Update 'user.js'

user.js

@@ -512,7 +512,7 @@ user_pref("network.http.speculative-parallel-limit", 0);
 // Disable IPv6
 // IPv6 can be abused, especially with MAC addresses, and can leak with VPNs. That's even
 // assuming your ISP and/or router and/or website can handle it. Sites will fall back to IPv4
-// STATS] Firefox telemetry (Dec 2020) shows ~8% of all connections are IPv6
+// [STATS] Firefox telemetry (July 2021) shows ~10% of all connections are IPv6
 // [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an
 // OS/network level, and/or configured properly in VPN setups. If you are not masking your IP,
 // then this won't make much difference. If you are masking your IP, then it can only help.
@@ -525,7 +525,7 @@ user_pref("network.dns.disableIPv6", true);
 // HTTP2 raises concerns with "multiplexing" and "server push", does nothing to
 // enhance privacy, and opens up a number of server-side fingerprinting opportunities.
 // [WARNING] Don't disable HTTP2. Don't be that one person using HTTP1.1 on HTTP2 sites
-// [STATS] Over 50% of sites (April 2021) and growing
+// [STATS] ~46% of sites (July 2021)
 // https://http2.github.io/faq/
 // https://blog.scottlogic.com/2014/11/07/http-2-a-quick-look.html
 // https://http2.github.io/http2-spec/#rfc.section.10.8
@@ -707,8 +707,9 @@ user_pref("signon.formlessCapture.enabled", false);
 // 2=allow sub-resources to open HTTP authentication credentials dialogs (default)
 user_pref("network.auth.subresource-http-auth-allow", 1);
 // -------------------------------------
-// Disable automatic authentication on Microsoft sites [FF91+] [WINDOWS]
-// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1695693,1719301 ***/
+// Disable automatic authentication on Microsoft sites [FF91+] [WINDOWS 10+]
+// [SETTING] Privacy & Security>Logins and Passwords>Allow Windows single sign-on for...
+// https://support.mozilla.org/kb/windows-sso ***/
 user_pref("network.http.windows-sso.enabled", false);
 //
 // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
@@ -962,7 +963,7 @@ user_pref("dom.security.https_only_mode_send_http_background_request", false);
 // >>>>>>>>>>>>>>>>>>>>>
 // Display warning on the padlock for "broken security"
 // Bug: warning padlock not indicated for subresources on a secure page!
-// [STATS] SSL Labs (Dec 2020) reports 99.0% of sites have secure renegotiation
+// [STATS] SSL Labs (July 2021) reports over 99% of sites have secure renegotiation
 // https://wiki.mozilla.org/Security:Renegotiation
 // https://bugzilla.mozilla.org/1353705
 // https://www.ssllabs.com/ssl-pulse/
@@ -1257,9 +1258,10 @@ user_pref("javascript.options.asmjs", false);
 // hidden pref is enabled, then Ion can still be used by extensions (1599226)
 // [WARNING] Disabling Ion/JIT can cause some site issues and performance loss
 // https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817
-// user_pref("javascript.options.ion", false);
-// user_pref("javascript.options.baselinejit", false);
-// user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [HIDDEN PREF]
+user_pref("javascript.options.ion", false);
+user_pref("javascript.options.baselinejit", false);
+user_pref("javascript.options.native_regexp", false);
+user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [HIDDEN PREF]
 // -------------------------------------
 // Disable WebAssembly [FF52+] [SETUP-PERF]
 // Vulnerabilities have increasingly been found, including those known and fixed
@@ -1363,7 +1365,7 @@ user_pref("devtools.selfxss.count", 0);
 // Disable MathML (Mathematical Markup Language) [FF51+] [SETUP-HARDEN]
 // [TEST] https://arkenfox.github.io/TZP/tzp.html#misc
 // https://bugzilla.mozilla.org/1173199
-// user_pref("mathml.disabled", true);
+user_pref("mathml.disabled", true);
 // -------------------------------------
 // Disable in-content SVG (Scalable Vector Graphics) [FF53+]
 // [WARNING] Expect breakage incl. youtube player controls. Best left for a "hardened" profile.