From f2fe7f02b01068be6413fa1cb7e8e65295db7527 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 11 Nov 2020 16:59:27 +0000 Subject: [PATCH] add 2624: window.name protection, fixes #1012 --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index caad195..c21b2d6 100644 --- a/user.js +++ b/user.js @@ -1183,6 +1183,10 @@ user_pref("browser.display.use_system_colors", false); // [DEFAULT: false] * for these will show/use their correct 3rd party origin * [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion */ user_pref("permissions.delegation.enabled", false); +/* 2624: enable "window.name" protection [FF82+] + * If a new page from another domain is loaded into a tab, then window.name is set to an empty string. The original + * string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks ***/ +user_pref("privacy.window.name.update.enabled", true); /** DOWNLOADS ***/ /* 2650: discourage downloading to desktop