From 0e188223937a215d127f1257c254642cc5d46b9e Mon Sep 17 00:00:00 2001 From: quindecim Date: Mon, 2 Sep 2019 10:04:29 -0400 Subject: [PATCH] Update 'config/mozilla.cfg' MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ✅ Sanitized almost all URLs for requests to Mozilla servers from LOCALE ✅ Synced all the buildIDs with Tor's ones ⛔️ Removed all the warnings on quit and from accessing about:config page ⛔️ Disabled more unwanted connections ⛔️ Disabled vendor useragent info leakage to Mozilla ⛔️ Disabled entering in safe mode ⛔️ Disabled completely PingCentre telemetry (used in several System Add-ons) ℹ️ Moved some preferences from FF69+ into deprecated section (keeping them active for ESR60.x and ESR68.x) ℹ️ Added new links for better descriptions --- config/mozilla.cfg | 89 ++++++++++++++++++++++++++++++++-------------- 1 file changed, 63 insertions(+), 26 deletions(-) diff --git a/config/mozilla.cfg b/config/mozilla.cfg index 5543587..1e94325 100644 --- a/config/mozilla.cfg +++ b/config/mozilla.cfg @@ -110,8 +110,8 @@ lockPref("browser.startup.homepage_override.mstone", "ignore"); // lockPref("app.update.auto", false); // [DESKTOP] // lockPref("app.update.autodownload", "never"); // [TEST] // [FENNEC] // lockPref("app.update.channel", ""); -lockPref("app.update.url", "https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%CHANNEL%/%OS_VERSION%/%SYSTEM_CAPABILITIES%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml"); // [URL SANITIZED] // [DESKTOP] -lockPref("app.update.url.details", "https://www.mozilla.org/firefox/notes"); // [URL SANITIZED] // [DESKTOP] +lockPref("app.update.url", "https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/en-US/%CHANNEL%/%OS_VERSION%/%SYSTEM_CAPABILITIES%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml"); // [URL SANITIZED] // [DESKTOP] +lockPref("app.update.url.details", "https://www.mozilla.org/en-US/firefox/notes"); // [URL SANITIZED] // [DESKTOP] // lockPref("app.update.url.manual", ""); // [DESKTOP] // lockPref("app.update.url.android", ""); // [FENNEC] // lockPref("app.update.staging.enabled", false); // [DESKTOP] @@ -338,14 +338,17 @@ lockPref("browser.discovery.enabled", false); // [DEFAULT: false] // ------------------------------------- // Pref : Disable Crash Reports lockPref("breakpad.reportURL", ""); +lockPref("browser.tabs.crashReporting.email", ""); // [DESKTOP] +lockPref("browser.tabs.crashReporting.emailMe", false); // [DESKTOP] +lockPref("browser.tabs.crashReporting.includeURL", false); // [DESKTOP] +lockPref("browser.tabs.crashReporting.requestEmail", false); // [DESKTOP] lockPref("browser.tabs.crashReporting.sendReport", false); // [DESKTOP] lockPref("browser.crashReports.unsubmittedCheck.enabled", false); // [DESKTOP] lockPref("toolkit.crashreporter.infoURL", ""); // [DESKTOP] // ------------------------------------- // Pref : Disable automatic captive portal detection -// https://en.wikipedia.org/wiki/Captive_portal +// https://www.eff.org/deeplinks/2017/08/how-captive-portals-interfere-wireless-security-and-privacy // https://wiki.mozilla.org/Necko/CaptivePortal -// https://trac.torproject.org/projects/tor/ticket/21790 lockPref("captivedetect.canonicalURL", ""); lockPref("network.captive-portal-service.enabled", false); lockPref("network.captive-portal-service.backoffFactor", ""); @@ -407,7 +410,7 @@ lockPref("browser.contentblocking.rejecttrackers.reportBreakage.enabled", false) // ------------------------------------- // Pref : Disable send content blocking log to about:protections // https://bugzilla.mozilla.org/show_bug.cgi?id=1549832 -lockPref("browser.contentblocking.database.enabled", false); +lockPref("browser.contentblocking.database.enabled", false); // [DESKTOP] // ------------------------------------- // Pref : Onboarding tour disable because of included telemetry // [NOTE] This setting is just in case it comeback @@ -440,6 +443,7 @@ defaultPref("layout.spellcheckDefault", 0); // [DESKTOP] // Pref : Disable Firefox internal page warnings lockPref("network.warnOnAboutNetworking", false); lockPref("general.warnOnAboutConfig", false); +lockPref("browser.aboutConfig.showWarning", false); // [DESKTOP] // ------------------------------------- // Pref : Disable recent Highlights in the Library lockPref("browser.library.activity-stream.enabled", false); // [DESKTOP] @@ -448,6 +452,7 @@ lockPref("browser.library.activity-stream.enabled", false); // [DESKTOP] lockPref("browser.tabs.warnOnClose", false); // [DESKTOP] lockPref("browser.tabs.warnOnCloseOtherTabs", false); // [DESKTOP] lockPref("browser.tabs.warnOnOpen", false); // [DESKTOP] +lockPref("browser.warnOnQuit", false); // [DESKTOP] // ------------------------------------- // Pref : Disable warnings by entering full screen mode lockPref("full-screen-api.warning.delay", 0); @@ -495,6 +500,8 @@ lockPref("dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode", ""); lockPref("startup.homepage_welcome_url", ""); // [DESKTOP] lockPref("startup.homepage_welcome_url.additional", ""); // [DESKTOP] lockPref("startup.homepage_override_url", ""); // [DESKTOP] +lockPref("browser.search.param.yahoo-fr", ""); // [DESKTOP] +lockPref("privacy.restrict3rdpartystorage.partitionedHosts", ""); // [DESKTOP] // ------------------------------------- // Pref : Devtools cleanup lockPref("devtools.devices.url", ""); @@ -524,6 +531,12 @@ lockPref("general.useragent.updates.enabled", false); // [FENNEC] lockPref("general.useragent.site_specific_overrides", false); // [DESKTOP] lockPref("general.useragent.updates.url", ""); // [FENNEC] // ------------------------------------- +// Pref : Decrease vendor useragent info leakage to Mozilla +// https://github.com/pyllyukko/user.js/issues/299 +lockPref("general.useragent.vendor", ""); // [DESKTOP] +lockPref("general.useragent.vendorComment", ""); // [DESKTOP] +lockPref("general.useragent.vendorSub", ""); // [DESKTOP] +// ------------------------------------- // Pref : Disable mailnews lockPref("mailnews.messageid_browser.url", ""); // [DESKTOP] lockPref("mailnews.mx_service_url", ""); // [DESKTOP] @@ -544,8 +557,16 @@ lockPref("_config.applied", true); lockPref("extensions.update.enabled", true); lockPref("extensions.autoupdate.enabled", true); // ------------------------------------- +// Pref : Decrease system information leakage to Mozilla extensions update servers +lockPref("extensions.update.url", "https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=%APP_OS%&appABI=%APP_ABI%&locale=en-US¤tAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%"); // [URL SANITIZED] +lockPref("extensions.update.background.url", "https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=%APP_OS%&appABI=%APP_ABI%&locale=en-US¤tAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%"); // [URL SANITIZED] +// ------------------------------------- // Pref : Decrease system information leakage to Mozilla addons update servers -lockPref("extensions.getAddons.search.browseURL", "https://addons.mozilla.org/firefox/search?q=%TERMS%"); // [URL SANITIZED] +lockPref("extensions.getAddons.browseAddons", "https://addons.mozilla.org/en-US/firefox/collections/4757633/mob/?page=1&collection_sort=-popularity"); // [URL SANITIZED] // [FENNEC] +lockPref("extensions.getAddons.get.url", "https://services.addons.mozilla.org/api/v3/addons/search/?guid=%IDS%&lang=en-US"); // [URL SANITIZED] +lockPref("extensions.getAddons.link.url", "https://addons.mozilla.org/en-US/firefox/"); // [URL SANITIZED] +lockPref("extensions.getAddons.search.browseURL", "https://addons.mozilla.org/en-US/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%"); // [URL SANITIZED] +lockPref("extensions.getAddons.compatOverides.url", "https://services.addons.mozilla.org/api/v3/addons/compat-override/?guid=%IDS%&lang=en-US"); // [URL SANITIZED] // ------------------------------------- // Pref : Disable Web Compatibility Reporter // Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla @@ -936,10 +957,10 @@ lockPref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: false] // Value taken from Tor Browser // https://bugzilla.mozilla.org/show_bug.cgi?id=583181 lockPref("general.buildID.override", "20100101"); -lockPref("browser.startup.homepage_override.buildID", "20100101"); -lockPref("media.gmp-manager.buildID", "20190307010101"); // [DESKTOP] -lockPref("extensions.lastAppBuildID", "20190307010101"); -lockPref("browser.sessionstore.upgradeBackup.latestBuildID", "20190307010101"); // [DESKTOP] +lockPref("browser.startup.homepage_override.buildID", "20190307050101"); +lockPref("media.gmp-manager.buildID", "20190307050101"); // [DESKTOP] +lockPref("extensions.lastAppBuildID", "20190307050101"); +lockPref("browser.sessionstore.upgradeBackup.latestBuildID", ""); // [DESKTOP] // ------------------------------------- // Pref : Disable raw TCP socket support (mozTCPSocket) // https://trac.torproject.org/projects/tor/ticket/18863 @@ -1005,17 +1026,16 @@ lockPref("dom.imagecapture.enabled", false); // [DEFAULT: false] lockPref("gfx.offscreencanvas.enabled", false); // [DEFAULT: false] // ------------------------------------- // Pref : Disable autoplay of HTML5 media -// 0=Allowed, 1=Blocked, 2=Prompt +// 0=Allow all, 1=Block non-muted media, 5=Block all // [NOTE] You can set exceptions under site permissions -lockPref("media.autoplay.default", 1); -lockPref("media.autoplay.allow-muted", false); // [DEFAULT: true] +lockPref("media.autoplay.default", 5); lockPref("media.autoplay.block-event.enabled", true); // [DEFAULT: false] lockPref("media.autoplay.block-webaudio", true); // [DEFAULT: false] // ------------------------------------- // Pref : Disable autoplay of HTML5 media if you interacted with the site lockPref("media.autoplay.enabled.user-gestures-needed", true); // [DEFAULT: true] // ------------------------------------- -// Pref : Disable audio autoplay in non-active tabs +// Pref : Disable autoplay of HTML5 media in non-active tabs // https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ lockPref("media.block-autoplay-until-in-foreground", true); // [DEFAULT: true] // @@ -1190,6 +1210,11 @@ lockPref("remote.log.level", ""); // [DESKTOP] // "browser.safebrowsing.allowOverride" prevents selecting "ignore the risk" and visiting a harmful site anyway. lockPref("browser.safebrowsing.allowOverride", false); // [DESKTOP] lockPref("security.certerror.hideAddException", true); // [DESKTOP] +// ------------------------------------- +// Pref : Disable safe mode +// In case of a crash, we don't want to prompt for a safe-mode browser that has extensions disabled. +// https://support.mozilla.org/en-US/questions/951221#answer-410562 +lockPref("toolkit.startup.max_resumed_crashes", -1); // [DESKTOP] // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Block Implicit Outbound @@ -1778,9 +1803,6 @@ lockPref("font.name.monospace.x-western", "Lucida Console"); // [DEFAULT: Courie // defaultPref("gfx.downloadable_fonts.enabled", false); // defaultPref("gfx.downloadable_fonts.fallback_delay", 0); // ------------------------------------- -// Pref : Disable WOFF2 (Web Open Font Format) -defaultPref("gfx.downloadable_fonts.woff2.enabled", false); -// ------------------------------------- // Pref : Disable CSS Font Loading API // [NOTE] Disabling fonts can uglify the web a fair bit. defaultPref("layout.css.font-loading-api.enabled", false); @@ -1816,12 +1838,6 @@ lockPref("plugin.defaultXpi.state", 0); // Pref : Disable scanning for plugins lockPref("plugin.scan.plid.all", false); // [WINDOWS] // [DESKTOP] // ------------------------------------- -// Pref : Enable plugins click-to-play -// https://wiki.mozilla.org/Firefox/Click_To_Play -// https://blog.mozilla.org/security/2012/10/11/click-to-play-plugins-blocklist-style/ -lockPref("plugins.click_to_play", true); -lockPref("plugin.sessionPermissionNow.intervalInMinutes", 0); -// ------------------------------------- // Pref : Disable all GMP (Gecko Media Plugins) lockPref("media.gmp-provider.enabled", false); lockPref("media.gmp-manager.certs.1.issuerName", ""); @@ -2026,6 +2042,8 @@ lockPref("privacy.trackingprotection.socialtracking.enabled", false); // Pref : Disable PingCentre telemetry (used in several System Add-ons) // Currently blocked by 'datareporting.healthreport.uploadEnabled' lockPref("browser.ping-centre.telemetry", false); // [DESKTOP] +lockPref("browser.ping-centre.production.endpoint", ""); // [DESKTOP] +lockPref("browser.ping-centre.staging.endpoint", ""); // [DESKTOP] // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : System add-ons / Experiments @@ -2037,7 +2055,7 @@ lockPref("browser.ping-centre.telemetry", false); // [DESKTOP] // https://dxr.mozilla.org/mozilla-central/source/toolkit/mozapps/extensions/AddonManager.jsm#1248-1257 // [NOTE] Disabling system add-on updates prevents Mozilla from "hotfixing" your browser to patch critical problems (one possible use case from the documentation) // lockPref("extensions.systemAddon.update.enabled", false); // [DESKTOP] -lockPref("extensions.systemAddon.update.url", "https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml"); // [URL SANITIZED] +lockPref("extensions.systemAddon.update.url", "https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/en-US/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml"); // [URL SANITIZED] // ------------------------------------- // Pref : Disable Normandy/Shield // Shield is an telemetry system (including Heartbeat) that can also push and test "recipes" @@ -2070,6 +2088,8 @@ lockPref("extensions.formautofill.heuristics.enabled", false); // [DESKTOP] // defaultPref("network.cookie.lifetimePolicy", 2); // ------------------------------------- // Pref : Disable 3rd-party cookies and site-data +// 0=(Allow) cookies and site data, 1=(Block) All third-party cookies, 2=(Block) All cookies, 3=(Block) Cookies from unvisited sites, 4=(Block) Third-party trackers +// [NOTE] Value 4 is tied to the Tracking Protection lists // [NOTE] Can breaks payment gateways defaultPref("network.cookie.cookieBehavior", 1); // ------------------------------------- @@ -2447,8 +2467,8 @@ defaultPref("browser.urlbar.doubleClickSelectsAll", false); // [DESKTOP] // // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // Section : Deprecated / Removed / Legacy / Renamed -// ESR60.x still uses all the following prefs // >>>>>>>>>>>>>>>>>>>> +// ESR60.x still uses all the following prefs // ------------------------------------- // FF52+ // ------------------------------------- @@ -2630,7 +2650,7 @@ lockPref("media.autoplay.enabled", false); // Pref: Enable "Ctrl+Tab cycles through tabs in recently used order" // Rreplaced by "browser.ctrlTab.recentlyUsedOrder" // https://bugzilla.mozilla.org/1473595 -defaultpref("browser.ctrlTab.previews", true); +defaultPref("browser.ctrlTab.previews", true); // ------------------------------------- // Pref : Disable In-Browser Feed Handling // https://bugzilla.mozilla.org/show_bug.cgi?id=1477670 @@ -2730,6 +2750,8 @@ lockPref("lightweightThemes.update.enabled", false); // https://bugzilla.mozilla.org/1386214 defaultPref("security.csp.experimentalEnabled", true); // ------------------------------------- +// ESR68.x still uses all the following prefs +// ------------------------------------- // FF69+ // ------------------------------------- // Pref : Disable app from auto-update @@ -2759,5 +2781,20 @@ lockPref("security.identitypopup.recordEventElemetry", false); // https://hg.mozilla.org/mozilla-central/rev/68aacb4ba7f9 lockPref("services.sync.prefs.sync.browser.sessionstore.restore_on_demand", false); // ------------------------------------- +// Pref : Disable WOFF2 (Web Open Font Format) +// https://bugzilla.mozilla.org/1556991 +// https://hg.mozilla.org/mozilla-central/rev/69d1b01b2847 +lockPref("gfx.downloadable_fonts.woff2.enabled", false); +// ------------------------------------- +// Pref : Enable plugins click-to-play +// https://bugzilla.mozilla.org/1519434 +// https://hg.mozilla.org/mozilla-central/rev/38fc0d299eb0 +lockPref("plugins.click_to_play", true); +// ------------------------------------- +// Pref : Disable autoplay of HTML5 media +// https://bugzilla.mozilla.org/1562331 +// https://hg.mozilla.org/mozilla-central/rev/3780202d7104 +lockPref("media.autoplay.allow-muted", false); +// ------------------------------------- // FF70+ // ------------------------------------- \ No newline at end of file