Update user.js

 Fixed credits section and added CHEF-KOCH
 Added some descriptions 
 Sanitized URL to update user addons
 reEnabled OCSP
 Enabled  display "insecure" icon and "Not Secure" text on HTTP sites (DESKTOP)
 Enabled insecure password warnings (DESKTOP)
 reEnabled icon font (for better user experience)
 Enabled Auto Notification of Outdated Plugins (DESKTOP)
 reEnabled cache storage
 Enabled Firefox to clear items on shutdown (DESKTOP)
 Enabled ResistFingerprint letterboxing (DESKTOP)
 Enabled middle-click mouse enabling auto-scrolling (DESKTOP)
ℹ️ Imported various config. prefs from Desktop to prevent future changes by Mozilla (DESKTOP)

️ Disabled default browser check (DESKTOP)
️ Disabled extension recommendations (DESKTOP)
️ Disabled various Activity Stream content (DESKTOP)
️ Disabled new tab tile ads & preload (DESKTOP)
️ Disabled more telemetry (DESKTOP)
️ Disabled Telemetry Coverage (DESKTOP)
️ Disabled health report (DESKTOP)
️ Disabled Crash Reports (DESKTOP)
️ Disabled Opt-out of themes updates (DESKTOP)
️ Disabled Studies and SHIELD (DESKTOP)
️ Disabled Heartbeat (DESKTOP)
️ Disabled about:addons Get Add-ons panel (DESKTOP)
️ Disabled Firefox Hello metrics collection (DESKTOP)
️ Blocked more unwanted connections
️ Disabled Webextensions sync (DESKTOP)
️ Disabled WebIDE and ADB extension download (DESKTOP)
️ Disabled Pocket (DESKTOP)
️ Disabled built-in PDF reader (DESKTOP)
️ Disabled exposure of system colors to CSS or canvas (DESKTOP)
️ Disabled Scripting of Plugins by JavaScript (DESKTOP)
️ Disabled JAR from opening Unsafe File Types (DESKTOP)
️ Disabled displaying Javascript in History URLs (DESKTOP)
️ Locked web content in file processes (DESKTOP)
️ Masked build ID (DESKTOP)
️ Disabled Archive API (DESKTOP)
️ Disabled screensharing (DESKTOP)
️ Disabled face detection (DESKTOP)
️ Disabled completely autoplay
️ Disabled Windows jumplist (WINDOWS)
️ Disabled Windows taskbar preview (WINDOWS)
️ Disabled UITour backend (DESKTOP)
️ Disabled location bar making speculative connections (DESKTOP)
️ Disabled location bar suggesting "preloaded" top websites (DESKTOP)
️ Disabled using UNC (Uniform Naming Convention) paths (DESKTOP)
️ Disabled HTTP Alternative Services (DESKTOP)
️ Disallowed NTLMv1 (DESKTOP)
️ Disabled more chipers (DESKTOP)
️ Disabled favicons in shortcuts (DESKTOP)
️ Disabled automatic Firefox start and session restore after reboot (DESKTOP)
️ Disabled using the OS's geolocation service (DESKTOP)
️ Disabled logging geolocation to the console (DESKTOP)
️ Disabled widevine CDM (DESKTOP)
️ Disabled Flash, Java, Gnome Shell Integration NPAPI plugins (DESKTOP)
️ Disabled Shumway (Mozilla Flash renderer) (DESKTOP)
️ Disabled PingCentre telemetry (DESKTOP)
️ Disabled System Add-on updates
️ Disabled Experiments (DESKTOP)
️ Disabled Mozilla permission to silently opt you into tests (DESKTOP)
️ Disabled Normandy/Shield (DESKTOP)
️ Disabled Form Autofill (DESKTOP)
️ Disabled mozAddonManager Web API (DESKTOP)
️ Disabled network API
️ Disabled inline autocomplete in URL bar (DESKTOP)

ℹ️ Set cache, formdata, offlineapps and sessions to clear when Firefox closes (DESKTOP)
ℹ️ Set new tab page "about:blank" (DESKTOP)
This commit is contained in:
quindecim 2019-05-14 07:29:30 +00:00 committed by GitHub
parent 56a9452c06
commit 5f1424fdbe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 508 additions and 60 deletions

568
user.js
View File

@ -1,19 +1,96 @@
// //
/****************************************************************************** /**********************************************************************************
* Fennec F-Droid | user.js * * user.js | Fennec F-Droid *
* * * *
* https://github.com/quindecim/fennec_user.js * * https://github.com/quindecim/fennec_user.js *
******************************************************************************/ *********************************************************************************/
// //
// Author : @quindecim // Author : quindecim : https://github.com/quindecim/
// //
// //
// Based on : gHacks: https://github.com/ghacksuserjs/ghacks-user.js // Based on : gHacks : https://github.com/ghacksuserjs/ghacks-user.js
// Librefox: https://github.com/intika/Librefox // Librefox : https://github.com/intika/Librefox
// pyllyukko: https://github.com/pyllyukko/user.js // pyllyukko : https://github.com/pyllyukko/user.js
// OrangeManBad: https://git.nixnet.xyz/OrangeManBad/user.js // OrangeManBad : https://git.nixnet.xyz/OrangeManBad/user.js
// CHEF-KOCH : https://github.com/CHEF-KOCH/FFCK/tree/master/user.js
// //
// License : https://github.com/quindecim/fennec_user.js/blob/master/LICENSE.txt // License : https://github.com/quindecim/fennec_user.js/blob/master/LICENSE.txt
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Startup
// >>>>>>>>>>>>>>>>>>>>>
// Pref : Disable default browser check
user_pref("browser.shell.checkDefaultBrowser", false); // [DESKTOP]
// -------------------------------------
// Pref : Set NEWTAB page
// true=Activity Stream, false=blank page
user_pref("browser.newtabpage.enabled", false); // [DESKTOP]
user_pref("browser.newtab.url", "about:blank"); // [DESKTOP]
// -------------------------------------
// Pref : Disable Extension recommendations
// https://support.mozilla.org/en-US/kb/extension-recommendations
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable Activity Stream
// https://wiki.mozilla.org/Firefox/Activity_Stream
user_pref("browser.newtabpage.activity-stream.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable Activity Stream Top Stories, Pocket-based and/or sponsored content
user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.section.topstories.options", ""); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.showSponsored", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false); // [DESKTOP]
// -------------------------------------
// Pref : Set HOME+NEWWINDOW page
user_pref("browser.startup.homepage", "about:blank"); // [DESKTOP]
// -------------------------------------
// Pref : Disable Activity Stream Snippets
// Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server
// https://abouthome-snippets-service.readthedocs.io/
user_pref("browser.aboutHomeSnippets.updateUrl", ""); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", ""); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.disableSnippets", true); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable Activity Stream telemetry
user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.telemetry", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.telemetry.ut.events", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable Activity Stream feeds
user_pref("browser.newtabpage.activity-stream.feeds.aboutpreferences", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.favicon", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.messagecenterfeed", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.migration", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.newtabinit", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.places", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.prefs", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.section.highlights", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.sections", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.systemtick", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.theme", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.feeds.topsites", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable Activity Stream (others)
user_pref("browser.newtabpage.activity-stream.messageCenterExperimentEnabled", false);
user_pref("browser.newtabpage.activity-stream.prerender", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.showSearch", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.showTopSites", false); // [DESKTOP]
user_pref("browser.newtabpage.activity-stream.tippyTop.service.endpoint", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable new tab tile ads & preload
// http://www.thewindowsclub.com/disable-remove-ad-tiles-from-firefox
// http://forums.mozillazine.org/viewtopic.php?p=13876331#p13876331
// https://wiki.mozilla.org/Tiles/Technical_Documentation#Ping
// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-source
// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-ping
user_pref("browser.newtabpage.enhanced", false); // [DESKTOP]
user_pref("browser.newtab.preload", false); // [DESKTOP]
user_pref("browser.newtabpage.directory.ping", ""); // [DESKTOP]
user_pref("browser.newtabpage.directory.source", "data:text/plain,{}"); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Quiet Fox // Section : Quiet Fox
// >>>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>>
@ -38,21 +115,39 @@ user_pref("dom.ipc.plugins.reportCrashURL", false);
user_pref("browser.casting.enabled", false); // [DEFAULT: true] user_pref("browser.casting.enabled", false); // [DEFAULT: true]
// ------------------------------------- // -------------------------------------
// Pref : Disable Telemetry // Pref : Disable Telemetry
// https://wiki.mozilla.org/Platform/Features/Telemetry
// https://wiki.mozilla.org/Privacy/Reviews/Telemetry
// https://wiki.mozilla.org/Telemetry
// https://www.mozilla.org/en-US/legal/privacy/firefox.html#telemetry
// https://support.mozilla.org/t5/Firefox-crashes/Mozilla-Crash-Reporter/ta-p/1715
// https://wiki.mozilla.org/Security/Reviews/Firefox6/ReviewNotes/telemetry
// https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/internals/preferences.html#id1
user_pref("toolkit.telemetry.enabled", false); user_pref("toolkit.telemetry.enabled", false);
user_pref("toolkit.telemetry.debugSlowSql", false); user_pref("toolkit.telemetry.debugSlowSql", false);
user_pref("toolkit.telemetry.reportingpolicy.firstRun", false); user_pref("toolkit.telemetry.reportingpolicy.firstRun", false);
user_pref("toolkit.telemetry.server", "data:,"); user_pref("toolkit.telemetry.server", "data:,");
user_pref("toolkit.telemetry.server_owner", ""); user_pref("toolkit.telemetry.server_owner", "");
user_pref("toolkit.telemetry.unified", false); user_pref("toolkit.telemetry.unified", false);
user_pref("toolkit.telemetry.archive.enabled", false); // [DESKTOP]
user_pref("toolkit.telemetry.cachedClientID", ""); // [DESKTOP]
user_pref("toolkit.telemetry.newProfilePing.enabled", false); // [DESKTOP]
user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); // [DESKTOP]
user_pref("toolkit.telemetry.updatePing.enabled", false); // [DESKTOP]
user_pref("toolkit.telemetry.bhrPing.enabled", false); // [DESKTOP]
user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // [DESKTOP]
user_pref("toolkit.telemetry.hybridContent.enabled", false); // [DESKTOP]
// ------------------------------------- // -------------------------------------
// Pref : Disable Telemetry Coverage // Pref : Disable Telemetry Coverage
// https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/ // https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/
user_pref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF] user_pref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF] // [DESKTOP]
user_pref("toolkit.coverage.opt-out", true); // [HIDDEN PREF] user_pref("toolkit.coverage.opt-out", true); // [HIDDEN PREF] // [DESKTOP]
user_pref("toolkit.coverage.endpoint.base", ""); // [DESKTOP]
// ------------------------------------- // -------------------------------------
// Pref : Disable collection/sending of the health report (healthreport.sqlite*) // Pref : Disable collection/sending of the health report (healthreport.sqlite*)
user_pref("datareporting.policy.currentPolicyVersion", 0); user_pref("datareporting.healthreport.uploadEnabled", false); // [DESKTOP]
user_pref("datareporting.healthreport.service.enabled", false); // [DESKTOP]
user_pref("datareporting.policy.dataSubmissionEnabled", false); user_pref("datareporting.policy.dataSubmissionEnabled", false);
user_pref("datareporting.policy.currentPolicyVersion", 0);
user_pref("datareporting.policy.currentPolicyAcceptedVersion", 0); user_pref("datareporting.policy.currentPolicyAcceptedVersion", 0);
user_pref("datareporting.policy.dataSubmissionPolicyAcceptedVersion", 0); user_pref("datareporting.policy.dataSubmissionPolicyAcceptedVersion", 0);
user_pref("datareporting.policy.dataSubmissionPolicyBypassNotification", false); user_pref("datareporting.policy.dataSubmissionPolicyBypassNotification", false);
@ -84,6 +179,8 @@ user_pref("browser.discovery.enabled", false); // [DEFAULT: false]
// ------------------------------------- // -------------------------------------
// Pref : Disable Crash Reports // Pref : Disable Crash Reports
user_pref("breakpad.reportURL", ""); user_pref("breakpad.reportURL", "");
user_pref("browser.tabs.crashReporting.sendReport", false); // [DESKTOP]
user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // [DESKTOP]
// ------------------------------------- // -------------------------------------
// Pref : Disable automatic captive portal detection // Pref : Disable automatic captive portal detection
// https://en.wikipedia.org/wiki/Captive_portal // https://en.wikipedia.org/wiki/Captive_portal
@ -103,6 +200,10 @@ user_pref("network.connectivity-service.IPv6.url", "");
user_pref("network.connectivity-service.DNSv4.domain", ""); user_pref("network.connectivity-service.DNSv4.domain", "");
user_pref("network.connectivity-service.DNSv6.domain", ""); user_pref("network.connectivity-service.DNSv6.domain", "");
// ------------------------------------- // -------------------------------------
// Pref : Opt-out of themes (Persona) updates
// https://support.mozilla.org/t5/Firefox/how-do-I-prevent-autoamtic-updates-in-a-50-user-environment/td-p/144287
user_pref("lightweightThemes.update.enabled",false); // [DESKTOP]
// -------------------------------------
// Pref : Disable auto updating of lightweight themes (LWT) // Pref : Disable auto updating of lightweight themes (LWT)
// Not to be confused with themes, which use the Theme API // Not to be confused with themes, which use the Theme API
// Mozilla plan to convert existing LWTs and remove LWT support in the future // Mozilla plan to convert existing LWTs and remove LWT support in the future
@ -110,6 +211,27 @@ user_pref("network.connectivity-service.DNSv6.domain", "");
user_pref("lightweightThemes.persisted.headerURL", false); user_pref("lightweightThemes.persisted.headerURL", false);
user_pref("lightweightThemes.persistedThemeID", ""); // [FENNEC] user_pref("lightweightThemes.persistedThemeID", ""); // [FENNEC]
user_pref("lightweightThemes.selectedThemeID", ""); // [FENNEC] user_pref("lightweightThemes.selectedThemeID", ""); // [FENNEC]
// -------------------------------------
// Pref : Disable Studies and SHIELD
// [NOTE] This pref has no effect when Health Reports are disabled
user_pref("app.shield.optoutstudies.enabled", false); // [DESKTOP]
user_pref("extensions.shield-recipe-client.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable backlogged Crash Reports
user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable Heartbeat (Mozilla user rating telemetry)
// https://wiki.mozilla.org/Advocacy/heartbeat
// https://trac.torproject.org/projects/tor/ticket/19047
user_pref("browser.selfsupport.url", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable about:addons Get Add-ons panel (uses Google Analytics)
user_pref("extensions.getAddons.showPane", false); // [HIDDEN PREF] // [DESKTOP]
user_pref("extensions.webservice.discoverURL", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable Firefox Hello metrics collection
// https://groups.google.com/d/topic/mozilla.dev.platform/nyVkCx-_sFw/discussion
user_pref("loop.logDomains",false); // [DESKTOP]
// //
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : IJWY To Shut Up // Section : IJWY To Shut Up
@ -125,8 +247,13 @@ user_pref("app.privacyURL", ""); // [FENNEC]
user_pref("app.releaseNotesURL", ""); user_pref("app.releaseNotesURL", "");
user_pref("app.support.baseURL", ""); user_pref("app.support.baseURL", "");
user_pref("app.supportURL", ""); // [FENNEC] user_pref("app.supportURL", ""); // [FENNEC]
user_pref("media.decoder-doctor.new-issue-endpoint", "");
user_pref("network.trr.confirmationNS", "");
user_pref("services.settings.default_signer", ""); // [DESKTOP]
user_pref("services.settings.server", ""); // [DESKTOP]
// ------------------------------------- // -------------------------------------
// Pref : Disable app from auto-update // Pref : Disable app from auto-update
user_pref("app.update.enabled", false);
user_pref("app.update.autodownload", ""); // [TEST] user_pref("app.update.autodownload", ""); // [TEST]
user_pref("app.update.channel", ""); // [TEST] user_pref("app.update.channel", ""); // [TEST]
user_pref("app.update.url.android", ""); user_pref("app.update.url.android", "");
@ -134,14 +261,17 @@ user_pref("app.update.url.android", "");
// user_pref("app.update.timerMinimumDelay", 0); // user_pref("app.update.timerMinimumDelay", 0);
// user_pref("app.update.url.android", "https://aus5.mozilla.org/update/4/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%MOZ_VERSION%/update.xml"); // [TEST] // user_pref("app.update.url.android", "https://aus5.mozilla.org/update/4/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%MOZ_VERSION%/update.xml"); // [TEST]
// ------------------------------------- // -------------------------------------
// Pref : Block unwanted connections
user_pref("media.decoder-doctor.new-issue-endpoint", "");
user_pref("network.trr.confirmationNS", "");
// -------------------------------------
// Pref : Test To Make FFox Silent // Pref : Test To Make FFox Silent
user_pref("security.content.signature.root_hash", ""); user_pref("security.content.signature.root_hash", "");
user_pref("urlclassifier.phishTable", ""); user_pref("urlclassifier.phishTable", "");
user_pref("urlclassifier.passwordAllowTable", ""); user_pref("urlclassifier.passwordAllowTable", "");
// -------------------------------------
// Pref : Disable FlyWeb (discovery of LAN/proximity IoT devices that expose a Web interface)
// https://wiki.mozilla.org/FlyWeb
// https://wiki.mozilla.org/FlyWeb/Security_scenarios
// https://docs.google.com/document/d/1eqLb6cGjDL9XooSYEEo7mE-zKQ-o-AuDTcEyNhfBMBM/edit
// http://www.ghacks.net/2016/07/26/firefox-flyweb
user_pref("dom.flyweb.enabled", false); // [DESKTOP]
// //
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Miscellaneous // Section : Miscellaneous
@ -154,8 +284,8 @@ user_pref("user.js.applied", true); // [FENNEC]
user_pref("extensions.update.enabled", true); user_pref("extensions.update.enabled", true);
user_pref("extensions.autoupdate.enabled", true); user_pref("extensions.autoupdate.enabled", true);
// ------------------------------------- // -------------------------------------
// Pref : Disable System Add-on updates // Pref : Decrease system information leakage to Mozilla addons update servers
user_pref("extensions.systemAddon.update.url", ""); user_pref("extensions.getAddons.search.browseURL", "https://addons.mozilla.org/%LOCALE%/android/search?q=%TERMS%"); // [URL SANITIZED]
// ------------------------------------- // -------------------------------------
// Pref : Disable Web Compatibility Reporter // Pref : Disable Web Compatibility Reporter
// Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla // Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla
@ -195,13 +325,16 @@ user_pref("browser.snippets.updateUrl", ""); // [FENNEC]
user_pref("browser.snippets.syncPromo.enabled", false); // [FENNEC] user_pref("browser.snippets.syncPromo.enabled", false); // [FENNEC]
// user_pref("browser.snippets.updateInterval", 0); // [FENNEC] // user_pref("browser.snippets.updateInterval", 0); // [FENNEC]
// ------------------------------------- // -------------------------------------
// Pref : Disable Webextensions sync
user_pref("webextensions.storage.sync.enabled", false); // [DESKTOP]
user_pref("webextensions.storage.sync.serverURL", ""); // [DESKTOP]
// -------------------------------------
// Pref : Force Punycode for Internationalized Domain Names // Pref : Force Punycode for Internationalized Domain Names
// http://kb.mozillazine.org/Network.IDN_show_punycode // http://kb.mozillazine.org/Network.IDN_show_punycode
// https://www.xudongz.com/blog/2017/idn-phishing/ // https://www.xudongz.com/blog/2017/idn-phishing/
// https://wiki.mozilla.org/IDN_Display_Algorithm // https://wiki.mozilla.org/IDN_Display_Algorithm
// https://en.wikipedia.org/wiki/IDN_homograph_attack // https://en.wikipedia.org/wiki/IDN_homograph_attack
// https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ // https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/
// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.6
user_pref("network.IDN_show_punycode", true); user_pref("network.IDN_show_punycode", true);
// ------------------------------------- // -------------------------------------
// Pref : Disable page thumbnail collection // Pref : Disable page thumbnail collection
@ -235,7 +368,6 @@ user_pref("network.manage-offline-status", false); // [DEFAULT: true]
// ------------------------------------- // -------------------------------------
// Pref : Set File URI Origin Policy // Pref : Set File URI Origin Policy
// http://kb.mozillazine.org/Security.fileuri.strict_origin_policy // http://kb.mozillazine.org/Security.fileuri.strict_origin_policy
// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.8
user_pref("security.fileuri.strict_origin_policy", true); user_pref("security.fileuri.strict_origin_policy", true);
// ------------------------------------- // -------------------------------------
// Pref : Disable SVG in OpenType fonts // Pref : Disable SVG in OpenType fonts
@ -248,8 +380,12 @@ user_pref("gfx.font_rendering.opentype_svg.enabled", false);
// http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ // http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/
user_pref("security.dialog_enable_delay", 700); user_pref("security.dialog_enable_delay", 700);
// ------------------------------------- // -------------------------------------
// Pref : Disable remote debugging // Pref : Disable WebIDE to prevent remote debugging and ADB extension download
user_pref("devtools.debugger.remote-enabled", false); user_pref("devtools.debugger.remote-enabled", false);
user_pref("devtools.webide.enabled", false); // [DESKTOP]
user_pref("devtools.webide.autoinstallADBExtension", false); // [DESKTOP]
user_pref("devtools.webide.autoinstallADBHelper", false); // [DESKTOP]
user_pref("devtools.webide.autoinstallFxdtAdapters", false); // [DESKTOP]
// ------------------------------------- // -------------------------------------
// Pref : Force local debugging // Pref : Force local debugging
// https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop // https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop
@ -335,11 +471,6 @@ user_pref("security.csp.enable", true); // [DEFAULT: true]
// https://www.fxsitecompat.com/en-CA/docs/2017/data-url-navigations-on-top-level-window-will-be-blocked/ // https://www.fxsitecompat.com/en-CA/docs/2017/data-url-navigations-on-top-level-window-will-be-blocked/
user_pref("security.data_uri.block_toplevel_data_uri_navigations", true); // [DEFAULT: true] user_pref("security.data_uri.block_toplevel_data_uri_navigations", true); // [DEFAULT: true]
// ------------------------------------- // -------------------------------------
// Pref : Block web content in file processes
// You may want to disable this for corporate or developer environments
// https://bugzilla.mozilla.org/1343184
// user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Enable only whitelisted URL protocol handlers // Pref : Enable only whitelisted URL protocol handlers
// http://kb.mozillazine.org/Network.protocol-handler.external-default // http://kb.mozillazine.org/Network.protocol-handler.external-default
// http://kb.mozillazine.org/Network.protocol-handler.warn-external-default // http://kb.mozillazine.org/Network.protocol-handler.warn-external-default
@ -378,6 +509,43 @@ user_pref("browser.firstrun.show.localepicker", false); // [DEFAULT: false]
// ------------------------------------- // -------------------------------------
// Pref : Disable sending console to logcat on release builds. // Pref : Disable sending console to logcat on release builds.
user_pref("consoleservice.logcat", false); // [FENNEC] user_pref("consoleservice.logcat", false); // [FENNEC]
// -------------------------------------
// Pref : Disable Pocket
// https://support.mozilla.org/en-US/kb/save-web-pages-later-pocket-firefox
// https://github.com/pyllyukko/user.js/issues/143
user_pref("browser.pocket.enabled", false); // [DESKTOP]
user_pref("extensions.pocket.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Lock web content in file processes
// https://bugzilla.mozilla.org/1343184
user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable Displaying Javascript in History URLs
// http://kb.mozillazine.org/Browser.urlbar.filter.javascript
user_pref("browser.urlbar.filter.javascript", true); // [DESKTOP]
// -------------------------------------
// Pref : Disable JAR from opening Unsafe File Types
// https://bugzilla.mozilla.org/1427726
user_pref("network.jar.open-unsafe-types", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable Firefox's built-in PDF reader
// This setting controls if the option "Display in Firefox" is available in the setting below and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With")
// PROS: pdfjs is lightweight, open source, and as secure/vetted as any pdf reader out there (more than most)
// Exploits are rare (1 serious case in 4 yrs), treated seriously and patched quickly.
// It doesn't break "state separation" of browser content (by not sharing with OS, independent apps).
// It maintains disk avoidance and application data isolation. It's convenient. You can still save to disk.
// CONS: You may prefer a different pdf reader for security reasons
// CAVEAT: JS can still force a pdf to open in-browser by bundling its own code (rare)
user_pref("pdfjs.disabled", true); // [DEFAULT: false] // [DESKTOP]
// -------------------------------------
// Pref : Disable Scripting of Plugins by JavaScript
// http://forums.mozillazine.org/viewtopic.php?f=7&t=153889
user_pref("security.xpconnect.plugin.unrestricted", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable exposure of system colors to CSS or canvas
// [NOTE] See second listed bug: may cause black on black for elements with undefined colors
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876
user_pref("ui.use_standins_for_native_colors", true); // [DESKTOP]
// //
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Web Workers // Section : Web Workers
@ -409,6 +577,9 @@ user_pref("dom.push.alwaysConnect", false);
user_pref("dom.push.debug", false); user_pref("dom.push.debug", false);
user_pref("dom.push.connection.enabled", false); user_pref("dom.push.connection.enabled", false);
user_pref("dom.push.userAgentID", ""); user_pref("dom.push.userAgentID", "");
// -------------------------------------
// Pref : Disable hiding mime types not associated with a plugin
user_pref("browser.download.hide_plugins_without_extensions", false); // [DESKTOP]
// //
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : DOM (Document Object Model) & Javascript // Section : DOM (Document Object Model) & Javascript
@ -433,7 +604,7 @@ user_pref("dom.vibrator.enabled", false);
// Pref : Disable clipboard commands (cut/copy) from "non-privileged" content // Pref : Disable clipboard commands (cut/copy) from "non-privileged" content
// This disables document.execCommand("cut"/"copy") to protect your clipboard // This disables document.execCommand("cut"/"copy") to protect your clipboard
// https://bugzilla.mozilla.org/1170911 // https://bugzilla.mozilla.org/1170911
user_pref("dom.allow_cut_copy", false); // [HIDDEN PREF] // user_pref("dom.allow_cut_copy", false); // [HIDDEN PREF]
// ------------------------------------- // -------------------------------------
// Pref : Disable asm.js // Pref : Disable asm.js
// http://asmjs.org/ // http://asmjs.org/
@ -476,6 +647,17 @@ user_pref("dom.event.highrestimestamp.enabled", true); // [DEFAULT: true]
// Pref : Enable (limited but sufficient) window.opener protection // Pref : Enable (limited but sufficient) window.opener protection
// Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set // Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set
user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: false] user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: false]
// -------------------------------------
// Pref : Don't reveal build ID
// Value taken from Tor Browser
// https://bugzilla.mozilla.org/show_bug.cgi?id=583181
user_pref("general.buildID.override", "20100101"); // [DESKTOP]
user_pref("browser.startup.homepage_override.buildID", "20100101"); // [DESKTOP]
// -------------------------------------
// Pref : Disable Archive API
// https://wiki.mozilla.org/WebAPI/ArchiveAPI
// https://bugzilla.mozilla.org/show_bug.cgi?id=1342361
user_pref("dom.archivereader.enabled", false); // [DESKTOP]
// //
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Media / Camera / Mic // Section : Media / Camera / Mic
@ -492,6 +674,7 @@ user_pref("media.peerconnection.use_document_iceservers", false);
user_pref("media.peerconnection.identity.enabled", false); user_pref("media.peerconnection.identity.enabled", false);
user_pref("media.peerconnection.turn.disable", true); user_pref("media.peerconnection.turn.disable", true);
user_pref("media.peerconnection.ice.tcp", false); user_pref("media.peerconnection.ice.tcp", false);
user_pref("media.peerconnection.video.enabled", false);
// user_pref("media.peerconnection.identity.timeout", 0); // user_pref("media.peerconnection.identity.timeout", 0);
// ------------------------------------- // -------------------------------------
// Pref : Disable WebGL I/II // Pref : Disable WebGL I/II
@ -505,7 +688,8 @@ user_pref("webgl.disable-wgl", true); // [DEFAULT: false]
user_pref("webgl.disable-fail-if-major-performance-caveat", true); user_pref("webgl.disable-fail-if-major-performance-caveat", true);
user_pref("webgl.can-lose-context-in-foreground", false); // [DEFAULT: true] user_pref("webgl.can-lose-context-in-foreground", false); // [DEFAULT: true]
// ------------------------------------- // -------------------------------------
// Pref : Disable audiocapture // Pref : Disable screensharing and audiocapture
user_pref("media.getusermedia.screensharing.enabled", false); // [DESKTOP]
user_pref("media.getusermedia.browser.enabled", false); user_pref("media.getusermedia.browser.enabled", false);
user_pref("media.getusermedia.audiocapture.enabled", false); user_pref("media.getusermedia.audiocapture.enabled", false);
// ------------------------------------- // -------------------------------------
@ -513,6 +697,9 @@ user_pref("media.getusermedia.audiocapture.enabled", false);
user_pref("device.camera.enabled", false); // [DEFAULT: true] // [FENNEC] user_pref("device.camera.enabled", false); // [DEFAULT: true] // [FENNEC]
user_pref("media.realtime_decoder.enabled", false); // [DEFAULT: true] // [FENNEC] user_pref("media.realtime_decoder.enabled", false); // [DEFAULT: true] // [FENNEC]
// ------------------------------------- // -------------------------------------
// Pref : Disable face detection
user_pref("camera.control.face_detection.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable canvas capture stream // Pref : Disable canvas capture stream
// https://developer.mozilla.org/docs/Web/API/HTMLCanvasElement/captureStream // https://developer.mozilla.org/docs/Web/API/HTMLCanvasElement/captureStream
user_pref("canvas.capturestream.enabled", false); user_pref("canvas.capturestream.enabled", false);
@ -529,13 +716,16 @@ user_pref("gfx.offscreencanvas.enabled", false); // [DEFAULT: false]
// 0=Allowed, 1=Blocked, 2=Prompt // 0=Allowed, 1=Blocked, 2=Prompt
// [NOTE] You can set exceptions under site permissions // [NOTE] You can set exceptions under site permissions
user_pref("media.autoplay.default", 1); user_pref("media.autoplay.default", 1);
user_pref("media.autoplay.allow-muted", false); // [DEFAULT: true]
user_pref("media.autoplay.block-event.enabled", true); // [DEFAULT: false]
user_pref("media.autoplay.block-webaudio", true); // [DEFAULT: false]
// ------------------------------------- // -------------------------------------
// Pref : Disable autoplay of HTML5 media if you interacted with the site // Pref : Disable autoplay of HTML5 media if you interacted with the site
user_pref("media.autoplay.enabled.user-gestures-needed", false); user_pref("media.autoplay.enabled.user-gestures-needed", true); // [DEFAULT: true]
// ------------------------------------- // -------------------------------------
// Pref : Disable audio autoplay in non-active tabs // Pref : Disable audio autoplay in non-active tabs
// https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ // https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/
user_pref("media.block-autoplay-until-in-foreground", true); user_pref("media.block-autoplay-until-in-foreground", true); // [DEFAULT: false]
// //
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Location Bar / Search Bar / Suggestions / History / Forms // Section : Location Bar / Search Bar / Suggestions / History / Forms
@ -576,6 +766,27 @@ user_pref("browser.formfill.enable", false);
// [WARNING] This can leak your locale if not en-US // [WARNING] This can leak your locale if not en-US
// https://trac.torproject.org/projects/tor/ticket/21787 // https://trac.torproject.org/projects/tor/ticket/21787
// user_pref("dom.forms.datetime", false); // user_pref("dom.forms.datetime", false);
// -------------------------------------
// Pref : Disable Windows jumplist
user_pref("browser.taskbar.lists.enabled", false); // [WINDOWS] // [DESKTOP]
user_pref("browser.taskbar.lists.frequent.enabled", false); // [WINDOWS] // [DESKTOP]
user_pref("browser.taskbar.lists.recent.enabled", false); // [WINDOWS] // [DESKTOP]
user_pref("browser.taskbar.lists.tasks.enabled", false); // [WINDOWS] // [DESKTOP]
// -------------------------------------
// Pref : Disable Windows taskbar preview
user_pref("browser.taskbar.previews.enable", false); // [WINDOWS] // [DESKTOP]
// -------------------------------------
// Pref : Disable UITour backend so there is no chance that a remote page can use it
user_pref("browser.uitour.enabled", false); // [DESKTOP]
user_pref("browser.uitour.url", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable location bar making speculative connections
// https://bugzilla.mozilla.org/1348275
user_pref("browser.urlbar.speculativeConnect.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable location bar suggesting "preloaded" top websites
// https://bugzilla.mozilla.org/1211726
user_pref("browser.urlbar.usepreloadedtopurls.enabled", false); // [DESKTOP]
// //
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Security // Section : Security
@ -688,13 +899,6 @@ user_pref("network.dns.disableIPv6", true);
// user_pref("network.http.spdy.enabled.http2", false); // user_pref("network.http.spdy.enabled.http2", false);
// user_pref("network.http.spdy.websockets", false); // user_pref("network.http.spdy.websockets", false);
// ------------------------------------- // -------------------------------------
// Pref : Disable HTTP Alternative Services
// [SETUP-PERF] Relax this if you have FPI enabled and you understand the consequences. FPI isolates these, but it was designed with the Tor protocol in mind, and the Tor Browser has extra protection, including enhanced sanitizing per Identity.
// https://tools.ietf.org/html/rfc7838#section-9
// https://www.mnot.net/blog/2016/03/09/alt-svc
// user_pref("network.http.altsvc.enabled", false);
// user_pref("network.http.altsvc.oe", false);
// -------------------------------------
// Pref : Enforce the proxy server to do any DNS lookups when using SOCKS // Pref : Enforce the proxy server to do any DNS lookups when using SOCKS
// e.g. in Tor, this stops your local DNS server from knowing your Tor destination as a remote Tor node will handle the DNS request // e.g. in Tor, this stops your local DNS server from knowing your Tor destination as a remote Tor node will handle the DNS request
// http://kb.mozillazine.org/Network.proxy.socks_remote_dns // http://kb.mozillazine.org/Network.proxy.socks_remote_dns
@ -702,10 +906,13 @@ user_pref("network.dns.disableIPv6", true);
user_pref("network.proxy.socks_remote_dns", true); user_pref("network.proxy.socks_remote_dns", true);
// ------------------------------------- // -------------------------------------
// Pref : Remove paths when sending URLs to PAC scripts // Pref : Remove paths when sending URLs to PAC scripts
// CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
// https://bugzilla.mozilla.org/1255474 // https://bugzilla.mozilla.org/1255474
user_pref("network.proxy.autoconfig_url.include_path", false); // [DEFAULT: false] user_pref("network.proxy.autoconfig_url.include_path", false); // [DEFAULT: false]
// ------------------------------------- // -------------------------------------
// Pref : Defaulting Proxy settings
// user_pref("network.proxy.autoconfig_url", ""); // [DEFAULT: ""]
// user_pref("network.proxy.socks_version", 5); // [DEFAULT: 5]
// -------------------------------------
// Pref : Disable (or setup) DNS-over-HTTPS (DoH) // Pref : Disable (or setup) DNS-over-HTTPS (DoH)
// TRR = Trusted Recursive Resolver // TRR = Trusted Recursive Resolver
// .mode: 0=off, 1=race, 2=TRR first, 3=TRR only, 4=race for stats, but always use native result // .mode: 0=off, 1=race, 2=TRR first, 3=TRR only, 4=race for stats, but always use native result
@ -722,6 +929,22 @@ user_pref("network.trr.uri", "");
// https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity // https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
// https://wiki.mozilla.org/Security/Subresource_Integrity // https://wiki.mozilla.org/Security/Subresource_Integrity
user_pref("security.sri.enable", true); // [DEFAULT: true] user_pref("security.sri.enable", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable using UNC (Uniform Naming Convention) paths
// https://trac.torproject.org/projects/tor/ticket/26424
user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF] // [DESKTOP]
// -------------------------------------
// Pref : Disable HTTP Alternative Services
// https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/#comment-3970881
// https://www.mnot.net/blog/2016/03/09/alt-svc
user_pref("network.http.altsvc.enabled", false); // [DESKTOP]
user_pref("network.http.altsvc.oe", false); // [DESKTOP]
// -------------------------------------
// Pref : Disallow NTLMv1
// https://bugzilla.mozilla.org/show_bug.cgi?id=828183
user_pref("network.negotiate-auth.allow-insecure-ntlm-v1", false); // [DESKTOP]
// It is still allowed through HTTPS. uncomment the following to disable it completely.
// user_pref("network.negotiate-auth.allow-insecure-ntlm-v1-https", false); // [DESKTOP]
// //
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : HTTPS (SSL/TLS / OCSP / Certs / HPKP / Ciphers) // Section : HTTPS (SSL/TLS / OCSP / Certs / HPKP / Ciphers)
@ -779,8 +1002,7 @@ user_pref("security.OCSP.require", true);
// [NOTE] OCSP is vulnerable to replay attacks when nonce is not configured on the OCSP responder // [NOTE] OCSP is vulnerable to replay attacks when nonce is not configured on the OCSP responder
// [NOTE] OCSP adds latency (performance) // [NOTE] OCSP adds latency (performance)
// [NOTE] Short-lived certificates are not checked for revocation (security.pki.cert_short_lifetime_in_days, default:10) // [NOTE] Short-lived certificates are not checked for revocation (security.pki.cert_short_lifetime_in_days, default:10)
// CIS Version 1.2.0 October 21st, 2011 2.2.4 user_pref("security.OCSP.enabled", 1);
user_pref("security.OCSP.enabled", 0);
// ------------------------------------- // -------------------------------------
// Pref : Enable OCSP Stapling support // Pref : Enable OCSP Stapling support
// Stapling have the site itself proof that his certificate is good through the CA so apparently nothing is leaked in this case. // Stapling have the site itself proof that his certificate is good through the CA so apparently nothing is leaked in this case.
@ -829,10 +1051,40 @@ user_pref("security.mixed_content.block_object_subrequest", true);
// http://en.citizendium.org/wiki/Meet-in-the-middle_attack // http://en.citizendium.org/wiki/Meet-in-the-middle_attack
// https://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html // https://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html
user_pref("security.ssl3.rsa_des_ede3_sha", false); user_pref("security.ssl3.rsa_des_ede3_sha", false);
user_pref("security.ssl3.dhe_dss_des_ede3_sha", false); // [DESKTOP]
user_pref("security.ssl3.dhe_rsa_des_ede3_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdh_ecdsa_des_ede3_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdh_rsa_des_ede3_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdhe_ecdsa_des_ede3_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdhe_rsa_des_ede3_sha", false); // [DESKTOP]
user_pref("security.ssl3.rsa_fips_des_ede3_sha", false); // [DESKTOP]
// ------------------------------------- // -------------------------------------
// Pref : Disable 128 bits // Pref : Disable 40/56/128-bit ciphers
user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); user_pref("security.ssl3.rsa_rc4_40_md5", false); // 40-bit // [DESKTOP]
user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); user_pref("security.ssl3.rsa_rc2_40_md5", false); // 40-bit // [DESKTOP]
user_pref("security.ssl3.rsa_1024_rc4_56_sha", false); // 56-bit // [DESKTOP]
user_pref("security.ssl3.rsa_camellia_128_sha", false); // 128-bit // [DESKTOP]
user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); // 128-bit
user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // 128-bit
user_pref("security.ssl3.ecdh_rsa_aes_128_sha", false); // 128-bit // [DESKTOP]
user_pref("security.ssl3.ecdh_ecdsa_aes_128_sha", false); // 128-bit // [DESKTOP]
user_pref("security.ssl3.dhe_rsa_camellia_128_sha", false); // 128-bit // [DESKTOP]
user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); // 128-bit // [DESKTOP]
// -------------------------------------
// Pref : Disable 256 bits ciphers without PFS
user_pref("security.ssl3.rsa_camellia_256_sha", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable SEED cipher
// https://en.wikipedia.org/wiki/SEED
user_pref("security.ssl3.rsa_seed_sha", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable null ciphers
user_pref("security.ssl3.rsa_null_sha", false); // [DESKTOP]
user_pref("security.ssl3.rsa_null_md5", false); // [DESKTOP]
user_pref("security.ssl3.ecdhe_rsa_null_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdhe_ecdsa_null_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdh_rsa_null_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdh_ecdsa_null_sha", false); // [DESKTOP]
// ------------------------------------- // -------------------------------------
// Pref : Enable GCM ciphers (TLSv1.2 only) // Pref : Enable GCM ciphers (TLSv1.2 only)
// https://en.wikipedia.org/wiki/Galois/Counter_Mode // https://en.wikipedia.org/wiki/Galois/Counter_Mode
@ -855,12 +1107,39 @@ user_pref("security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256", true);
// Pref : Disable DHE (Diffie-Hellman Key Exchange) // Pref : Disable DHE (Diffie-Hellman Key Exchange)
// https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH // https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH
user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); user_pref("security.ssl3.dhe_rsa_aes_128_sha", false);
user_pref("security.ssl3.dhe_rsa_aes_256_sha", false);
// ------------------------------------- // -------------------------------------
// Pref : Fallbacks due compatibility reasons // Pref : Fallbacks due compatibility reasons
user_pref("security.ssl3.rsa_aes_128_sha", true); user_pref("security.ssl3.rsa_aes_128_sha", true);
user_pref("security.ssl3.rsa_aes_256_sha", true); user_pref("security.ssl3.rsa_aes_256_sha", true);
// ------------------------------------- // -------------------------------------
// Pref : Disable ciphers with DSA (max 1024 bits)
user_pref("security.ssl3.dhe_dss_aes_128_sha", false); // [DESKTOP]
user_pref("security.ssl3.dhe_dss_aes_256_sha", false); // [DESKTOP]
user_pref("security.ssl3.dhe_dss_camellia_128_sha", false); // [DESKTOP]
user_pref("security.ssl3.dhe_dss_camellia_256_sha", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable ciphers susceptible to the logjam attack
// https://weakdh.org/
user_pref("security.ssl3.dhe_rsa_camellia_256_sha", false); // [DESKTOP]
user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable ciphers with ECDH (non-ephemeral)
user_pref("security.ssl3.ecdh_rsa_aes_256_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdh_ecdsa_aes_256_sha", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable RC4
// https://developer.mozilla.org/en-US/Firefox/Releases/38#Security
// https://bugzilla.mozilla.org/show_bug.cgi?id=1138882
// https://rc4.io/
// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566
user_pref("security.ssl3.ecdh_ecdsa_rc4_128_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdh_rsa_rc4_128_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); // [DESKTOP]
user_pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); // [DESKTOP]
user_pref("security.ssl3.rsa_rc4_128_md5", false); // [DESKTOP]
user_pref("security.ssl3.rsa_rc4_128_sha", false); // [DESKTOP]
user_pref("security.tls.unrestricted_rc4_fallback", false); // [DESKTOP]
// -------------------------------------
// Pref : Warn the user when server doesn't support RFC 5746 ("safe" renegotiation) // Pref : Warn the user when server doesn't support RFC 5746 ("safe" renegotiation)
// https://wiki.mozilla.org/Security:Renegotiation#security.ssl.treat_unsafe_negotiation_as_broken // https://wiki.mozilla.org/Security:Renegotiation#security.ssl.treat_unsafe_negotiation_as_broken
// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555 // https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555
@ -925,7 +1204,6 @@ user_pref("signon.autofillForms.http", false);
user_pref("security.insecure_field_warning.contextual.enabled", true); user_pref("security.insecure_field_warning.contextual.enabled", true);
// ------------------------------------- // -------------------------------------
// Pref : Disable password manager // Pref : Disable password manager
// CIS Version 1.2.0 October 21st, 2011 2.5.2
// [NOTE] This does not clear any passwords already saved // [NOTE] This does not clear any passwords already saved
user_pref("signon.rememberSignons", false); user_pref("signon.rememberSignons", false);
user_pref("signon.debug", false); user_pref("signon.debug", false);
@ -1057,8 +1335,28 @@ user_pref("browser.sessionstore.interval", 30000);
user_pref("alerts.showFavicons", false); user_pref("alerts.showFavicons", false);
// ------------------------------------- // -------------------------------------
// Pref : Delete Search and Form History // Pref : Delete Search and Form History
// CIS Version 1.2.0 October 21st, 2011 2.5.6
user_pref("browser.formfill.expire_days", 0); user_pref("browser.formfill.expire_days", 0);
// -------------------------------------
// Pref : Disable favicons in shortcuts
// URL shortcuts use a cached randomly named .ico file which is stored in your profile/shortcutCache directory. The .ico remains after the shortcut is deleted.
// false=shortcuts use a generic Firefox icon
user_pref("browser.shell.shortcutFavicons", false); // [DESKTOP]
// -------------------------------------
// Pref : Display "insecure" icon and "Not Secure" text on HTTP sites
user_pref("security.insecure_connection_icon.enabled", true); // [DESKTOP]
user_pref("security.insecure_connection_text.enabled", true); // [DESKTOP]
// user_pref("security.insecure_connection_icon.pbmode.enabled", true); // Private windows only // [DESKTOP]
// user_pref("security.insecure_connection_text.pbmode.enabled", true); // Private windows only // [DESKTOP]
// -------------------------------------
// Pref : Enable insecure password warnings (login forms in non-HTTPS pages)
// https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please/
// https://bugzilla.mozilla.org/show_bug.cgi?id=1319119
// https://bugzilla.mozilla.org/show_bug.cgi?id=1217156
user_pref("security.insecure_password.ui.enabled", true); // [DESKTOP]
// -------------------------------------
// Pref : Disable automatic Firefox start and session restore after reboot
// https://bugzilla.mozilla.org/603903
user_pref("toolkit.winRegisterApplicationRestart", false); // [WINDOWS] // [DESKTOP]
// //
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Geolocation // Section : Geolocation
@ -1077,7 +1375,7 @@ user_pref("browser.search.geoSpecificDefaults.url", "");
user_pref("browser.snippets.geoUrl", ""); user_pref("browser.snippets.geoUrl", "");
// user_pref("browser.search.geoip.timeout", 0); // user_pref("browser.search.geoip.timeout", 0);
// ------------------------------------- // -------------------------------------
// Pref : Set language to match // Pref : Set Accept-Language HTTP header
user_pref("intl.accept_languages", "en-US, en"); user_pref("intl.accept_languages", "en-US, en");
// ------------------------------------- // -------------------------------------
// Pref : Use APP locale over OS locale in regional preferences // Pref : Use APP locale over OS locale in regional preferences
@ -1087,6 +1385,15 @@ user_pref("intl.regional_prefs.use_os_locales", false);
// Pref : Enforce US English locale regardless of the system locale // Pref : Enforce US English locale regardless of the system locale
// https://bugzilla.mozilla.org/867501 // https://bugzilla.mozilla.org/867501
user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF]
// -------------------------------------
// Pref : Disable using the OS's geolocation service
user_pref("geo.provider.ms-windows-location", false); // [WINDOWS] // [DESKTOP]
user_pref("geo.provider.use_corelocation", false); // [MAC] // [DESKTOP]
user_pref("geo.provider.use_gpsd", false); // [LINUX] // [DESKTOP]
user_pref("geo.wifi.uri", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable logging geolocation to the console
user_pref("geo.wifi.logging.enabled", false); // [HIDDEN PREF] // [DESKTOP]
// //
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Fonts // Section : Fonts
@ -1108,7 +1415,7 @@ user_pref("browser.display.use_document_fonts", 0);
// Pref : Disable icon fonts (glyphs) and local fallback rendering // Pref : Disable icon fonts (glyphs) and local fallback rendering
// https://bugzilla.mozilla.org/789788 // https://bugzilla.mozilla.org/789788
// https://trac.torproject.org/projects/tor/ticket/8455 // https://trac.torproject.org/projects/tor/ticket/8455
user_pref("gfx.downloadable_fonts.enabled", false); // user_pref("gfx.downloadable_fonts.enabled", false);
// user_pref("gfx.downloadable_fonts.fallback_delay", 0); // user_pref("gfx.downloadable_fonts.fallback_delay", 0);
// ------------------------------------- // -------------------------------------
// Pref : Disable WOFF2 (Web Open Font Format) // Pref : Disable WOFF2 (Web Open Font Format)
@ -1156,8 +1463,8 @@ user_pref("media.gmp-manager.certs.1.issuerName", "");
user_pref("media.gmp-manager.certs.1.commonName", ""); user_pref("media.gmp-manager.certs.1.commonName", "");
user_pref("media.gmp-manager.certs.2.issuerName", ""); user_pref("media.gmp-manager.certs.2.issuerName", "");
user_pref("media.gmp-manager.certs.2.commonName", ""); user_pref("media.gmp-manager.certs.2.commonName", "");
user_pref("media.gmp-manager.url", "data:text/plain,"); user_pref("media.gmp-manager.url", "");
user_pref("media.gmp-manager.url.override", "data:text/plain,"); user_pref("media.gmp-manager.url.override", "");
// ------------------------------------- // -------------------------------------
// Pref : Disable all DRM content (EME: Encryption Media Extension) // Pref : Disable all DRM content (EME: Encryption Media Extension)
// https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next // https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next
@ -1168,7 +1475,32 @@ user_pref("media.eme.enabled", false);
user_pref("media.gmp-gmpopenh264.enabled", false); user_pref("media.gmp-gmpopenh264.enabled", false);
// ------------------------------------- // -------------------------------------
// Pref : Disable widevine CDM (Content Decryption Module) // Pref : Disable widevine CDM (Content Decryption Module)
user_pref("media.mediadrm-widevinecdm.visible", false); // [DEFAULT: true] user_pref("media.gmp-widevinecdm.enabled", false); // [DESKTOP]
user_pref("media.gmp-widevinecdm.visible", false); // [DESKTOP]
user_pref("media.mediadrm-widevinecdm.visible", false); // [DEFAULT: true] // [FENNEC]
// -------------------------------------
// Pref : Disable Flash plugin
// 0=deactivated, 1=ask, 2=enabled
// [NOTE] You can still override individual sites via site permissions
// https://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/
user_pref("plugin.state.flash", 0); // [DESKTOP]
// -------------------------------------
// Pref : Disable Java plugin
// 0=deactivated, 1=ask, 2=enabled
// https://bugzilla.mozilla.org/1461243
user_pref("plugin.state.java", 0); // [DESKTOP]
// -------------------------------------
// Pref : Disable Gnome Shell Integration NPAPI plugin
user_pref("plugin.state.libgnome-shell-browser-plugin",0); // [DESKTOP]
// -------------------------------------
// Pref : Enable Auto Notification of Outdated Plugins
// https://wiki.mozilla.org/Firefox3.6/Plugin_Update_Awareness_Security_Review
// https://hg.mozilla.org/mozilla-central/rev/304560
user_pref("plugins.update.notifyUser", true); // [DESKTOP]
// -------------------------------------
// Pref : Disable Shumway (Mozilla Flash renderer)
// https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Shumway
user_pref("shumway.disabled", true); // [DESKTOP]
// //
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Blocklists / Safe Browsing / Tracking Protection // Section : Blocklists / Safe Browsing / Tracking Protection
@ -1179,7 +1511,7 @@ user_pref("media.mediadrm-widevinecdm.visible", false); // [DEFAULT: true]
// http://kb.mozillazine.org/Extensions.blocklist.enabled // http://kb.mozillazine.org/Extensions.blocklist.enabled
// http://kb.mozillazine.org/Extensions.blocklist.url // http://kb.mozillazine.org/Extensions.blocklist.url
// https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ // https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/
// Updated at interval defined in extensions.blocklist.interval (default: 86400) user_pref("services.blocklist.update_enabled", true); // [DESKTOP]
user_pref("extensions.blocklist.enabled", true); user_pref("extensions.blocklist.enabled", true);
// ------------------------------------- // -------------------------------------
// Pref : Decrease system information leakage to Mozilla blocklist update servers // Pref : Decrease system information leakage to Mozilla blocklist update servers
@ -1192,6 +1524,7 @@ user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozi
user_pref("extensions.getAddons.cache.enabled", false) user_pref("extensions.getAddons.cache.enabled", false)
// ------------------------------------- // -------------------------------------
// Pref : Disable Google Safe Browsing (Block dangerous and deceptive contents) // Pref : Disable Google Safe Browsing (Block dangerous and deceptive contents)
user_pref("browser.safebrowsing.enabled", false); // [DESKTOP]
user_pref("browser.safebrowsing.allowOverride", false); user_pref("browser.safebrowsing.allowOverride", false);
user_pref("browser.safebrowsing.blockedURIs.enabled", false); user_pref("browser.safebrowsing.blockedURIs.enabled", false);
user_pref("browser.safebrowsing.debug", false); user_pref("browser.safebrowsing.debug", false);
@ -1247,10 +1580,61 @@ user_pref("privacy.trackingprotection.lower_network_priority", false);
// Pref : Disable passive Tracking Protection in all windows // Pref : Disable passive Tracking Protection in all windows
user_pref("privacy.trackingprotection.enabled", false); user_pref("privacy.trackingprotection.enabled", false);
user_pref("privacy.trackingprotection.pbmode.enabled", false); user_pref("privacy.trackingprotection.pbmode.enabled", false);
// -------------------------------------
// Pref : Disable PingCentre telemetry (used in several System Add-ons)
// Currently blocked by 'datareporting.healthreport.uploadEnabled'
user_pref("browser.ping-centre.telemetry", false); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : System add-ons / Experiments
// >>>>>>>>>>>>>>>>>>>>
// Pref : Disable System Add-on updates
// https://firefox-source-docs.mozilla.org/toolkit/mozapps/extensions/addon-manager/SystemAddons.html
// https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/
// https://github.com/pyllyukko/user.js/issues/419
// https://dxr.mozilla.org/mozilla-central/source/toolkit/mozapps/extensions/AddonManager.jsm#1248-1257
// [NOTE] Disabling system add-on updates prevents Mozilla from "hotfixing" your browser to patch critical problems (one possible use case from the documentation)
user_pref("extensions.systemAddon.update.enabled", false); // [DESKTOP]
user_pref("extensions.systemAddon.update.url", "");
// -------------------------------------
// Pref : Disable Experiments
// https://wiki.mozilla.org/Telemetry/Experiments
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1420908,1450801
user_pref("experiments.enabled", false); // [DESKTOP]
user_pref("experiments.manifest.uri", ""); // [DESKTOP]
user_pref("experiments.supported", false); // [DESKTOP]
user_pref("experiments.activeExperiment", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable Mozilla permission to silently opt you into tests
// https://bugzilla.mozilla.org/1415625
user_pref("network.allow-experiments", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable Normandy/Shield
// Shield is an telemetry system (including Heartbeat) that can also push and test "recipes"
// https://wiki.mozilla.org/Firefox/Shield
// https://github.com/mozilla/normandy
user_pref("app.normandy.enabled", false); // [DESKTOP]
user_pref("app.normandy.api_url", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable Form Autofill
// [NOTE] Stored data is NOT secure (uses a JSON file)
// [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes
// https://wiki.mozilla.org/Firefox/Features/Form_Autofill
// https://www.ghacks.net/2017/05/24/firefoxs-new-form-autofill-is-awesome/
user_pref("extensions.formautofill.addresses.enabled", false); // [DESKTOP]
user_pref("extensions.formautofill.available", "off"); // [DESKTOP]
user_pref("extensions.formautofill.creditCards.enabled", false); // [DESKTOP]
user_pref("extensions.formautofill.heuristics.enabled", false); // [DESKTOP]
// //
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Persistent Storage // Section : Persistent Storage
// >>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>
// Pref : Delete cookies and site data on close
// 0=keep until they expire (default), 2=keep until you close Firefox
// [NOTE] Use "Cookie AutoDelete" extension to manage your cookies
// https://addons.mozilla.org/en-US/firefox/addon/cookie-autodelete/
// user_pref("network.cookie.lifetimePolicy", 2);
// -------------------------------------
// Pref : Disable 3rd-party cookies and site-data // Pref : Disable 3rd-party cookies and site-data
// [NOTE] Can breaks payment gateways // [NOTE] Can breaks payment gateways
user_pref("network.cookie.cookieBehavior", 1); user_pref("network.cookie.cookieBehavior", 1);
@ -1262,11 +1646,6 @@ user_pref("network.cookie.cookieBehavior", 1);
user_pref("network.cookie.thirdparty.sessionOnly", true); user_pref("network.cookie.thirdparty.sessionOnly", true);
user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true);
// ------------------------------------- // -------------------------------------
// Pref : Delete cookies and site data on close
// 0=keep until they expire (default), 1=user is prompted, 2=keep until you close Firefox
// [NOTE] The setting below is disabled (but not changed) if you block all cookies
// user_pref("network.cookie.lifetimePolicy", 2);
// -------------------------------------
// Pref : Disable HTTP sites setting cookies with the "secure" directive // Pref : Disable HTTP sites setting cookies with the "secure" directive
// https://developer.mozilla.org/Firefox/Releases/52#HTTP // https://developer.mozilla.org/Firefox/Releases/52#HTTP
user_pref("network.cookie.leave-secure-alone", true); // [DEFAULT: true] user_pref("network.cookie.leave-secure-alone", true); // [DEFAULT: true]
@ -1306,7 +1685,7 @@ user_pref("browser.offline-apps.notify", false); // [DEFAULT: true]
// ------------------------------------- // -------------------------------------
// Pref : Disable service workers cache and cache storage // Pref : Disable service workers cache and cache storage
// https://w3c.github.io/ServiceWorker/#privacy // https://w3c.github.io/ServiceWorker/#privacy
user_pref("dom.caches.enabled", false); // user_pref("dom.caches.enabled", false);
// ------------------------------------- // -------------------------------------
// Pref : Disable Storage API // Pref : Disable Storage API
// The API gives sites the ability to find out how much space they can use, how much they are already using, and even control whether or not they need to be alerted before the user agent disposes of site data in order to make room for other things. // The API gives sites the ability to find out how much space they can use, how much they are already using, and even control whether or not they need to be alerted before the user agent disposes of site data in order to make room for other things.
@ -1323,6 +1702,38 @@ user_pref("dom.storage_access.enabled", false);
// https://support.mozilla.org/questions/1098540 // https://support.mozilla.org/questions/1098540
// https://bugzilla.mozilla.org/959985 // https://bugzilla.mozilla.org/959985
user_pref("offline-apps.allow_by_default", false); // [DEFAULT: true] user_pref("offline-apps.allow_by_default", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable download history
user_pref("browser.download.manager.retention", 0); // [DESKTOP]
// -------------------------------------
// Pref : When browser.fixup.alternate.enabled is enabled, strip password from 'user:password@...' URLs
// https://github.com/pyllyukko/user.js/issues/290#issuecomment-303560851
user_pref("browser.fixup.hide_user_pass", true); // [DESKTOP]
// -------------------------------------
// Pref : Enable Firefox to clear items on shutdown
user_pref("privacy.sanitize.sanitizeOnShutdown", true); // [DESKTOP]
// -------------------------------------
// Pref : Set what items to clear when Firefox closes
// https://support.mozilla.org/en-US/kb/Clear%20Recent%20History#w_how-do-i-make-firefox-clear-my-history-automatically
// [NOTE] Installing user.js will remove your browsing history, caches and local storage.
// [NOTE] Installing user.js **will remove your saved passwords** (https://github.com/pyllyukko/user.js/issues/27)
// [NOTE] Clearing open windows on Firefox exit causes 2 windows to open when Firefox starts https://bugzilla.mozilla.org/show_bug.cgi?id=1334945
// [NOTE] If 'history' is true, downloads will also be cleared regardless of the value
user_pref("privacy.clearOnShutdown.cache", true); // [DESKTOP]
user_pref("privacy.clearOnShutdown.cookies", false); // [DESKTOP]
user_pref("privacy.clearOnShutdown.downloads", false); // [DESKTOP]
user_pref("privacy.clearOnShutdown.formdata", true); // [DESKTOP]
user_pref("privacy.clearOnShutdown.history", false); // [DESKTOP]
user_pref("privacy.clearOnShutdown.offlineApps", true); // [DESKTOP]
user_pref("privacy.clearOnShutdown.sessions", true); // [DESKTOP]
user_pref("privacy.clearOnShutdown.siteSettings", false); // [DESKTOP]
// user_pref("privacy.clearOnShutdown.openWindows", true); // [DESKTOP]
// -------------------------------------
// Pref : Reset default 'Time range to clear' for 'Clear Recent History'
// Firefox remembers your last choice. This will reset the value when you start Firefox.
// 0=everything, 1=last hour, 2=last two hours, 3=last four hours, 4=today, 5=last five minutes, 6=last twenty-four hours
// [NOTE] The values 5 + 6 are not listed in the dropdown, which will display a blank value if they are used, but they do work as advertised
user_pref("privacy.sanitize.timeSpan", 0); // [DESKTOP]
// //
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Headers / Referers // Section : Headers / Referers
@ -1375,6 +1786,18 @@ user_pref("privacy.donottrackheader.enabled", false); // [DEFAULT: true]
// https://bugzilla.mozilla.org/show_bug.cgi?id=1333933 // https://bugzilla.mozilla.org/show_bug.cgi?id=1333933
user_pref("privacy.resistFingerprinting", true); // [DEFAULT: false] user_pref("privacy.resistFingerprinting", true); // [DEFAULT: false]
// ------------------------------------- // -------------------------------------
// Pref : Disable mozAddonManager Web API
// [NOTE] As a side-effect allowed extensions to work on AMO. You also need to sanitize or clear extensions.webextensions.restrictedDomains to keep that side-effect
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988
user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF] // [DESKTOP]
// -------------------------------------
// Pref : Enable RFP letterboxing
// Dynamically resizes the inner window by applying letterboxing, using dimensions which waste the least content area, If you use the dimension pref, then it will only apply those resolutions. The format is "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000, 1600x900")
// [WARNING] The dimension pref is only meant for testing, and we recommend you DO NOT USE it
// https://bugzilla.mozilla.org/1407366
user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] // [DESKTOP]
// user_pref("privacy.resistFingerprinting.letterboxing.dimensions", ""); // [HIDDEN PREF] // [DESKTOP]
// -------------------------------------
// Pref : Disable WebRTC, getUserMedia, screen sharing, audio capture, video capture // Pref : Disable WebRTC, getUserMedia, screen sharing, audio capture, video capture
// https://wiki.mozilla.org/Media/getUserMedia // https://wiki.mozilla.org/Media/getUserMedia
// https://blog.mozilla.org/futurereleases/2013/01/12/capture-local-camera-and-microphone-streams-with-getusermedia-now-enabled-in-firefox/ // https://blog.mozilla.org/futurereleases/2013/01/12/capture-local-camera-and-microphone-streams-with-getusermedia-now-enabled-in-firefox/
@ -1484,6 +1907,20 @@ user_pref("dom.webaudio.enabled", false); // [DEFAULT: true]
// https://github.com/WICG/media-capabilities // https://github.com/WICG/media-capabilities
// https://wicg.github.io/media-capabilities/#security-privacy-considerations // https://wicg.github.io/media-capabilities/#security-privacy-considerations
// user_pref("media.media-capabilities.enabled", false); // [DEFAULT: true] // user_pref("media.media-capabilities.enabled", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable showing about:blank as soon as possible during startup
// true=no longer masks the RFP chrome resizing activity
// https://bugzilla.mozilla.org/1448423
user_pref("browser.startup.blankWindow", false); // [DESKTOP]
// -------------------------------------
/// Pref : Disable network API
// https://developer.mozilla.org/en-US/docs/Web/API/Connection/onchange
// https://www.torproject.org/projects/torbrowser/design/#fingerprinting-defenses
user_pref("dom.network.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable telephony API
// https://wiki.mozilla.org/WebAPI/Security/WebTelephony
user_pref("dom.telephony.enabled", false);
// //
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Personal // Section : Personal
@ -1497,6 +1934,11 @@ user_pref("browser.ui.zoom.force-user-scalable", true); // [DEFAULT: false]
// http://kb.mozillazine.org/Disabling_autocomplete_-_Firefox#Firefox_3.5 // http://kb.mozillazine.org/Disabling_autocomplete_-_Firefox#Firefox_3.5
user_pref("browser.urlbar.autocomplete.enabled", false); // [DEFAULT: true] user_pref("browser.urlbar.autocomplete.enabled", false); // [DEFAULT: true]
// ------------------------------------- // -------------------------------------
// Pref : Disable inline autocomplete in URL bar
// http://kb.mozillazine.org/Inline_autocomplete
user_pref("browser.urlbar.autoFill", false); // [DESKTOP]
user_pref("browser.urlbar.autoFill.typed", false); // [DESKTOP]
// -------------------------------------
// Pref : Set bookmarks backups // Pref : Set bookmarks backups
// To compensate for the case of bookmarks being lost due to a system crash. // To compensate for the case of bookmarks being lost due to a system crash.
// http://kb.mozillazine.org/Browser.bookmarks.max_backups // http://kb.mozillazine.org/Browser.bookmarks.max_backups
@ -1506,5 +1948,11 @@ user_pref("browser.bookmarks.max_backups", 0); // [DEFAULT: 5]
// 0=sync always, 1=sync only when on wifi // 0=sync always, 1=sync only when on wifi
user_pref("home.sync.updateMode", 1); // [DEFAULT: 0] // [FENNEC] user_pref("home.sync.updateMode", 1); // [DEFAULT: 0] // [FENNEC]
// user_pref("home.sync.checkIntervalSecs", 3600); // [FENNEC] // user_pref("home.sync.checkIntervalSecs", 3600); // [FENNEC]
// -------------------------------------
// Pref : Middle-click mouse enabling auto-scrolling
user_pref("general.autoScroll",true); // [DESKTOP]
// -------------------------------------
// Pref : Displaying small density by default
// user_pref("browser.uidensity", 1); // [DEFAULT: 0] // [DESKTOP]
// //
// //