From 5f1424fdbe80d2529fece4cffeba65f48fadfe5e Mon Sep 17 00:00:00 2001 From: quindecim <49964366+quindecim@users.noreply.github.com> Date: Tue, 14 May 2019 07:29:30 +0000 Subject: [PATCH] Update user.js MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ✅ Fixed credits section and added CHEF-KOCH ✅ Added some descriptions ✅ Sanitized URL to update user addons ✅ reEnabled OCSP ✅ Enabled display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP) ✅ Enabled insecure password warnings (DESKTOP) ✅ reEnabled icon font (for better user experience) ✅ Enabled Auto Notification of Outdated Plugins (DESKTOP) ✅ reEnabled cache storage ✅ Enabled Firefox to clear items on shutdown (DESKTOP) ✅ Enabled ResistFingerprint letterboxing (DESKTOP) ✅ Enabled middle-click mouse enabling auto-scrolling (DESKTOP) ✅ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP) ⛔️ Disabled default browser check (DESKTOP) ⛔️ Disabled extension recommendations (DESKTOP) ⛔️ Disabled various Activity Stream content (DESKTOP) ⛔️ Disabled new tab tile ads & preload (DESKTOP) ⛔️ Disabled more telemetry (DESKTOP) ⛔️ Disabled Telemetry Coverage (DESKTOP) ⛔️ Disabled health report (DESKTOP) ⛔️ Disabled Crash Reports (DESKTOP) ⛔️ Disabled Opt-out of themes updates (DESKTOP) ⛔️ Disabled Studies and SHIELD (DESKTOP) ⛔️ Disabled Heartbeat (DESKTOP) ⛔️ Disabled about:addons Get Add-ons panel (DESKTOP) ⛔️ Disabled Firefox Hello metrics collection (DESKTOP) ⛔️ Blocked more unwanted connections ⛔️ Disabled Webextensions sync (DESKTOP) ⛔️ Disabled WebIDE and ADB extension download (DESKTOP) ⛔️ Disabled Pocket (DESKTOP) ⛔️ Disabled built-in PDF reader (DESKTOP) ⛔️ Disabled exposure of system colors to CSS or canvas (DESKTOP) ⛔️ Disabled Scripting of Plugins by JavaScript (DESKTOP) ⛔️ Disabled JAR from opening Unsafe File Types (DESKTOP) ⛔️ Disabled displaying Javascript in History URLs (DESKTOP) ⛔️ Locked web content in file processes (DESKTOP) ⛔️ Masked build ID (DESKTOP) ⛔️ Disabled Archive API (DESKTOP) ⛔️ Disabled screensharing (DESKTOP) ⛔️ Disabled face detection (DESKTOP) ⛔️ Disabled completely autoplay ⛔️ Disabled Windows jumplist (WINDOWS) ⛔️ Disabled Windows taskbar preview (WINDOWS) ⛔️ Disabled UITour backend (DESKTOP) ⛔️ Disabled location bar making speculative connections (DESKTOP) ⛔️ Disabled location bar suggesting "preloaded" top websites (DESKTOP) ⛔️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP) ⛔️ Disabled HTTP Alternative Services (DESKTOP) ⛔️ Disallowed NTLMv1 (DESKTOP) ⛔️ Disabled more chipers (DESKTOP) ⛔️ Disabled favicons in shortcuts (DESKTOP) ⛔️ Disabled automatic Firefox start and session restore after reboot (DESKTOP) ⛔️ Disabled using the OS's geolocation service (DESKTOP) ⛔️ Disabled logging geolocation to the console (DESKTOP) ⛔️ Disabled widevine CDM (DESKTOP) ⛔️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP) ⛔️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP) ⛔️ Disabled PingCentre telemetry (DESKTOP) ⛔️ Disabled System Add-on updates ⛔️ Disabled Experiments (DESKTOP) ⛔️ Disabled Mozilla permission to silently opt you into tests (DESKTOP) ⛔️ Disabled Normandy/Shield (DESKTOP) ⛔️ Disabled Form Autofill (DESKTOP) ⛔️ Disabled mozAddonManager Web API (DESKTOP) ⛔️ Disabled network API ⛔️ Disabled inline autocomplete in URL bar (DESKTOP) ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP) ℹ️ Set new tab page "about:blank" (DESKTOP) --- user.js | 568 ++++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 508 insertions(+), 60 deletions(-) diff --git a/user.js b/user.js index a3b283d..9b7009e 100644 --- a/user.js +++ b/user.js @@ -1,19 +1,96 @@ // -/****************************************************************************** - * Fennec F-Droid | user.js * - * * - * https://github.com/quindecim/fennec_user.js * - ******************************************************************************/ +/********************************************************************************** + * user.js | Fennec F-Droid * + * * + * https://github.com/quindecim/fennec_user.js * + *********************************************************************************/ // -// Author : @quindecim +// Author : quindecim : https://github.com/quindecim/ // // -// Based on : gHacks: https://github.com/ghacksuserjs/ghacks-user.js -// Librefox: https://github.com/intika/Librefox -// pyllyukko: https://github.com/pyllyukko/user.js -// OrangeManBad: https://git.nixnet.xyz/OrangeManBad/user.js +// Based on : gHacks : https://github.com/ghacksuserjs/ghacks-user.js +// Librefox : https://github.com/intika/Librefox +// pyllyukko : https://github.com/pyllyukko/user.js +// OrangeManBad : https://git.nixnet.xyz/OrangeManBad/user.js +// CHEF-KOCH : https://github.com/CHEF-KOCH/FFCK/tree/master/user.js // -// License : https://github.com/quindecim/fennec_user.js/blob/master/LICENSE.txt +// License : https://github.com/quindecim/fennec_user.js/blob/master/LICENSE.txt +// +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> +// Section : Startup +// >>>>>>>>>>>>>>>>>>>>> +// Pref : Disable default browser check +user_pref("browser.shell.checkDefaultBrowser", false); // [DESKTOP] +// ------------------------------------- +// Pref : Set NEWTAB page +// true=Activity Stream, false=blank page +user_pref("browser.newtabpage.enabled", false); // [DESKTOP] +user_pref("browser.newtab.url", "about:blank"); // [DESKTOP] +// ------------------------------------- +// Pref : Disable Extension recommendations +// https://support.mozilla.org/en-US/kb/extension-recommendations +user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", false); // [DESKTOP] +// ------------------------------------- +// Pref : Disable Activity Stream +// https://wiki.mozilla.org/Firefox/Activity_Stream +user_pref("browser.newtabpage.activity-stream.enabled", false); // [DESKTOP] +// ------------------------------------- +// Pref : Disable Activity Stream Top Stories, Pocket-based and/or sponsored content +user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); // [DESKTOP] +user_pref("browser.newtabpage.activity-stream.feeds.section.topstories.options", ""); // [DESKTOP] +user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); // [DESKTOP] +user_pref("browser.newtabpage.activity-stream.showSponsored", false); // [DESKTOP] +user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false); // [DESKTOP] +// ------------------------------------- +// Pref : Set HOME+NEWWINDOW page +user_pref("browser.startup.homepage", "about:blank"); // [DESKTOP] +// ------------------------------------- +// Pref : Disable Activity Stream Snippets +// Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server +// https://abouthome-snippets-service.readthedocs.io/ +user_pref("browser.aboutHomeSnippets.updateUrl", ""); // [DESKTOP] +user_pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", ""); // [DESKTOP] +user_pref("browser.newtabpage.activity-stream.disableSnippets", true); // [DESKTOP] +user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); // [DESKTOP] +// ------------------------------------- +// Pref : Disable Activity Stream telemetry +user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false); // [DESKTOP] +user_pref("browser.newtabpage.activity-stream.telemetry", false); // [DESKTOP] +user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); // [DESKTOP] +user_pref("browser.newtabpage.activity-stream.telemetry.ut.events", false); // [DESKTOP] +// ------------------------------------- +// Pref : Disable Activity Stream feeds +user_pref("browser.newtabpage.activity-stream.feeds.aboutpreferences", false); // [DESKTOP] +user_pref("browser.newtabpage.activity-stream.feeds.favicon", false); // [DESKTOP] +user_pref("browser.newtabpage.activity-stream.feeds.messagecenterfeed", false); // [DESKTOP] +user_pref("browser.newtabpage.activity-stream.feeds.migration", false); // [DESKTOP] +user_pref("browser.newtabpage.activity-stream.feeds.newtabinit", false); // [DESKTOP] +user_pref("browser.newtabpage.activity-stream.feeds.places", false); // [DESKTOP] +user_pref("browser.newtabpage.activity-stream.feeds.prefs", false); // [DESKTOP] +user_pref("browser.newtabpage.activity-stream.feeds.section.highlights", false); // [DESKTOP] +user_pref("browser.newtabpage.activity-stream.feeds.sections", false); // [DESKTOP] +user_pref("browser.newtabpage.activity-stream.feeds.systemtick", false); // [DESKTOP] +user_pref("browser.newtabpage.activity-stream.feeds.theme", false); // [DESKTOP] +user_pref("browser.newtabpage.activity-stream.feeds.topsites", false); // [DESKTOP] +// ------------------------------------- +// Pref : Disable Activity Stream (others) +user_pref("browser.newtabpage.activity-stream.messageCenterExperimentEnabled", false); +user_pref("browser.newtabpage.activity-stream.prerender", false); // [DESKTOP] +user_pref("browser.newtabpage.activity-stream.showSearch", false); // [DESKTOP] +user_pref("browser.newtabpage.activity-stream.showTopSites", false); // [DESKTOP] +user_pref("browser.newtabpage.activity-stream.tippyTop.service.endpoint", ""); // [DESKTOP] +// ------------------------------------- +// Pref : Disable new tab tile ads & preload +// http://www.thewindowsclub.com/disable-remove-ad-tiles-from-firefox +// http://forums.mozillazine.org/viewtopic.php?p=13876331#p13876331 +// https://wiki.mozilla.org/Tiles/Technical_Documentation#Ping +// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-source +// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-ping +user_pref("browser.newtabpage.enhanced", false); // [DESKTOP] +user_pref("browser.newtab.preload", false); // [DESKTOP] +user_pref("browser.newtabpage.directory.ping", ""); // [DESKTOP] +user_pref("browser.newtabpage.directory.source", "data:text/plain,{}"); // [DESKTOP] +// // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Quiet Fox // >>>>>>>>>>>>>>>>>>>>> @@ -38,21 +115,39 @@ user_pref("dom.ipc.plugins.reportCrashURL", false); user_pref("browser.casting.enabled", false); // [DEFAULT: true] // ------------------------------------- // Pref : Disable Telemetry +// https://wiki.mozilla.org/Platform/Features/Telemetry +// https://wiki.mozilla.org/Privacy/Reviews/Telemetry +// https://wiki.mozilla.org/Telemetry +// https://www.mozilla.org/en-US/legal/privacy/firefox.html#telemetry +// https://support.mozilla.org/t5/Firefox-crashes/Mozilla-Crash-Reporter/ta-p/1715 +// https://wiki.mozilla.org/Security/Reviews/Firefox6/ReviewNotes/telemetry +// https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/internals/preferences.html#id1 user_pref("toolkit.telemetry.enabled", false); user_pref("toolkit.telemetry.debugSlowSql", false); user_pref("toolkit.telemetry.reportingpolicy.firstRun", false); user_pref("toolkit.telemetry.server", "data:,"); user_pref("toolkit.telemetry.server_owner", ""); user_pref("toolkit.telemetry.unified", false); +user_pref("toolkit.telemetry.archive.enabled", false); // [DESKTOP] +user_pref("toolkit.telemetry.cachedClientID", ""); // [DESKTOP] +user_pref("toolkit.telemetry.newProfilePing.enabled", false); // [DESKTOP] +user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); // [DESKTOP] +user_pref("toolkit.telemetry.updatePing.enabled", false); // [DESKTOP] +user_pref("toolkit.telemetry.bhrPing.enabled", false); // [DESKTOP] +user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // [DESKTOP] +user_pref("toolkit.telemetry.hybridContent.enabled", false); // [DESKTOP] // ------------------------------------- // Pref : Disable Telemetry Coverage // https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/ -user_pref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF] -user_pref("toolkit.coverage.opt-out", true); // [HIDDEN PREF] +user_pref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF] // [DESKTOP] +user_pref("toolkit.coverage.opt-out", true); // [HIDDEN PREF] // [DESKTOP] +user_pref("toolkit.coverage.endpoint.base", ""); // [DESKTOP] // ------------------------------------- // Pref : Disable collection/sending of the health report (healthreport.sqlite*) -user_pref("datareporting.policy.currentPolicyVersion", 0); +user_pref("datareporting.healthreport.uploadEnabled", false); // [DESKTOP] +user_pref("datareporting.healthreport.service.enabled", false); // [DESKTOP] user_pref("datareporting.policy.dataSubmissionEnabled", false); +user_pref("datareporting.policy.currentPolicyVersion", 0); user_pref("datareporting.policy.currentPolicyAcceptedVersion", 0); user_pref("datareporting.policy.dataSubmissionPolicyAcceptedVersion", 0); user_pref("datareporting.policy.dataSubmissionPolicyBypassNotification", false); @@ -84,6 +179,8 @@ user_pref("browser.discovery.enabled", false); // [DEFAULT: false] // ------------------------------------- // Pref : Disable Crash Reports user_pref("breakpad.reportURL", ""); +user_pref("browser.tabs.crashReporting.sendReport", false); // [DESKTOP] +user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // [DESKTOP] // ------------------------------------- // Pref : Disable automatic captive portal detection // https://en.wikipedia.org/wiki/Captive_portal @@ -103,6 +200,10 @@ user_pref("network.connectivity-service.IPv6.url", ""); user_pref("network.connectivity-service.DNSv4.domain", ""); user_pref("network.connectivity-service.DNSv6.domain", ""); // ------------------------------------- +// Pref : Opt-out of themes (Persona) updates +// https://support.mozilla.org/t5/Firefox/how-do-I-prevent-autoamtic-updates-in-a-50-user-environment/td-p/144287 +user_pref("lightweightThemes.update.enabled",false); // [DESKTOP] +// ------------------------------------- // Pref : Disable auto updating of lightweight themes (LWT) // Not to be confused with themes, which use the Theme API // Mozilla plan to convert existing LWTs and remove LWT support in the future @@ -110,6 +211,27 @@ user_pref("network.connectivity-service.DNSv6.domain", ""); user_pref("lightweightThemes.persisted.headerURL", false); user_pref("lightweightThemes.persistedThemeID", ""); // [FENNEC] user_pref("lightweightThemes.selectedThemeID", ""); // [FENNEC] +// ------------------------------------- +// Pref : Disable Studies and SHIELD +// [NOTE] This pref has no effect when Health Reports are disabled +user_pref("app.shield.optoutstudies.enabled", false); // [DESKTOP] +user_pref("extensions.shield-recipe-client.enabled", false); // [DESKTOP] +// ------------------------------------- +// Pref : Disable backlogged Crash Reports +user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [DESKTOP] +// ------------------------------------- +// Pref : Disable Heartbeat (Mozilla user rating telemetry) +// https://wiki.mozilla.org/Advocacy/heartbeat +// https://trac.torproject.org/projects/tor/ticket/19047 +user_pref("browser.selfsupport.url", ""); // [DESKTOP] +// ------------------------------------- +// Pref : Disable about:addons Get Add-ons panel (uses Google Analytics) +user_pref("extensions.getAddons.showPane", false); // [HIDDEN PREF] // [DESKTOP] +user_pref("extensions.webservice.discoverURL", ""); // [DESKTOP] +// ------------------------------------- +// Pref : Disable Firefox Hello metrics collection +// https://groups.google.com/d/topic/mozilla.dev.platform/nyVkCx-_sFw/discussion +user_pref("loop.logDomains",false); // [DESKTOP] // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : IJWY To Shut Up @@ -125,8 +247,13 @@ user_pref("app.privacyURL", ""); // [FENNEC] user_pref("app.releaseNotesURL", ""); user_pref("app.support.baseURL", ""); user_pref("app.supportURL", ""); // [FENNEC] +user_pref("media.decoder-doctor.new-issue-endpoint", ""); +user_pref("network.trr.confirmationNS", ""); +user_pref("services.settings.default_signer", ""); // [DESKTOP] +user_pref("services.settings.server", ""); // [DESKTOP] // ------------------------------------- // Pref : Disable app from auto-update +user_pref("app.update.enabled", false); user_pref("app.update.autodownload", ""); // [TEST] user_pref("app.update.channel", ""); // [TEST] user_pref("app.update.url.android", ""); @@ -134,14 +261,17 @@ user_pref("app.update.url.android", ""); // user_pref("app.update.timerMinimumDelay", 0); // user_pref("app.update.url.android", "https://aus5.mozilla.org/update/4/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%MOZ_VERSION%/update.xml"); // [TEST] // ------------------------------------- -// Pref : Block unwanted connections -user_pref("media.decoder-doctor.new-issue-endpoint", ""); -user_pref("network.trr.confirmationNS", ""); -// ------------------------------------- // Pref : Test To Make FFox Silent user_pref("security.content.signature.root_hash", ""); user_pref("urlclassifier.phishTable", ""); user_pref("urlclassifier.passwordAllowTable", ""); +// ------------------------------------- +// Pref : Disable FlyWeb (discovery of LAN/proximity IoT devices that expose a Web interface) +// https://wiki.mozilla.org/FlyWeb +// https://wiki.mozilla.org/FlyWeb/Security_scenarios +// https://docs.google.com/document/d/1eqLb6cGjDL9XooSYEEo7mE-zKQ-o-AuDTcEyNhfBMBM/edit +// http://www.ghacks.net/2016/07/26/firefox-flyweb +user_pref("dom.flyweb.enabled", false); // [DESKTOP] // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Miscellaneous @@ -154,8 +284,8 @@ user_pref("user.js.applied", true); // [FENNEC] user_pref("extensions.update.enabled", true); user_pref("extensions.autoupdate.enabled", true); // ------------------------------------- -// Pref : Disable System Add-on updates -user_pref("extensions.systemAddon.update.url", ""); +// Pref : Decrease system information leakage to Mozilla addons update servers +user_pref("extensions.getAddons.search.browseURL", "https://addons.mozilla.org/%LOCALE%/android/search?q=%TERMS%"); // [URL SANITIZED] // ------------------------------------- // Pref : Disable Web Compatibility Reporter // Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla @@ -195,13 +325,16 @@ user_pref("browser.snippets.updateUrl", ""); // [FENNEC] user_pref("browser.snippets.syncPromo.enabled", false); // [FENNEC] // user_pref("browser.snippets.updateInterval", 0); // [FENNEC] // ------------------------------------- +// Pref : Disable Webextensions sync +user_pref("webextensions.storage.sync.enabled", false); // [DESKTOP] +user_pref("webextensions.storage.sync.serverURL", ""); // [DESKTOP] +// ------------------------------------- // Pref : Force Punycode for Internationalized Domain Names // http://kb.mozillazine.org/Network.IDN_show_punycode // https://www.xudongz.com/blog/2017/idn-phishing/ // https://wiki.mozilla.org/IDN_Display_Algorithm // https://en.wikipedia.org/wiki/IDN_homograph_attack // https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ -// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.6 user_pref("network.IDN_show_punycode", true); // ------------------------------------- // Pref : Disable page thumbnail collection @@ -235,7 +368,6 @@ user_pref("network.manage-offline-status", false); // [DEFAULT: true] // ------------------------------------- // Pref : Set File URI Origin Policy // http://kb.mozillazine.org/Security.fileuri.strict_origin_policy -// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.8 user_pref("security.fileuri.strict_origin_policy", true); // ------------------------------------- // Pref : Disable SVG in OpenType fonts @@ -248,8 +380,12 @@ user_pref("gfx.font_rendering.opentype_svg.enabled", false); // http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ user_pref("security.dialog_enable_delay", 700); // ------------------------------------- -// Pref : Disable remote debugging +// Pref : Disable WebIDE to prevent remote debugging and ADB extension download user_pref("devtools.debugger.remote-enabled", false); +user_pref("devtools.webide.enabled", false); // [DESKTOP] +user_pref("devtools.webide.autoinstallADBExtension", false); // [DESKTOP] +user_pref("devtools.webide.autoinstallADBHelper", false); // [DESKTOP] +user_pref("devtools.webide.autoinstallFxdtAdapters", false); // [DESKTOP] // ------------------------------------- // Pref : Force local debugging // https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop @@ -335,11 +471,6 @@ user_pref("security.csp.enable", true); // [DEFAULT: true] // https://www.fxsitecompat.com/en-CA/docs/2017/data-url-navigations-on-top-level-window-will-be-blocked/ user_pref("security.data_uri.block_toplevel_data_uri_navigations", true); // [DEFAULT: true] // ------------------------------------- -// Pref : Block web content in file processes -// You may want to disable this for corporate or developer environments -// https://bugzilla.mozilla.org/1343184 -// user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); // [DEFAULT: true] -// ------------------------------------- // Pref : Enable only whitelisted URL protocol handlers // http://kb.mozillazine.org/Network.protocol-handler.external-default // http://kb.mozillazine.org/Network.protocol-handler.warn-external-default @@ -378,6 +509,43 @@ user_pref("browser.firstrun.show.localepicker", false); // [DEFAULT: false] // ------------------------------------- // Pref : Disable sending console to logcat on release builds. user_pref("consoleservice.logcat", false); // [FENNEC] +// ------------------------------------- +// Pref : Disable Pocket +// https://support.mozilla.org/en-US/kb/save-web-pages-later-pocket-firefox +// https://github.com/pyllyukko/user.js/issues/143 +user_pref("browser.pocket.enabled", false); // [DESKTOP] +user_pref("extensions.pocket.enabled", false); // [DESKTOP] +// ------------------------------------- +// Pref : Lock web content in file processes +// https://bugzilla.mozilla.org/1343184 +user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); // [DESKTOP] +// ------------------------------------- +// Pref : Disable Displaying Javascript in History URLs +// http://kb.mozillazine.org/Browser.urlbar.filter.javascript +user_pref("browser.urlbar.filter.javascript", true); // [DESKTOP] +// ------------------------------------- +// Pref : Disable JAR from opening Unsafe File Types +// https://bugzilla.mozilla.org/1427726 +user_pref("network.jar.open-unsafe-types", false); // [DESKTOP] +// ------------------------------------- +// Pref : Disable Firefox's built-in PDF reader +// This setting controls if the option "Display in Firefox" is available in the setting below and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With") +// PROS: pdfjs is lightweight, open source, and as secure/vetted as any pdf reader out there (more than most) +// Exploits are rare (1 serious case in 4 yrs), treated seriously and patched quickly. +// It doesn't break "state separation" of browser content (by not sharing with OS, independent apps). +// It maintains disk avoidance and application data isolation. It's convenient. You can still save to disk. +// CONS: You may prefer a different pdf reader for security reasons +// CAVEAT: JS can still force a pdf to open in-browser by bundling its own code (rare) +user_pref("pdfjs.disabled", true); // [DEFAULT: false] // [DESKTOP] +// ------------------------------------- +// Pref : Disable Scripting of Plugins by JavaScript +// http://forums.mozillazine.org/viewtopic.php?f=7&t=153889 +user_pref("security.xpconnect.plugin.unrestricted", false); // [DESKTOP] +// ------------------------------------- +// Pref : Disable exposure of system colors to CSS or canvas +// [NOTE] See second listed bug: may cause black on black for elements with undefined colors +// https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876 +user_pref("ui.use_standins_for_native_colors", true); // [DESKTOP] // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Web Workers @@ -409,6 +577,9 @@ user_pref("dom.push.alwaysConnect", false); user_pref("dom.push.debug", false); user_pref("dom.push.connection.enabled", false); user_pref("dom.push.userAgentID", ""); +// ------------------------------------- +// Pref : Disable hiding mime types not associated with a plugin +user_pref("browser.download.hide_plugins_without_extensions", false); // [DESKTOP] // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : DOM (Document Object Model) & Javascript @@ -433,7 +604,7 @@ user_pref("dom.vibrator.enabled", false); // Pref : Disable clipboard commands (cut/copy) from "non-privileged" content // This disables document.execCommand("cut"/"copy") to protect your clipboard // https://bugzilla.mozilla.org/1170911 -user_pref("dom.allow_cut_copy", false); // [HIDDEN PREF] +// user_pref("dom.allow_cut_copy", false); // [HIDDEN PREF] // ------------------------------------- // Pref : Disable asm.js // http://asmjs.org/ @@ -476,6 +647,17 @@ user_pref("dom.event.highrestimestamp.enabled", true); // [DEFAULT: true] // Pref : Enable (limited but sufficient) window.opener protection // Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: false] +// ------------------------------------- +// Pref : Don't reveal build ID +// Value taken from Tor Browser +// https://bugzilla.mozilla.org/show_bug.cgi?id=583181 +user_pref("general.buildID.override", "20100101"); // [DESKTOP] +user_pref("browser.startup.homepage_override.buildID", "20100101"); // [DESKTOP] +// ------------------------------------- +// Pref : Disable Archive API +// https://wiki.mozilla.org/WebAPI/ArchiveAPI +// https://bugzilla.mozilla.org/show_bug.cgi?id=1342361 +user_pref("dom.archivereader.enabled", false); // [DESKTOP] // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Media / Camera / Mic @@ -492,6 +674,7 @@ user_pref("media.peerconnection.use_document_iceservers", false); user_pref("media.peerconnection.identity.enabled", false); user_pref("media.peerconnection.turn.disable", true); user_pref("media.peerconnection.ice.tcp", false); +user_pref("media.peerconnection.video.enabled", false); // user_pref("media.peerconnection.identity.timeout", 0); // ------------------------------------- // Pref : Disable WebGL I/II @@ -505,7 +688,8 @@ user_pref("webgl.disable-wgl", true); // [DEFAULT: false] user_pref("webgl.disable-fail-if-major-performance-caveat", true); user_pref("webgl.can-lose-context-in-foreground", false); // [DEFAULT: true] // ------------------------------------- -// Pref : Disable audiocapture +// Pref : Disable screensharing and audiocapture +user_pref("media.getusermedia.screensharing.enabled", false); // [DESKTOP] user_pref("media.getusermedia.browser.enabled", false); user_pref("media.getusermedia.audiocapture.enabled", false); // ------------------------------------- @@ -513,6 +697,9 @@ user_pref("media.getusermedia.audiocapture.enabled", false); user_pref("device.camera.enabled", false); // [DEFAULT: true] // [FENNEC] user_pref("media.realtime_decoder.enabled", false); // [DEFAULT: true] // [FENNEC] // ------------------------------------- +// Pref : Disable face detection +user_pref("camera.control.face_detection.enabled", false); // [DESKTOP] +// ------------------------------------- // Pref : Disable canvas capture stream // https://developer.mozilla.org/docs/Web/API/HTMLCanvasElement/captureStream user_pref("canvas.capturestream.enabled", false); @@ -529,13 +716,16 @@ user_pref("gfx.offscreencanvas.enabled", false); // [DEFAULT: false] // 0=Allowed, 1=Blocked, 2=Prompt // [NOTE] You can set exceptions under site permissions user_pref("media.autoplay.default", 1); +user_pref("media.autoplay.allow-muted", false); // [DEFAULT: true] +user_pref("media.autoplay.block-event.enabled", true); // [DEFAULT: false] +user_pref("media.autoplay.block-webaudio", true); // [DEFAULT: false] // ------------------------------------- // Pref : Disable autoplay of HTML5 media if you interacted with the site -user_pref("media.autoplay.enabled.user-gestures-needed", false); +user_pref("media.autoplay.enabled.user-gestures-needed", true); // [DEFAULT: true] // ------------------------------------- // Pref : Disable audio autoplay in non-active tabs // https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ -user_pref("media.block-autoplay-until-in-foreground", true); +user_pref("media.block-autoplay-until-in-foreground", true); // [DEFAULT: false] // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Location Bar / Search Bar / Suggestions / History / Forms @@ -576,6 +766,27 @@ user_pref("browser.formfill.enable", false); // [WARNING] This can leak your locale if not en-US // https://trac.torproject.org/projects/tor/ticket/21787 // user_pref("dom.forms.datetime", false); +// ------------------------------------- +// Pref : Disable Windows jumplist +user_pref("browser.taskbar.lists.enabled", false); // [WINDOWS] // [DESKTOP] +user_pref("browser.taskbar.lists.frequent.enabled", false); // [WINDOWS] // [DESKTOP] +user_pref("browser.taskbar.lists.recent.enabled", false); // [WINDOWS] // [DESKTOP] +user_pref("browser.taskbar.lists.tasks.enabled", false); // [WINDOWS] // [DESKTOP] +// ------------------------------------- +// Pref : Disable Windows taskbar preview +user_pref("browser.taskbar.previews.enable", false); // [WINDOWS] // [DESKTOP] +// ------------------------------------- +// Pref : Disable UITour backend so there is no chance that a remote page can use it +user_pref("browser.uitour.enabled", false); // [DESKTOP] +user_pref("browser.uitour.url", ""); // [DESKTOP] +// ------------------------------------- +// Pref : Disable location bar making speculative connections +// https://bugzilla.mozilla.org/1348275 +user_pref("browser.urlbar.speculativeConnect.enabled", false); // [DESKTOP] +// ------------------------------------- +// Pref : Disable location bar suggesting "preloaded" top websites +// https://bugzilla.mozilla.org/1211726 +user_pref("browser.urlbar.usepreloadedtopurls.enabled", false); // [DESKTOP] // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Security @@ -688,13 +899,6 @@ user_pref("network.dns.disableIPv6", true); // user_pref("network.http.spdy.enabled.http2", false); // user_pref("network.http.spdy.websockets", false); // ------------------------------------- -// Pref : Disable HTTP Alternative Services -// [SETUP-PERF] Relax this if you have FPI enabled and you understand the consequences. FPI isolates these, but it was designed with the Tor protocol in mind, and the Tor Browser has extra protection, including enhanced sanitizing per Identity. -// https://tools.ietf.org/html/rfc7838#section-9 -// https://www.mnot.net/blog/2016/03/09/alt-svc -// user_pref("network.http.altsvc.enabled", false); -// user_pref("network.http.altsvc.oe", false); -// ------------------------------------- // Pref : Enforce the proxy server to do any DNS lookups when using SOCKS // e.g. in Tor, this stops your local DNS server from knowing your Tor destination as a remote Tor node will handle the DNS request // http://kb.mozillazine.org/Network.proxy.socks_remote_dns @@ -702,10 +906,13 @@ user_pref("network.dns.disableIPv6", true); user_pref("network.proxy.socks_remote_dns", true); // ------------------------------------- // Pref : Remove paths when sending URLs to PAC scripts -// CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) // https://bugzilla.mozilla.org/1255474 user_pref("network.proxy.autoconfig_url.include_path", false); // [DEFAULT: false] // ------------------------------------- +// Pref : Defaulting Proxy settings +// user_pref("network.proxy.autoconfig_url", ""); // [DEFAULT: ""] +// user_pref("network.proxy.socks_version", 5); // [DEFAULT: 5] +// ------------------------------------- // Pref : Disable (or setup) DNS-over-HTTPS (DoH) // TRR = Trusted Recursive Resolver // .mode: 0=off, 1=race, 2=TRR first, 3=TRR only, 4=race for stats, but always use native result @@ -722,6 +929,22 @@ user_pref("network.trr.uri", ""); // https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity // https://wiki.mozilla.org/Security/Subresource_Integrity user_pref("security.sri.enable", true); // [DEFAULT: true] +// ------------------------------------- +// Pref : Disable using UNC (Uniform Naming Convention) paths +// https://trac.torproject.org/projects/tor/ticket/26424 +user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF] // [DESKTOP] +// ------------------------------------- +// Pref : Disable HTTP Alternative Services +// https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/#comment-3970881 +// https://www.mnot.net/blog/2016/03/09/alt-svc +user_pref("network.http.altsvc.enabled", false); // [DESKTOP] +user_pref("network.http.altsvc.oe", false); // [DESKTOP] +// ------------------------------------- +// Pref : Disallow NTLMv1 +// https://bugzilla.mozilla.org/show_bug.cgi?id=828183 +user_pref("network.negotiate-auth.allow-insecure-ntlm-v1", false); // [DESKTOP] +// It is still allowed through HTTPS. uncomment the following to disable it completely. +// user_pref("network.negotiate-auth.allow-insecure-ntlm-v1-https", false); // [DESKTOP] // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : HTTPS (SSL/TLS / OCSP / Certs / HPKP / Ciphers) @@ -779,8 +1002,7 @@ user_pref("security.OCSP.require", true); // [NOTE] OCSP is vulnerable to replay attacks when nonce is not configured on the OCSP responder // [NOTE] OCSP adds latency (performance) // [NOTE] Short-lived certificates are not checked for revocation (security.pki.cert_short_lifetime_in_days, default:10) -// CIS Version 1.2.0 October 21st, 2011 2.2.4 -user_pref("security.OCSP.enabled", 0); +user_pref("security.OCSP.enabled", 1); // ------------------------------------- // Pref : Enable OCSP Stapling support // Stapling have the site itself proof that his certificate is good through the CA so apparently nothing is leaked in this case. @@ -829,10 +1051,40 @@ user_pref("security.mixed_content.block_object_subrequest", true); // http://en.citizendium.org/wiki/Meet-in-the-middle_attack // https://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html user_pref("security.ssl3.rsa_des_ede3_sha", false); +user_pref("security.ssl3.dhe_dss_des_ede3_sha", false); // [DESKTOP] +user_pref("security.ssl3.dhe_rsa_des_ede3_sha", false); // [DESKTOP] +user_pref("security.ssl3.ecdh_ecdsa_des_ede3_sha", false); // [DESKTOP] +user_pref("security.ssl3.ecdh_rsa_des_ede3_sha", false); // [DESKTOP] +user_pref("security.ssl3.ecdhe_ecdsa_des_ede3_sha", false); // [DESKTOP] +user_pref("security.ssl3.ecdhe_rsa_des_ede3_sha", false); // [DESKTOP] +user_pref("security.ssl3.rsa_fips_des_ede3_sha", false); // [DESKTOP] // ------------------------------------- -// Pref : Disable 128 bits -user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); -user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); +// Pref : Disable 40/56/128-bit ciphers +user_pref("security.ssl3.rsa_rc4_40_md5", false); // 40-bit // [DESKTOP] +user_pref("security.ssl3.rsa_rc2_40_md5", false); // 40-bit // [DESKTOP] +user_pref("security.ssl3.rsa_1024_rc4_56_sha", false); // 56-bit // [DESKTOP] +user_pref("security.ssl3.rsa_camellia_128_sha", false); // 128-bit // [DESKTOP] +user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); // 128-bit +user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // 128-bit +user_pref("security.ssl3.ecdh_rsa_aes_128_sha", false); // 128-bit // [DESKTOP] +user_pref("security.ssl3.ecdh_ecdsa_aes_128_sha", false); // 128-bit // [DESKTOP] +user_pref("security.ssl3.dhe_rsa_camellia_128_sha", false); // 128-bit // [DESKTOP] +user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); // 128-bit // [DESKTOP] +// ------------------------------------- +// Pref : Disable 256 bits ciphers without PFS +user_pref("security.ssl3.rsa_camellia_256_sha", false); // [DESKTOP] +// ------------------------------------- +// Pref : Disable SEED cipher +// https://en.wikipedia.org/wiki/SEED +user_pref("security.ssl3.rsa_seed_sha", false); // [DESKTOP] +// ------------------------------------- +// Pref : Disable null ciphers +user_pref("security.ssl3.rsa_null_sha", false); // [DESKTOP] +user_pref("security.ssl3.rsa_null_md5", false); // [DESKTOP] +user_pref("security.ssl3.ecdhe_rsa_null_sha", false); // [DESKTOP] +user_pref("security.ssl3.ecdhe_ecdsa_null_sha", false); // [DESKTOP] +user_pref("security.ssl3.ecdh_rsa_null_sha", false); // [DESKTOP] +user_pref("security.ssl3.ecdh_ecdsa_null_sha", false); // [DESKTOP] // ------------------------------------- // Pref : Enable GCM ciphers (TLSv1.2 only) // https://en.wikipedia.org/wiki/Galois/Counter_Mode @@ -855,12 +1107,39 @@ user_pref("security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256", true); // Pref : Disable DHE (Diffie-Hellman Key Exchange) // https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); -user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); // ------------------------------------- // Pref : Fallbacks due compatibility reasons user_pref("security.ssl3.rsa_aes_128_sha", true); user_pref("security.ssl3.rsa_aes_256_sha", true); // ------------------------------------- +// Pref : Disable ciphers with DSA (max 1024 bits) +user_pref("security.ssl3.dhe_dss_aes_128_sha", false); // [DESKTOP] +user_pref("security.ssl3.dhe_dss_aes_256_sha", false); // [DESKTOP] +user_pref("security.ssl3.dhe_dss_camellia_128_sha", false); // [DESKTOP] +user_pref("security.ssl3.dhe_dss_camellia_256_sha", false); // [DESKTOP] +// ------------------------------------- +// Pref : Disable ciphers susceptible to the logjam attack +// https://weakdh.org/ +user_pref("security.ssl3.dhe_rsa_camellia_256_sha", false); // [DESKTOP] +user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); // [DESKTOP] +// ------------------------------------- +// Pref : Disable ciphers with ECDH (non-ephemeral) +user_pref("security.ssl3.ecdh_rsa_aes_256_sha", false); // [DESKTOP] +user_pref("security.ssl3.ecdh_ecdsa_aes_256_sha", false); // [DESKTOP] +// ------------------------------------- +// Pref : Disable RC4 +// https://developer.mozilla.org/en-US/Firefox/Releases/38#Security +// https://bugzilla.mozilla.org/show_bug.cgi?id=1138882 +// https://rc4.io/ +// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566 +user_pref("security.ssl3.ecdh_ecdsa_rc4_128_sha", false); // [DESKTOP] +user_pref("security.ssl3.ecdh_rsa_rc4_128_sha", false); // [DESKTOP] +user_pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); // [DESKTOP] +user_pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); // [DESKTOP] +user_pref("security.ssl3.rsa_rc4_128_md5", false); // [DESKTOP] +user_pref("security.ssl3.rsa_rc4_128_sha", false); // [DESKTOP] +user_pref("security.tls.unrestricted_rc4_fallback", false); // [DESKTOP] +// ------------------------------------- // Pref : Warn the user when server doesn't support RFC 5746 ("safe" renegotiation) // https://wiki.mozilla.org/Security:Renegotiation#security.ssl.treat_unsafe_negotiation_as_broken // https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555 @@ -925,7 +1204,6 @@ user_pref("signon.autofillForms.http", false); user_pref("security.insecure_field_warning.contextual.enabled", true); // ------------------------------------- // Pref : Disable password manager -// CIS Version 1.2.0 October 21st, 2011 2.5.2 // [NOTE] This does not clear any passwords already saved user_pref("signon.rememberSignons", false); user_pref("signon.debug", false); @@ -1057,8 +1335,28 @@ user_pref("browser.sessionstore.interval", 30000); user_pref("alerts.showFavicons", false); // ------------------------------------- // Pref : Delete Search and Form History -// CIS Version 1.2.0 October 21st, 2011 2.5.6 user_pref("browser.formfill.expire_days", 0); +// ------------------------------------- +// Pref : Disable favicons in shortcuts +// URL shortcuts use a cached randomly named .ico file which is stored in your profile/shortcutCache directory. The .ico remains after the shortcut is deleted. +// false=shortcuts use a generic Firefox icon +user_pref("browser.shell.shortcutFavicons", false); // [DESKTOP] +// ------------------------------------- +// Pref : Display "insecure" icon and "Not Secure" text on HTTP sites +user_pref("security.insecure_connection_icon.enabled", true); // [DESKTOP] +user_pref("security.insecure_connection_text.enabled", true); // [DESKTOP] +// user_pref("security.insecure_connection_icon.pbmode.enabled", true); // Private windows only // [DESKTOP] +// user_pref("security.insecure_connection_text.pbmode.enabled", true); // Private windows only // [DESKTOP] +// ------------------------------------- +// Pref : Enable insecure password warnings (login forms in non-HTTPS pages) +// https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please/ +// https://bugzilla.mozilla.org/show_bug.cgi?id=1319119 +// https://bugzilla.mozilla.org/show_bug.cgi?id=1217156 +user_pref("security.insecure_password.ui.enabled", true); // [DESKTOP] +// ------------------------------------- +// Pref : Disable automatic Firefox start and session restore after reboot +// https://bugzilla.mozilla.org/603903 +user_pref("toolkit.winRegisterApplicationRestart", false); // [WINDOWS] // [DESKTOP] // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Geolocation @@ -1077,7 +1375,7 @@ user_pref("browser.search.geoSpecificDefaults.url", ""); user_pref("browser.snippets.geoUrl", ""); // user_pref("browser.search.geoip.timeout", 0); // ------------------------------------- -// Pref : Set language to match +// Pref : Set Accept-Language HTTP header user_pref("intl.accept_languages", "en-US, en"); // ------------------------------------- // Pref : Use APP locale over OS locale in regional preferences @@ -1087,6 +1385,15 @@ user_pref("intl.regional_prefs.use_os_locales", false); // Pref : Enforce US English locale regardless of the system locale // https://bugzilla.mozilla.org/867501 user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] +// ------------------------------------- +// Pref : Disable using the OS's geolocation service +user_pref("geo.provider.ms-windows-location", false); // [WINDOWS] // [DESKTOP] +user_pref("geo.provider.use_corelocation", false); // [MAC] // [DESKTOP] +user_pref("geo.provider.use_gpsd", false); // [LINUX] // [DESKTOP] +user_pref("geo.wifi.uri", ""); // [DESKTOP] +// ------------------------------------- +// Pref : Disable logging geolocation to the console +user_pref("geo.wifi.logging.enabled", false); // [HIDDEN PREF] // [DESKTOP] // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Fonts @@ -1108,7 +1415,7 @@ user_pref("browser.display.use_document_fonts", 0); // Pref : Disable icon fonts (glyphs) and local fallback rendering // https://bugzilla.mozilla.org/789788 // https://trac.torproject.org/projects/tor/ticket/8455 -user_pref("gfx.downloadable_fonts.enabled", false); +// user_pref("gfx.downloadable_fonts.enabled", false); // user_pref("gfx.downloadable_fonts.fallback_delay", 0); // ------------------------------------- // Pref : Disable WOFF2 (Web Open Font Format) @@ -1156,8 +1463,8 @@ user_pref("media.gmp-manager.certs.1.issuerName", ""); user_pref("media.gmp-manager.certs.1.commonName", ""); user_pref("media.gmp-manager.certs.2.issuerName", ""); user_pref("media.gmp-manager.certs.2.commonName", ""); -user_pref("media.gmp-manager.url", "data:text/plain,"); -user_pref("media.gmp-manager.url.override", "data:text/plain,"); +user_pref("media.gmp-manager.url", ""); +user_pref("media.gmp-manager.url.override", ""); // ------------------------------------- // Pref : Disable all DRM content (EME: Encryption Media Extension) // https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next @@ -1168,7 +1475,32 @@ user_pref("media.eme.enabled", false); user_pref("media.gmp-gmpopenh264.enabled", false); // ------------------------------------- // Pref : Disable widevine CDM (Content Decryption Module) -user_pref("media.mediadrm-widevinecdm.visible", false); // [DEFAULT: true] +user_pref("media.gmp-widevinecdm.enabled", false); // [DESKTOP] +user_pref("media.gmp-widevinecdm.visible", false); // [DESKTOP] +user_pref("media.mediadrm-widevinecdm.visible", false); // [DEFAULT: true] // [FENNEC] +// ------------------------------------- +// Pref : Disable Flash plugin +// 0=deactivated, 1=ask, 2=enabled +// [NOTE] You can still override individual sites via site permissions +// https://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/ +user_pref("plugin.state.flash", 0); // [DESKTOP] +// ------------------------------------- +// Pref : Disable Java plugin +// 0=deactivated, 1=ask, 2=enabled +// https://bugzilla.mozilla.org/1461243 +user_pref("plugin.state.java", 0); // [DESKTOP] +// ------------------------------------- +// Pref : Disable Gnome Shell Integration NPAPI plugin +user_pref("plugin.state.libgnome-shell-browser-plugin",0); // [DESKTOP] +// ------------------------------------- +// Pref : Enable Auto Notification of Outdated Plugins +// https://wiki.mozilla.org/Firefox3.6/Plugin_Update_Awareness_Security_Review +// https://hg.mozilla.org/mozilla-central/rev/304560 +user_pref("plugins.update.notifyUser", true); // [DESKTOP] +// ------------------------------------- +// Pref : Disable Shumway (Mozilla Flash renderer) +// https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Shumway +user_pref("shumway.disabled", true); // [DESKTOP] // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Blocklists / Safe Browsing / Tracking Protection @@ -1179,7 +1511,7 @@ user_pref("media.mediadrm-widevinecdm.visible", false); // [DEFAULT: true] // http://kb.mozillazine.org/Extensions.blocklist.enabled // http://kb.mozillazine.org/Extensions.blocklist.url // https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ -// Updated at interval defined in extensions.blocklist.interval (default: 86400) +user_pref("services.blocklist.update_enabled", true); // [DESKTOP] user_pref("extensions.blocklist.enabled", true); // ------------------------------------- // Pref : Decrease system information leakage to Mozilla blocklist update servers @@ -1192,6 +1524,7 @@ user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozi user_pref("extensions.getAddons.cache.enabled", false) // ------------------------------------- // Pref : Disable Google Safe Browsing (Block dangerous and deceptive contents) +user_pref("browser.safebrowsing.enabled", false); // [DESKTOP] user_pref("browser.safebrowsing.allowOverride", false); user_pref("browser.safebrowsing.blockedURIs.enabled", false); user_pref("browser.safebrowsing.debug", false); @@ -1247,10 +1580,61 @@ user_pref("privacy.trackingprotection.lower_network_priority", false); // Pref : Disable passive Tracking Protection in all windows user_pref("privacy.trackingprotection.enabled", false); user_pref("privacy.trackingprotection.pbmode.enabled", false); +// ------------------------------------- +// Pref : Disable PingCentre telemetry (used in several System Add-ons) +// Currently blocked by 'datareporting.healthreport.uploadEnabled' +user_pref("browser.ping-centre.telemetry", false); // [DESKTOP] +// +// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> +// Section : System add-ons / Experiments +// >>>>>>>>>>>>>>>>>>>> +// Pref : Disable System Add-on updates +// https://firefox-source-docs.mozilla.org/toolkit/mozapps/extensions/addon-manager/SystemAddons.html +// https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/ +// https://github.com/pyllyukko/user.js/issues/419 +// https://dxr.mozilla.org/mozilla-central/source/toolkit/mozapps/extensions/AddonManager.jsm#1248-1257 +// [NOTE] Disabling system add-on updates prevents Mozilla from "hotfixing" your browser to patch critical problems (one possible use case from the documentation) +user_pref("extensions.systemAddon.update.enabled", false); // [DESKTOP] +user_pref("extensions.systemAddon.update.url", ""); +// ------------------------------------- +// Pref : Disable Experiments +// https://wiki.mozilla.org/Telemetry/Experiments +// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1420908,1450801 +user_pref("experiments.enabled", false); // [DESKTOP] +user_pref("experiments.manifest.uri", ""); // [DESKTOP] +user_pref("experiments.supported", false); // [DESKTOP] +user_pref("experiments.activeExperiment", false); // [DESKTOP] +// ------------------------------------- +// Pref : Disable Mozilla permission to silently opt you into tests +// https://bugzilla.mozilla.org/1415625 +user_pref("network.allow-experiments", false); // [DESKTOP] +// ------------------------------------- +// Pref : Disable Normandy/Shield +// Shield is an telemetry system (including Heartbeat) that can also push and test "recipes" +// https://wiki.mozilla.org/Firefox/Shield +// https://github.com/mozilla/normandy +user_pref("app.normandy.enabled", false); // [DESKTOP] +user_pref("app.normandy.api_url", ""); // [DESKTOP] +// ------------------------------------- +// Pref : Disable Form Autofill +// [NOTE] Stored data is NOT secure (uses a JSON file) +// [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes +// https://wiki.mozilla.org/Firefox/Features/Form_Autofill +// https://www.ghacks.net/2017/05/24/firefoxs-new-form-autofill-is-awesome/ +user_pref("extensions.formautofill.addresses.enabled", false); // [DESKTOP] +user_pref("extensions.formautofill.available", "off"); // [DESKTOP] +user_pref("extensions.formautofill.creditCards.enabled", false); // [DESKTOP] +user_pref("extensions.formautofill.heuristics.enabled", false); // [DESKTOP] // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Persistent Storage // >>>>>>>>>>>>>>>>>>>> +// Pref : Delete cookies and site data on close +// 0=keep until they expire (default), 2=keep until you close Firefox +// [NOTE] Use "Cookie AutoDelete" extension to manage your cookies +// https://addons.mozilla.org/en-US/firefox/addon/cookie-autodelete/ +// user_pref("network.cookie.lifetimePolicy", 2); +// ------------------------------------- // Pref : Disable 3rd-party cookies and site-data // [NOTE] Can breaks payment gateways user_pref("network.cookie.cookieBehavior", 1); @@ -1262,11 +1646,6 @@ user_pref("network.cookie.cookieBehavior", 1); user_pref("network.cookie.thirdparty.sessionOnly", true); user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // ------------------------------------- -// Pref : Delete cookies and site data on close -// 0=keep until they expire (default), 1=user is prompted, 2=keep until you close Firefox -// [NOTE] The setting below is disabled (but not changed) if you block all cookies -// user_pref("network.cookie.lifetimePolicy", 2); -// ------------------------------------- // Pref : Disable HTTP sites setting cookies with the "secure" directive // https://developer.mozilla.org/Firefox/Releases/52#HTTP user_pref("network.cookie.leave-secure-alone", true); // [DEFAULT: true] @@ -1306,7 +1685,7 @@ user_pref("browser.offline-apps.notify", false); // [DEFAULT: true] // ------------------------------------- // Pref : Disable service workers cache and cache storage // https://w3c.github.io/ServiceWorker/#privacy -user_pref("dom.caches.enabled", false); +// user_pref("dom.caches.enabled", false); // ------------------------------------- // Pref : Disable Storage API // The API gives sites the ability to find out how much space they can use, how much they are already using, and even control whether or not they need to be alerted before the user agent disposes of site data in order to make room for other things. @@ -1323,6 +1702,38 @@ user_pref("dom.storage_access.enabled", false); // https://support.mozilla.org/questions/1098540 // https://bugzilla.mozilla.org/959985 user_pref("offline-apps.allow_by_default", false); // [DEFAULT: true] +// ------------------------------------- +// Pref : Disable download history +user_pref("browser.download.manager.retention", 0); // [DESKTOP] +// ------------------------------------- +// Pref : When browser.fixup.alternate.enabled is enabled, strip password from 'user:password@...' URLs +// https://github.com/pyllyukko/user.js/issues/290#issuecomment-303560851 +user_pref("browser.fixup.hide_user_pass", true); // [DESKTOP] +// ------------------------------------- +// Pref : Enable Firefox to clear items on shutdown +user_pref("privacy.sanitize.sanitizeOnShutdown", true); // [DESKTOP] +// ------------------------------------- +// Pref : Set what items to clear when Firefox closes +// https://support.mozilla.org/en-US/kb/Clear%20Recent%20History#w_how-do-i-make-firefox-clear-my-history-automatically +// [NOTE] Installing user.js will remove your browsing history, caches and local storage. +// [NOTE] Installing user.js **will remove your saved passwords** (https://github.com/pyllyukko/user.js/issues/27) +// [NOTE] Clearing open windows on Firefox exit causes 2 windows to open when Firefox starts https://bugzilla.mozilla.org/show_bug.cgi?id=1334945 +// [NOTE] If 'history' is true, downloads will also be cleared regardless of the value +user_pref("privacy.clearOnShutdown.cache", true); // [DESKTOP] +user_pref("privacy.clearOnShutdown.cookies", false); // [DESKTOP] +user_pref("privacy.clearOnShutdown.downloads", false); // [DESKTOP] +user_pref("privacy.clearOnShutdown.formdata", true); // [DESKTOP] +user_pref("privacy.clearOnShutdown.history", false); // [DESKTOP] +user_pref("privacy.clearOnShutdown.offlineApps", true); // [DESKTOP] +user_pref("privacy.clearOnShutdown.sessions", true); // [DESKTOP] +user_pref("privacy.clearOnShutdown.siteSettings", false); // [DESKTOP] +// user_pref("privacy.clearOnShutdown.openWindows", true); // [DESKTOP] +// ------------------------------------- +// Pref : Reset default 'Time range to clear' for 'Clear Recent History' +// Firefox remembers your last choice. This will reset the value when you start Firefox. +// 0=everything, 1=last hour, 2=last two hours, 3=last four hours, 4=today, 5=last five minutes, 6=last twenty-four hours +// [NOTE] The values 5 + 6 are not listed in the dropdown, which will display a blank value if they are used, but they do work as advertised +user_pref("privacy.sanitize.timeSpan", 0); // [DESKTOP] // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Headers / Referers @@ -1375,6 +1786,18 @@ user_pref("privacy.donottrackheader.enabled", false); // [DEFAULT: true] // https://bugzilla.mozilla.org/show_bug.cgi?id=1333933 user_pref("privacy.resistFingerprinting", true); // [DEFAULT: false] // ------------------------------------- +// Pref : Disable mozAddonManager Web API +// [NOTE] As a side-effect allowed extensions to work on AMO. You also need to sanitize or clear extensions.webextensions.restrictedDomains to keep that side-effect +// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 +user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF] // [DESKTOP] +// ------------------------------------- +// Pref : Enable RFP letterboxing +// Dynamically resizes the inner window by applying letterboxing, using dimensions which waste the least content area, If you use the dimension pref, then it will only apply those resolutions. The format is "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000, 1600x900") +// [WARNING] The dimension pref is only meant for testing, and we recommend you DO NOT USE it +// https://bugzilla.mozilla.org/1407366 +user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] // [DESKTOP] +// user_pref("privacy.resistFingerprinting.letterboxing.dimensions", ""); // [HIDDEN PREF] // [DESKTOP] +// ------------------------------------- // Pref : Disable WebRTC, getUserMedia, screen sharing, audio capture, video capture // https://wiki.mozilla.org/Media/getUserMedia // https://blog.mozilla.org/futurereleases/2013/01/12/capture-local-camera-and-microphone-streams-with-getusermedia-now-enabled-in-firefox/ @@ -1484,6 +1907,20 @@ user_pref("dom.webaudio.enabled", false); // [DEFAULT: true] // https://github.com/WICG/media-capabilities // https://wicg.github.io/media-capabilities/#security-privacy-considerations // user_pref("media.media-capabilities.enabled", false); // [DEFAULT: true] +// ------------------------------------- +// Pref : Disable showing about:blank as soon as possible during startup +// true=no longer masks the RFP chrome resizing activity +// https://bugzilla.mozilla.org/1448423 +user_pref("browser.startup.blankWindow", false); // [DESKTOP] +// ------------------------------------- +/// Pref : Disable network API +// https://developer.mozilla.org/en-US/docs/Web/API/Connection/onchange +// https://www.torproject.org/projects/torbrowser/design/#fingerprinting-defenses +user_pref("dom.network.enabled", false); // [DESKTOP] +// ------------------------------------- +// Pref : Disable telephony API +// https://wiki.mozilla.org/WebAPI/Security/WebTelephony +user_pref("dom.telephony.enabled", false); // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Personal @@ -1497,6 +1934,11 @@ user_pref("browser.ui.zoom.force-user-scalable", true); // [DEFAULT: false] // http://kb.mozillazine.org/Disabling_autocomplete_-_Firefox#Firefox_3.5 user_pref("browser.urlbar.autocomplete.enabled", false); // [DEFAULT: true] // ------------------------------------- +// Pref : Disable inline autocomplete in URL bar +// http://kb.mozillazine.org/Inline_autocomplete +user_pref("browser.urlbar.autoFill", false); // [DESKTOP] +user_pref("browser.urlbar.autoFill.typed", false); // [DESKTOP] +// ------------------------------------- // Pref : Set bookmarks backups // To compensate for the case of bookmarks being lost due to a system crash. // http://kb.mozillazine.org/Browser.bookmarks.max_backups @@ -1506,5 +1948,11 @@ user_pref("browser.bookmarks.max_backups", 0); // [DEFAULT: 5] // 0=sync always, 1=sync only when on wifi user_pref("home.sync.updateMode", 1); // [DEFAULT: 0] // [FENNEC] // user_pref("home.sync.checkIntervalSecs", 3600); // [FENNEC] +// ------------------------------------- +// Pref : Middle-click mouse enabling auto-scrolling +user_pref("general.autoScroll",true); // [DESKTOP] +// ------------------------------------- +// Pref : Displaying small density by default +// user_pref("browser.uidensity", 1); // [DEFAULT: 0] // [DESKTOP] // //