Merge v102.1 & more
This commit is contained in:
commit
c981cb8369
|
@ -2,7 +2,7 @@
|
|||
|
||||
## prefs.js cleaner for Linux/Mac
|
||||
## author: @claustromaniac
|
||||
## version: 1.4
|
||||
## version: 1.5
|
||||
|
||||
## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh
|
||||
|
||||
|
@ -69,7 +69,8 @@ fStart() {
|
|||
fi
|
||||
|
||||
fFF_check
|
||||
bakfile="prefs.js.backup.$(date +"%Y-%m-%d_%H%M")"
|
||||
mkdir -p prefsjs_backups
|
||||
bakfile="prefsjs_backups/prefs.js.backup.$(date +"%Y-%m-%d_%H%M")"
|
||||
mv prefs.js "${bakfile}" || fQuit 1 "Operation aborted.\nReason: Could not create backup file $bakfile"
|
||||
echo -e "\nprefs.js backed up: $bakfile"
|
||||
echo "Cleaning prefs.js..."
|
||||
|
@ -81,7 +82,7 @@ echo -e "\n\n"
|
|||
echo " ╔══════════════════════════╗"
|
||||
echo " ║ prefs.js cleaner ║"
|
||||
echo " ║ by claustromaniac ║"
|
||||
echo " ║ v1.4 ║"
|
||||
echo " ║ v1.5 ║"
|
||||
echo " ╚══════════════════════════╝"
|
||||
echo -e "\nThis script should be run from your Firefox profile directory.\n"
|
||||
echo "It will remove any entries from prefs.js that also exist in user.js."
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
- removed from the arkenfox user.js
|
||||
- deprecated by Mozilla but listed in the arkenfox user.js in the past
|
||||
|
||||
Last updated: 5-May-2022
|
||||
Last updated: 31-August-2022
|
||||
|
||||
Instructions:
|
||||
- [optional] close Firefox and backup your profile
|
||||
|
@ -32,17 +32,23 @@
|
|||
|
||||
const aPREFS = [
|
||||
/* DEPRECATED */
|
||||
/* FF92+ */
|
||||
/* 103+ */
|
||||
'network.cookie.lifetimePolicy', // 103 [technically removed in 104]
|
||||
'security.pki.sha1_enforcement_level', // 103
|
||||
/* 92-102 */
|
||||
'browser.urlbar.suggest.quicksuggest', // 95
|
||||
'dom.securecontext.whitelist_onions', // 97
|
||||
'dom.storage.next_gen', // 102
|
||||
'network.http.spdy.enabled', // 100
|
||||
'network.http.spdy.enabled.deps',
|
||||
'network.http.spdy.enabled.http2',
|
||||
'network.http.spdy.websockets',
|
||||
'layout.css.font-visibility.level', // 94
|
||||
'security.ask_for_password', // 102
|
||||
'security.csp.enable', // 99
|
||||
'security.password_lifetime', // 102
|
||||
'security.ssl3.rsa_des_ede3_sha', // 93
|
||||
/* FF79-91 */
|
||||
/* 79-91 */
|
||||
'browser.cache.offline.storage.enable',
|
||||
'browser.download.hide_plugins_without_extensions',
|
||||
'browser.library.activity-stream.enabled',
|
||||
|
@ -231,13 +237,18 @@
|
|||
'toolkit.telemetry.unifiedIsOptIn',
|
||||
|
||||
/* REMOVED */
|
||||
/* 92+ */
|
||||
/* 92-102 */
|
||||
'browser.urlbar.trimURLs',
|
||||
'dom.caches.enabled',
|
||||
'dom.storageManager.enabled',
|
||||
'dom.storage_access.enabled',
|
||||
'dom.targetBlankNoOpener.enabled',
|
||||
'network.cookie.thirdparty.sessionOnly',
|
||||
'network.cookie.thirdparty.nonsecureSessionOnly',
|
||||
'privacy.firstparty.isolate.block_post_message',
|
||||
'privacy.firstparty.isolate.restrict_opener_access',
|
||||
'privacy.firstparty.isolate.use_site',
|
||||
'privacy.window.name.update.enabled',
|
||||
'security.insecure_connection_text.enabled',
|
||||
/* 79-91 */
|
||||
'alerts.showFavicons',
|
||||
|
|
10
updater.sh
10
updater.sh
|
@ -2,9 +2,9 @@
|
|||
|
||||
## arkenfox user.js updater for macOS and Linux
|
||||
|
||||
## version: 3.4
|
||||
## version: 3.5
|
||||
## Author: Pat Johnson (@overdodactyl)
|
||||
## Additional contributors: @earthlng, @ema-pe, @claustromaniac
|
||||
## Additional contributors: @earthlng, @ema-pe, @claustromaniac, @infinitewarp
|
||||
|
||||
## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_updater() )
|
||||
|
||||
|
@ -195,10 +195,10 @@ update_updater() {
|
|||
echo -e "There is a newer version of updater.sh available. ${RED}Update and execute Y/N?${NC}"
|
||||
read -p "" -n 1 -r
|
||||
echo -e "\n\n"
|
||||
[[ $REPLY =~ ^[Nn]$ ]] && return 0 # Update available, but user chooses not to update
|
||||
[[ $REPLY =~ ^[Yy]$ ]] || return 0 # Update available, but user chooses not to update
|
||||
fi
|
||||
else
|
||||
return 0 # No update available
|
||||
return 0 # No update available
|
||||
fi
|
||||
mv "${tmpfile}" "$SCRIPT_FILE"
|
||||
chmod u+x "$SCRIPT_FILE"
|
||||
|
@ -253,7 +253,7 @@ update_userjs() {
|
|||
echo -e "This script will update to the latest user.js file and append any custom configurations from user-overrides.js. ${RED}Continue Y/N? ${NC}"
|
||||
read -p "" -n 1 -r
|
||||
echo -e "\n"
|
||||
if [[ $REPLY =~ ^[Nn]$ ]]; then
|
||||
if ! [[ $REPLY =~ ^[Yy]$ ]]; then
|
||||
echo -e "${RED}Process aborted${NC}"
|
||||
#rm $newfile
|
||||
return 1
|
||||
|
|
123
user.js
123
user.js
|
@ -1,7 +1,7 @@
|
|||
/******
|
||||
* name: arkenfox user.js
|
||||
* date: 9 May 2022
|
||||
* version: 100
|
||||
* date: 18 July 2022
|
||||
* version: 102
|
||||
* url: https://github.com/arkenfox/user.js
|
||||
* license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
|
||||
|
||||
|
@ -82,7 +82,7 @@ user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!");
|
|||
user_pref("browser.shell.checkDefaultBrowser", false);
|
||||
/* 0102: set startup page [SETUP-CHROME]
|
||||
* 0=blank, 1=home, 2=last visited page, 3=resume previous session
|
||||
* [NOTE] Session Restore is cleared with history (2811, 2812), and not used in Private Browsing mode
|
||||
* [NOTE] Session Restore is cleared with history (2811, 2820), and not used in Private Browsing mode
|
||||
* [SETTING] General>Startup>Restore previous session ***/
|
||||
user_pref("browser.startup.page", 0);
|
||||
/* 0103: set HOME+NEWWINDOW page
|
||||
|
@ -310,10 +310,10 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
|
|||
// user_pref("network.proxy.allow_bypass", false); // [HIDDEN PREF FF95-96]
|
||||
/* 0710: disable DNS-over-HTTPS (DoH) rollout [FF60+]
|
||||
* 0=off by default, 2=TRR (Trusted Recursive Resolver) first, 3=TRR only, 5=explicitly off
|
||||
* see "doh-rollout.home-region": USA Feb 2020, Canada July 2021 [3]
|
||||
* see "doh-rollout.home-region": USA 2019, Canada 2021, Russia/Ukraine 2022 [3]
|
||||
* [1] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
|
||||
* [2] https://wiki.mozilla.org/Security/DOH-resolver-policy
|
||||
* [3] https://blog.mozilla.org/mozilla/news/firefox-by-default-dns-over-https-rollout-in-canada/
|
||||
* [3] https://support.mozilla.org/en-US/kb/firefox-dns-over-https
|
||||
* [4] https://www.eff.org/deeplinks/2020/12/dns-doh-and-odoh-oh-my-year-review-2020 ***/
|
||||
// user_pref("network.trr.mode", 5);
|
||||
|
||||
|
@ -333,9 +333,7 @@ user_pref("keyword.enabled", false);
|
|||
* as the 411 for DNS errors?), privacy issues (why connect to sites you didn't
|
||||
* intend to), can leak sensitive data (e.g. query strings: e.g. Princeton attack),
|
||||
* and is a security risk (e.g. common typos & malicious sites set up to exploit this) ***/
|
||||
user_pref("browser.fixup.alternate.enabled", false);
|
||||
/* 0803: display all parts of the url in the location bar ***/
|
||||
user_pref("browser.urlbar.trimURLs", false);
|
||||
user_pref("browser.fixup.alternate.enabled", false); // [DEFAULT: false FF104+]
|
||||
/* 0804: disable live search suggestions
|
||||
* [NOTE] Both must be true for the location bar to work
|
||||
* [SETUP-CHROME] Override these if you trust and use a privacy respecting search engine
|
||||
|
@ -391,16 +389,12 @@ user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+]
|
|||
[1] https://support.mozilla.org/kb/use-primary-password-protect-stored-logins-and-pas
|
||||
***/
|
||||
user_pref("_user.js.parrot", "0900 syntax error: the parrot's expired!");
|
||||
/* 0901: set when Firefox should prompt for the primary password
|
||||
* 0=once per session (default), 1=every time it's needed, 2=after n minutes (0902) ***/
|
||||
user_pref("security.ask_for_password", 2);
|
||||
/* 0902: set how long in minutes Firefox should remember the primary password (0901) ***/
|
||||
user_pref("security.password_lifetime", 5); // [DEFAULT: 30]
|
||||
/* 0903: disable auto-filling username & password form fields
|
||||
* can leak in cross-site forms *and* be spoofed
|
||||
* [NOTE] Username & password is still available when you enter the field
|
||||
* [SETTING] Privacy & Security>Logins and Passwords>Autofill logins and passwords
|
||||
* [1] https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/ ***/
|
||||
* [1] https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/
|
||||
* [2] https://homes.esat.kuleuven.be/~asenol/leaky-forms/ ***/
|
||||
user_pref("signon.autofillForms", false);
|
||||
/* 0904: disable formless login capture for Password Manager [FF51+] ***/
|
||||
user_pref("signon.formlessCapture.enabled", false);
|
||||
|
@ -493,31 +487,22 @@ user_pref("security.OCSP.enabled", 1); // [DEFAULT: 1]
|
|||
user_pref("security.OCSP.require", true);
|
||||
|
||||
/** CERTS / HPKP (HTTP Public Key Pinning) ***/
|
||||
/* 1220: disable or limit SHA-1 certificates
|
||||
* 0 = allow all
|
||||
* 1 = block all
|
||||
* 3 = only allow locally-added roots (e.g. anti-virus) (default)
|
||||
* 4 = only allow locally-added roots or for certs in 2015 and earlier
|
||||
* [SETUP-CHROME] If you have problems, update your software: SHA-1 is obsolete
|
||||
* [1] https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ ***/
|
||||
user_pref("security.pki.sha1_enforcement_level", 1);
|
||||
/* 1221: disable Windows 8.1's Microsoft Family Safety cert [FF50+] [WINDOWS]
|
||||
* 0=disable detecting Family Safety mode and importing the root
|
||||
* 1=only attempt to detect Family Safety mode (don't import the root)
|
||||
* 2=detect Family Safety mode and import the root
|
||||
* [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21686 ***/
|
||||
user_pref("security.family_safety.mode", 0);
|
||||
/* 1223: enable strict pinning
|
||||
* PKP (Public Key Pinning) 0=disabled, 1=allow user MiTM (such as your antivirus), 2=strict
|
||||
* [SETUP-WEB] If you rely on an AV (antivirus) to protect your web browsing
|
||||
* by inspecting ALL your web traffic, then leave at current default=1
|
||||
* [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206 ***/
|
||||
/* 1223: enable strict PKP (Public Key Pinning)
|
||||
* 0=disabled, 1=allow user MiTM (default; such as your antivirus), 2=strict
|
||||
* [SETUP-WEB] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE: If you rely on an AV (antivirus) to protect
|
||||
* your web browsing by inspecting ALL your web traffic, then override to current default ***/
|
||||
user_pref("security.cert_pinning.enforcement_level", 2);
|
||||
/* 1224: enable CRLite [FF73+]
|
||||
* 0 = disabled
|
||||
* 1 = consult CRLite but only collect telemetry (default)
|
||||
* 1 = consult CRLite but only collect telemetry
|
||||
* 2 = consult CRLite and enforce both "Revoked" and "Not Revoked" results
|
||||
* 3 = consult CRLite and enforce "Not Revoked" results, but defer to OCSP for "Revoked" (FF99+)
|
||||
* 3 = consult CRLite and enforce "Not Revoked" results, but defer to OCSP for "Revoked" (FF99+, default FF100+)
|
||||
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1429800,1670985,1753071
|
||||
* [2] https://blog.mozilla.org/security/tag/crlite/ ***/
|
||||
user_pref("security.remote_settings.crlite_filters.enabled", true);
|
||||
|
@ -531,7 +516,7 @@ user_pref("security.mixed_content.block_display_content", true);
|
|||
* [SETTING] to add site exceptions: Padlock>HTTPS-Only mode>On (after "Continue to HTTP Site")
|
||||
* [SETTING] Privacy & Security>HTTPS-Only Mode (and manage exceptions)
|
||||
* [TEST] http://example.com [upgrade]
|
||||
* [TEST] http://neverssl.com/ [no upgrade] ***/
|
||||
* [TEST] http://httpforever.com/ [no upgrade] ***/
|
||||
user_pref("dom.security.https_only_mode", true); // [FF76+]
|
||||
// user_pref("dom.security.https_only_mode_pbm", true); // [FF80+]
|
||||
/* 1245: enable HTTPS-Only mode for local resources [FF77+] ***/
|
||||
|
@ -589,16 +574,11 @@ user_pref("network.http.referer.XOriginPolicy", 2);
|
|||
* 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/
|
||||
user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
|
||||
|
||||
/*** [SECTION 1700]: CONTAINERS
|
||||
Check out Temporary Containers [2], read the article [3], and visit the wiki/repo [4]
|
||||
[1] https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers
|
||||
[2] https://addons.mozilla.org/firefox/addon/temporary-containers/
|
||||
[3] https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21
|
||||
[4] https://github.com/stoically/temporary-containers/wiki
|
||||
***/
|
||||
/*** [SECTION 1700]: CONTAINERS ***/
|
||||
user_pref("_user.js.parrot", "1700 syntax error: the parrot's bit the dust!");
|
||||
/* 1701: enable Container Tabs and its UI setting [FF50+]
|
||||
* [SETTING] General>Tabs>Enable Container Tabs ***/
|
||||
* [SETTING] General>Tabs>Enable Container Tabs
|
||||
* https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers ***/
|
||||
user_pref("privacy.userContext.enabled", true);
|
||||
user_pref("privacy.userContext.ui.enabled", true);
|
||||
/* 1702: set behavior on "+ Tab" button to display container menu on left click [FF74+]
|
||||
|
@ -772,7 +752,7 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin
|
|||
user_pref("browser.contentblocking.category", "strict");
|
||||
/* 2702: disable ETP web compat features [FF93+]
|
||||
* [SETUP-HARDEN] Includes skip lists, heuristics (SmartBlock) and automatic grants
|
||||
* Opener Heuristics are granted for 30 days and Redirect Heuristics for 15 minutes, see [3]
|
||||
* Opener and redirect heuristics are granted for 30 days, see [3]
|
||||
* [1] https://blog.mozilla.org/security/2021/07/13/smartblock-v2/
|
||||
* [2] https://hg.mozilla.org/mozilla-central/rev/e5483fd469ab#l4.12
|
||||
* [3] https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning#storage_access_heuristics ***/
|
||||
|
@ -795,12 +775,6 @@ user_pref("network.cookie.lifetimePolicy", 2);
|
|||
* [NOTE] We already disable disk cache (1001) and clear on exit (2811) which is more robust
|
||||
* [1] https://bugzilla.mozilla.org/1671182 ***/
|
||||
// user_pref("privacy.clearsitedata.cache.enabled", true);
|
||||
/* 2803: set third-party cookies to session-only
|
||||
* [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and
|
||||
* .nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones
|
||||
* [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ ***/
|
||||
user_pref("network.cookie.thirdparty.sessionOnly", true);
|
||||
user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+]
|
||||
|
||||
/** SANITIZE ON SHUTDOWN : ALL OR NOTHING ***/
|
||||
/* 2810: enable Firefox to clear items on shutdown (2811)
|
||||
|
@ -820,8 +794,10 @@ user_pref("privacy.clearOnShutdown.history", true); // [DEFAULT: true]
|
|||
user_pref("privacy.clearOnShutdown.sessions", true); // [DEFAULT: true]
|
||||
user_pref("privacy.clearOnShutdown.offlineApps", false); // [DEFAULT: false]
|
||||
user_pref("privacy.clearOnShutdown.cookies", false);
|
||||
// user_pref("privacy.clearOnShutdown.siteSettings", false); // [DEFAULT: false]
|
||||
/* 2812: reset default items to clear with Ctrl-Shift-Del (to match 2811) [SETUP-CHROME]
|
||||
// user_pref("privacy.clearOnShutdown.siteSettings", false);
|
||||
|
||||
/** SANITIZE MANUAL: ALL OR NOTHING ***/
|
||||
/* 2820: reset default items to clear with Ctrl-Shift-Del [SETUP-CHROME]
|
||||
* This dialog can also be accessed from the menu History>Clear Recent History
|
||||
* Firefox remembers your last choices. This will reset them when you start Firefox
|
||||
* [NOTE] Regardless of what you set "downloads" to, as soon as the dialog
|
||||
|
@ -833,15 +809,14 @@ user_pref("privacy.cpd.sessions", true); // [DEFAULT: true]
|
|||
user_pref("privacy.cpd.offlineApps", false); // [DEFAULT: false]
|
||||
user_pref("privacy.cpd.cookies", false);
|
||||
// user_pref("privacy.cpd.downloads", true); // not used, see note above
|
||||
// user_pref("privacy.cpd.passwords", false); // [DEFAULT: false] not listed
|
||||
// user_pref("privacy.cpd.siteSettings", false); // [DEFAULT: false]
|
||||
/* 2813: clear Session Restore data when sanitizing on shutdown or manually [FF34+]
|
||||
// user_pref("privacy.cpd.passwords", false);
|
||||
// user_pref("privacy.cpd.siteSettings", false);
|
||||
/* 2821: clear Session Restore data when sanitizing on shutdown or manually [FF34+]
|
||||
* [NOTE] Not needed if Session Restore is not used (0102) or it is already cleared with history (2811)
|
||||
* [NOTE] privacy.clearOnShutdown.openWindows prevents resuming from crashes (also see 5008)
|
||||
* [NOTE] privacy.cpd.openWindows has a bug that causes an additional window to open ***/
|
||||
* [NOTE] privacy.clearOnShutdown.openWindows prevents resuming from crashes (also see 5008) ***/
|
||||
// user_pref("privacy.clearOnShutdown.openWindows", true);
|
||||
// user_pref("privacy.cpd.openWindows", true);
|
||||
/* 2814: reset default "Time range to clear" for "Clear Recent History" (2812)
|
||||
/* 2822: reset default "Time range to clear" for "Clear Recent History" (2820)
|
||||
* Firefox remembers your last choice. This will reset the value when you start Firefox
|
||||
* 0=everything, 1=last hour, 2=last two hours, 3=last four hours, 4=today
|
||||
* [NOTE] Values 5 (last 5 minutes) and 6 (last 24 hours) are not listed in the dropdown,
|
||||
|
@ -861,12 +836,11 @@ user_pref("privacy.sanitize.timeSpan", 0);
|
|||
FF53: fixes GetSupportedNames in nsMimeTypeArray and nsPluginArray (1324044)
|
||||
1330890 - spoof timezone as UTC0 (FF55)
|
||||
1360039 - spoof navigator.hardwareConcurrency as 2 (FF55)
|
||||
1217238 - reduce precision of time exposed by javascript (FF55)
|
||||
FF56
|
||||
1369303 - spoof/disable performance API
|
||||
1333651 - spoof User Agent & Navigator API
|
||||
JS: the version is spoofed as ESR, and the OS as Windows 10, OS 10.15, Android 10, or Linux
|
||||
HTTP Headers: spoofed as Windows or Android
|
||||
version: spoofed as ESR (FF102+ this is limited to Android)
|
||||
OS: JS spoofed as Windows 10, OS 10.15, Android 10, or Linux | HTTP Headers spoofed as Windows or Android
|
||||
1369319 - disable device sensor API
|
||||
1369357 - disable site specific zoom
|
||||
1337161 - hide gamepads from content
|
||||
|
@ -903,6 +877,7 @@ user_pref("privacy.sanitize.timeSpan", 0);
|
|||
FF91+
|
||||
531915 - use fdlibm's sin, cos and tan in jsmath (FF93, ESR91.1)
|
||||
1756280 - enforce navigator.pdfViewerEnabled as true and plugins/mimeTypes as hard-coded values (FF100)
|
||||
1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was capped at 100ms) (FF102)
|
||||
***/
|
||||
user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
|
||||
/* 4501: enable privacy.resistFingerprinting [FF41+]
|
||||
|
@ -995,7 +970,7 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
|
|||
/* 5005: disable intermediate certificate caching [FF41+] [RESTART]
|
||||
* [NOTE] This affects login/cert/key dbs. The effect is all credentials are session-only.
|
||||
* Saved logins and passwords are not available. Reset the pref and restart to return them ***/
|
||||
// user_pref("security.nocertdb", true); // [HIDDEN PREF]
|
||||
// user_pref("security.nocertdb", true); // [HIDDEN PREF in FF101 or lower]
|
||||
/* 5006: disable favicons in history and bookmarks
|
||||
* [NOTE] Stored as data blobs in favicons.sqlite, these don't reveal anything that your
|
||||
* actual history (and bookmarks) already do. Your history is more detailed, so
|
||||
|
@ -1004,7 +979,8 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
|
|||
// user_pref("browser.chrome.site_icons", false);
|
||||
/* 5007: exclude "Undo Closed Tabs" in Session Restore ***/
|
||||
// user_pref("browser.sessionstore.max_tabs_undo", 0);
|
||||
/* 5008: disable resuming session from crash ***/
|
||||
/* 5008: disable resuming session from crash
|
||||
* [TEST] about:crashparent ***/
|
||||
// user_pref("browser.sessionstore.resume_from_crash", false);
|
||||
/* 5009: disable "open with" in download dialog [FF50+]
|
||||
* Application data isolation [1]
|
||||
|
@ -1088,16 +1064,6 @@ user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false]
|
|||
/* 6004: enforce a security delay on some confirmation dialogs such as install, open/save
|
||||
* [1] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/
|
||||
user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000]
|
||||
/* 6005: enforce window.opener protection [FF65+]
|
||||
* Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/
|
||||
user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true]
|
||||
/* 6006: enforce "window.name" protection [FF82+]
|
||||
* If a new page from another domain is loaded into a tab, then window.name is set to an empty string. The original
|
||||
* string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks
|
||||
* [TEST] https://arkenfox.github.io/TZP/tests/windownamea.html ***/
|
||||
user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true]
|
||||
/* 6007: enforce Local Storage Next Generation (LSNG) [FF65+] ***/
|
||||
user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+]
|
||||
/* 6008: enforce no First Party Isolation [FF51+]
|
||||
* [WARNING] Replaced with network partitioning (FF85+) and TCP (2701),
|
||||
* and enabling FPI disables those. FPI is no longer maintained ***/
|
||||
|
@ -1114,13 +1080,20 @@ user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false]
|
|||
* Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla
|
||||
* [WHY] To prevent wasting Mozilla's time with a custom setup ***/
|
||||
user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false]
|
||||
/* 6012: disable SHA-1 certificates ***/
|
||||
user_pref("security.pki.sha1_enforcement_level", 1); // [DEFAULT: 1 FF102+]
|
||||
/* 6050: prefsCleaner: reset items removed from arkenfox FF92+ ***/
|
||||
// user_pref("browser.urlbar.trimURLs", "");
|
||||
// user_pref("dom.caches.enabled", "");
|
||||
// user_pref("dom.storageManager.enabled", "");
|
||||
// user_pref("dom.storage_access.enabled", "");
|
||||
// user_pref("dom.targetBlankNoOpener.enabled", "");
|
||||
// user_pref("network.cookie.thirdparty.sessionOnly", "");
|
||||
// user_pref("network.cookie.thirdparty.nonsecureSessionOnly", "");
|
||||
// user_pref("privacy.firstparty.isolate.block_post_message", "");
|
||||
// user_pref("privacy.firstparty.isolate.restrict_opener_access", "");
|
||||
// user_pref("privacy.firstparty.isolate.use_site", "");
|
||||
// user_pref("privacy.window.name.update.enabled", "");
|
||||
// user_pref("security.insecure_connection_text.enabled", "");
|
||||
|
||||
/*** [SECTION 7000]: DON'T BOTHER ***/
|
||||
|
@ -1163,7 +1136,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
|
|||
/* 7005: disable SSL session IDs [FF36+]
|
||||
* [WHY] Passive fingerprinting and perf costs. These are session-only
|
||||
* and isolated with network partitioning (FF85+) and/or containers ***/
|
||||
// user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF]
|
||||
// user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF in FF101 or lower]
|
||||
/* 7006: onions
|
||||
* [WHY] Firefox doesn't support hidden services. Use Tor Browser ***/
|
||||
// user_pref("dom.securecontext.allowlist_onions", true); // [FF97+] 1382359/1744006
|
||||
|
@ -1207,6 +1180,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
|
|||
// user_pref("network.http.referer.disallowCrossSiteRelaxingDefault", true);
|
||||
// user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // [FF100+]
|
||||
// user_pref("privacy.partition.network_state.ocsp_cache", true);
|
||||
// user_pref("privacy.query_stripping.enabled", true); // [FF101+] [ETP FF102+]
|
||||
// user_pref("privacy.trackingprotection.enabled", true);
|
||||
// user_pref("privacy.trackingprotection.socialtracking.enabled", true);
|
||||
// user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true]
|
||||
|
@ -1362,6 +1336,17 @@ user_pref("security.csp.enable", true); // [DEFAULT: true]
|
|||
// user_pref("network.http.spdy.enabled.deps", false);
|
||||
// user_pref("network.http.spdy.enabled.http2", false);
|
||||
// user_pref("network.http.spdy.websockets", false); // [FF65+]
|
||||
// FF102
|
||||
// 0901: set when Firefox should prompt for the primary password
|
||||
// 0=once per session (default), 1=every time it's needed, 2=after n minutes (0902)
|
||||
// [-] https://bugzilla.mozilla.org/1767099
|
||||
user_pref("security.ask_for_password", 2);
|
||||
// 0902: set how long in minutes Firefox should remember the primary password (0901)
|
||||
// [-] https://bugzilla.mozilla.org/1767099
|
||||
user_pref("security.password_lifetime", 5); // [DEFAULT: 30]
|
||||
// 6007: enforce Local Storage Next Generation (LSNG) [FF65+]
|
||||
// [-] https://bugzilla.mozilla.org/1764696
|
||||
user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+]
|
||||
// ***/
|
||||
|
||||
/* END: internal custom pref to test for syntax errors ***/
|
||||
|
|
Loading…
Reference in New Issue