diff --git a/user.js b/user.js index 714a207..bec4262 100644 --- a/user.js +++ b/user.js @@ -33,7 +33,8 @@ user_pref("trailhead.firstrun.branches", ""); // [SETTING] General>Startup>Always check if Firefox is your default browser user_pref("browser.shell.checkDefaultBrowser", false); // ------------------------------------- -// Set START page (0=blank, 1=home, 2=last visited page, 3=resume previous session) +// Set START page +// 0=blank, 1=home, 2=last visited page, 3=resume previous session // [NOTE] Session Restore is not used in PB mode and is cleared with history // [SETTING] General>Startup>Restore previous session user_pref("browser.startup.page", 0); @@ -1371,17 +1372,18 @@ user_pref("webchannel.allowObject.urlWhitelist", ""); // https://www.xudongz.com/blog/2017/idn-phishing/ user_pref("network.IDN_show_punycode", true); // ------------------------------------- -// Enforce Firefox's built-in PDF reader [SETUP-CHROME] +// Enforce PDFJS, disable PDFJS scripting [SETUP-CHROME] // This setting controls if the option "Display in Firefox" is available in the setting below // and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With") // PROS: pdfjs is lightweight, open source, and as secure/vetted as any pdf reader out there (more than most) -// Exploits are rare (1 serious case in 4 yrs), treated seriously and patched quickly. +// Exploits are rare (one serious case in seven years), treated seriously and patched quickly. // It doesn't break "state separation" of browser content (by not sharing with OS, independent apps). // It maintains disk avoidance and application data isolation. It's convenient. You can still save to disk. // CONS: You may prefer a different pdf reader for security reasons // CAVEAT: JS can still force a pdf to open in-browser by bundling its own code (rare) // [SETTING] General>Applications>Portable Document Format (PDF) user_pref("pdfjs.disabled", false); // [DEFAULT: false] +user_pref("pdfjs.enableScripting", false); // [FF86+] // ------------------------------------- // Disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] user_pref("network.protocol-handler.external.ms-windows-store", false);