diff --git a/user.js b/user.js index 7763138..c82a523 100644 --- a/user.js +++ b/user.js @@ -512,7 +512,7 @@ user_pref("network.http.speculative-parallel-limit", 0); // Disable IPv6 // IPv6 can be abused, especially with MAC addresses, and can leak with VPNs. That's even // assuming your ISP and/or router and/or website can handle it. Sites will fall back to IPv4 -// STATS] Firefox telemetry (Dec 2020) shows ~8% of all connections are IPv6 +// [STATS] Firefox telemetry (July 2021) shows ~10% of all connections are IPv6 // [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an // OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, // then this won't make much difference. If you are masking your IP, then it can only help. @@ -525,7 +525,7 @@ user_pref("network.dns.disableIPv6", true); // HTTP2 raises concerns with "multiplexing" and "server push", does nothing to // enhance privacy, and opens up a number of server-side fingerprinting opportunities. // [WARNING] Don't disable HTTP2. Don't be that one person using HTTP1.1 on HTTP2 sites -// [STATS] Over 50% of sites (April 2021) and growing +// [STATS] ~46% of sites (July 2021) // https://http2.github.io/faq/ // https://blog.scottlogic.com/2014/11/07/http-2-a-quick-look.html // https://http2.github.io/http2-spec/#rfc.section.10.8 @@ -707,8 +707,9 @@ user_pref("signon.formlessCapture.enabled", false); // 2=allow sub-resources to open HTTP authentication credentials dialogs (default) user_pref("network.auth.subresource-http-auth-allow", 1); // ------------------------------------- -// Disable automatic authentication on Microsoft sites [FF91+] [WINDOWS] -// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1695693,1719301 ***/ +// Disable automatic authentication on Microsoft sites [FF91+] [WINDOWS 10+] +// [SETTING] Privacy & Security>Logins and Passwords>Allow Windows single sign-on for... +// https://support.mozilla.org/kb/windows-sso ***/ user_pref("network.http.windows-sso.enabled", false); // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> @@ -962,7 +963,7 @@ user_pref("dom.security.https_only_mode_send_http_background_request", false); // >>>>>>>>>>>>>>>>>>>>> // Display warning on the padlock for "broken security" // Bug: warning padlock not indicated for subresources on a secure page! -// [STATS] SSL Labs (Dec 2020) reports 99.0% of sites have secure renegotiation +// [STATS] SSL Labs (July 2021) reports over 99% of sites have secure renegotiation // https://wiki.mozilla.org/Security:Renegotiation // https://bugzilla.mozilla.org/1353705 // https://www.ssllabs.com/ssl-pulse/ @@ -1257,9 +1258,10 @@ user_pref("javascript.options.asmjs", false); // hidden pref is enabled, then Ion can still be used by extensions (1599226) // [WARNING] Disabling Ion/JIT can cause some site issues and performance loss // https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 -// user_pref("javascript.options.ion", false); -// user_pref("javascript.options.baselinejit", false); -// user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [HIDDEN PREF] +user_pref("javascript.options.ion", false); +user_pref("javascript.options.baselinejit", false); +user_pref("javascript.options.native_regexp", false); +user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [HIDDEN PREF] // ------------------------------------- // Disable WebAssembly [FF52+] [SETUP-PERF] // Vulnerabilities have increasingly been found, including those known and fixed @@ -1363,7 +1365,7 @@ user_pref("devtools.selfxss.count", 0); // Disable MathML (Mathematical Markup Language) [FF51+] [SETUP-HARDEN] // [TEST] https://arkenfox.github.io/TZP/tzp.html#misc // https://bugzilla.mozilla.org/1173199 -// user_pref("mathml.disabled", true); +user_pref("mathml.disabled", true); // ------------------------------------- // Disable in-content SVG (Scalable Vector Graphics) [FF53+] // [WARNING] Expect breakage incl. youtube player controls. Best left for a "hardened" profile.