Update mozilla.cfg

 Enabled app from auto-update (DESKTOP ONLY)
 Locked "close tab with dbclick" function (DESKTOP ONLY)
 Added "PROTECTION" section to lock mozilla.cfg file itself (DESKTOP ONLY)

️ Locked reveal buildID
️ Locked more activity stream contents
️ Locked Browser Error Reporter
️ Locked contentblocking reportBreakage
️ Locked Onboarding + tour
️ Locked check default browser on first run
️ Locked more unwanted connections
️ Locked browser translate integration
️ Locked raw TCP socket support (mozTCPSocket)
️ Locked more UI tours
️ Locked more safebrowsing connections
️ Locked more Normandy/SHIELD
️ Defaulted browser animations (DESKTOP ONLY)
️ Defaulted autohide download button (DESKTOP ONLY)
️ Locked and hidden third-party cookie and tracking protection UI (DESKTOP ONLY)

ℹ️ Changed `#test` line. from `user.js.applied` to `_config.applied`
ℹ️ Set history leaks via enumeration (PER TAB: back/forward) from 8 to 20
ℹ️ Added UI section
This commit is contained in:
quindecim 2019-05-16 09:59:35 +00:00 committed by GitHub
parent 33d01251c3
commit d3781a24de
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 115 additions and 6 deletions

View File

@ -17,6 +17,11 @@
// License : https://github.com/quindecim/mozilla.cfg/blob/master/LICENSE.txt
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// PROTECTION
// >>>>>>>>>>>>>>>>>>>>>
// Pref : Locking mozilla.cfg itself
lockPref("general.config.filename", "mozilla.cfg");
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Startup
// >>>>>>>>>>>>>>>>>>>>>
// Pref : Disable default browser check
@ -91,6 +96,13 @@ lockPref("browser.newtabpage.enhanced", false); // [DESKTOP]
lockPref("browser.newtab.preload", false); // [DESKTOP]
lockPref("browser.newtabpage.directory.ping", ""); // [DESKTOP]
lockPref("browser.newtabpage.directory.source", "data:text/plain,{}"); // [DESKTOP]
lockPref("browser.newtabpage.activity-stream.aboutHome.enabled", false); // [DESKTOP]
lockPref("browser.newtabpage.activity-stream.asrouter.messageProviders", ""); // [DESKTOP]
// -------------------------------------
// Pref : Don't reveal build ID
// Value taken from Tor Browser
// https://bugzilla.mozilla.org/show_bug.cgi?id=583181
lockPref("browser.startup.homepage_override.mstone", "ignore");
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Quiet Fox
@ -233,6 +245,37 @@ lockPref("extensions.webservice.discoverURL", ""); // [DESKTOP]
// Pref : Disable Firefox Hello metrics collection
// https://groups.google.com/d/topic/mozilla.dev.platform/nyVkCx-_sFw/discussion
lockPref("loop.logDomains",false); // [DESKTOP]
// Pref : Disable Browser Error Reporter
// https://support.mozilla.org/en-US/kb/firefox-nightly-error-collection
// https://firefox-source-docs.mozilla.org/browser/browser/BrowserErrorReporter.html
lockPref("browser.chrome.errorReporter.enabled", false); // [DESKTOP]
lockPref("browser.chrome.errorReporter.submitUrl", ""); // [DESKTOP]
lockPref("browser.chrome.errorReporter.infoURL", ""); // [DESKTOP]
lockPref("browser.chrome.errorReporter.submitUrl", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable contentblocking reportBreakage
lockPref("browser.contentblocking.reportBreakage.enabled", false); // [DESKTOP]
lockPref("browser.contentblocking.reportBreakage.url", ""); // [DESKTOP]
lockPref("browser.contentblocking.rejecttrackers.reportBreakage.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable Onboarding
// Onboarding is an interactive tour/setup for new installs/profiles and features. Every time
// about:home or about:newtab is opened, the onboarding overlay is injected into that page
// [NOTE] Onboarding uses Google Analytics, and leaks resource://URIs
// https://wiki.mozilla.org/Firefox/Onboarding
// https://github.com/mozilla/onboard/commit/db4d6c8726c89a5d6a241c1b1065827b525c5baf
// https://bugzilla.mozilla.org/863246#c154
lockPref("browser.onboarding.enabled", false); // [DESKTOP] // [DEPRECATED]
lockPref("browser.onboarding.notification.tour-ids-queue", ""); // [DESKTOP] // [DEPRECATED]
// -------------------------------------
// Pref : Onboarding tour disable because of included telemetry
// [NOTE] This setting is just in case it comeback
lockPref("browser.onboarding.notification.finished", true); // [DESKTOP] // [DEPRECATED]
lockPref("browser.onboarding.tour.onboarding-tour-customize.completed", true); // [DESKTOP] // [DEPRECATED]
lockPref("browser.onboarding.tour.onboarding-tour-performance.completed", true); // [DESKTOP] // [DEPRECATED]
// -------------------------------------
// Pref : Disable check default browser on first run
lockPref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : IJWY To Shut Up
@ -248,19 +291,35 @@ lockPref("app.privacyURL", ""); // [FENNEC]
lockPref("app.releaseNotesURL", "");
lockPref("app.support.baseURL", "");
lockPref("app.supportURL", ""); // [FENNEC]
lockPref("app.vendorURL", ""); // [DESKTOP]
lockPref("media.decoder-doctor.new-issue-endpoint", "");
lockPref("network.trr.confirmationNS", "");
lockPref("services.settings.default_signer", ""); // [DESKTOP]
lockPref("services.settings.server", ""); // [DESKTOP]
lockPref("accessibility.support.url", ""); // [DESKTOP]
lockPref("browser.dictionaries.download.url", ""); // [DESKTOP]
lockPref("browser.geolocation.warning.infoURL", ""); // [DESKTOP]
lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr", ""); // [DESKTOP]
lockPref("browser.newtabpage.activity-stream.asrouter.providers.onboarding", ""); // [DESKTOP]
lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); // [DESKTOP]
lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines", ""); // [DESKTOP]
lockPref("browser.search.searchEnginesURL", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable app from auto-update
// lockPref("app.update.enabled", false);
// lockPref("app.update.auto", false); // [DESKTOP]
// lockPref("app.update.autodownload", ""); // [TEST]
// lockPref("app.update.channel", ""); // [TEST]
// lockPref("app.update.url.android", "");
// lockPref("app.update.url", ""); // [DESKTOP]
// lockPref("app.update.url.details", ""); // [DESKTOP]
// lockPref("app.update.url.manual", ""); // [DESKTOP]
// lockPref("app.update.url.android", ""); // [FENNEC]
// lockPref("app.update.timerFirstInterval", 0);
// lockPref("app.update.timerMinimumDelay", 0);
// lockPref("app.update.url.android", "https://aus5.mozilla.org/update/4/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%MOZ_VERSION%/update.xml"); // [TEST]
// lockPref("app.update.service.enabled", false); // [DESKTOP]
// lockPref("app.update.silent", false); // [DESKTOP]
// lockPref("app.update.staging.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Test To Make FFox Silent
lockPref("security.content.signature.root_hash", "");
@ -273,12 +332,19 @@ lockPref("urlclassifier.passwordAllowTable", "");
// https://docs.google.com/document/d/1eqLb6cGjDL9XooSYEEo7mE-zKQ-o-AuDTcEyNhfBMBM/edit
// http://www.ghacks.net/2016/07/26/firefox-flyweb
lockPref("dom.flyweb.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable browser translate integration
// https://www.ghacks.net/2018/09/09/mozilla-working-on-google-translate-integration-in-firefox/
lockPref("browser.translation.engine", ""); // [DESKTOP]
lockPref("browser.translation.detectLanguage", false); // [DESKTOP]
lockPref("browser.translation.neverForLanguages", ""); // [DESKTOP]
lockPref("browser.translation.ui.show", false); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Miscellaneous
// >>>>>>>>>>>>>>>>>>>>>>
// Pref : Test user.js in about:config
lockPref("user.js.applied", true); // [FENNEC]
// Pref : Test mozilla.cfg in about:config
lockPref("_config.applied", true); // [FENNEC]
// -------------------------------------
// Pref : Updates addons automatically
// https://blog.mozilla.org/addons/how-to-turn-off-add-on-updates/
@ -548,6 +614,9 @@ lockPref("security.xpconnect.plugin.unrestricted", false); // [DESKTOP]
// [NOTE] See second listed bug: may cause black on black for elements with undefined colors
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876
lockPref("ui.use_standins_for_native_colors", true); // [DESKTOP]
// -------------------------------------
// Pref : Close tab with double click action
lockPref("browser.tabs.closeTabByDblclick", true); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Web Workers
@ -660,6 +729,12 @@ lockPref("browser.startup.homepage_override.buildID", "20100101"); // [DESKTOP]
// https://wiki.mozilla.org/WebAPI/ArchiveAPI
// https://bugzilla.mozilla.org/show_bug.cgi?id=1342361
lockPref("dom.archivereader.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable raw TCP socket support (mozTCPSocket)
// https://trac.torproject.org/projects/tor/ticket/18863
// https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/
// https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket
lockPref("dom.mozTCPSocket.enabled", false); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Media / Camera / Mic
@ -747,7 +822,7 @@ lockPref("browser.urlbar.trimURLs", false);
// Pref : Limit history leaks via enumeration (PER TAB: back/forward)
// This is a PER TAB session history. You still have a full history stored under all history
// Minimum=1=currentpage, 2 is the recommended minimum as some pages use it as a means of referral (e.g. hotlinking), 4 or 6 or 10 may be more practical
lockPref("browser.sessionhistory.max_entries", 8); // [DEFAULT: 50]
lockPref("browser.sessionhistory.max_entries", 20); // [DEFAULT: 50]
// -------------------------------------
// Pref : Disable CSS querying page history - CSS history leak
// [NOTE] This has NEVER been fully "resolved": in Mozilla/docs it is stated it's only in 'certain circumstances'
@ -781,6 +856,7 @@ lockPref("browser.taskbar.previews.enable", false); // [WINDOWS] // [DESKTOP]
// Pref : Disable UITour backend so there is no chance that a remote page can use it
lockPref("browser.uitour.enabled", false); // [DESKTOP]
lockPref("browser.uitour.url", ""); // [DESKTOP]
lockPref("browser.uitour.themeOrigin", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable location bar making speculative connections
// https://bugzilla.mozilla.org/1348275
@ -1331,7 +1407,7 @@ lockPref("browser.sessionstore.privacy_level", 2);
// This can also affect entries in the "Recently Closed Tabs" feature: i.e. the longer the interval the more chance a quick tab open/close won't be captured.
// This longer interval *may* affect history but we cannot replicate any history not recorded
// https://bugzilla.mozilla.org/1304389
lockPref("browser.sessionstore.interval", 30000);
// lockPref("browser.sessionstore.interval", 30000);
// -------------------------------------
// Pref : Disable favicons in web notifications
lockPref("alerts.showFavicons", false);
@ -1549,7 +1625,9 @@ lockPref("browser.safebrowsing.provider.google.advisoryURL", "");
lockPref("browser.safebrowsing.provider.google.pver", "");
lockPref("browser.safebrowsing.provider.google.advisoryName", "");
lockPref("browser.safebrowsing.provider.google.gethashURL", "");
lockPref("browser.safebrowsing.provider.google.lastupdatetime", ""); // [DESKTOP]
lockPref("browser.safebrowsing.provider.google.lists", "");
lockPref("browser.safebrowsing.provider.google.nextupdatetime", ""); // [DESKTOP]
lockPref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", "");
lockPref("browser.safebrowsing.provider.google.reportPhishMistakeURL", "");
lockPref("browser.safebrowsing.provider.google.reportURL", "");
@ -1557,7 +1635,9 @@ lockPref("browser.safebrowsing.provider.google.updateURL", "");
lockPref("browser.safebrowsing.provider.google4.advisoryName", "");
lockPref("browser.safebrowsing.provider.google4.advisoryURL", "");
lockPref("browser.safebrowsing.provider.google4.gethashURL", "");
lockPref("browser.safebrowsing.provider.google4.lastupdatetime", ""); // [DESKTOP]
lockPref("browser.safebrowsing.provider.google4.lists", "");
lockPref("browser.safebrowsing.provider.google4.nextupdatetime", ""); // [DESKTOP]
lockPref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", "");
lockPref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", "");
lockPref("browser.safebrowsing.provider.google4.reportURL", "");
@ -1566,6 +1646,7 @@ lockPref("browser.safebrowsing.provider.google4.dataSharing.enabled", false);
lockPref("browser.safebrowsing.provider.google4.dataSharingURL", "");
lockPref("browser.safebrowsing.provider.google4.pver", "");
lockPref("browser.safebrowsing.provider.mozilla.gethashURL", "");
lockPref("browser.safebrowsing.provider.mozilla.lastupdatetime", ""); // [DESKTOP]
lockPref("browser.safebrowsing.provider.mozilla.lists", "");
lockPref("browser.safebrowsing.provider.mozilla.lists.base", "");
lockPref("browser.safebrowsing.provider.mozilla.lists.content", "");
@ -1621,6 +1702,9 @@ lockPref("network.allow-experiments", false); // [DESKTOP]
// https://github.com/mozilla/normandy
lockPref("app.normandy.enabled", false); // [DESKTOP]
lockPref("app.normandy.api_url", ""); // [DESKTOP]
lockPref("app.normandy.first_run", false); // [DESKTOP]
lockPref("app.normandy.shieldLearnMoreUrl", ""); // [DESKTOP]
lockPref("app.normandy.user_id", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable Form Autofill
// [NOTE] Stored data is NOT secure (uses a JSON file)
@ -1927,6 +2011,31 @@ lockPref("dom.network.enabled", false); // [DESKTOP]
// Pref : Disable telephony API
// https://wiki.mozilla.org/WebAPI/Security/WebTelephony
lockPref("dom.telephony.enabled", false);
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : UI (User Interface)
// >>>>>>>>>>>>>>>>>>>>>
// Pref : Disable third-party cookie UI
lockPref("browser.contentblocking.rejecttrackers.ui.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable tracking protection UI list editing under url bar popup
lockPref("browser.contentblocking.trackingprotection.control-center.ui.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable tracking protection UI list editing under preferences
lockPref("browser.contentblocking.trackingprotection.ui.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable tracking protection UI list editing under preferences
// user_pref("browser.contentblocking.trackingprotection.ui.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable auto hide download button
defaultPref("browser.download.autohideButton", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable browser animation
// https://bugzilla.mozilla.org/show_bug.cgi?id=1352069
defaultPref("toolkit.cosmeticAnimations.enabled", false); // [DESKTOP]
defaultPref("browser.tabs.animate", false); // [DESKTOP] // [DEPRECATED]
defaultPref("browser.fullscreen.animate", false); // [DESKTOP] // [DEPRECATED]
defaultPref("browser.download.animateNotifications", false); // [DESKTOP] // [DEPRECATED]
defaultPref("alerts.disableSlidingEffect", false); // [DESKTOP] // [DEPRECATED]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Personal