Update 'config/mozilla.cfg'
✅ Synced all the buildIDs with Tor's ones ✅ Added a pref (commented by default) to set the days before cookies are delated if you choose for: network.cookie.lifetimePolicy = 3 ⛔️ Disabled two more webgl prefs ⛔️ Disabled two more signon prefs ⛔️ Disabled one more extensions.blocklist pref ℹ️ Added some links and descriptions ℹ️ Moved some preferences from FF71+ into deprecated section (keeping them active for ESR68.x)
This commit is contained in:
parent
175f80a798
commit
d71fc8c986
|
@ -60,7 +60,6 @@ lockPref("browser.newtabpage.activity-stream.feeds.snippets", false); // [DESKTO
|
|||
// Pref : Disable Activity Stream telemetry
|
||||
lockPref("browser.newtabpage.activity-stream.feeds.telemetry", false); // [DESKTOP]
|
||||
lockPref("browser.newtabpage.activity-stream.telemetry", false); // [DESKTOP]
|
||||
lockPref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); // [DESKTOP]
|
||||
lockPref("browser.newtabpage.activity-stream.telemetry.ut.events", false); // [DESKTOP]
|
||||
lockPref("browser.newtabpage.activity-stream.telemetry.structuredIngestion", false); // [DESKTOP]
|
||||
lockPref("browser.newtabpage.activity-stream.telemetry.structuredIngestion.endpoint", ""); // [DESKTOP]
|
||||
|
@ -293,7 +292,6 @@ lockPref("toolkit.telemetry.shutdownPingSender.enabled", false); // [DESKTOP]
|
|||
lockPref("toolkit.telemetry.updatePing.enabled", false); // [DESKTOP]
|
||||
lockPref("toolkit.telemetry.bhrPing.enabled", false); // [DESKTOP]
|
||||
lockPref("toolkit.telemetry.firstShutdownPing.enabled", false); // [DESKTOP]
|
||||
lockPref("toolkit.telemetry.hybridContent.enabled", false); // [DESKTOP]
|
||||
lockPref("toolkit.telemetry.previousBuildID", ""); // [DESKTOP]
|
||||
lockPref("toolkit.telemetry.prompted", 2); // [DESKTOP]
|
||||
lockPref("toolkit.telemetry.rejected", true); // [DESKTOP]
|
||||
|
@ -458,8 +456,8 @@ defaultPref("layout.spellcheckDefault", 0); // [DESKTOP]
|
|||
// -------------------------------------
|
||||
// Pref : Enable Firefox internal pages and disable the related warnings
|
||||
lockPref("general.aboutConfig.enable", true);
|
||||
lockPref("general.warnOnAboutConfig", false);
|
||||
lockPref("browser.aboutConfig.showWarning", false); // [DESKTOP]
|
||||
lockPref("general.warnOnAboutConfig", false); // [XUL]
|
||||
lockPref("browser.aboutConfig.showWarning", false); // [DESKTOP] // [HTML]
|
||||
// -------------------------------------
|
||||
// Pref : Disable recent Highlights in the Library
|
||||
lockPref("browser.library.activity-stream.enabled", false); // [DESKTOP]
|
||||
|
@ -525,8 +523,6 @@ lockPref("startup.homepage_welcome_url.additional", ""); // [DESKTOP]
|
|||
lockPref("startup.homepage_override_url", ""); // [DESKTOP]
|
||||
lockPref("browser.search.param.yahoo-fr", ""); // [DESKTOP]
|
||||
lockPref("privacy.restrict3rdpartystorage.partitionedHosts", "");
|
||||
lockPref("network.netlink.route.check.IPv4", "");
|
||||
lockPref("network.netlink.route.check.IPv6", "");
|
||||
// -------------------------------------
|
||||
// Pref : Devtools cleanup
|
||||
lockPref("devtools.devices.url", "");
|
||||
|
@ -915,8 +911,11 @@ lockPref("browser.download.hide_plugins_without_extensions", false); // [DESKTOP
|
|||
lockPref("dom.event.contextmenu.enabled", false);
|
||||
// -------------------------------------
|
||||
// Pref : Disable website access to clipboard events/content
|
||||
// Disabling clipboard events breaks Ctrl+C/X/V copy/cut/paste functionaility in JS-based web applications (Google Docs...)
|
||||
// This applies to onCut/onCopy/onPaste events - i.e. it requires interaction with the website
|
||||
// [WARNING] If both 'middlemouse.paste' and 'general.autoScroll' are true (at least one is default (false) then enabling this pref can leak clipboard content
|
||||
// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled
|
||||
// https://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/
|
||||
// https://bugzilla.mozilla.org/1528289
|
||||
lockPref("dom.event.clipboardevents.enabled", false);
|
||||
// -------------------------------------
|
||||
// Pref : Disable "Confirm you want to leave" dialog on page close
|
||||
|
@ -981,9 +980,9 @@ lockPref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: false]
|
|||
// Pref : Don't reveal build ID
|
||||
// Value taken from Tor Browser for Desktop
|
||||
// https://bugzilla.mozilla.org/show_bug.cgi?id=583181
|
||||
lockPref("browser.startup.homepage_override.buildID", "20190402030101");
|
||||
lockPref("browser.startup.homepage_override.buildID", "20200402050101");
|
||||
lockPref("extensions.lastAppBuildId", "20190402030101");
|
||||
lockPref("media.gmp-manager.buildID", "20190402030101");
|
||||
lockPref("media.gmp-manager.buildID", "20200402050101");
|
||||
lockPref("browser.sessionstore.upgradeBackup.latestBuildID", ""); // [DESKTOP]
|
||||
lockPref("general.buildID.override", "20100101");
|
||||
// -------------------------------------
|
||||
|
@ -1027,6 +1026,8 @@ lockPref("webgl.all-angle-options", false);
|
|||
lockPref("webgl.allow-immediate-queries", false);
|
||||
lockPref("webgl.default-antialias", false);
|
||||
lockPref("webgl.enable-surface-texture", false);
|
||||
lockPref("webgl.cgl.multithreaded", false);
|
||||
lockPref("webgl.dxgl.enabled", false);
|
||||
// -------------------------------------
|
||||
// Pref : Disable screensharing and audiocapture
|
||||
lockPref("media.getusermedia.screensharing.enabled", false); // [DESKTOP]
|
||||
|
@ -1133,7 +1134,6 @@ lockPref("browser.urlbar.usepreloadedtopurls.enabled", false); // [DESKTOP]
|
|||
// Pref : Disable Firefox Tips / Search suggestions
|
||||
lockPref("browser.urlbar.daysBeforeHidingSuggestionsPrompt", 0); // [DESKTOP]
|
||||
lockPref("browser.urlbar.searchSuggestionsChoice", false); // [DESKTOP]
|
||||
lockPref("browser.urlbar.timesBeforeHidingSuggestionsHint", 0); // [DESKTOP]
|
||||
// -------------------------------------
|
||||
// Pref : Disable history/bookmarks/opened pages suggestions dropdown from URL bar
|
||||
// [NOTE] This does not cause privacy/leaking issue
|
||||
|
@ -1347,8 +1347,12 @@ lockPref("network.negotiate-auth.allow-insecure-ntlm-v1", false); // [DESKTOP]
|
|||
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||
// Section : HTTPS (SSL/TLS / OCSP / Certs / HPKP / Ciphers)
|
||||
// >>>>>>>>>>>>>>>>>>>>
|
||||
// Pref : Disable old SSL/TLS "insecure" renegotiation (vulnerable to a MiTM attack)
|
||||
// Pref : Require safe negotiation
|
||||
// Blocks connections to servers that don't support RFC 5746 as they're potentially vulnerable to a MiTM attack. A server *without* RFC 5746 can be safe from the attack if it disables renegotiations but the problem is that the browser can't know that.
|
||||
// Setting this pref to true is the only way for the browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server.
|
||||
// https://wiki.mozilla.org/Security:Renegotiation
|
||||
// https://tools.ietf.org/html/rfc5746
|
||||
// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
|
||||
lockPref("security.ssl.require_safe_negotiation", true);
|
||||
// -------------------------------------
|
||||
// Pref : Control TLS versions with min and max
|
||||
|
@ -1532,9 +1536,10 @@ lockPref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); // [DESKTOP]
|
|||
lockPref("security.ssl3.rsa_rc4_128_md5", false); // [DESKTOP]
|
||||
lockPref("security.ssl3.rsa_rc4_128_sha", false); // [DESKTOP]
|
||||
// -------------------------------------
|
||||
// Pref : Warn the user when server doesn't support RFC 5746 ("safe" renegotiation)
|
||||
// https://wiki.mozilla.org/Security:Renegotiation#security.ssl.treat_unsafe_negotiation_as_broken
|
||||
// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555
|
||||
// Pref : Display warning on the padlock for "broken security"
|
||||
// [BUG] Warning padlock not indicated for subresources on a secure page!
|
||||
// https://wiki.mozilla.org/Security:Renegotiation
|
||||
// https://bugzilla.mozilla.org/1353705
|
||||
lockPref("security.ssl.treat_unsafe_negotiation_as_broken", true);
|
||||
// -------------------------------------
|
||||
// Pref : Control "Add Security Exception" dialog on SSL warnings
|
||||
|
@ -1595,6 +1600,8 @@ lockPref("signon.management.page.breachAlertUrl", ""); // [DESKTOP]
|
|||
lockPref("signon.management.page.hideMobileFooter", true); // [DESKTOP]
|
||||
lockPref("signon.management.page.mobileAndroidURL", ""); // [DESKTOP]
|
||||
lockPref("signon.management.page.mobileAppleURL", ""); // [DESKTOP]
|
||||
lockPref("signon.management.page.showPasswordSyncNotification", false); // [DESKTOP]
|
||||
lockPref("signon.storeSignons", true); // [DESKTOP] (// Disable login manager storage. https://hg.mozilla.org/integration/autoland/rev/300057f0ec79)
|
||||
// -------------------------------------
|
||||
// Pref : Disable autofilling saved passwords on HTTP pages and show warning
|
||||
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1217152,1319119
|
||||
|
@ -1837,8 +1844,10 @@ defaultPref("layout.css.font-loading-api.enabled", false);
|
|||
// https://github.com/ghacksuserjs/ghacks-user.js/issues/744
|
||||
// lockPref("font.blacklist.underline_offset", "");
|
||||
// -------------------------------------
|
||||
// Pref : Disable graphite which turned back on by default
|
||||
// Pref : Disable graphite
|
||||
// [NOTE] Graphite has had many critical security issues in the past
|
||||
// https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778
|
||||
// https://en.wikipedia.org/wiki/Graphite_(SIL)
|
||||
lockPref("gfx.font_rendering.graphite.enabled", false);
|
||||
// -------------------------------------
|
||||
// Pref : Limit system font exposure to a whitelist [RESTART]
|
||||
|
@ -1858,7 +1867,6 @@ lockPref("plugins.crash.supportUrl", ""); // [DESKTOP]
|
|||
// Pref : Set default plugin state (i.e. new plugins on discovery) to never activate
|
||||
// 0=disabled, 1=ask to activate, 2=active - you can override individual plugins
|
||||
lockPref("plugin.default.state", 0);
|
||||
lockPref("plugin.defaultXpi.state", 0);
|
||||
// -------------------------------------
|
||||
// Pref : Disable scanning for plugins
|
||||
lockPref("plugin.scan.plid.all", false); // [WINDOWS] // [DESKTOP]
|
||||
|
@ -1934,11 +1942,11 @@ lockPref("services.blocklist.gfx.collection", "");
|
|||
lockPref("services.blocklist.bucket", "");
|
||||
lockPref("services.blocklist.addons.signer", ""); // [DESKTOP]
|
||||
lockPref("services.blocklist.addons.collection", "");
|
||||
// lockPref("extensions.blocklist.level", 2); // [DEFAULT: 2]
|
||||
lockPref("extensions.blocklist.lastModified", ""); // [DESKTOP]
|
||||
lockPref("extensions.blocklist.itemURL", "");
|
||||
lockPref("extensions.blocklist.enabled", false);
|
||||
lockPref("extensions.blocklist.detailsURL", "");
|
||||
lockPref("extensions.blocklist.useXML", false);
|
||||
lockPref("services.settings.security.onecrl.bucket", "");
|
||||
lockPref("services.settings.security.onecrl.collection", "");
|
||||
lockPref("services.settings.security.onecrl.signer", "");
|
||||
|
@ -2071,8 +2079,6 @@ lockPref("privacy.socialtracking.block_cookies.enabled", false); // [DESKTOP]
|
|||
// Pref : Disable PingCentre telemetry (used in several System Add-ons)
|
||||
// Currently blocked by 'datareporting.healthreport.uploadEnabled'
|
||||
lockPref("browser.ping-centre.telemetry", false); // [DESKTOP]
|
||||
lockPref("browser.ping-centre.production.endpoint", ""); // [DESKTOP]
|
||||
lockPref("browser.ping-centre.staging.endpoint", ""); // [DESKTOP]
|
||||
// -------------------------------------
|
||||
// Pref : Disable all the trackingprotection blocked elements by default
|
||||
lockPref("browser.contentblocking.features.strict", ""); // [DESKTOP]
|
||||
|
@ -2114,11 +2120,15 @@ lockPref("extensions.formautofill.heuristics.enabled", false); // [DESKTOP]
|
|||
// Section : Persistent Storage
|
||||
// >>>>>>>>>>>>>>>>>>>>
|
||||
// Pref : Delete cookies and site data on close
|
||||
// 0=keep until they expire (default), 2=keep until you close Firefox
|
||||
// 0=keep until they expire (default),1=Prompt for each cookie, 2=keep until you close Firefox, 3=Accept for N days
|
||||
// [NOTE] Use "Cookie AutoDelete" extension to manage your cookies
|
||||
// https://addons.mozilla.org/en-US/firefox/addon/cookie-autodelete/
|
||||
// defaultPref("network.cookie.lifetimePolicy", 2);
|
||||
// -------------------------------------
|
||||
// Pref : Sets the number of days that the lifetime of cookies should be limited to
|
||||
// [NOTE] Only use if network.cookie.lifetimePolicy is set to 3
|
||||
// defaultPref("network.cookie.lifetime.days", 1); // [DEFAULT: 90]
|
||||
// -------------------------------------
|
||||
// Pref : Disable 3rd-party cookies and site-data
|
||||
// 0=(Allow) cookies and site data, 1=(Block) All third-party cookies, 2=(Block) All cookies, 3=(Block) Cookies from unvisited websites, 4=(Block) Cross-site and social media trackers
|
||||
// [NOTE] Can breaks payment gateways
|
||||
|
@ -2145,16 +2155,6 @@ lockPref("network.cookie.same-site.enabled", true); // [DEFAULT: true]
|
|||
// You are better off using an extension for more granular control
|
||||
// lockPref("dom.storage.enabled", false);
|
||||
// -------------------------------------
|
||||
// Pref : Disable IndexedDB
|
||||
// https://developer.mozilla.org/en-US/docs/IndexedDB
|
||||
// https://en.wikipedia.org/wiki/Indexed_Database_API
|
||||
// https://wiki.mozilla.org/Security/Reviews/Firefox4/IndexedDB_Security_Review
|
||||
// https://github.com/pyllyukko/user.js/issues/8
|
||||
// https://github.com/ghacksuserjs/ghacks-user.js/issues/80#issuecomment-294178018
|
||||
// https://superuser.com/questions/1250944/how-can-this-website-reidentify-me-even-after-deleting-all-of-my-browsers-histo
|
||||
// [NOTE] IndexedDB could be used for tracking purposes, but is required for some add-ons to work (notably uBlock), and breaks almost every webpage so is left enabled
|
||||
// lockPref("dom.indexedDB.enabled", false); // [DEFAULT: true]
|
||||
// -------------------------------------
|
||||
// Pref : Do not download URLs for the offline cache
|
||||
lockPref("browser.cache.offline.storage.enable", false);
|
||||
lockPref("browser.cache.offline.enable", false);
|
||||
|
@ -2387,6 +2387,7 @@ lockPref("gfx.vr.osvr.clientLibPath", "");
|
|||
lockPref("gfx.vr.osvr.commonLibPath", "");
|
||||
lockPref("gfx.vr.osvr.utilLibPath", "");
|
||||
lockPref("dom.vr.process.enabled", false);
|
||||
lockPref("dom.vr.webxr.enabled", false);
|
||||
// -------------------------------------
|
||||
// Pref : Disable hardware acceleration to reduce graphics fingerprinting
|
||||
// [WARNING] Affects text rendering (fonts will look different), impacts video performance, and parts of Quantum that utilize the GPU will also be affected as they are rolled out
|
||||
|
@ -2618,4 +2619,39 @@ lockPref("devtools.webide.adaptersAddonURL", "");
|
|||
lockPref("privacy.socialtracking.notification.enabled", false);
|
||||
// -------------------------------------
|
||||
// FF72+
|
||||
// -------------------------------------
|
||||
// Pref : Disable PingCentre telemetry (used in several System Add-ons)
|
||||
// https://bugzilla.mozilla.org/show_bug.cgi?id=1597697
|
||||
// https://hg.mozilla.org/mozilla-central/rev/7fcdfe9a24e4
|
||||
lockPref("browser.ping-centre.production.endpoint", "");
|
||||
lockPref("browser.ping-centre.staging.endpoint", "");
|
||||
lockPref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", "");
|
||||
// -------------------------------------
|
||||
// Pref : Disable Firefox Tips / Search suggestions
|
||||
// https://bugzilla.mozilla.org/show_bug.cgi?id=1525296
|
||||
// https://hg.mozilla.org/mozilla-central/rev/0fb16f92be6f
|
||||
lockPref("browser.urlbar.timesBeforeHidingSuggestionsHint", 0);
|
||||
// -------------------------------------
|
||||
// Pref : Block unwanted connections
|
||||
// https://bugzilla.mozilla.org/show_bug.cgi?id=1593693
|
||||
// https://hg.mozilla.org/mozilla-central/rev/ca070ea1fc32
|
||||
lockPref("network.netlink.route.check.IPv4", "");
|
||||
lockPref("network.netlink.route.check.IPv6", "");
|
||||
// -------------------------------------
|
||||
// Pref : Set default plugin state (i.e. new plugins on discovery) to never activate
|
||||
// https://bugzilla.mozilla.org/show_bug.cgi?id=1596090
|
||||
// https://hg.mozilla.org/mozilla-central/rev/df333402f126
|
||||
lockPref("plugin.defaultXpi.state", 0);
|
||||
// -------------------------------------
|
||||
// Pref : Disable Telemetry
|
||||
// https://bugzilla.mozilla.org/1520491
|
||||
// https://hg.mozilla.org/mozilla-central/rev/76b117a14bca
|
||||
lockPref("toolkit.telemetry.hybridContent.enabled", false);
|
||||
// -------------------------------------
|
||||
// Pref : Disable IndexedDB
|
||||
// https://bugzilla.mozilla.org/1488583
|
||||
// https://hg.mozilla.org/mozilla-central/rev/c2ab1dc00f21
|
||||
// lockPref("dom.indexedDB.enabled", false);
|
||||
// -------------------------------------
|
||||
// FF73+
|
||||
// -------------------------------------
|
Reference in New Issue