From 54981e9fe192ac5772bbe15f941620c65105708a Mon Sep 17 00:00:00 2001 From: quindecim Date: Fri, 10 Jan 2020 10:23:10 -0500 Subject: [PATCH] Update 'user.js' MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ✅ Synced with Desktop version ✅ Synced all the buildIDs with Tor's ones ✅ Added a pref (commented by default) to set the days before cookies are delated if you choose for: network.cookie.lifetimePolicy = 3 ⛔️ Disabled two more webgl prefs ⛔️ Disabled two more signon prefs ⛔️ Disabled one more extensions.blocklist pref ℹ️ Commented extensions.lastAppBuildId pref because it's constantly overwritten ℹ️ Added some links and descriptions ℹ️ Moved some preferences from FF71+ into deprecated section (keeping them active for ESR68.x) --- user.js | 96 +++++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 66 insertions(+), 30 deletions(-) diff --git a/user.js b/user.js index 79e2d4a..763c40c 100644 --- a/user.js +++ b/user.js @@ -55,7 +55,6 @@ user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); // [DESKT // Pref : Disable Activity Stream telemetry user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false); // [DESKTOP] user_pref("browser.newtabpage.activity-stream.telemetry", false); // [DESKTOP] -user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); // [DESKTOP] user_pref("browser.newtabpage.activity-stream.telemetry.ut.events", false); // [DESKTOP] user_pref("browser.newtabpage.activity-stream.telemetry.structuredIngestion", false); // [DESKTOP] user_pref("browser.newtabpage.activity-stream.telemetry.structuredIngestion.endpoint", ""); // [DESKTOP] @@ -288,7 +287,6 @@ user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); // [DESKTOP] user_pref("toolkit.telemetry.updatePing.enabled", false); // [DESKTOP] user_pref("toolkit.telemetry.bhrPing.enabled", false); // [DESKTOP] user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // [DESKTOP] -user_pref("toolkit.telemetry.hybridContent.enabled", false); // [DESKTOP] user_pref("toolkit.telemetry.previousBuildID", ""); // [DESKTOP] user_pref("toolkit.telemetry.prompted", 2); // [DESKTOP] user_pref("toolkit.telemetry.rejected", true); // [DESKTOP] @@ -453,8 +451,8 @@ user_pref("layout.spellcheckDefault", 0); // [DESKTOP] // ------------------------------------- // Pref : Enable Firefox internal pages and disable the related warnings user_pref("general.aboutConfig.enable", true); -user_pref("general.warnOnAboutConfig", false); -user_pref("browser.aboutConfig.showWarning", false); // [DESKTOP] +user_pref("general.warnOnAboutConfig", false); // [XUL] +user_pref("browser.aboutConfig.showWarning", false); // [DESKTOP] // [HTML] // ------------------------------------- // Pref : Disable recent Highlights in the Library user_pref("browser.library.activity-stream.enabled", false); // [DESKTOP] @@ -520,8 +518,6 @@ user_pref("startup.homepage_welcome_url.additional", ""); // [DESKTOP] user_pref("startup.homepage_override_url", ""); // [DESKTOP] user_pref("browser.search.param.yahoo-fr", ""); // [DESKTOP] user_pref("privacy.restrict3rdpartystorage.partitionedHosts", ""); -user_pref("network.netlink.route.check.IPv4", ""); -user_pref("network.netlink.route.check.IPv6", ""); // ------------------------------------- // Pref : Devtools cleanup user_pref("devtools.devices.url", ""); @@ -910,8 +906,11 @@ user_pref("browser.download.hide_plugins_without_extensions", false); // [DESKTO user_pref("dom.event.contextmenu.enabled", false); // ------------------------------------- // Pref : Disable website access to clipboard events/content -// Disabling clipboard events breaks Ctrl+C/X/V copy/cut/paste functionaility in JS-based web applications (Google Docs...) +// This applies to onCut/onCopy/onPaste events - i.e. it requires interaction with the website +// [WARNING] If both 'middlemouse.paste' and 'general.autoScroll' are true (at least one is default (false) then enabling this pref can leak clipboard content // https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled +// https://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ +// https://bugzilla.mozilla.org/1528289 user_pref("dom.event.clipboardevents.enabled", false); // ------------------------------------- // Pref : Disable "Confirm you want to leave" dialog on page close @@ -977,8 +976,8 @@ user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: false] // Value taken from Tor Browser for Android // https://bugzilla.mozilla.org/show_bug.cgi?id=583181 user_pref("browser.startup.homepage_override.buildID", "20100101"); -user_pref("extensions.lastAppBuildId", "20190402030101"); -user_pref("media.gmp-manager.buildID", "20190402030101"); +// user_pref("extensions.lastAppBuildId", ""); // [FENNEC - BUG] Value that is constantly rewritten +user_pref("media.gmp-manager.buildID", "20200402050101"); user_pref("browser.sessionstore.upgradeBackup.latestBuildID", ""); // [DESKTOP] user_pref("general.buildID.override", "20100101"); // ------------------------------------- @@ -1022,6 +1021,8 @@ user_pref("webgl.all-angle-options", false); user_pref("webgl.allow-immediate-queries", false); user_pref("webgl.default-antialias", false); user_pref("webgl.enable-surface-texture", false); +user_pref("webgl.cgl.multithreaded", false); +user_pref("webgl.dxgl.enabled", false); // ------------------------------------- // Pref : Disable screensharing and audiocapture user_pref("media.getusermedia.screensharing.enabled", false); // [DESKTOP] @@ -1128,7 +1129,6 @@ user_pref("browser.urlbar.usepreloadedtopurls.enabled", false); // [DESKTOP] // Pref : Disable Firefox Tips / Search suggestions user_pref("browser.urlbar.daysBeforeHidingSuggestionsPrompt", 0); // [DESKTOP] user_pref("browser.urlbar.searchSuggestionsChoice", false); // [DESKTOP] -user_pref("browser.urlbar.timesBeforeHidingSuggestionsHint", 0); // [DESKTOP] // ------------------------------------- // Pref : Disable history/bookmarks/opened pages suggestions dropdown from URL bar // [NOTE] This does not cause privacy/leaking issue @@ -1342,8 +1342,12 @@ user_pref("network.negotiate-auth.allow-insecure-ntlm-v1", false); // [DESKTOP] // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : HTTPS (SSL/TLS / OCSP / Certs / HPKP / Ciphers) // >>>>>>>>>>>>>>>>>>>> -// Pref : Disable old SSL/TLS "insecure" renegotiation (vulnerable to a MiTM attack) +// Pref : Require safe negotiation +// Blocks connections to servers that don't support RFC 5746 as they're potentially vulnerable to a MiTM attack. A server *without* RFC 5746 can be safe from the attack if it disables renegotiations but the problem is that the browser can't know that. +// Setting this pref to true is the only way for the browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server. // https://wiki.mozilla.org/Security:Renegotiation +// https://tools.ietf.org/html/rfc5746 +// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 user_pref("security.ssl.require_safe_negotiation", true); // ------------------------------------- // Pref : Control TLS versions with min and max @@ -1527,9 +1531,10 @@ user_pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); // [DESKTOP] user_pref("security.ssl3.rsa_rc4_128_md5", false); // [DESKTOP] user_pref("security.ssl3.rsa_rc4_128_sha", false); // [DESKTOP] // ------------------------------------- -// Pref : Warn the user when server doesn't support RFC 5746 ("safe" renegotiation) -// https://wiki.mozilla.org/Security:Renegotiation#security.ssl.treat_unsafe_negotiation_as_broken -// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555 +// Pref : Display warning on the padlock for "broken security" +// [BUG] Warning padlock not indicated for subresources on a secure page! +// https://wiki.mozilla.org/Security:Renegotiation +// https://bugzilla.mozilla.org/1353705 user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); // ------------------------------------- // Pref : Control "Add Security Exception" dialog on SSL warnings @@ -1590,6 +1595,8 @@ user_pref("signon.management.page.breachAlertUrl", ""); // [DESKTOP] user_pref("signon.management.page.hideMobileFooter", true); // [DESKTOP] user_pref("signon.management.page.mobileAndroidURL", ""); // [DESKTOP] user_pref("signon.management.page.mobileAppleURL", ""); // [DESKTOP] +user_pref("signon.management.page.showPasswordSyncNotification", false); // [DESKTOP] +user_pref("signon.storeSignons", true); // [DESKTOP] (// Disable login manager storage. https://hg.mozilla.org/integration/autoland/rev/300057f0ec79) // ------------------------------------- // Pref : Disable autofilling saved passwords on HTTP pages and show warning // https://bugzilla.mozilla.org/buglist.cgi?bug_id=1217152,1319119 @@ -1832,8 +1839,10 @@ user_pref("layout.css.font-loading-api.enabled", false); // https://github.com/ghacksuserjs/ghacks-user.js/issues/744 // user_pref("font.blacklist.underline_offset", ""); // ------------------------------------- -// Pref : Disable graphite which turned back on by default +// Pref : Disable graphite +// [NOTE] Graphite has had many critical security issues in the past // https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778 +// https://en.wikipedia.org/wiki/Graphite_(SIL) user_pref("gfx.font_rendering.graphite.enabled", false); // ------------------------------------- // Pref : Limit system font exposure to a whitelist [RESTART] @@ -1853,7 +1862,6 @@ user_pref("plugins.crash.supportUrl", ""); // [DESKTOP] // Pref : Set default plugin state (i.e. new plugins on discovery) to never activate // 0=disabled, 1=ask to activate, 2=active - you can override individual plugins user_pref("plugin.default.state", 0); -user_pref("plugin.defaultXpi.state", 0); // ------------------------------------- // Pref : Disable scanning for plugins user_pref("plugin.scan.plid.all", false); // [WINDOWS] // [DESKTOP] @@ -1929,11 +1937,11 @@ user_pref("services.blocklist.gfx.collection", ""); user_pref("services.blocklist.bucket", ""); user_pref("services.blocklist.addons.signer", ""); // [DESKTOP] user_pref("services.blocklist.addons.collection", ""); -// user_pref("extensions.blocklist.level", 2); // [DEFAULT: 2] user_pref("extensions.blocklist.lastModified", ""); // [DESKTOP] user_pref("extensions.blocklist.itemURL", ""); user_pref("extensions.blocklist.enabled", false); user_pref("extensions.blocklist.detailsURL", ""); +user_pref("extensions.blocklist.useXML", false); user_pref("services.settings.security.onecrl.bucket", ""); user_pref("services.settings.security.onecrl.collection", ""); user_pref("services.settings.security.onecrl.signer", ""); @@ -2067,8 +2075,6 @@ user_pref("privacy.socialtracking.notification.enabled", false); // [DESKTOP] // Pref : Disable PingCentre telemetry (used in several System Add-ons) // Currently blocked by 'datareporting.healthreport.uploadEnabled' user_pref("browser.ping-centre.telemetry", false); // [DESKTOP] -user_pref("browser.ping-centre.production.endpoint", ""); // [DESKTOP] -user_pref("browser.ping-centre.staging.endpoint", ""); // [DESKTOP] // ------------------------------------- // Pref : Disable all the trackingprotection blocked elements by default user_pref("browser.contentblocking.features.strict", ""); // [DESKTOP] @@ -2110,11 +2116,15 @@ user_pref("extensions.formautofill.heuristics.enabled", false); // [DESKTOP] // Section : Persistent Storage // >>>>>>>>>>>>>>>>>>>> // Pref : Delete cookies and site data on close -// 0=keep until they expire (default), 2=keep until you close Firefox +// 0=keep until they expire (default),1=Prompt for each cookie, 2=keep until you close Firefox, 3=Accept for N days // [NOTE] Use "Cookie AutoDelete" extension to manage your cookies // https://addons.mozilla.org/en-US/firefox/addon/cookie-autodelete/ // user_pref("network.cookie.lifetimePolicy", 2); // ------------------------------------- +// Pref : Sets the number of days that the lifetime of cookies should be limited to +// [NOTE] Only use if network.cookie.lifetimePolicy is set to 3 +// user_pref("network.cookie.lifetime.days", 1); // [DEFAULT: 90] +// ------------------------------------- // Pref : Disable 3rd-party cookies and site-data // 0=(Allow) cookies and site data, 1=(Block) All third-party cookies, 2=(Block) All cookies, 3=(Block) Cookies from unvisited websites, 4=(Block) Cross-site and social media trackers // [NOTE] Can breaks payment gateways @@ -2141,16 +2151,6 @@ user_pref("network.cookie.same-site.enabled", true); // [DEFAULT: true] // You are better off using an extension for more granular control // user_pref("dom.storage.enabled", false); // ------------------------------------- -// Pref : Disable IndexedDB -// https://developer.mozilla.org/en-US/docs/IndexedDB -// https://en.wikipedia.org/wiki/Indexed_Database_API -// https://wiki.mozilla.org/Security/Reviews/Firefox4/IndexedDB_Security_Review -// https://github.com/pyllyukko/user.js/issues/8 -// https://github.com/ghacksuserjs/ghacks-user.js/issues/80#issuecomment-294178018 -// https://superuser.com/questions/1250944/how-can-this-website-reidentify-me-even-after-deleting-all-of-my-browsers-histo -// [NOTE] IndexedDB could be used for tracking purposes, but is required for some add-ons to work (notably uBlock), and breaks almost every webpage so is left enabled -// user_pref("dom.indexedDB.enabled", false); // [DEFAULT: true] -// ------------------------------------- // Pref : Do not download URLs for the offline cache user_pref("browser.cache.offline.storage.enable", false); user_pref("browser.cache.offline.enable", false); @@ -2383,6 +2383,7 @@ user_pref("gfx.vr.osvr.clientLibPath", ""); user_pref("gfx.vr.osvr.commonLibPath", ""); user_pref("gfx.vr.osvr.utilLibPath", ""); user_pref("dom.vr.process.enabled", false); +user_pref("dom.vr.webxr.enabled", false); // ------------------------------------- // Pref : Disable hardware acceleration to reduce graphics fingerprinting // [WARNING] Affects text rendering (fonts will look different), impacts video performance, and parts of Quantum that utilize the GPU will also be affected as they are rolled out @@ -2614,4 +2615,39 @@ user_pref("devtools.webide.adaptersAddonURL", ""); user_pref("privacy.socialtracking.notification.enabled", false); // ------------------------------------- // FF72+ +// ------------------------------------- +// Pref : Disable PingCentre telemetry (used in several System Add-ons) +// https://bugzilla.mozilla.org/show_bug.cgi?id=1597697 +// https://hg.mozilla.org/mozilla-central/rev/7fcdfe9a24e4 +user_pref("browser.ping-centre.production.endpoint", ""); +user_pref("browser.ping-centre.staging.endpoint", ""); +user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); +// ------------------------------------- +// Pref : Disable Firefox Tips / Search suggestions +// https://bugzilla.mozilla.org/show_bug.cgi?id=1525296 +// https://hg.mozilla.org/mozilla-central/rev/0fb16f92be6f +user_pref("browser.urlbar.timesBeforeHidingSuggestionsHint", 0); +// ------------------------------------- +// Pref : Block unwanted connections +// https://bugzilla.mozilla.org/show_bug.cgi?id=1593693 +// https://hg.mozilla.org/mozilla-central/rev/ca070ea1fc32 +user_pref("network.netlink.route.check.IPv4", ""); +user_pref("network.netlink.route.check.IPv6", ""); +// ------------------------------------- +// Pref : Set default plugin state (i.e. new plugins on discovery) to never activate +// https://bugzilla.mozilla.org/show_bug.cgi?id=1596090 +// https://hg.mozilla.org/mozilla-central/rev/df333402f126 +user_pref("plugin.defaultXpi.state", 0); +// ------------------------------------- +// Pref : Disable Telemetry +// https://bugzilla.mozilla.org/1520491 +// https://hg.mozilla.org/mozilla-central/rev/76b117a14bca +user_pref("toolkit.telemetry.hybridContent.enabled", false); +// ------------------------------------- +// Pref : Disable IndexedDB +// https://bugzilla.mozilla.org/1488583 +// https://hg.mozilla.org/mozilla-central/rev/c2ab1dc00f21 +// user_pref("dom.indexedDB.enabled", false); +// ------------------------------------- +// FF73+ // ------------------------------------- \ No newline at end of file