diff --git a/config/mozilla.cfg b/config/mozilla.cfg index 72516af..8b1eb1b 100644 --- a/config/mozilla.cfg +++ b/config/mozilla.cfg @@ -1,18 +1,18 @@ // ********************************************************************************** // user.js | Firefox desktop -// https://git.nixnet.services/Narsil/desktop_user.js +// https://git.nixnet.services/Narsil/mozilla.cfg // ********************************************************************************** // // Author : Narsil : https://git.nixnet.services/Narsil // // Based on : arkenfox : https://github.com/arkenfox/user.js // -// License : https://git.nixnet.services/Narsil/mozilla.cfg/raw/branch/master/LICENSE +// License : https://git.nixnet.services/Narsil/mozilla.cfg/raw/branch/master/LICENSE.txt // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // PROTECTION // >>>>>>>>>>>>>>>>>>>>> -// Pref : Locking mozilla.cfg file itself +// Locking mozilla.cfg file itself lockPref("general.config.filename", "mozilla.cfg"); // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> @@ -68,7 +68,7 @@ lockPref("browser.topsites.useRemoteSetting", false); // >>>>>>>>>>>>>>>>>>>>> // // Use Mozilla geolocation service instead of Google if permission is granted [FF74+] -lockPref("geo.provider.network.url", ""); +defaultPref("geo.provider.network.url", ""); // lockPref("geo.provider.network.logging.enabled", true); // [HIDDEN PREF] // ------------------------------------- // Disable using the OS's geolocation service @@ -81,13 +81,13 @@ lockPref("browser.region.network.url", ""); // [FF78+] lockPref("browser.region.update.enabled", false); // [FF79+] // ------------------------------------- // Set search region -lockPref("browser.search.region", "US"); // [HIDDEN PREF] +defaultPref("browser.search.region", "US"); // [HIDDEN PREF] // ------------------------------------- // Set preferred language for displaying pages defaultPref("intl.accept_languages", "en-US, en"); // ------------------------------------- // Use en-US locale regardless of the system or region locale -lockPref("javascript.use_us_english_locale", true); // [HIDDEN PREF] +defaultPref("javascript.use_us_english_locale", true); // [HIDDEN PREF] // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // QUIETER FOX @@ -179,6 +179,10 @@ lockPref("browser.contentblocking.report.endpoint_url", ""); lockPref("browser.contentblocking.report.monitor.home_page_url", ""); lockPref("browser.contentblocking.report.monitor.preferences_url", ""); lockPref("browser.contentblocking.report.vpn.enabled", false); +lockPref("browser.contentblocking.report.hide_vpn_banner", true); +lockPref("browser.contentblocking.report.show_mobile_app", false); +lockPref("browser.vpn_promo.enabled", false); +lockPref("browser.promo.focus.enabled", false); // ------------------------------------- // Block unwanted connections lockPref("app.feedback.baseURL", ""); @@ -262,8 +266,8 @@ lockPref("network.dns.disablePrefetch", true); // lockPref("network.dns.disablePrefetchFromHTTPS", true); // [DEFAULT: true] // ------------------------------------- // Disable predictor / prefetching -lockPref("network.predictor.enabled", false); -lockPref("network.predictor.enable-prefetch", false); // [FF48+] [DEFAULT: false] +defaultPref("network.predictor.enabled", false); +defaultPref("network.predictor.enable-prefetch", false); // [FF48+] [DEFAULT: false] // ------------------------------------- // Disable link-mouseover opening connection to linked server lockPref("network.http.speculative-parallel-limit", 0); @@ -279,7 +283,7 @@ lockPref("browser.places.speculativeConnect.enabled", false); // >>>>>>>>>>>>>>>>>>>>> // // Disable IPv6 -lockPref("network.dns.disableIPv6", true); +defaultPref("network.dns.disableIPv6", true); // ------------------------------------- // Set the proxy server to do any DNS lookups when using SOCKS lockPref("network.proxy.socks_remote_dns", true); @@ -311,13 +315,10 @@ defaultPref("network.trr.confirmationNS", ""); // Disable location bar domain guessing lockPref("browser.fixup.alternate.enabled", false); // ------------------------------------- -// Display all parts of the url in the location bar -lockPref("browser.urlbar.trimURLs", false); -// ------------------------------------- // Disable live search suggestions -lockPref("browser.search.suggest.enabled", false); -lockPref("browser.urlbar.suggest.searches", false); -lockPref("browser.urlbar.showSearchSuggestionsFirst", false); +defaultPref("browser.search.suggest.enabled", false); +defaultPref("browser.urlbar.suggest.searches", false); +defaultPref("browser.urlbar.showSearchSuggestionsFirst", false); // ------------------------------------- // Disable location bar making speculative connections [FF56+] lockPref("browser.urlbar.speculativeConnect.enabled", false); @@ -327,11 +328,11 @@ lockPref("browser.urlbar.speculativeConnect.enabled", false); lockPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); // ------------------------------------- // Disable location bar contextual suggestions [FF92+] -lockPref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+] -lockPref("browser.urlbar.suggest.quicksuggest.sponsored", false); +defaultPref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+] +defaultPref("browser.urlbar.suggest.quicksuggest.sponsored", false); // ------------------------------------- // Disable tab-to-search [FF85+] -lockPref("browser.urlbar.suggest.engines", false); +defaultPref("browser.urlbar.suggest.engines", false); // ------------------------------------- // Disable search and form history defaultPref("browser.formfill.enable", false); @@ -423,13 +424,6 @@ defaultPref("security.OCSP.require", false); // // CERTS / HPKP (HTTP Public Key Pinning) // -// Disable or limit SHA-1 certificates -// 0 = allow all -// 1 = block all -// 3 = only allow locally-added roots (e.g. anti-virus) (default) -// 4 = only allow locally-added roots or for certs in 2015 and earlier -defaultPref("security.pki.sha1_enforcement_level", 1); -// ------------------------------------- // Disable Windows 8.1's Microsoft Family Safety cert [FF50+] [WINDOWS] // 0=disable detecting Family Safety mode and importing the root // 1=only attempt to detect Family Safety mode (don't import the root) @@ -438,7 +432,7 @@ lockPref("security.family_safety.mode", 0); // ------------------------------------- // Enable strict pinning // PKP (Public Key Pinning) 0=disabled, 1=allow user MiTM (such as your antivirus), 2=strict -lockPref("security.cert_pinning.enforcement_level", 2); +defaultPref("security.cert_pinning.enforcement_level", 2); // ------------------------------------- // Disable CRLite [FF73+] // 0 = disabled @@ -461,7 +455,7 @@ defaultPref("security.pki.crlite_mode", 0); lockPref("security.mixed_content.block_display_content", true); // ------------------------------------- // Enable HTTPS-Only mode in all windows [FF76+] -lockPref("dom.security.https_only_mode", true); // [FF76+] +defaultPref("dom.security.https_only_mode", true); // [FF76+] // lockPref("dom.security.https_only_mode_pbm", true); // [FF80+] // ------------------------------------- // Enable HTTPS-Only mode for local resources [FF77+] @@ -487,7 +481,7 @@ lockPref("browser.xul.error_pages.expert_bad_cert", true); // >>>>>>>>>>>>>>>>>>>>> // // Disable rendering of SVG OpenType fonts -lockPref("gfx.font_rendering.opentype_svg.enabled", false); +defaultPref("gfx.font_rendering.opentype_svg.enabled", false); // ------------------------------------- // Limit font visibility (Windows, Mac, some Linux) [FF94+] // 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts @@ -625,13 +619,16 @@ lockPref("permissions.delegation.enabled", false); // DOWNLOADS // // Enable user interaction for security by always asking where to download -lockPref("browser.download.useDownloadDir", false); +defaultPref("browser.download.useDownloadDir", false); // ------------------------------------- // Disable downloads panel opening on every download [FF96+] lockPref("browser.download.alwaysOpenPanel", false); // ------------------------------------- // Disable adding downloads to the system's "recent documents" list lockPref("browser.download.manager.addToRecentDocs", false); +// ------------------------------------- +// Enable user interaction for security by always asking how to handle new mimetypes [FF101+] +lockPref("browser.download.always_ask_before_handling_new_types", true); // // EXTENSIONS // @@ -646,7 +643,7 @@ lockPref("extensions.postDownloadThirdPartyPrompt", false); // lockPref("extensions.webextensions.restrictedDomains", ""); // ------------------------------------- // Disable extensions suggestions -lockPref("extensions.webservice.discoverURL", ""); +defaultPref("extensions.webservice.discoverURL", ""); // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // ETP (ENHANCED TRACKING PROTECTION) @@ -673,10 +670,6 @@ defaultPref("network.cookie.lifetimePolicy", 2); // ------------------------------------- // Delete cache on exit [FF96+] // lockPref("privacy.clearsitedata.cache.enabled", true); -// ------------------------------------- -// Set third-party cookies to session-only -lockPref("network.cookie.thirdparty.sessionOnly", true); -lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+] // // SANITIZE ON SHUTDOWN : ALL OR NOTHING // @@ -694,16 +687,16 @@ defaultPref("privacy.clearOnShutdown.cookies", true); // defaultPref("privacy.clearOnShutdown.siteSettings", false); // [DEFAULT: false] // ------------------------------------- // Reset default items to clear with Ctrl-Shift-Del [SETUP-CHROME] -lockPref("privacy.cpd.cache", true); // [DEFAULT: true] -lockPref("privacy.cpd.formdata", true); // Form & Search History -lockPref("privacy.cpd.history", true); // Browsing & Download History -lockPref("privacy.cpd.offlineApps", true); // Offline Website Data -lockPref("privacy.cpd.sessions", true); // [DEFAULT: true] -lockPref("privacy.cpd.offlineApps", true); // [DEFAULT: false] -lockPref("privacy.cpd.cookies", true); -// lockPref("privacy.cpd.downloads", true); // not used -// lockPref("privacy.cpd.passwords", false); // [DEFAULT: false] not listed -// lockPref("privacy.cpd.siteSettings", false); // [DEFAULT: false] +defaultPref("privacy.cpd.cache", true); // [DEFAULT: true] +defaultPref("privacy.cpd.formdata", true); // Form & Search History +defaultPref("privacy.cpd.history", true); // Browsing & Download History +defaultPref("privacy.cpd.offlineApps", true); // Offline Website Data +defaultPref("privacy.cpd.sessions", true); // [DEFAULT: true] +defaultPref("privacy.cpd.offlineApps", true); // [DEFAULT: false] +defaultPref("privacy.cpd.cookies", true); +// defaultPref("privacy.cpd.downloads", true); // not used +// defaultPref("privacy.cpd.passwords", false); // [DEFAULT: false] not listed +// defaultPref("privacy.cpd.siteSettings", false); // [DEFAULT: false] // ------------------------------------- // Clear Session Restore data when sanitizing on shutdown or manually [FF34+] // lockPref("privacy.clearOnShutdown.openWindows", true); @@ -718,7 +711,7 @@ lockPref("privacy.sanitize.timeSpan", 0); // >>>>>>>>>>>>>>>>>>>>> // // Enable privacy.resistFingerprinting [FF41+] -lockPref("privacy.resistFingerprinting", true); +defaultPref("privacy.resistFingerprinting", true); // ------------------------------------- // Set new window size rounding max values [FF55+] // lockPref("privacy.window.maxInnerWidth", 1600); @@ -756,12 +749,6 @@ lockPref("browser.link.open_newwindow.restriction", 0); // ------------------------------------- // Disable WebGL (Web Graphics Library) defaultPref("webgl.disabled", true); -// ------------------------------------- -// Enable URL query stripping -// lockPref("privacy.query_stripping.enabled", true); -// ------------------------------------- -// Set the strip list for URL query stripping -lockPref("privacy.query_stripping.strip_list", "__hsfp __hssc __hstc __s _hsenc _openstat dclid fbclid gbraid gclid hsCtaTracking igshid mc_eid ml_subscriber ml_subscriber_hash msclkid oly_anon_id oly_enc_id rb_clickid s_cid twclid vero_conv vero_id wbraid wickedid yclid"); // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // OPTIONAL OPSEC @@ -785,7 +772,7 @@ lockPref("privacy.query_stripping.strip_list", "__hsfp __hssc __hstc __s _hsenc // lockPref("security.nocertdb", true); // [HIDDEN PREF] // ------------------------------------- // Disable favicons in history and bookmarks -lockPref("browser.chrome.site_icons", false); +defaultPref("browser.chrome.site_icons", false); // ------------------------------------- // Exclude "Undo Closed Tabs" in Session Restore // lockPref("browser.sessionstore.max_tabs_undo", 0); @@ -833,13 +820,13 @@ lockPref("gfx.webrender.all", true); // >>>>>>>>>>>>>>>>>>>>> // // Disable MathML (Mathematical Markup Language) [FF51+] -lockPref("mathml.disabled", true); +defaultPref("mathml.disabled", true); // ------------------------------------- // Disable in-content SVG (Scalable Vector Graphics) [FF53+] // lockPref("svg.disabled", true); // ------------------------------------- // Disable graphite -lockPref("gfx.font_rendering.graphite.enabled", false); +defaultPref("gfx.font_rendering.graphite.enabled", false); // ------------------------------------- // Disable asm.js [FF22+] lockPref("javascript.options.asmjs", false); @@ -874,12 +861,6 @@ lockPref("network.http.referer.spoofSource", true); // [DEFAULT: false] // Enforce a security delay on some confirmation dialogs such as install, open/save lockPref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000] // ------------------------------------- -// Enforce window.opener protection [FF65+] -lockPref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true] -// ------------------------------------- -// Enforce "window.name" protection [FF82+] -lockPref("privacy.window.name.update.enabled", true); // [DEFAULT: true] -// ------------------------------------- // Enforce Local Storage Next Generation (LSNG) [FF65+] lockPref("dom.storage.next_gen", true); // [DEFAULT: true FF92+] // ------------------------------------- @@ -895,13 +876,21 @@ lockPref("security.tls.version.enable-deprecated", false); // [DEFAULT: false] // Enforce disabling of Web Compatibility Reporter [FF56+] lockPref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] // ------------------------------------- +// Disable SHA-1 certificates +lockPref("security.pki.sha1_enforcement_level", 1); // [DEFAULT: 1 FF102+] +// ------------------------------------- // PrefsCleaner: prefsCleaner: reset items removed from arkenfox FF92+ +// lockPref("browser.urlbar.trimURLs", ""); // lockPref("dom.caches.enabled", ""); // lockPref("dom.storageManager.enabled", ""); // lockPref("dom.storage_access.enabled", ""); +// lockPref("dom.targetBlankNoOpener.enabled", ""); +// lockPref("network.cookie.thirdparty.sessionOnly", ""); +// lockPref("network.cookie.thirdparty.nonsecureSessionOnly", ""); // lockPref("privacy.firstparty.isolate.block_post_message", ""); // lockPref("privacy.firstparty.isolate.restrict_opener_access", ""); // lockPref("privacy.firstparty.isolate.use_site", ""); +// lockPref("privacy.window.name.update.enabled", ""); // lockPref("security.insecure_connection_text.enabled", ""); // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> @@ -952,12 +941,6 @@ lockPref("security.ssl3.rsa_aes_256_sha", false); // no PFS // lockPref("network.http.referer.defaultPolicy", 2); // [DEFAULT: 2] // lockPref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2] // ------------------------------------- -// Disable HTTP2 -// lockPref("network.http.spdy.enabled", false); -// lockPref("network.http.spdy.enabled.deps", false); -// lockPref("network.http.spdy.enabled.http2", false); -// lockPref("network.http.spdy.websockets", false); // [FF65+] -// ------------------------------------- // Disable HTTP Alternative Services [FF37+] // lockPref("network.http.altsvc.enabled", false); // lockPref("network.http.altsvc.oe", false); // [DEFAULT: false FF94+] @@ -973,8 +956,8 @@ lockPref("security.ssl3.rsa_aes_256_sha", false); // no PFS // lockPref("dom.event.clipboardevents.enabled", false); // ------------------------------------- // Disable System Add-on updates -lockPref("extensions.systemAddon.update.enabled", false); // [FF62+] -lockPref("extensions.systemAddon.update.url", ""); // [FF44+] +defaultPref("extensions.systemAddon.update.enabled", false); // [FF62+] +defaultPref("extensions.systemAddon.update.url", ""); // [FF44+] // ------------------------------------- // Enable the DNT (Do Not Track) HTTP header // lockPref("privacy.donottrackheader.enabled", true); @@ -982,7 +965,10 @@ lockPref("extensions.systemAddon.update.url", ""); // [FF44+] // Customize ETP settings lockPref("network.cookie.cookieBehavior", 5); // lockPref("privacy.partition.network_state.ocsp_cache", true); +// lockPref("privacy.query_stripping.enabled", true); // [FF101+] [ETP FF102+] +lockPref("privacy.query_stripping.strip_list", "__hsfp __hssc __hstc __s _hsenc _openstat dclid fbclid gbraid gclid hsCtaTracking igshid mc_eid ml_subscriber ml_subscriber_hash msclkid oly_anon_id oly_enc_id rb_clickid s_cid twclid vero_conv vero_id wbraid wickedid yclid"); // lockPref("network.http.referer.disallowCrossSiteRelaxingDefault", true); +// lockPref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // [FF100+] // lockPref("privacy.trackingprotection.enabled", true); // lockPref("privacy.trackingprotection.socialtracking.enabled", true); // lockPref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true] @@ -1000,10 +986,10 @@ lockPref("network.cookie.cookieBehavior", 5); // lockPref("dom.webnotifications.serviceworker.enabled", false); // [FF44+] // ------------------------------------- // Disable Push Notifications [FF44+] -lockPref("dom.push.enabled", false); -lockPref("dom.push.connection.enabled", false); -lockPref("dom.push.serverURL", ""); -lockPref("dom.push.userAgentID", ""); +defaultPref("dom.push.enabled", false); +defaultPref("dom.push.connection.enabled", false); +defaultPref("dom.push.serverURL", ""); +defaultPref("dom.push.userAgentID", ""); // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // DON'T BOTHER: FINGERPRINTING @@ -1066,16 +1052,16 @@ defaultPref("browser.warnOnQuit", false); lockPref("app.update.auto", false); // ------------------------------------- // Disable auto-CHECKING for extension and theme updates -lockPref("extensions.update.enabled", false); +defaultPref("extensions.update.enabled", false); // ------------------------------------- // Disable auto-INSTALLING extension and theme updates -lockPref("extensions.update.autoUpdateDefault", false); +defaultPref("extensions.update.autoUpdateDefault", false); // ------------------------------------- // Disable extension metadata lockPref("extensions.getAddons.cache.enabled", false); // ------------------------------------- // Disable search engine updates (e.g. OpenSearch) -lockPref("browser.search.update", false); +defaultPref("browser.search.update", false); // // APPEARANCE // @@ -1088,9 +1074,9 @@ lockPref("browser.search.update", false); // // CONTENT BEHAVIOR // -lockPref("accessibility.typeaheadfind", false); // enable "Find As You Type" -lockPref("clipboard.autocopy", false); // disable autocopy default [LINUX] -lockPref("layout.spellcheckDefault", 0); // 0=none, 1-multi-line, 2=multi-line & single-line +defaultPref("accessibility.typeaheadfind", false); // enable "Find As You Type" +defaultPref("clipboard.autocopy", false); // disable autocopy default [LINUX] +defaultPref("layout.spellcheckDefault", 0); // 0=none, 1-multi-line, 2=multi-line & single-line // // UX BEHAVIOR // @@ -1118,6 +1104,7 @@ lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", fal lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); // disable CFR [FF67+] lockPref("network.manage-offline-status", false); lockPref("browser.preferences.moreFromMozilla", false); +lockPref("browser.disableResetPrompt", true); // [HIDDEN PREF] // lockPref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) // // MORE @@ -1145,11 +1132,11 @@ lockPref("security.ssl3.rsa_des_ede3_sha", false); // 3DES // ------------------------------------- // FF95 // Disable location bar contextual suggestions [FF92+] -lockPref("browser.urlbar.suggest.quicksuggest", false); +defaultPref("browser.urlbar.suggest.quicksuggest", false); // // FF96 // Disable auto-INSTALLING Firefox updates via a background service [FF90+] [WINDOWS] -lockPref("app.update.background.scheduling.enabled", false); +defaultPref("app.update.background.scheduling.enabled", false); // // FF97 // Onions - replaced by new "allowlist" @@ -1159,3 +1146,10 @@ lockPref("app.update.background.scheduling.enabled", false); // Enforce CSP (Content Security Policy) lockPref("security.csp.enable", true); // [DEFAULT: true] // +// FF100 +// Disable HTTP2 +// lockPref("network.http.spdy.enabled", false); +// lockPref("network.http.spdy.enabled.deps", false); +// lockPref("network.http.spdy.enabled.http2", false); +// lockPref("network.http.spdy.websockets", false); // [FF65+] +//