Git/firefox-user.js
1
0
Fork 0
mirror of https://github.com/arkenfox/user.js.git synced 2025-11-03 23:35:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #19 from ghacksuserjs/earthlng-patch-1

Browse Source 
adding network.IDN_show_punycode;true
This commit is contained in:
earthlng
2017-02-21 20:06:58 +01:00
committed by GitHub
parent 00e99d2b65 fd3311297d
commit 1438b4ac4f
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
user.js
View File

@@ -1240,6 +1240,15 @@ user_pref("security.block_script_with_wrong_mime", true);
// WARNING: SVG is fairly common (~15% of the top 10K sites), so will cause some breakage // WARNING: SVG is fairly common (~15% of the top 10K sites), so will cause some breakage
// https://bugzilla.mozilla.org/show_bug.cgi?id=1216893 // https://bugzilla.mozilla.org/show_bug.cgi?id=1216893
user_pref("svg.disabled", true); user_pref("svg.disabled", true);
// 2672: force Punycode for Internationalized Domain Names to eliminate possible spoofing security risk
// Firefox has *some* protections to mitigate the risk, but it is better to be safe than sorry.
// The downside: it will also display legitimate IDN's punycoded, which might be undesirable for
// users from countries with non-latin alphabets
// http://kb.mozillazine.org/Network.IDN_show_punycode
// https://wiki.mozilla.org/IDN_Display_Algorithm
// https://en.wikipedia.org/wiki/IDN_homograph_attack
// CVE-2017-5383: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/
user_pref("network.IDN_show_punycode", true);
/*** 2698: FIRST PARTY ISOLATION (FPI) ***/ /*** 2698: FIRST PARTY ISOLATION (FPI) ***/
// 2698a: enable first party isolation pref and OriginAttribute (FF51+) // 2698a: enable first party isolation pref and OriginAttribute (FF51+)