Update 'user.js'
This commit is contained in:
parent
61a6234940
commit
68caddd032
46
user.js
46
user.js
|
|
@ -126,7 +126,7 @@ user_pref("browser.search.region", "US"); // [HIDDEN PREF]
|
||||||
// https://addons.mozilla.org/about ***/
|
// https://addons.mozilla.org/about ***/
|
||||||
user_pref("intl.accept_languages", "en-US, en");
|
user_pref("intl.accept_languages", "en-US, en");
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Enforce US English locale regardless of the system locale
|
// Use US English locale regardless of the system locale
|
||||||
// [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages
|
// [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages
|
||||||
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 ***/
|
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 ***/
|
||||||
user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF]
|
user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF]
|
||||||
|
|
@ -305,19 +305,6 @@ user_pref("media.webvtt.testing.events", false);
|
||||||
// https://bugzilla.mozilla.org/show_bug.cgi?id=1608308
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1608308
|
||||||
user_pref("corroborator.enabled", false);
|
user_pref("corroborator.enabled", false);
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Disable Remote Settings
|
|
||||||
// https://github.com/mozilla-services/remote-settings-lambdas
|
|
||||||
// https://remote-settings.readthedocs.io/en/latest/
|
|
||||||
user_pref("security.remote_settings.intermediates.enabled", false);
|
|
||||||
user_pref("security.remote_settings.intermediates.bucket", "");
|
|
||||||
user_pref("security.remote_settings.intermediates.collection", "");
|
|
||||||
user_pref("security.remote_settings.intermediates.signer", "");
|
|
||||||
user_pref("security.remote_settings.crlite_filters.enabled", false);
|
|
||||||
user_pref("security.remote_settings.crlite_filters.bucket", "");
|
|
||||||
user_pref("security.remote_settings.crlite_filters.collection", "");
|
|
||||||
user_pref("security.remote_settings.crlite_filters.signer", "");
|
|
||||||
user_pref("security.pki.crlite_mode", 0);
|
|
||||||
// -------------------------------------
|
|
||||||
// Block unwanted connections
|
// Block unwanted connections
|
||||||
user_pref("app.feedback.baseURL", "");
|
user_pref("app.feedback.baseURL", "");
|
||||||
user_pref("app.support.baseURL", "");
|
user_pref("app.support.baseURL", "");
|
||||||
|
|
@ -516,7 +503,7 @@ user_pref("network.dns.disableIPv6", true);
|
||||||
user_pref("network.http.altsvc.enabled", false);
|
user_pref("network.http.altsvc.enabled", false);
|
||||||
user_pref("network.http.altsvc.oe", false);
|
user_pref("network.http.altsvc.oe", false);
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Enforce the proxy server to do any DNS lookups when using SOCKS
|
// Set the proxy server to do any DNS lookups when using SOCKS
|
||||||
// e.g. in Tor, this stops your local DNS server from knowing your Tor destination
|
// e.g. in Tor, this stops your local DNS server from knowing your Tor destination
|
||||||
// as a remote Tor node will handle the DNS request
|
// as a remote Tor node will handle the DNS request
|
||||||
// https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers ***/
|
// https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers ***/
|
||||||
|
|
@ -784,9 +771,6 @@ user_pref("security.ssl.require_safe_negotiation", true);
|
||||||
// user_pref("security.tls.version.min", 3); // [DEFAULT: 3]
|
// user_pref("security.tls.version.min", 3); // [DEFAULT: 3]
|
||||||
// user_pref("security.tls.version.max", 4);
|
// user_pref("security.tls.version.max", 4);
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Enforce TLS 1.0 and 1.1 downgrades as session only
|
|
||||||
user_pref("security.tls.version.enable-deprecated", false);
|
|
||||||
// -------------------------------------
|
|
||||||
// Disable SSL session tracking [FF36+]
|
// Disable SSL session tracking [FF36+]
|
||||||
// SSL Session IDs are unique and last up to 24hrs in Firefox (or longer with prolongation attacks)
|
// SSL Session IDs are unique and last up to 24hrs in Firefox (or longer with prolongation attacks)
|
||||||
// These are not used in PB mode. In normal windows they are isolated when using FPI
|
// These are not used in PB mode. In normal windows they are isolated when using FPI
|
||||||
|
|
@ -854,12 +838,26 @@ user_pref("security.family_safety.mode", 0);
|
||||||
// https://shiftordie.de/blog/2017/02/21/fingerprinting-firefox-users-with-cached-intermediate-ca-certificates-fiprinca/ ***/
|
// https://shiftordie.de/blog/2017/02/21/fingerprinting-firefox-users-with-cached-intermediate-ca-certificates-fiprinca/ ***/
|
||||||
// user_pref("security.nocertdb", true); // [HIDDEN PREF]
|
// user_pref("security.nocertdb", true); // [HIDDEN PREF]
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Enforce strict pinning
|
// Enable strict pinning
|
||||||
// PKP (Public Key Pinning) 0=disabled 1=allow user MiTM (such as your antivirus), 2=strict
|
// PKP (Public Key Pinning) 0=disabled 1=allow user MiTM (such as your antivirus), 2=strict
|
||||||
// [SETUP-WEB] If you rely on an AV (antivirus) to protect your web browsing
|
// [SETUP-WEB] If you rely on an AV (antivirus) to protect your web browsing
|
||||||
// by inspecting ALL your web traffic, then leave at current default=1
|
// by inspecting ALL your web traffic, then leave at current default=1
|
||||||
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206 ***/
|
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206 ***/
|
||||||
user_pref("security.cert_pinning.enforcement_level", 2);
|
user_pref("security.cert_pinning.enforcement_level", 2);
|
||||||
|
// -------------------------------------
|
||||||
|
// Disable CRLite [FF73+]
|
||||||
|
// In FF84+ it covers valid certs and in mode 2 doesn't fall back to OCSP
|
||||||
|
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1429800,1670985
|
||||||
|
// https://blog.mozilla.org/security/tag/crlite/ ***/
|
||||||
|
user_pref("security.remote_settings.intermediates.enabled", false);
|
||||||
|
user_pref("security.remote_settings.intermediates.bucket", "");
|
||||||
|
user_pref("security.remote_settings.intermediates.collection", "");
|
||||||
|
user_pref("security.remote_settings.intermediates.signer", "");
|
||||||
|
user_pref("security.remote_settings.crlite_filters.enabled", false);
|
||||||
|
user_pref("security.remote_settings.crlite_filters.bucket", "");
|
||||||
|
user_pref("security.remote_settings.crlite_filters.collection", "");
|
||||||
|
user_pref("security.remote_settings.crlite_filters.signer", "");
|
||||||
|
user_pref("security.pki.crlite_mode", 0);
|
||||||
//
|
//
|
||||||
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||||
// MIXED CONTENT ***/
|
// MIXED CONTENT ***/
|
||||||
|
|
@ -1344,7 +1342,7 @@ user_pref("permissions.manager.defaultsUrl", "");
|
||||||
// Remove webchannel whitelist ***/
|
// Remove webchannel whitelist ***/
|
||||||
user_pref("webchannel.allowObject.urlWhitelist", "");
|
user_pref("webchannel.allowObject.urlWhitelist", "");
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Enforce Punycode for Internationalized Domain Names to eliminate possible spoofing
|
// Use Punycode in Internationalized Domain Names to eliminate possible spoofing
|
||||||
// Firefox has *some* protections, but it is better to be safe than sorry
|
// Firefox has *some* protections, but it is better to be safe than sorry
|
||||||
// [SETUP-WEB] Might be undesirable for non-latin alphabet users since legitimate IDN's are also punycoded
|
// [SETUP-WEB] Might be undesirable for non-latin alphabet users since legitimate IDN's are also punycoded
|
||||||
// [TEST] https://www.xn--80ak6aa92e.com/ (www.apple.com)
|
// [TEST] https://www.xn--80ak6aa92e.com/ (www.apple.com)
|
||||||
|
|
@ -1407,7 +1405,7 @@ user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true FF89+]
|
||||||
// [SETTING] To set your default "downloads": General>Downloads>Save files to ***/
|
// [SETTING] To set your default "downloads": General>Downloads>Save files to ***/
|
||||||
// user_pref("browser.download.folderList", 2);
|
// user_pref("browser.download.folderList", 2);
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Enforce user interaction for security by always asking where to download
|
// Enable user interaction for security by always asking where to download
|
||||||
// [SETUP-CHROME] On Android this blocks longtapping and saving images
|
// [SETUP-CHROME] On Android this blocks longtapping and saving images
|
||||||
// [SETTING] General>Downloads>Always ask you where to save files ***/
|
// [SETTING] General>Downloads>Always ask you where to save files ***/
|
||||||
user_pref("browser.download.useDownloadDir", false);
|
user_pref("browser.download.useDownloadDir", false);
|
||||||
|
|
@ -1441,13 +1439,13 @@ user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15]
|
||||||
// SECURITY ***/
|
// SECURITY ***/
|
||||||
// >>>>>>>>>>>>>>>>>>>>>
|
// >>>>>>>>>>>>>>>>>>>>>
|
||||||
// Enforce CSP (Content Security Policy)
|
// Enforce CSP (Content Security Policy)
|
||||||
// [WARNING] CSP is a very important and widespread security feature. Don't disable it!
|
// [NOTE] CSP is a very important and widespread security feature. Don't disable it!
|
||||||
// https://developer.mozilla.org/docs/Web/HTTP/CSP ***/
|
// https://developer.mozilla.org/docs/Web/HTTP/CSP ***/
|
||||||
user_pref("security.csp.enable", true); // [DEFAULT: true]
|
user_pref("security.csp.enable", true); // [DEFAULT: true]
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Enforce a security delay on some confirmation dialogs such as install, open/save
|
// Enforce a security delay on some confirmation dialogs such as install, open/save
|
||||||
// https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/
|
// https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/
|
||||||
user_pref("security.dialog_enable_delay", 700);
|
user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000]
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Enable Site Isolation
|
// Enable Site Isolation
|
||||||
user_pref("fission.autostart", true);
|
user_pref("fission.autostart", true);
|
||||||
|
|
@ -1743,7 +1741,7 @@ user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF]
|
||||||
// https://bugzilla.mozilla.org/1288359
|
// https://bugzilla.mozilla.org/1288359
|
||||||
user_pref("dom.webaudio.enabled", false);
|
user_pref("dom.webaudio.enabled", false);
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Limit font visibility (non-ANDROID) [FF79+]
|
// Limit font visibility (Windows, Mac, some Linux) [FF79+]
|
||||||
// Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts
|
// Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts
|
||||||
// 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts
|
// 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts
|
||||||
// [NOTE] Bundled fonts are auto-allowed
|
// [NOTE] Bundled fonts are auto-allowed
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue