Update 'user.js'

This commit is contained in:
Narsil 2020-10-26 14:42:05 -04:00
parent e5df512f06
commit bc213adf35
1 changed files with 8 additions and 4 deletions

12
user.js
View File

@ -1045,14 +1045,17 @@ user_pref("javascript.options.asmjs", false);
// https://gitlab.torproject.org/legacy/trac/-/issues/26019
user_pref("javascript.options.ion", false);
// user_pref("javascript.options.baselinejit", false); // [BUG] Addons issues
// user_pref("javascript.options.jit_trustedprincipals", true); // [HIDDEN PREF] // [DESKTOP ?]
// user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [DESKTOP HIDDEN PREF]
user_pref("javascript.options.native_regexp", false);
// -------------------------------------
// Pref : Disable WebAssembly
// https://webassembly.org/
// Vulnerabilities have increasingly been found, including those known and fixed
// in native programs years ago. WASM has powerful low-level access, making
// certain attacks (brute-force) and vulnerabilities more possible
// [STATS] ~0.2% of websites, about half of which are for crytopmining / malvertising
// https://developer.mozilla.org/docs/WebAssembly
// https://en.wikipedia.org/wiki/WebAssembly
// https://gitlab.torproject.org/legacy/trac/-/issues/21549
// https://spectrum.ieee.org/tech-talk/telecom/security/more-worries-over-the-security-of-web-assembly
// https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes ***/
user_pref("javascript.options.wasm", false);
user_pref("javascript.options.wasm_baselinejit", false);
user_pref("javascript.options.wasm_cranelift", false);
@ -1382,6 +1385,7 @@ user_pref("network.predictor.enable-hover-on-ssl", false);
// * IPv6 can be abused, especially with MAC addresses, and they do not play nice with VPNs. That's even assuming your ISP and/or router and/or website can handle it. Sites will fall back to IPv4
// [STATS] Firefox telemetry (June 2020) shows only 5% of all connections are IPv6
// [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, then this won't make much difference. If you are masking your IP, then it can only help.
// [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT"
// [TEST] https://ipleak.org/
user_pref("network.dns.disableIPv6", true);
// -------------------------------------