Update 'user.js'

This commit is contained in:
Narsil 2020-10-26 14:46:36 -04:00
parent 8ade0a83e0
commit 1b3201a2d2
1 changed files with 8 additions and 1 deletions

View File

@ -408,6 +408,7 @@ user_pref("browser.send_pings.require_same_host", true); // defense-in-depth
// [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an // [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an
// OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, // OS/network level, and/or configured properly in VPN setups. If you are not masking your IP,
// then this won't make much difference. If you are masking your IP, then it can only help. // then this won't make much difference. If you are masking your IP, then it can only help.
// [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT"
// [TEST] https://ipleak.org/ // [TEST] https://ipleak.org/
// https://github.com/arkenfox/user.js/issues/437#issuecomment-403740626 // https://github.com/arkenfox/user.js/issues/437#issuecomment-403740626
// https://www.internetsociety.org/tag/ipv6-security/ ***/ // https://www.internetsociety.org/tag/ipv6-security/ ***/
@ -1123,7 +1124,13 @@ user_pref("javascript.options.asmjs", false);
// user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [HIDDEN PREF] // user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [HIDDEN PREF]
// ------------------------------------- // -------------------------------------
// Disable WebAssembly [FF52+] [SETUP-PERF] // Disable WebAssembly [FF52+] [SETUP-PERF]
// https://developer.mozilla.org/docs/WebAssembly ***/ // Vulnerabilities have increasingly been found, including those known and fixed
// in native programs years ago. WASM has powerful low-level access, making
// certain attacks (brute-force) and vulnerabilities more possible
// [STATS] ~0.2% of websites, about half of which are for crytopmining / malvertising
// https://developer.mozilla.org/docs/WebAssembly
// https://spectrum.ieee.org/tech-talk/telecom/security/more-worries-over-the-security-of-web-assembly
// https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes ***/
user_pref("javascript.options.wasm", false); user_pref("javascript.options.wasm", false);
// ------------------------------------- // -------------------------------------
// Enable (limited but sufficient) window.opener protection [FF65+] // Enable (limited but sufficient) window.opener protection [FF65+]