Update 'user.js'

This commit is contained in:
Narsil 2021-09-01 08:43:11 +00:00
parent 7e08eb2939
commit 7d0c33d89f
1 changed files with 119 additions and 136 deletions

255
user.js
View File

@ -780,27 +780,9 @@ user_pref("browser.chrome.site_icons", false);
// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
user_pref("security.ssl.require_safe_negotiation", true);
// -------------------------------------
// Control TLS versions with min and max
// 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
// [WARNING] Leave these at default, otherwise you alter your TLS fingerprint
// https://www.ssllabs.com/ssl-pulse/
// user_pref("security.tls.version.min", 3); // [DEFAULT: 3]
// user_pref("security.tls.version.max", 4);
// -------------------------------------
// Enforce TLS 1.0 and 1.1 downgrades as session only ***/
// Reset TLS 1.0 and 1.1 downgrades i.e. session only
user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false]
// -------------------------------------
// Disable SSL session tracking [FF36+]
// SSL Session IDs are unique and last up to 24hrs in Firefox (or longer with prolongation attacks)
// These are not used in PB mode. In normal windows they are isolated when using FPI
// and/or containers. In FF85+ they are isolated by default (privacy.partition.network_state)
// [WARNING] There are perf and passive fingerprinting costs, for little to no gain. Preventing
// tracking via this method does not address IPs, nor handle any sanitizing of current identifiers
// https://tools.ietf.org/html/rfc5077
// https://bugzilla.mozilla.org/967977
// https://arxiv.org/abs/1810.07304
user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF]
// -------------------------------------
// Disable TLS1.3 0-RTT (round-trip time) [FF51+]
// https://github.com/tlswg/tls13-spec/issues/1001
// https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/
@ -904,11 +886,6 @@ user_pref("dom.security.https_only_mode_pbm", true); // [FF80+]
// This is done to avoid waiting for a timeout which takes 90 seconds
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1642387,1660945
user_pref("dom.security.https_only_mode_send_http_background_request", false);
// -------------------------------------
// Treat .onion as a secure context [FF60+] [TOR]
// [NOTE] Firefox cannot access .onion sites by default: it is strongly recommended you just use Tor Browser
// https://bugzilla.mozilla.org/1382359
// user_pref("dom.securecontext.whitelist_onions", true);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// UI (User Interface)
@ -966,47 +943,19 @@ user_pref("gfx.font_rendering.graphite.enabled", false);
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// HEADERS / REFERERS
// >>>>>>>>>>>>>>>>>>>>>
// Control when images/links send a referer
// 0=never, 1=send only when links are clicked, 2=for links and images (default)
// user_pref("network.http.sendRefererHeader", 2);
// -------------------------------------
// Control the amount of information to send
// 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port
// user_pref("network.http.referer.trimmingPolicy", 0);
// -------------------------------------
// Control when to send a referer
// Control when to send a cross origin referer
// 0=always (default), 1=only if base domains match, 2=only if hosts match
// [SETUP-WEB] Known to cause issues with older modems/routers and some sites e.g vimeo, icloud, instagram
user_pref("network.http.referer.XOriginPolicy", 2);
// -------------------------------------
// Control the amount of information to send [FF52+]
// Control the amount of cross origin information to send [FF52+]
// 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port
user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
// -------------------------------------
// Enforce no spoofing of referer
// Spoofing effectively disables the anti-CSRF (Cross-Site Request Forgery)
// protections that some sites may rely on
user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false]
// -------------------------------------
// Set the default Referrer Policy [FF59+]
// 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade
// [NOTE] This is only a default, it can be overridden by a site-controlled Referrer Policy
// https://www.w3.org/TR/referrer-policy/
// https://developer.mozilla.org/docs/Web/HTTP/Headers/Referrer-Policy
// https://blog.mozilla.org/security/2018/01/31/preventing-data-leaks-by-stripping-path-information-in-http-referrers/
// https://blog.mozilla.org/security/2021/03/22/firefox-87-trims-http-referrers-by-default-to-protect-user-privacy/
// user_pref("network.http.referer.defaultPolicy", 2); // [DEFAULT: 2 FF87+]
// user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2]
// -------------------------------------
// Hide (not spoof) referrer when leaving a .onion domain [FF54+] [TOR]
// [NOTE] Firefox cannot access .onion sites by default: it is strongly recommended you just use Tor Browser
// https://bugzilla.mozilla.org/1305144
// user_pref("network.http.referer.hideOnionSource", true);
// -------------------------------------
// Enable the DNT (Do Not Track) HTTP header
// [NOTE] DNT is enforced with Enhanced Tracking Protection regardless of this pref
// [NOTE] DNT is enforced with Enhanced Tracking Protection
// [SETTING] Privacy & Security>Enhanced Tracking Protection>Send websites a "Do Not Track" signal...
user_pref("privacy.donottrackheader.enabled", false);
// user_pref("privacy.donottrackheader.enabled", false);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// CONTAINERS
@ -1355,21 +1304,6 @@ user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15]
// user_pref("extensions.webextensions.restrictedDomains", "");
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// SECURITY
// >>>>>>>>>>>>>>>>>>>>>
// Enforce CSP (Content Security Policy)
// [NOTE] CSP is a very important and widespread security feature. Don't disable it!
// https://developer.mozilla.org/docs/Web/HTTP/CSP
user_pref("security.csp.enable", true); // [DEFAULT: true]
// -------------------------------------
// Enforce a security delay on some confirmation dialogs such as install, open/save
// https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/
user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000]
// -------------------------------------
// Enable Site Isolation
user_pref("fission.autostart", true);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// PERSISTENT STORAGE
// >>>>>>>>>>>>>>>>>>>>>
// Disable or isolate 3rd-party cookies and site-data [SETUP-WEB]
@ -1547,76 +1481,44 @@ user_pref("extensions.webextensions.identity.redirectDomain", "");
user_pref("browser.startup.blankWindow", false);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// WELCOME & WHAT'S NEW NOTICES
// OPTIONAL OPSEC
// >>>>>>>>>>>>>>>>>>>>>
user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switch
user_pref("startup.homepage_welcome_url", "");
user_pref("startup.homepage_welcome_url.additional", "");
user_pref("startup.homepage_override_url", ""); // What's New page after updates
// Enable Site Isolation
user_pref("fission.autostart", true);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// WARNINGS
// DON'T TOUCH
// >>>>>>>>>>>>>>>>>>>>>
user_pref("browser.tabs.warnOnClose", false);
user_pref("browser.tabs.warnOnCloseOtherTabs", false);
user_pref("browser.tabs.warnOnOpen", false);
user_pref("full-screen-api.warning.delay", 0);
user_pref("full-screen-api.warning.timeout", 0);
user_pref("browser.warnOnQuit", false);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// APPEARANCE
// >>>>>>>>>>>>>>>>>>>>>
// user_pref("browser.download.autohideButton", false); // [FF57+]
// user_pref("ui.systemUsesDarkTheme", 1); // [FF67+] [HIDDEN PREF]
// 0=light, 1=dark: with RFP this only affects chrome
// user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); // [FF68+] allow userChrome/userContent
// user_pref("ui.prefersReducedMotion", 1); // disable chrome animations [FF77+] [RESTART] [HIDDEN PREF]
// 0=no-preference, 1=reduce: with RFP this only affects chrome
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// CONTENT BEHAVIOR
// >>>>>>>>>>>>>>>>>>>>>
user_pref("accessibility.typeaheadfind", false); // enable "Find As You Type"
user_pref("clipboard.autocopy", false); // disable autocopy default [LINUX]
user_pref("layout.spellcheckDefault", 0); // 0=none, 1-multi-line, 2=multi-line & single-line
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// UX BEHAVIOR
// >>>>>>>>>>>>>>>>>>>>>
// user_pref("browser.backspace_action", 2); // 0=previous page, 1=scroll up, 2=do nothing
// user_pref("browser.quitShortcut.disabled", true); // disable Ctrl-Q quit shortcut [LINUX] [MAC] [FF87+]
// user_pref("browser.tabs.closeWindowWithLastTab", false);
// user_pref("browser.tabs.loadBookmarksInTabs", true); // open bookmarks in a new tab [FF57+]
// user_pref("browser.urlbar.decodeURLsOnCopy", true); // see bugzilla 1320061 [FF53+]
// user_pref("general.autoScroll", false); // middle-click enabling auto-scrolling [DEFAULT: false on Linux]
// user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART]
// user_pref("view_source.tab", false); // view "page/selection source" in a new window [FF68+, FF59 and under]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// UX FEATURES: Disable and hide the icons and menus
// >>>>>>>>>>>>>>>>>>>>>
user_pref("browser.messaging-system.whatsNewPanel.enabled", false); // What's New toolbar icon [FF69+]
user_pref("messaging-system.rsexperimentloader.enabled", false);
user_pref("extensions.pocket.enabled", false); // Pocket Account [FF46+]
user_pref("identity.fxaccounts.enabled", false); // Firefox Accounts & Sync [FF60+] [RESTART]
user_pref("reader.parse-on-load.enabled", false); // Reader View
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// OTHER
// >>>>>>>>>>>>>>>>>>>>>
// user_pref("browser.bookmarks.max_backups", 2);
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); // disable CFR [FF67+]
user_pref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines" "");
// [SETTING] General>Browsing>Recommend extensions as you browse
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); // disable CFR [FF67+]
// [SETTING] General>Browsing>Recommend features as you browse
user_pref("network.manage-offline-status", false); // see bugzilla 620472
// user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR)
// Enforce Firefox blocklist
// [WHY] It includes updates for "revoked certificates"
// https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/
user_pref("extensions.blocklist.enabled", true); // [DEFAULT: true]
user_pref("extensions.blocklist.detailsURL", "");
user_pref("extensions.blocklist.url", "");
user_pref("services.blocklist.addons.collection", "");
user_pref("services.blocklist.plugins.collection", "");
user_pref("services.blocklist.pinning.collection", "");
user_pref("services.blocklist.gfx.collection", "");
user_pref("extensions.blocklist.itemURL", "");
user_pref("services.settings.security.onecrl.bucket", "");
user_pref("services.settings.security.onecrl.collection", "");
user_pref("services.settings.security.onecrl.signer", "");
// -------------------------------------
// Test user.js in about:config
user_pref("_config.applied", true);
//
// Enforce no referer spoofing
// [WHY] Spoofing can affect CSRF (Cross-Site Request Forgery) protections
user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false]
// -------------------------------------
// Enforce CSP (Content Security Policy)
// https://developer.mozilla.org/docs/Web/HTTP/CSP
user_pref("security.csp.enable", true); // [DEFAULT: true]
// -------------------------------------
// Enforce a security delay on some confirmation dialogs such as install, open/save
// https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/
user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000]
// -------------------------------------
// Enforce no insecure active content on https pages
user_pref("security.mixed_content.block_active_content", true); // [DEFAULT: true]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// DON'T BOTHER
// >>>>>>>>>>>>>>>>>>>>>
@ -1654,6 +1556,32 @@ user_pref("permissions.default.xr", 0); // Virtual Reality
// user_pref("security.ssl3.rsa_aes_128_sha", false); // no PFS
// user_pref("security.ssl3.rsa_aes_256_sha", false); // no PFS
// user_pref("security.ssl3.rsa_des_ede3_sha", false); // 3DES
// -------------------------------------
// Control TLS versions
// [WHY] Passive fingerprinting. Downgrades are still possible: behind user interaction
// user_pref("security.tls.version.min", 3); // [DEFAULT: 3]
// user_pref("security.tls.version.max", 4);
// -------------------------------------
// Disable SSL session IDs [FF36+]
// [WHY] Passive fingerprinting and perf costs. These are session-only and isolated
// with network partitioning (FF85+) or when using FPI and/or containers
// user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF]
// -------------------------------------
// Onions
// [WHY] Firefox doesn't support hidden services. Use Tor Browser
// user_pref("dom.securecontext.whitelist_onions", true); // 1382359
// user_pref("network.http.referer.hideOnionSource", true); // 1305144
// -------------------------------------
// Referers
// [WHY] Only cross origin referers (1600s) need control
// user_pref("network.http.sendRefererHeader", 2);
// user_pref("network.http.referer.trimmingPolicy", 0);
// -------------------------------------
// Set the default Referrer Policy [FF59+]
// 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade
// [WHY] Defaults are fine. They can be overridden by a site-controlled Referrer Policy
// user_pref("network.http.referer.defaultPolicy", 2); // [DEFAULT: 2 FF87+]
// user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// DON'T BOTHER: NON-RFP
@ -1690,6 +1618,61 @@ user_pref("dom.webaudio.enabled", false);
// user_pref("ui.use_standins_for_native_colors", true);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// PERSONAL
// >>>>>>>>>>>>>>>>>>>>>
// WELCOME & WHAT'S NEW NOTICES
user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switch
user_pref("startup.homepage_welcome_url", "");
user_pref("startup.homepage_welcome_url.additional", "");
user_pref("startup.homepage_override_url", ""); // What's New page after updates
// -------------------------------------
// WARNINGS
user_pref("browser.tabs.warnOnClose", false);
user_pref("browser.tabs.warnOnCloseOtherTabs", false);
user_pref("browser.tabs.warnOnOpen", false);
user_pref("full-screen-api.warning.delay", 0);
user_pref("full-screen-api.warning.timeout", 0);
user_pref("browser.warnOnQuit", false);
// -------------------------------------
// APPEARANCE
// user_pref("browser.download.autohideButton", false); // [FF57+]
// user_pref("ui.systemUsesDarkTheme", 1); // [FF67+] [HIDDEN PREF]
// 0=light, 1=dark: with RFP this only affects chrome
// user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); // [FF68+] allow userChrome/userContent
// user_pref("ui.prefersReducedMotion", 1); // disable chrome animations [FF77+] [RESTART] [HIDDEN PREF]
// 0=no-preference, 1=reduce: with RFP this only affects chrome
// -------------------------------------
// CONTENT BEHAVIOR
user_pref("accessibility.typeaheadfind", false); // enable "Find As You Type"
user_pref("clipboard.autocopy", false); // disable autocopy default [LINUX]
user_pref("layout.spellcheckDefault", 0); // 0=none, 1-multi-line, 2=multi-line & single-line
// -------------------------------------
// UX BEHAVIOR
// user_pref("browser.backspace_action", 2); // 0=previous page, 1=scroll up, 2=do nothing
// user_pref("browser.quitShortcut.disabled", true); // disable Ctrl-Q quit shortcut [LINUX] [MAC] [FF87+]
// user_pref("browser.tabs.closeWindowWithLastTab", false);
// user_pref("browser.tabs.loadBookmarksInTabs", true); // open bookmarks in a new tab [FF57+]
// user_pref("browser.urlbar.decodeURLsOnCopy", true); // see bugzilla 1320061 [FF53+]
// user_pref("general.autoScroll", false); // middle-click enabling auto-scrolling [DEFAULT: false on Linux]
// user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART]
// user_pref("view_source.tab", false); // view "page/selection source" in a new window [FF68+, FF59 and under]
// -------------------------------------
// UX FEATURES: disable and hide the icons and menus
user_pref("browser.messaging-system.whatsNewPanel.enabled", false); // What's New toolbar icon [FF69+]
// user_pref("extensions.pocket.enabled", false); // Pocket Account [FF46+]
// user_pref("identity.fxaccounts.enabled", false); // Firefox Accounts & Sync [FF60+] [RESTART]
user_pref("reader.parse-on-load.enabled", false); // Reader View
// -------------------------------------
// OTHER
// user_pref("browser.bookmarks.max_backups", 2);
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); // disable CFR [FF67+]
// [SETTING] General>Browsing>Recommend extensions as you browse
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); // disable CFR [FF67+]
// [SETTING] General>Browsing>Recommend features as you browse
// user_pref("network.manage-offline-status", false); // see bugzilla 620472
// user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR)
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// DEPRECATED / REMOVED / LEGACY / RENAMED
// >>>>>>>>>>>>>>>>>>>>>
// FF79