s83/user.js
1
0
Fork 0
mirror of https://github.com/arkenfox/user.js.git synced 2025-05-03 23:43:40 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

switch to [SETUP-

Browse source
This commit is contained in:
Thorin-Oakenpants 2018-12-03 03:57:07 +13:00 committed by GitHub
parent cb5a6f3dd1
commit d2f8dea45d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 38 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

74
user.js
View file

@ -29,11 +29,13 @@
* Site breakage WILL happen * Site breakage WILL happen
- There are often trade-offs and conflicts between Security vs Privacy vs Anti-Fingerprinting - There are often trade-offs and conflicts between Security vs Privacy vs Anti-Fingerprinting
and these need to be balanced against Functionality & Convenience & Breakage and these need to be balanced against Functionality & Convenience & Breakage
* You will need to make changes. While not 100% definitive, search for these tags. If required, add them * You will need to make changes, and to troubleshoot at times (choose wisely, there is always a trade-off).
to your overrides section at default values (or comment them out and reset them in about:config) While not 100% definitive, search for "[SETUP". If required, add each pref to your overrides section at
- [BREAKAGE] can cause some websites to break, or impact performance default values (or comment them out and reset them in about:config). We may add more:
- [BEHAVIOR] changes how Firefox itself works, i.e. not directly website related [SETUP-WEB] can cause some websites to break
- [WARNING] extra special info to heed our advice [SETUP-CHROME] changes how Firefox itself behaves (i.e. NOT directly website related)
[SETUP-PERF] may impact performance
* [WARNING] tags are extra special and used sparingly, so heed them
4. BACKUP your profile folder before implementing (and/or test in a new/cloned profile) 4. BACKUP your profile folder before implementing (and/or test in a new/cloned profile)
5. KEEP UP TO DATE: https://github.com/ghacksuserjs/ghacks-user.js/wiki#small_orange_diamond-maintenance 5. KEEP UP TO DATE: https://github.com/ghacksuserjs/ghacks-user.js/wiki#small_orange_diamond-maintenance
@ -476,7 +478,7 @@ user_pref("network.file.disable_unc_paths", true); // (hidden pref)
* [4] https://en.wikipedia.org/wiki/GIO_(software) ***/ * [4] https://en.wikipedia.org/wiki/GIO_(software) ***/
user_pref("network.gio.supported-protocols", ""); // (hidden pref) user_pref("network.gio.supported-protocols", ""); // (hidden pref)
/*** 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS [BEHAVIOR] /*** 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS [SETUP-CHROME]
If you are in a private environment (no unwanted eyeballs) and your device is private If you are in a private environment (no unwanted eyeballs) and your device is private
(restricted access), and the device is secure when unattended (locked, encrypted, forensic (restricted access), and the device is secure when unattended (locked, encrypted, forensic
hardened), then items 0850 and above can be relaxed in return for more convenience and hardened), then items 0850 and above can be relaxed in return for more convenience and
@ -532,7 +534,7 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false);
* - If *ALL* of the suggestion types are false, 'autocomplete' must also be false * - If *ALL* of the suggestion types are false, 'autocomplete' must also be false
* - If *ANY* of the suggestion types are true, 'autocomplete' must also be true * - If *ANY* of the suggestion types are true, 'autocomplete' must also be true
* [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest
* [BEHAVIOR] If all three suggestion types are false, search engine keywords are disabled ***/ * [SETUP-CHROME] If all three suggestion types are false, search engine keywords are disabled ***/
user_pref("browser.urlbar.autocomplete.enabled", false); user_pref("browser.urlbar.autocomplete.enabled", false);
user_pref("browser.urlbar.suggest.history", false); user_pref("browser.urlbar.suggest.history", false);
user_pref("browser.urlbar.suggest.bookmark", false); user_pref("browser.urlbar.suggest.bookmark", false);
@ -617,7 +619,7 @@ user_pref("security.insecure_field_warning.contextual.enabled", true);
* [1] https://bugzilla.mozilla.org/1357835 ***/ * [1] https://bugzilla.mozilla.org/1357835 ***/
user_pref("network.auth.subresource-img-cross-origin-http-auth-allow", false); user_pref("network.auth.subresource-img-cross-origin-http-auth-allow", false);
/*** 1000: CACHE [BEHAVIOR] /*** 1000: CACHE [SETUP-CHROME]
ETAG [1] and other [2][3] cache tracking/fingerprinting techniques can be averted by ETAG [1] and other [2][3] cache tracking/fingerprinting techniques can be averted by
disabling *BOTH* disk (1001) and memory (1003) cache. ETAGs can also be neutralized disabling *BOTH* disk (1001) and memory (1003) cache. ETAGs can also be neutralized
by modifying response headers [4]. Another solution is to use a hardened configuration by modifying response headers [4]. Another solution is to use a hardened configuration
@ -659,21 +661,21 @@ user_pref("browser.cache.disk_cache_ssl", false);
// user_pref("network.dnsCacheExpiration", 60); // user_pref("network.dnsCacheExpiration", 60);
/** SESSIONS & SESSION RESTORE ***/ /** SESSIONS & SESSION RESTORE ***/
/* 1020: disable the Session Restore service completely /* 1020: disable the Session Restore service completely
* [BEHAVIOR] This also disables the "Recently Closed Tabs" feature * [SETUP-CHROME] This also disables the "Recently Closed Tabs" feature
* It does not affect "Recently Closed Windows" or any history. ***/ * It does not affect "Recently Closed Windows" or any history. ***/
user_pref("browser.sessionstore.max_tabs_undo", 0); user_pref("browser.sessionstore.max_tabs_undo", 0);
user_pref("browser.sessionstore.max_windows_undo", 0); user_pref("browser.sessionstore.max_windows_undo", 0);
/* 1021: disable storing extra session data [BEHAVIOR] /* 1021: disable storing extra session data [SETUP-CHROME]
* extra session data contains contents of forms, scrollbar positions, cookies and POST data * extra session data contains contents of forms, scrollbar positions, cookies and POST data
* define on which sites to save extra session data: * define on which sites to save extra session data:
* 0=everywhere, 1=unencrypted sites, 2=nowhere ***/ * 0=everywhere, 1=unencrypted sites, 2=nowhere ***/
user_pref("browser.sessionstore.privacy_level", 2); user_pref("browser.sessionstore.privacy_level", 2);
/* 1022: disable resuming session from crash [BEHAVIOR] ***/ /* 1022: disable resuming session from crash [SETUP-CHROME] ***/
user_pref("browser.sessionstore.resume_from_crash", false); user_pref("browser.sessionstore.resume_from_crash", false);
/* 1023: set the minimum interval between session save operations - increasing it /* 1023: set the minimum interval between session save operations - increasing it
* can help on older machines and some websites, as well as reducing writes, see [1] * can help on older machines and some websites, as well as reducing writes, see [1]
* Default is 15000 (15 secs). Try 30000 (30sec), 60000 (1min) etc * Default is 15000 (15 secs). Try 30000 (30sec), 60000 (1min) etc
* [BEHAVIOR] This can also affect entries in the "Recently Closed Tabs" feature: * [SETUP-CHROME] This can also affect entries in the "Recently Closed Tabs" feature:
* i.e. the longer the interval the more chance a quick tab open/close won't be captured. * i.e. the longer the interval the more chance a quick tab open/close won't be captured.
* This longer interval *may* affect history but we cannot replicate any history not recorded * This longer interval *may* affect history but we cannot replicate any history not recorded
* [1] https://bugzilla.mozilla.org/1304389 ***/ * [1] https://bugzilla.mozilla.org/1304389 ***/
@ -709,7 +711,7 @@ user_pref("alerts.showFavicons", false); // default: false
user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
/** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/ /** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/
/* 1201: disable old SSL/TLS "insecure" renegotiation (vulnerable to a MiTM attack) /* 1201: disable old SSL/TLS "insecure" renegotiation (vulnerable to a MiTM attack)
* [BREAKAGE] <2% of secure sites do NOT support the newer "secure" renegotiation, see [2] * [SETUP-WEB] <2% of secure sites do NOT support the newer "secure" renegotiation, see [2]
* [1] https://wiki.mozilla.org/Security:Renegotiation * [1] https://wiki.mozilla.org/Security:Renegotiation
* [2] https://www.ssllabs.com/ssl-pulse/ ***/ * [2] https://www.ssllabs.com/ssl-pulse/ ***/
user_pref("security.ssl.require_safe_negotiation", true); user_pref("security.ssl.require_safe_negotiation", true);
@ -750,7 +752,7 @@ user_pref("security.ssl.enable_ocsp_stapling", true);
* [NOTE] This pref only controls OCSP fetching and does not affect OCSP stapling * [NOTE] This pref only controls OCSP fetching and does not affect OCSP stapling
* [1] https://en.wikipedia.org/wiki/Ocsp ***/ * [1] https://en.wikipedia.org/wiki/Ocsp ***/
user_pref("security.OCSP.enabled", 1); user_pref("security.OCSP.enabled", 1);
/* 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail [BREAKAGE] /* 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail [SETUP-WEB]
* When a CA cannot be reached to validate a cert, Firefox just continues the connection (=soft-fail) * When a CA cannot be reached to validate a cert, Firefox just continues the connection (=soft-fail)
* Setting this pref to true tells Firefox to instead terminate the connection (=hard-fail) * Setting this pref to true tells Firefox to instead terminate the connection (=hard-fail)
* It is pointless to soft-fail when an OCSP fetch fails: you cannot confirm a cert is still valid (it * It is pointless to soft-fail when an OCSP fetch fails: you cannot confirm a cert is still valid (it
@ -797,7 +799,7 @@ user_pref("security.mixed_content.block_object_subrequest", true);
* 2=deprecated option that now maps to 1 * 2=deprecated option that now maps to 1
* 3=only allowed for locally-added roots (e.g. anti-virus) * 3=only allowed for locally-added roots (e.g. anti-virus)
* 4=only allowed for locally-added roots or for certs in 2015 and earlier * 4=only allowed for locally-added roots or for certs in 2015 and earlier
* [BREAKAGE] When disabled, some man-in-the-middle devices (e.g. security scanners and * [SETUP-WEB] When disabled, some man-in-the-middle devices (e.g. security scanners and
* antivirus products, may fail to connect to HTTPS sites. SHA-1 is *almost* obsolete. * antivirus products, may fail to connect to HTTPS sites. SHA-1 is *almost* obsolete.
* [1] https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ ***/ * [1] https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ ***/
user_pref("security.pki.sha1_enforcement_level", 1); user_pref("security.pki.sha1_enforcement_level", 1);
@ -904,7 +906,7 @@ user_pref("network.http.sendRefererHeader", 2);
/* 1602: ALL: control the amount of information to send /* 1602: ALL: control the amount of information to send
* 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/
user_pref("network.http.referer.trimmingPolicy", 0); user_pref("network.http.referer.trimmingPolicy", 0);
/* 1603: CROSS ORIGIN: control when to send a referer [BREAKAGE] /* 1603: CROSS ORIGIN: control when to send a referer [SETUP-WEB]
* 0=always (default), 1=only if base domains match, 2=only if hosts match ***/ * 0=always (default), 1=only if base domains match, 2=only if hosts match ***/
user_pref("network.http.referer.XOriginPolicy", 1); user_pref("network.http.referer.XOriginPolicy", 1);
/* 1604: CROSS ORIGIN: control the amount of information to send (FF52+) /* 1604: CROSS ORIGIN: control the amount of information to send (FF52+)
@ -973,23 +975,23 @@ user_pref("plugin.state.flash", 0);
* plid.all = whether to scan the directories specified in the Windows registry for PLIDs. * plid.all = whether to scan the directories specified in the Windows registry for PLIDs.
* Used to detect RealPlayer, Java, Antivirus etc, but since FF52 only covers Flash ***/ * Used to detect RealPlayer, Java, Antivirus etc, but since FF52 only covers Flash ***/
user_pref("plugin.scan.plid.all", false); user_pref("plugin.scan.plid.all", false);
/* 1820: disable all GMP (Gecko Media Plugins) [BREAKAGE] /* 1820: disable all GMP (Gecko Media Plugins) [SETUP-WEB]
* [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/ * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/
user_pref("media.gmp-provider.enabled", false); user_pref("media.gmp-provider.enabled", false);
user_pref("media.gmp.trial-create.enabled", false); user_pref("media.gmp.trial-create.enabled", false);
user_pref("media.gmp-manager.url", "data:text/plain,"); user_pref("media.gmp-manager.url", "data:text/plain,");
user_pref("media.gmp-manager.url.override", "data:text/plain,"); // (hidden pref) user_pref("media.gmp-manager.url.override", "data:text/plain,"); // (hidden pref)
user_pref("media.gmp-manager.updateEnabled", false); // disable local fallback (hidden pref) user_pref("media.gmp-manager.updateEnabled", false); // disable local fallback (hidden pref)
/* 1825: disable widevine CDM (Content Decryption Module) [BREAKAGE] ***/ /* 1825: disable widevine CDM (Content Decryption Module) [SETUP-WEB] ***/
user_pref("media.gmp-widevinecdm.visible", false); user_pref("media.gmp-widevinecdm.visible", false);
user_pref("media.gmp-widevinecdm.enabled", false); user_pref("media.gmp-widevinecdm.enabled", false);
user_pref("media.gmp-widevinecdm.autoupdate", false); user_pref("media.gmp-widevinecdm.autoupdate", false);
/* 1830: disable all DRM content (EME: Encryption Media Extension) [BREAKAGE] /* 1830: disable all DRM content (EME: Encryption Media Extension) [SETUP-WEB]
* [SETTING] General>DRM Content>Play DRM-controlled content * [SETTING] General>DRM Content>Play DRM-controlled content
* [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/ * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/
user_pref("media.eme.enabled", false); user_pref("media.eme.enabled", false);
/* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate" /* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate"
* This is the bundled codec used for video chat in WebRTC [BREAKAGE] ***/ * This is the bundled codec used for video chat in WebRTC [SETUP-WEB] ***/
user_pref("media.gmp-gmpopenh264.enabled", false); // (hidden pref) user_pref("media.gmp-gmpopenh264.enabled", false); // (hidden pref)
user_pref("media.gmp-gmpopenh264.autoupdate", false); user_pref("media.gmp-gmpopenh264.autoupdate", false);
@ -1042,7 +1044,7 @@ user_pref("dom.imagecapture.enabled", false); // default: false
user_pref("gfx.offscreencanvas.enabled", false); // default: false user_pref("gfx.offscreencanvas.enabled", false); // default: false
/* 2030: disable auto-play of HTML5 media (FF63+) /* 2030: disable auto-play of HTML5 media (FF63+)
* 0=Allowed (default), 1=Blocked, 2=Prompt * 0=Allowed (default), 1=Blocked, 2=Prompt
* [BREAKAGE] This may break video playback on various sites ***/ * [SETUP-WEB] This may break video playback on various sites ***/
user_pref("media.autoplay.default", 1); user_pref("media.autoplay.default", 1);
/* 2031: disable audio auto-play in non-active tabs (FF51+) /* 2031: disable audio auto-play in non-active tabs (FF51+)
* [1] https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/ * [1] https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/
@ -1091,7 +1093,7 @@ user_pref("dom.popup_allowed_events", "click dblclick");
including service and shared workers. Shared workers can be utilized by multiple scripts and including service and shared workers. Shared workers can be utilized by multiple scripts and
communicate between browsing contexts (windows/tabs/iframes) and can even control your cache. communicate between browsing contexts (windows/tabs/iframes) and can even control your cache.
[BREAKAGE] Disabling "web workers" might break sites [SETUP-WEB] Disabling "web workers" might break sites
[UPDATE] uMatrix 1.2.0+ allows a per-scope control for workers (2301-deprecated) and service workers (2302) [UPDATE] uMatrix 1.2.0+ allows a per-scope control for workers (2301-deprecated) and service workers (2302)
#Required reading [#] https://github.com/gorhill/uMatrix/releases/tag/1.2.0 #Required reading [#] https://github.com/gorhill/uMatrix/releases/tag/1.2.0
@ -1134,7 +1136,7 @@ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!
* [NOTE] Shift-Right-Click will always bring up the browser right-click context menu ***/ * [NOTE] Shift-Right-Click will always bring up the browser right-click context menu ***/
// user_pref("dom.event.contextmenu.enabled", false); // user_pref("dom.event.contextmenu.enabled", false);
/* 2402: disable website access to clipboard events/content /* 2402: disable website access to clipboard events/content
* [BREAKAGE] This will break some sites functionality such as pasting into facebook, wordpress * [SETUP-WEB] This will break some sites functionality such as pasting into facebook, wordpress
* this applies to onCut, onCopy, onPaste events - i.e. you have to interact with * this applies to onCut, onCopy, onPaste events - i.e. you have to interact with
* the website for it to look at the clipboard * the website for it to look at the clipboard
* [1] https://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ ***/ * [1] https://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ ***/
@ -1159,7 +1161,7 @@ user_pref("dom.vibrator.enabled", false);
* [6] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ ***/ * [6] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ ***/
user_pref("javascript.options.asmjs", false); user_pref("javascript.options.asmjs", false);
/* 2421: disable Ion and baseline JIT to help harden JS against exploits /* 2421: disable Ion and baseline JIT to help harden JS against exploits
* [NOTE] Causes the odd site issue and there is also a performance loss * [SETUP-PERF] If false, causes the odd site issue and there is also a performance loss
* [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 ***/ * [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 ***/
// user_pref("javascript.options.ion", false); // user_pref("javascript.options.ion", false);
// user_pref("javascript.options.baselinejit", false); // user_pref("javascript.options.baselinejit", false);
@ -1199,7 +1201,7 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m
user_pref("media.navigator.enabled", false); user_pref("media.navigator.enabled", false);
/* 2508: disable hardware acceleration to reduce graphics fingerprinting /* 2508: disable hardware acceleration to reduce graphics fingerprinting
* [SETTING] General>Performance>Custom>Use hardware acceleration when available * [SETTING] General>Performance>Custom>Use hardware acceleration when available
* [BREAKAGE] Affects text rendering (fonts will look different), impacts video performance, * [SETUP-PERF] Affects text rendering (fonts will look different), impacts video performance,
* and parts of Quantum that utilize the GPU will also be affected as they are rolled out * and parts of Quantum that utilize the GPU will also be affected as they are rolled out
* [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/ * [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/
// user_pref("gfx.direct2d.disabled", true); // [WINDOWS] // user_pref("gfx.direct2d.disabled", true); // [WINDOWS]
@ -1211,7 +1213,7 @@ user_pref("dom.webaudio.enabled", false);
* [1] https://developer.mozilla.org/en-US/docs/Web/API/PointerEvent ***/ * [1] https://developer.mozilla.org/en-US/docs/Web/API/PointerEvent ***/
user_pref("dom.w3c_pointer_events.enabled", false); user_pref("dom.w3c_pointer_events.enabled", false);
/* 2517: disable Media Capabilities API (FF63+) /* 2517: disable Media Capabilities API (FF63+)
* [NOTE] This *may* affect media performance if disabled, no one is sure * [SETUP-PERF] This *may* affect media performance if disabled, no one is sure
* [1] https://github.com/WICG/media-capabilities * [1] https://github.com/WICG/media-capabilities
* [2] https://wicg.github.io/media-capabilities/#security-privacy-considerations ***/ * [2] https://wicg.github.io/media-capabilities/#security-privacy-considerations ***/
// user_pref("media.media-capabilities.enabled", false); // user_pref("media.media-capabilities.enabled", false);
@ -1232,7 +1234,7 @@ user_pref("browser.helperApps.deleteTempFileOnExit", true);
* look in profile/thumbnails directory - you may want to clean that out ***/ * look in profile/thumbnails directory - you may want to clean that out ***/
user_pref("browser.pagethumbnails.capturing_disabled", true); // (hidden pref) user_pref("browser.pagethumbnails.capturing_disabled", true); // (hidden pref)
/* 2605: block web content in file processes (FF55+) /* 2605: block web content in file processes (FF55+)
* [BREAKAGE] You may want to disable this for corporate or developer environments * [SETUP-WEB] You may want to disable this for corporate or developer environments
* [1] https://bugzilla.mozilla.org/1343184 ***/ * [1] https://bugzilla.mozilla.org/1343184 ***/
user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false);
/* 2606: disable UITour backend so there is no chance that a remote page can use it ***/ /* 2606: disable UITour backend so there is no chance that a remote page can use it ***/
@ -1252,7 +1254,7 @@ user_pref("devtools.webide.enabled", false);
* [1] https://bugzilla.mozilla.org/1173199 ***/ * [1] https://bugzilla.mozilla.org/1173199 ***/
user_pref("mathml.disabled", true); user_pref("mathml.disabled", true);
/* 2610: disable in-content SVG (Scalable Vector Graphics) (FF53+) /* 2610: disable in-content SVG (Scalable Vector Graphics) (FF53+)
* [BREAKAGE] Expect breakage incl. youtube player controls. Best left for a "hardened" profile. * [SETUP-WEB] Expect breakage incl. youtube player controls. Best left for a "hardened" profile.
* [1] https://bugzilla.mozilla.org/1216893 ***/ * [1] https://bugzilla.mozilla.org/1216893 ***/
// user_pref("svg.disabled", true); // user_pref("svg.disabled", true);
/* 2611: disable middle mouse click opening links from clipboard /* 2611: disable middle mouse click opening links from clipboard
@ -1311,13 +1313,13 @@ user_pref("browser.download.hide_plugins_without_extensions", false);
/* 2654: disable "open with" in download dialog (FF50+) /* 2654: disable "open with" in download dialog (FF50+)
* This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) * This is very useful to enable when the browser is sandboxed (e.g. via AppArmor)
* in such a way that it is forbidden to run external applications. * in such a way that it is forbidden to run external applications.
* [BEHAVIOR] This may interfere with some users' workflow or methods * [SETUP-CHROME] This may interfere with some users' workflow or methods
* [1] https://bugzilla.mozilla.org/1281959 ***/ * [1] https://bugzilla.mozilla.org/1281959 ***/
user_pref("browser.download.forbid_open_with", true); user_pref("browser.download.forbid_open_with", true);
/** EXTENSIONS ***/ /** EXTENSIONS ***/
/* 2660: lock down allowed extension directories /* 2660: lock down allowed extension directories
* [BEHAVIOR] This will break extensions that do not use the default XPI directories * [SETUP-CHROME] This will break extensions that do not use the default XPI directories
* [1] https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/ * [1] https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/
* [1] archived: https://archive.is/DYjAM ***/ * [1] archived: https://archive.is/DYjAM ***/
user_pref("extensions.enabledScopes", 1); // (hidden pref) user_pref("extensions.enabledScopes", 1); // (hidden pref)
@ -1422,7 +1424,7 @@ user_pref("dom.caches.enabled", false);
* [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/ * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/
// user_pref("dom.storageManager.enabled", false); // user_pref("dom.storageManager.enabled", false);
/*** 2800: SHUTDOWN [BEHAVIOR] /*** 2800: SHUTDOWN [SETUP-CHROME]
You should set the values to what suits you best. You should set the values to what suits you best.
- "Offline Website Data" includes appCache (2730), localStorage (2710), - "Offline Website Data" includes appCache (2730), localStorage (2710),
Service Worker cache (2740), and QuotaManager (IndexedDB (2720), asm-cache) Service Worker cache (2740), and QuotaManager (IndexedDB (2720), asm-cache)
@ -1497,7 +1499,7 @@ user_pref("privacy.sanitize.timeSpan", 0);
***/ ***/
user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out"); user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out");
/* 4001: enable First Party Isolation (FF51+) /* 4001: enable First Party Isolation (FF51+)
* [BREAKAGE] May break cross-domain logins and site functionality until perfected * [SETUP-WEB] May break cross-domain logins and site functionality until perfected
* [1] https://bugzilla.mozilla.org/1260931 ***/ * [1] https://bugzilla.mozilla.org/1260931 ***/
user_pref("privacy.firstparty.isolate", true); user_pref("privacy.firstparty.isolate", true);
/* 4002: enforce FPI restriction for window.opener (FF54+) /* 4002: enforce FPI restriction for window.opener (FF54+)
@ -1569,11 +1571,11 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // default
***/ ***/
user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
/* 4501: enable privacy.resistFingerprinting (FF41+) /* 4501: enable privacy.resistFingerprinting (FF41+)
* [BREAKAGE] RFP is not ready for the masses, so expect some website breakage * [SETUP-WEB] RFP is not ready for the masses, so expect some website breakage
* [1] https://bugzilla.mozilla.org/418986 ***/ * [1] https://bugzilla.mozilla.org/418986 ***/
user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF55+) user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF55+)
/* 4502: set new window sizes to round to hundreds (FF55+) /* 4502: set new window sizes to round to hundreds (FF55+)
* [BEHAVIOR] Width will round down to multiples of 200s and height to 100s, to fit your screen. * [SETUP-CHROME] Width will round down to multiples of 200s and height to 100s, to fit your screen.
* The override values are a starting point to round from if you want some control * The override values are a starting point to round from if you want some control
* [1] https://bugzilla.mozilla.org/1330882 * [1] https://bugzilla.mozilla.org/1330882
* [2] https://hardware.metrics.mozilla.com/ ***/ * [2] https://hardware.metrics.mozilla.com/ ***/
@ -2105,7 +2107,7 @@ user_pref("extensions.shield-recipe-client.api_url", "");
// [-] https://bugzilla.mozilla.org/1433324 // [-] https://bugzilla.mozilla.org/1433324
user_pref("browser.newtabpage.activity-stream.enabled", false); user_pref("browser.newtabpage.activity-stream.enabled", false);
// 2301: disable workers // 2301: disable workers
// [BREAKAGE] Disabling workers *will* break sites (e.g. Google Street View, Twitter) // [SETUP-WEB] Disabling workers *will* break sites (e.g. Google Street View, Twitter)
// [NOTE] CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287 (fixed) // [NOTE] CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287 (fixed)
// [-] https://bugzilla.mozilla.org/1434934 // [-] https://bugzilla.mozilla.org/1434934
user_pref("dom.workers.enabled", false); user_pref("dom.workers.enabled", false);
@ -2160,7 +2162,7 @@ user_pref("shield.savant.enabled", false);
// [-] https://bugzilla.mozilla.org/1453751 // [-] https://bugzilla.mozilla.org/1453751
// user_pref("browser.chrome.favicons", false); // user_pref("browser.chrome.favicons", false);
// 2030: disable auto-play of HTML5 media - replaced by media.autoplay.default // 2030: disable auto-play of HTML5 media - replaced by media.autoplay.default
// [BREAKAGE] This may break video playback on various sites // [SETUP-WEB] This may break video playback on various sites
// [-] https://bugzilla.mozilla.org/1470082 // [-] https://bugzilla.mozilla.org/1470082
user_pref("media.autoplay.enabled", false); user_pref("media.autoplay.enabled", false);
// 2704: set cookie lifetime in days (see 2703) // 2704: set cookie lifetime in days (see 2703)