Narsil
/
mobile_user.js
forked from d3cim/mobile_user.js
2
1
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Update 'user.js'

This commit is contained in:
Narsil 2020-10-20 14:44:29 -04:00
parent bb6bc9d76b
commit 0381624d60
1 changed files with 41 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
user.js
View File

@ -479,7 +479,6 @@ user_pref("devtools.gcli.lodashSrc", ""); // [DESKTOP]
// Pref : Disable Firefox screenshot extension
// https://support.mozilla.org/en-US/kb/firefox-screenshots
user_pref("extensions.screenshots.disabled", true); // [DESKTOP]
user_pref("extensions.screenshots.upload-disabled", true); // [DESKTOP]
// -------------------------------------
// Pref : Disable spellchecker functionality by default
// 0=none, 1-multi-line, 2=multi-line & single-line
@ -1097,7 +1096,6 @@ user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: false]
// user_pref("extensions.lastAppBuildId", "");
// user_pref("media.gmp-manager.buildID", "");
// user_pref("browser.sessionstore.upgradeBackup.latestBuildID", ""); // [DESKTOP]
// user_pref("general.buildID.override", "");
// -------------------------------------
// Pref : Disable raw TCP socket support (mozTCPSocket)
// https://gitlab.torproject.org/legacy/trac/-/issues/18863
@ -1376,7 +1374,7 @@ user_pref("network.prefetch-next", false);
// Pref : Disable DNS prefetching
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching
user_pref("network.dns.disablePrefetch", true);
user_pref("network.dns.disablePrefetchFromHTTPS", true); // [DEFAULT: true FF70+]
user_pref("network.dns.disablePrefetchFromHTTPS", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable pinging URIs specified in HTML <a> ping= attributes
user_pref("browser.send_pings", false);
@ -1483,6 +1481,14 @@ user_pref("security.ssl.require_safe_negotiation", true);
// Pref : Enforce TLS 1.0 and 1.1 downgrades as session only
user_pref("security.tls.version.enable-deprecated", false);
// -------------------------------------
// Pref: Control TLS versions with min and max
// 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
// [STATS] Firefox telemetry (June 2020) shows only 0.16% of SSL handshakes use 1.0 or 1.1
// [WARNING] Leave these at default, otherwise you alter your TLS fingerprint.
// https://www.ssllabs.com/ssl-pulse/ ***/
// user_pref("security.tls.version.min", 3); // [DEFAULT: 3]
// user_pref("security.tls.version.max", 4);
// -------------------------------------
// Pref : Disable SSL Error Reporting
// https://firefox-source-docs.mozilla.org/browser/base/sslerrorreport/preferences.html
user_pref("security.ssl.errorReporting.enabled", false);
@ -1569,29 +1575,15 @@ user_pref("security.mixed_content.block_object_subrequest", true);
// https://en.wikipedia.org/wiki/3des#Security
// https://en.wikipedia.org/wiki/Meet-in-the-middle_attack
// https://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html
user_pref("security.ssl3.rsa_des_ede3_sha", false);
user_pref("security.ssl3.dhe_dss_des_ede3_sha", false); // [DESKTOP]
user_pref("security.ssl3.dhe_rsa_des_ede3_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdh_ecdsa_des_ede3_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdh_rsa_des_ede3_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdhe_ecdsa_des_ede3_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdhe_rsa_des_ede3_sha", false); // [DESKTOP]
user_pref("security.ssl3.rsa_fips_des_ede3_sha", false); // [DESKTOP]
// user_pref("security.ssl3.rsa_des_ede3_sha", false);
// -------------------------------------
// Pref : Disable 40/56/128-bit ciphers
user_pref("security.ssl3.rsa_rc4_40_md5", false); // 40-bit // [DESKTOP]
user_pref("security.ssl3.rsa_rc2_40_md5", false); // 40-bit // [DESKTOP]
user_pref("security.ssl3.rsa_1024_rc4_56_sha", false); // 56-bit // [DESKTOP]
user_pref("security.ssl3.rsa_camellia_128_sha", false); // 128-bit // [DESKTOP]
user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); // 128-bit
user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // 128-bit
user_pref("security.ssl3.ecdh_rsa_aes_128_sha", false); // 128-bit // [DESKTOP]
user_pref("security.ssl3.ecdh_ecdsa_aes_128_sha", false); // 128-bit // [DESKTOP]
user_pref("security.ssl3.dhe_rsa_camellia_128_sha", false); // 128-bit // [DESKTOP]
user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); // 128-bit // [DESKTOP]
// -------------------------------------
// Pref : Disable 256 bits ciphers without PFS
user_pref("security.ssl3.rsa_camellia_256_sha", false); // [DESKTOP]
// Pref: Disable the remaining non-modern cipher suites as of FF78 (in order of preferred by FF) ***/
// user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false);
// user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false);
// user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false);
// user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false);
// user_pref("security.ssl3.rsa_aes_128_sha", false); // no PFS
// user_pref("security.ssl3.rsa_aes_256_sha", false); // no PFS
// -------------------------------------
// Pref : Disable SEED cipher
// https://en.wikipedia.org/wiki/SEED
@ -1754,8 +1746,7 @@ user_pref("signon.formlessCapture.enabled", false);
// Hardens against potential credentials phishing
// 0=don't allow sub-resources to open HTTP authentication credentials dialogs
// 1=don't allow cross-origin sub-resources to open HTTP authentication credentials dialogs
// 2=allow sub-resources to open HTTP authentication credentials dialogs (default)
// https://www.fxsitecompat.com/en-CA/docs/2015/http-auth-dialog-can-no-longer-be-triggered-by-cross-origin-resources/
// 2=allow sub-resources to open HTTP authentication credentials dialogs (default) ***/
user_pref("network.auth.subresource-http-auth-allow", 1);
// -------------------------------------
// Pref : Prevent cross-origin images from triggering an HTTP-Authentication prompt
@ -1864,7 +1855,7 @@ user_pref("browser.formfill.expire_days", 0);
user_pref("browser.shell.shortcutFavicons", false); // [DESKTOP]
// -------------------------------------
// Pref : Display "insecure" icon and "Not Secure" text on HTTP sites
// user_pref("security.insecure_connection_icon.enabled", true); // [DESKTOP] [FF59+] [DEFAULT: true FF70+]
// user_pref("security.insecure_connection_icon.enabled", true); // [DESKTOP] [FF59+] [DEFAULT: true]
user_pref("security.insecure_connection_text.enabled", true); // [DESKTOP]
user_pref("security.insecure_connection_icon.pbmode.enabled", true); // [DESKTOP]
user_pref("security.insecure_connection_text.pbmode.enabled", true); // [DESKTOP]
@ -2241,7 +2232,7 @@ user_pref("network.cookie.lifetimePolicy", 2);
// user_pref("network.cookie.lifetime.days", 1); // [DEFAULT: 90]
// -------------------------------------
// Pref : Disable 3rd-party cookies and site-data
// 0=(Allow) cookies and site data, 1=(Block) All third-party cookies, 2=(Block) All cookies, 3=(Block) Cookies from unvisited websites, 4=(Block) Cross-site and social media trackers
// 0=(Allow) cookies and site data, 1=(Block) All third-party cookies, 2=(Block) All cookies, 3=(Block) Cookies from unvisited websites, 4=(Block) Cross-site and social media trackers (default)
// [NOTE] Can breaks payment gateways
user_pref("network.cookie.cookieBehavior", 1);
// -------------------------------------
@ -2249,7 +2240,7 @@ user_pref("network.cookie.cookieBehavior", 1);
// https://bugzilla.mozilla.org/show_bug.cgi?id=1625568
user_pref("network.cookie.rejectForeignWithExceptions.enabled", false);
// -------------------------------------
// Pref : Set third-party cookies (i.e ALL) (if enabled) to session-only and set third-party non-secure (i.e HTTP) cookies to session-only
// Pref : Set third-party cookies(if enabled) to session-only
// [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and .nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones
// https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/
user_pref("network.cookie.thirdparty.sessionOnly", true);
@ -2389,7 +2380,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true);
user_pref("privacy.firstparty.isolate.block_post_message", true);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : RFP (Resist Fingerprinting) / RFP Alternatives / APIs
// Section : RFP (Resist Fingerprinting) / RFP Alternatives (USER AGENT SPOOFING)
// >>>>>>>>>>>>>>>>>>>>
// Pref : Enable hardening against various fingerprinting vectors (Tor Uplift project)
// https://wiki.mozilla.org/Security/Tor_Uplift/Tracking
@ -2405,6 +2396,7 @@ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDE
// Dynamically resizes the inner window by applying letterboxing, using dimensions which waste the least content area, If you use the dimension pref, then it will only apply those resolutions. The format is "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000, 1600x900")
// [WARNING] The dimension pref is only meant for testing, and we recommend you DO NOT USE it
// https://bugzilla.mozilla.org/1407366
// https://hg.mozilla.org/mozilla-central/rev/6d2d7856e468#l2.32 ***/
// user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] // [DESKTOP]
// user_pref("privacy.resistFingerprinting.letterboxing.dimensions", ""); // [HIDDEN PREF] // [DESKTOP]
// -------------------------------------
@ -2558,7 +2550,15 @@ user_pref("dom.network.enabled", false); // [DESKTOP]
// Pref : Disable chrome animations
// 0=no-preference, 1=reduce. RFP spoofs this for web content
user_pref("ui.prefersReducedMotion", 1); // [HIDDEN PREF]
//
// -------------------------------------
// Pref: Navigator DOM object overrides
// [WARNING] DO NOT USE ***/
// user_pref("general.appname.override", ""); // [HIDDEN PREF]
// user_pref("general.appversion.override", ""); // [HIDDEN PREF]
// user_pref("general.buildID.override", ""); // [HIDDEN PREF]
// user_pref("general.oscpu.override", ""); // [HIDDEN PREF]
// user_pref("general.platform.override", ""); // [HIDDEN PREF]
// user_pref("general.useragent.override", ""); // [HIDDEN PREF]
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : UI (User Interface)
// >>>>>>>>>>>>>>>>>>>>>
@ -2611,24 +2611,24 @@ user_pref("browser.ctrlTab.recentlyUsedOrder", false); // [DESKTOP]
// -------------------------------------
// Pref : Display long lines in view-source page
user_pref("view_source.wrap_long_lines", true);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Deprecated / Removed / Legacy / Renamed
// ESR78.x still uses all the following prefs
// [NOTE] replace the * with a slash in the line above to re-enable them
// >>>>>>>>>>>>>>>>>>>>
// FF79
// 0212: enforce fallback text encoding to match en-US
// -------------------------------------
// Pref: Enforce fallback text encoding to match en-US
// When the content or server doesn't declare a charset the browser will
// fallback to the "Current locale" based on your application language
// [TEST] https://hsivonen.com/test/moz/check-charset.htm
// [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20025
// [-] https://bugzilla.mozilla.org/1603712
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20025
// https://bugzilla.mozilla.org/1603712
user_pref("intl.charset.fallback.override", "windows-1252");
//
// -------------------------------------
// FF82
// 0206: disable geographically specific results/search engines e.g. "browser.search.*.US"
// -------------------------------------
// Pref: Disable geographically specific results/search engines e.g. "browser.search.*.US"
// i.e. ignore all of Mozilla's various search engines in multiple locales
// [-] https://bugzilla.mozilla.org/1619926
// https://bugzilla.mozilla.org/1619926
user_pref("browser.search.geoSpecificDefaults", false);
user_pref("browser.search.geoSpecificDefaults.url", "");
//