diff --git a/user.js b/user.js index 4882f67..3e10e56 100644 --- a/user.js +++ b/user.js @@ -22,17 +22,18 @@ // FF73+: chrome://global/content/config.xhtml ***/ user_pref("general.warnOnAboutConfig", false); // XHTML version user_pref("browser.aboutConfig.showWarning", false); // HTML version [FF71+] -//------------------------------------- +// ------------------------------------- // Disable separate about:welcome page // https://bugzilla.mozilla.org/show_bug.cgi?id=1617783 user_pref("browser.aboutwelcome.enabled", false); user_pref("trailhead.firstrun.branches", ""); -//------------------------------------- +// ------------------------------------- // Disable default browser check // [SETTING] General>Startup>Always check if Firefox is your default browser ***/ user_pref("browser.shell.checkDefaultBrowser", false); // ------------------------------------- -// Set START page (0=blank, 1=home, 2=last visited page, 3=resume previous session) +// Set START page +// 0=blank, 1=home, 2=last visited page, 3=resume previous session // [NOTE] Session Restore is not used in PB mode and is cleared with history // [SETTING] General>Startup>Restore previous session ***/ user_pref("browser.startup.page", 0); @@ -1333,17 +1334,18 @@ user_pref("webchannel.allowObject.urlWhitelist", ""); // https://www.xudongz.com/blog/2017/idn-phishing/ ***/ user_pref("network.IDN_show_punycode", true); // ------------------------------------- -// Enforce Firefox's built-in PDF reader [SETUP-CHROME] +// Enforce PDFJS, disable PDFJS scripting [SETUP-CHROME] // This setting controls if the option "Display in Firefox" is available in the setting below // and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With") // PROS: pdfjs is lightweight, open source, and as secure/vetted as any pdf reader out there (more than most) -// Exploits are rare (1 serious case in 4 yrs), treated seriously and patched quickly. +// Exploits are rare (one serious case in seven years), treated seriously and patched quickly. // It doesn't break "state separation" of browser content (by not sharing with OS, independent apps). // It maintains disk avoidance and application data isolation. It's convenient. You can still save to disk. // CONS: You may prefer a different pdf reader for security reasons // CAVEAT: JS can still force a pdf to open in-browser by bundling its own code (rare) // [SETTING] General>Applications>Portable Document Format (PDF) ***/ user_pref("pdfjs.disabled", false); // [DEFAULT: false] +user_pref("pdfjs.enableScripting", false); // [FF86+] // ------------------------------------- // Disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] ***/ user_pref("network.protocol-handler.external.ms-windows-store", false);