_pref("browser.sessionstore.privacy_level", 2);
/* 1022: disable resuming session from crash [SETUP] ***/ /* 1022: disable resuming session from crash [SETUP] ***/
user_pref("browser.sessionstore.resume_from_crash", false); user_pref("browser.sessionstore.resume_from_crash", false);
/* 1023: If you use session restore, increasing the minimal interval between two session save /* 1023: set the minimum interval between session save operations - increasing it
* operations can help on older machines and some websites, as well as reducing writes, see [1] * can help on older machines and some websites, as well as reducing writes, see [1]
* Default is 15000 (15 secs). Try 30000 (30sec), 60000 (1min) etc * Default is 15000 (15 secs). Try 30000 (30sec), 60000 (1min) etc
* [WARNING] This can also affect entries in the "Recently Closed Tabs" feature: * [WARNING] This can also affect entries in the "Recently Closed Tabs" feature:
* i.e the longer the interval the more chance a quick tab open/close won't be captured. * i.e the longer the interval the more chance a quick tab open/close won't be captured.
@ -625,9 +625,11 @@ user_pref("security.ssl.enable_ocsp_stapling", true);
* It's a trade-off between security (checking) and privacy (leaking info to the CA) * It's a trade-off between security (checking) and privacy (leaking info to the CA)
* [1] https://en.wikipedia.org/wiki/Ocsp ***/ * [1] https://en.wikipedia.org/wiki/Ocsp ***/
user_pref("security.OCSP.enabled", 1); user_pref("security.OCSP.enabled", 1);
/* 1212: require certificate revocation check through OCSP protocol /* 1212: enable OCSP revocation. When a CA cannot be reached to validate a cert, Firefox currently
* continues the connection. With OCSP revocation, Firefox terminates the connection instead.
* [WARNING] Since FF44 the default is false. If set to true, this may/will cause some * [WARNING] Since FF44 the default is false. If set to true, this may/will cause some
* site breakage. Some users have previously mentioned issues with youtube, microsoft etc ***/ * site breakage. Some users have previously mentioned issues with youtube, microsoft etc
* [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/
// user_pref("security.OCSP.require", true); // user_pref("security.OCSP.require", true);
/** CERTS / HSTS (HTTP Strict Transport Security) / HPKP (HTTP Public Key Pinning) ***/ /** CERTS / HSTS (HTTP Strict Transport Security) / HPKP (HTTP Public Key Pinning) ***/
/* 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+) /* 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+)
@ -718,7 +720,8 @@ user_pref("ghacks_user.js.parrot", "1400 syntax error: the parrot's bereft of li
* [SETTING] Options>Content>Font & Colors>Advanced>Allow pages to choose... * [SETTING] Options>Content>Font & Colors>Advanced>Allow pages to choose...
* [SETUP] Disabling fonts can uglify the web a fair bit. ***/ * [SETUP] Disabling fonts can uglify the web a fair bit. ***/
user_pref("browser.display.use_document_fonts", 0); user_pref("browser.display.use_document_fonts", 0);
/* 1402: enable icon fonts (glyphs) (FF41+) ***/ /* 1402: enable icon fonts (glyphs) (FF41+)
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=789788 ***/
user_pref("gfx.downloadable_fonts.enabled", true); user_pref("gfx.downloadable_fonts.enabled", true);
/* 1403: disable rendering of SVG OpenType fonts /* 1403: disable rendering of SVG OpenType fonts
* [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/ * [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/
@ -868,7 +871,7 @@ user_pref("media.gmp-gmpopenh264.enabled", false); // (hidden pref)
user_pref("media.gmp-gmpopenh264.autoupdate", false); user_pref("media.gmp-gmpopenh264.autoupdate", false);
user_pref("media.gmp-manager.url", "data:text/plain,"); user_pref("media.gmp-manager.url", "data:text/plain,");
/*** 2000: MEDIA / CAMERA / MIKE ***/ /*** 2000: MEDIA / CAMERA / MIC ***/
user_pref("ghacks_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); user_pref("ghacks_user.js.parrot", "2000 syntax error: the parrot's snuffed it!");
/* 2001: disable WebRTC (Web Real-Time Communication) /* 2001: disable WebRTC (Web Real-Time Communication)
* [1] https://www.privacytools.io/#webrtc ***/ * [1] https://www.privacytools.io/#webrtc ***/
@ -879,10 +882,11 @@ user_pref("media.peerconnection.identity.enabled", false);
user_pref("media.peerconnection.identity.timeout", 1); user_pref("media.peerconnection.identity.timeout", 1);
user_pref("media.peerconnection.turn.disable", true); user_pref("media.peerconnection.turn.disable", true);
user_pref("media.navigator.video.enabled", false); // video capability for WebRTC user_pref("media.navigator.video.enabled", false); // video capability for WebRTC
/* 2002: pref which improves the WebRTC IP Leak issue, as opposed to completely /* 2002: limit WebRTC IP leaks if using WebRTC
* disabling WebRTC. You still need to enable WebRTC for this to be applicable (FF42+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1189041
* [1] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/ * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1297416
user_pref("media.peerconnection.ice.default_address_only", true); // (FF41-FF50) * [3] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/
user_pref("media.peerconnection.ice.default_address_only", true); // (FF42-FF50)
user_pref("media.peerconnection.ice.no_host", true); // (FF51+) user_pref("media.peerconnection.ice.no_host", true); // (FF51+)
/* 2010: disable WebGL (Web Graphics Library), force bare minimum feature set if used & disable WebGL extensions /* 2010: disable WebGL (Web Graphics Library), force bare minimum feature set if used & disable WebGL extensions
* [1] http://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/ * [1] http://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/
@ -896,8 +900,8 @@ user_pref("webgl.disable-fail-if-major-performance-caveat", true);
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1171228 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1171228
* [2] https://developer.mozilla.org/en-US/docs/Web/API/WEBGL_debug_renderer_info ***/ * [2] https://developer.mozilla.org/en-US/docs/Web/API/WEBGL_debug_renderer_info ***/
user_pref("webgl.enable-debug-renderer-info", false); user_pref("webgl.enable-debug-renderer-info", false);
/* 2012: two more webgl preferences (FF51+) ***/ /* 2012: disable two more webgl preferences (FF51+) ***/
user_pref("webgl.dxgl.enabled", false); user_pref("webgl.dxgl.enabled", false); // [WINDOWS]
user_pref("webgl.enable-webgl2", false); user_pref("webgl.enable-webgl2", false);
/* 2021: disable speech recognition /* 2021: disable speech recognition
* [1] https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition * [1] https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition
@ -1045,7 +1049,7 @@ user_pref("full-screen-api.enabled", false);
* [2] https://www.mozilla.org/en-US/security/advisories/mfsa2015-50/ * [2] https://www.mozilla.org/en-US/security/advisories/mfsa2015-50/
* [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712 ***/ * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712 ***/
user_pref("javascript.options.asmjs", false); user_pref("javascript.options.asmjs", false);
/* 2421: in addition to 2420, these settings will help harden JS against exploits such as CVE-2015-0817 /* 2421: disable Ion and baseline JIT to help harden JS against exploits such as CVE-2015-0817
* [WARNING] Causes the odd site issue and there is also a performance loss * [WARNING] Causes the odd site issue and there is also a performance loss
* [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 ***/ * [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 ***/
// user_pref("javascript.options.ion", false); // user_pref("javascript.options.ion", false);
@ -1116,7 +1120,7 @@ user_pref("dom.keyboardevent.dispatch_during_composition", false);
* [NOTE] Changing this option changes BOTH these preferences * [NOTE] Changing this option changes BOTH these preferences
* [WARNING] [SETUP] Affects text rendering (fonts will look different) and impacts video performance * [WARNING] [SETUP] Affects text rendering (fonts will look different) and impacts video performance
* [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/ * [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/
user_pref("gfx.direct2d.disabled", true); user_pref("gfx.direct2d.disabled", true); // [WINDOWS]
user_pref("layers.acceleration.disabled", true); user_pref("layers.acceleration.disabled", true);
/* 2509: disable touch events [SETUP] /* 2509: disable touch events [SETUP]
* fingerprinting attack vector - leaks screen res & actual screen coordinates * fingerprinting attack vector - leaks screen res & actual screen coordinates
@ -1292,7 +1296,7 @@ user_pref("extensions.autoDisableScopes", 15);
* CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1255474 ***/ * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1255474 ***/
user_pref("network.proxy.autoconfig_url.include_path", false); user_pref("network.proxy.autoconfig_url.include_path", false);
/* 2670: close bypassing of CSP via image mime types (FF51+) /* 2670: disable "image/" mime types bypassing CSP (FF51+)
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1288361 ***/ * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1288361 ***/
user_pref("security.block_script_with_wrong_mime", true); user_pref("security.block_script_with_wrong_mime", true);
/* 2671: disable in-content SVG (Scalable Vector Graphics) (FF53+) /* 2671: disable in-content SVG (Scalable Vector Graphics) (FF53+)