mirror of
https://github.com/arkenfox/user.js.git
synced 2025-09-01 01:18:30 +02:00
Compare commits
50 Commits
57.0
...
v58.0-alph
Author | SHA1 | Date | |
---|---|---|---|
1738f9efb1 | |||
3ef5ba3ac7 | |||
2969ab5b13 | |||
3405bae6d8 | |||
a4eaf9494e | |||
ea6e9be787 | |||
0ebe5d0fa8 | |||
ff77f7260c | |||
93c3457d18 | |||
bc371c8c9d | |||
622b70aa37 | |||
c83670f708 | |||
c399bb1d2d | |||
0a11a87fd0 | |||
91521dbc84 | |||
14c1620994 | |||
0da73d606b | |||
6a0f162d64 | |||
038201fb07 | |||
91c8da5f12 | |||
22198d420a | |||
6becf50fe6 | |||
4fb3040042 | |||
5005376742 | |||
48f95f2ac7 | |||
e5c14eb700 | |||
7a3810f6ca | |||
c8d7694fd3 | |||
343f77c5e9 | |||
a0ec17955d | |||
e195aceb54 | |||
6882a64bf2 | |||
806d6edc6d | |||
d1ab8fd10c | |||
db97478cd1 | |||
48ec3da18d | |||
8c35bf5d11 | |||
a3bffb83bd | |||
b30b988137 | |||
f820ecbacb | |||
3acef78f59 | |||
ac16b9c77b | |||
1069915372 | |||
978e51b515 | |||
c5374b60d8 | |||
2a2b80902a | |||
d82791a933 | |||
d89e9834ff | |||
04c7ed94da | |||
c82d6f70fe |
@ -6,14 +6,14 @@ The `ghacks user.js` is a **template**, which, as provided, aims to provide as m
|
||||
|
||||
Everyone, experts included, should at least read the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few `ghacks user.js` settings.
|
||||
|
||||
Sitemap: [Releases](https://github.com/ghacksuserjs/ghacks-user.js/releases), [changelogs](https://github.com/ghacksuserjs/ghacks-user.js/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Achangelog), [Wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki), [stickies](https://github.com/ghacksuserjs/ghacks-user.js/issues?q=is%3Aissue+is%3Aopen+label%3A%22sticky+topic%22)
|
||||
Sitemap: [Releases](https://github.com/ghacksuserjs/ghacks-user.js/releases), [changelogs](https://github.com/ghacksuserjs/ghacks-user.js/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Achangelog), [Wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki), [stickies](https://github.com/ghacksuserjs/ghacks-user.js/issues?q=is%3Aissue+is%3Aopen+label%3A%22sticky+topic%22). [diffs](https://github.com/ghacksuserjs/ghacks-user.js/issues?q=is%3Aissue+label%3Adiffs)
|
||||
|
||||
###  acknowledgments
|
||||
Literally thousands of sources, references and suggestions. That said...
|
||||
|
||||
* Martin Brinkmann at [ghacks](https://www.ghacks.net/) <sup>1</sup>
|
||||
* The ghacks community and commentators
|
||||
* [12bytes](http://12bytes.org/tech/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs)
|
||||
* [12bytes](http://12bytes.org/tech/firefox/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs)
|
||||
* The 12bytes article now uses this user.js and supplements it with an additonal JS hosted right [here](https://github.com/atomGit/Firefox-user.js) at github
|
||||
|
||||
<sup>1</sup> The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name.
|
||||
|
232
scratchpad-scripts/troubleshooter.js
Normal file
232
scratchpad-scripts/troubleshooter.js
Normal file
@ -0,0 +1,232 @@
|
||||
|
||||
/*** ghacks-user.js troubleshooter.js v1.4 ***/
|
||||
|
||||
(function() {
|
||||
|
||||
if("undefined" === typeof(Services)) {
|
||||
alert("about:config needs to be the active tab!");
|
||||
return;
|
||||
}
|
||||
|
||||
function getMyList(arr) {
|
||||
let aRet = [];
|
||||
let dummy = 0;
|
||||
for (let i = 0, len = arr.length; i < len; i++) {
|
||||
if (Services.prefs.prefHasUserValue(arr[i])) {
|
||||
dummy = Services.prefs.getPrefType(arr[i]);
|
||||
switch (dummy) {
|
||||
case 32: // string (see https://dxr.mozilla.org/mozilla-central/source/modules/libpref/nsIPrefBranch.idl#31)
|
||||
dummy = Services.prefs.getCharPref(arr[i]);
|
||||
aRet.push({'name':arr[i],'value': dummy,'type':32});
|
||||
break;
|
||||
case 64: // int
|
||||
dummy = Services.prefs.getIntPref(arr[i]);
|
||||
aRet.push({'name':arr[i],'value': dummy,'type':64});
|
||||
break;
|
||||
case 128: // boolean
|
||||
dummy = Services.prefs.getBoolPref(arr[i]);
|
||||
aRet.push({'name':arr[i],'value': dummy,'type':128});
|
||||
break;
|
||||
default:
|
||||
console.log("error detecting pref-type for '"+arr[i]+"' !");
|
||||
}
|
||||
}
|
||||
}
|
||||
return aRet;
|
||||
}
|
||||
|
||||
function reapply(arr) {
|
||||
for (let i = 0, len = arr.length; i < len; i++) {
|
||||
switch (arr[i].type) {
|
||||
case 32: // string
|
||||
Services.prefs.setCharPref(arr[i].name, arr[i].value);
|
||||
break;
|
||||
case 64: // int
|
||||
Services.prefs.setIntPref(arr[i].name, arr[i].value);
|
||||
break;
|
||||
case 128: // boolean
|
||||
Services.prefs.setBoolPref(arr[i].name, arr[i].value);
|
||||
break;
|
||||
default:
|
||||
console.log("error re-appyling value for '"+arr[i].name+"' !"); // should never happen
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function myreset(arr) {
|
||||
for (let i = 0, len = arr.length; i < len; i++) {
|
||||
Services.prefs.clearUserPref(arr[i].name);
|
||||
}
|
||||
}
|
||||
|
||||
let ops = [
|
||||
|
||||
/* known culprits */
|
||||
'network.cookie.cookieBehavior',
|
||||
'network.http.referer.XOriginPolicy',
|
||||
'privacy.firstparty.isolate',
|
||||
'privacy.resistFingerprinting',
|
||||
'security.mixed_content.block_display_content',
|
||||
'svg.disabled',
|
||||
|
||||
/* Storage + Cache */
|
||||
'browser.cache.offline.enable',
|
||||
'dom.indexedDB.enabled',
|
||||
'dom.storage.enabled',
|
||||
'browser.storageManager.enabled',
|
||||
'dom.storageManager.enabled',
|
||||
|
||||
/* Workers, Web + Push Notifications */
|
||||
'dom.caches.enabled',
|
||||
'dom.push.connection.enabled',
|
||||
'dom.push.enabled',
|
||||
'dom.push.serverURL',
|
||||
'dom.serviceWorkers.enabled',
|
||||
'dom.workers.enabled',
|
||||
'dom.webnotifications.enabled',
|
||||
'dom.webnotifications.serviceworker.enabled',
|
||||
|
||||
/* Fonts */
|
||||
'browser.display.use_document_fonts',
|
||||
'font.blacklist.underline_offset',
|
||||
'gfx.downloadable_fonts.woff2.enabled',
|
||||
'gfx.font_rendering.graphite.enabled',
|
||||
'gfx.font_rendering.opentype_svg.enabled',
|
||||
'layout.css.font-loading-api.enabled',
|
||||
|
||||
/* Misc */
|
||||
'browser.link.open_newwindow.restriction',
|
||||
'canvas.capturestream.enabled',
|
||||
'dom.event.clipboardevents.enabled',
|
||||
'dom.event.contextmenu.enabled',
|
||||
'dom.IntersectionObserver.enabled',
|
||||
'dom.popup_allowed_events',
|
||||
'full-screen-api.enabled',
|
||||
'geo.wifi.uri',
|
||||
'intl.accept_languages',
|
||||
'javascript.options.asmjs',
|
||||
'javascript.options.wasm',
|
||||
'permissions.default.shortcuts',
|
||||
'security.csp.experimentalEnabled',
|
||||
|
||||
/* Hardware */
|
||||
'dom.vr.enabled',
|
||||
'media.ondevicechange.enabled',
|
||||
|
||||
/* Audio + Video */
|
||||
'dom.webaudio.enabled',
|
||||
'media.autoplay.enabled',
|
||||
'media.flac.enabled',
|
||||
'media.mp4.enabled',
|
||||
'media.ogg.enabled',
|
||||
'media.opus.enabled',
|
||||
'media.raw.enabled',
|
||||
'media.wave.enabled',
|
||||
'media.webm.enabled',
|
||||
'media.wmf.enabled',
|
||||
|
||||
/* Forms */
|
||||
'browser.formfill.enable',
|
||||
'signon.autofillForms',
|
||||
'signon.formlessCapture.enabled',
|
||||
|
||||
/* HTTPS */
|
||||
'security.cert_pinning.enforcement_level',
|
||||
'security.family_safety.mode',
|
||||
'security.mixed_content.use_hsts',
|
||||
'security.OCSP.require',
|
||||
'security.pki.sha1_enforcement_level',
|
||||
'security.ssl.require_safe_negotiation',
|
||||
'security.ssl.treat_unsafe_negotiation_as_broken',
|
||||
'security.ssl3.dhe_rsa_aes_128_sha',
|
||||
'security.ssl3.dhe_rsa_aes_256_sha',
|
||||
'security.ssl3.ecdhe_ecdsa_aes_128_sha',
|
||||
'security.ssl3.ecdhe_rsa_aes_128_sha',
|
||||
'security.ssl3.rsa_aes_128_sha',
|
||||
'security.ssl3.rsa_aes_256_sha',
|
||||
'security.ssl3.rsa_des_ede3_sha',
|
||||
'security.tls.enable_0rtt_data',
|
||||
'security.tls.version.max',
|
||||
'security.tls.version.min',
|
||||
|
||||
/* Plugins + Flash */
|
||||
'plugin.default.state',
|
||||
'plugin.defaultXpi.state',
|
||||
'plugin.sessionPermissionNow.intervalInMinutes',
|
||||
'plugin.state.flash',
|
||||
|
||||
/* unlikely to cause problems */
|
||||
'browser.tabs.remote.allowLinkedWebInFileUriProcess',
|
||||
'dom.popup_maximum',
|
||||
'layout.css.visited_links_enabled',
|
||||
'mathml.disabled',
|
||||
'network.auth.subresource-img-cross-origin-http-auth-allow',
|
||||
'network.http.redirection-limit',
|
||||
'network.protocol-handler.external.ms-windows-store',
|
||||
'privacy.trackingprotection.enabled',
|
||||
'security.data_uri.block_toplevel_data_uri_navigations',
|
||||
|
||||
/* FF User-Interface */
|
||||
'browser.search.suggest.enabled',
|
||||
'browser.urlbar.autoFill',
|
||||
'browser.urlbar.autoFill.typed',
|
||||
'browser.urlbar.oneOffSearches',
|
||||
'browser.urlbar.suggest.searches',
|
||||
'keyword.enabled',
|
||||
|
||||
'last.one.without.comma'
|
||||
]
|
||||
|
||||
|
||||
// reset prefs that set the same value as FFs default value
|
||||
let aTEMP = getMyList(ops);
|
||||
myreset(aTEMP);
|
||||
reapply(aTEMP);
|
||||
|
||||
const aBACKUP = getMyList(ops);
|
||||
//console.log(aBACKUP.length, "user-set prefs from our list detected and their values stored.");
|
||||
|
||||
let myArr = aBACKUP;
|
||||
let found = false;
|
||||
let aDbg = [];
|
||||
focus();
|
||||
myreset(aBACKUP); // reset all detected prefs
|
||||
if (confirm("all detected prefs reset.\n\n!! KEEP THIS PROMPT OPEN AND TEST THE SITE IN ANOTHER TAB !!\n\nIF the problem still exists, this script can't help you - click cancel to re-apply your values and exit.\n\nClick OK if your problem is fixed.")) {
|
||||
aDbg = myArr;
|
||||
reapply(aBACKUP);
|
||||
myreset(myArr.slice(0, parseInt(myArr.length/2)));
|
||||
while (myArr.length >= 2) {
|
||||
alert("NOW TEST AGAIN !");
|
||||
if (confirm("if the problem still exists click OK, otherwise click cancel.")) {
|
||||
myArr = myArr.slice(parseInt(myArr.length/2));
|
||||
if (myArr.length == 1) {
|
||||
alert("The problem is caused by more than 1 pref !\n\nNarrowed it down to "+ aDbg.length.toString() +" prefs, check the console ...");
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
myArr = myArr.slice(0, parseInt(myArr.length/2));
|
||||
aDbg = myArr;
|
||||
if (myArr.length == 1) { found = true; break; }
|
||||
}
|
||||
reapply(aBACKUP);
|
||||
myreset(myArr.slice(0, parseInt(myArr.length/2))); // reset half of the remaining prefs
|
||||
}
|
||||
reapply(aBACKUP);
|
||||
}
|
||||
else {
|
||||
reapply(aBACKUP);
|
||||
return;
|
||||
}
|
||||
|
||||
if (found) {
|
||||
alert("narrowed it down to:\n\n"+myArr[0].name+"\n");
|
||||
myreset(myArr); // reset the culprit
|
||||
}
|
||||
else {
|
||||
console.log("the problem is caused by a combination of the following prefs:");
|
||||
for (let i = 0, len = aDbg.length; i < len; i++) {
|
||||
console.log(aDbg[i].name);
|
||||
}
|
||||
}
|
||||
|
||||
})();
|
109
updater.bat
109
updater.bat
@ -3,7 +3,7 @@ TITLE ghacks user.js updater
|
||||
|
||||
REM ## ghacks-user.js updater for Windows
|
||||
REM ## author: @claustromaniac
|
||||
REM ## version: 4.2
|
||||
REM ## version: 4.3
|
||||
REM ## instructions: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Updater-Scripts
|
||||
|
||||
SET _myname=%~n0
|
||||
@ -16,6 +16,7 @@ IF /I "%~1"=="-logp" (SET _log=1 & SET _logp=1)
|
||||
IF /I "%~1"=="-multioverrides" (SET _multi=1)
|
||||
IF /I "%~1"=="-merge" (SET _merge=1)
|
||||
IF /I "%~1"=="-updatebatch" (SET _updateb=1)
|
||||
IF /I "%~1"=="-singlebackup" (SET _singlebackup=1)
|
||||
SHIFT
|
||||
GOTO parse
|
||||
:endparse
|
||||
@ -76,14 +77,14 @@ ECHO:
|
||||
ECHO: ########################################
|
||||
ECHO: #### user.js Updater for Windows ####
|
||||
ECHO: #### by claustromaniac ####
|
||||
ECHO: #### v4.2 ####
|
||||
ECHO: #### v4.3 ####
|
||||
ECHO: ########################################
|
||||
ECHO:
|
||||
SET /A "_line=0"
|
||||
IF NOT EXIST user.js (
|
||||
CALL :message "user.js not detected in the current directory."
|
||||
) ELSE (
|
||||
FOR /F "skip=1 tokens=1,2 delims=:" %%G IN (user.js) DO (
|
||||
FOR /F "skip=1 tokens=1,* delims=:" %%G IN (user.js) DO (
|
||||
SET /A "_line+=1"
|
||||
IF !_line! GEQ 4 (GOTO exitloop)
|
||||
IF !_line! EQU 1 (SET _name=%%H)
|
||||
@ -91,15 +92,11 @@ IF NOT EXIST user.js (
|
||||
IF !_line! EQU 3 (SET _version=%%G)
|
||||
)
|
||||
:exitloop
|
||||
IF !_line! GEQ 4 (
|
||||
IF NOT "!_name!"=="" (
|
||||
IF /I NOT "!_name!"=="!_name:ghacks=!" (
|
||||
CALL :message "ghacks user.js !_version:~2!,!_date!"
|
||||
) ELSE (
|
||||
CALL :message "Current user.js version not recognised."
|
||||
)
|
||||
) ELSE (
|
||||
CALL :message "Current user.js version not recognised."
|
||||
)
|
||||
CALL :message "!_name! !_version:~2!,!_date!"
|
||||
) ELSE (CALL :message "Current user.js version not recognised.")
|
||||
) ELSE (CALL :message "Current user.js version not recognised.")
|
||||
)
|
||||
ECHO:
|
||||
IF NOT DEFINED _ua (
|
||||
@ -123,17 +120,12 @@ IF DEFINED _log (
|
||||
ECHO:##################################################################
|
||||
CALL :message "%date%, %time%"
|
||||
)
|
||||
IF EXIST user.js.old.bak (DEL /F user.js.old.bak)
|
||||
IF EXIST user.js (
|
||||
IF EXIST user.js.bak (REN user.js.bak user.js.old.bak)
|
||||
REN user.js user.js.bak
|
||||
CALL :message "Current user.js file backed up."
|
||||
)
|
||||
IF EXIST user.js.new (DEL /F "user.js.new")
|
||||
CALL :message "Retrieving latest user.js file from github repository..."
|
||||
(
|
||||
powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/user.js', 'user.js')"
|
||||
powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/user.js', 'user.js.new')"
|
||||
) >nul 2>&1
|
||||
IF EXIST user.js (
|
||||
IF EXIST user.js.new (
|
||||
IF DEFINED _multi (
|
||||
FORFILES /P user.js-overrides /M *.js >nul 2>&1
|
||||
IF NOT ERRORLEVEL 1 (
|
||||
@ -141,45 +133,49 @@ IF EXIST user.js (
|
||||
CALL :message "Merging..."
|
||||
COPY /B /V /Y user.js-overrides\*.js user-overrides-merged.js
|
||||
CALL :merge user-overrides-merged.js
|
||||
COPY /B /V /Y user.js+user-overrides-merged.js user.js
|
||||
CALL :merge user.js
|
||||
COPY /B /V /Y user.js.new+user-overrides-merged.js user.js.new
|
||||
CALL :merge user.js.new
|
||||
) ELSE (
|
||||
CALL :message "Appending..."
|
||||
COPY /B /V /Y user.js+"user.js-overrides\*.js" user.js
|
||||
COPY /B /V /Y user.js.new+"user.js-overrides\*.js" user.js.new
|
||||
)
|
||||
) ELSE (CALL :message "No override files found.")
|
||||
ECHO:
|
||||
) ELSE (
|
||||
IF EXIST "user-overrides.js" (
|
||||
COPY /B /V /Y user.js+"user-overrides.js" "user.js"
|
||||
COPY /B /V /Y user.js.new+"user-overrides.js" "user.js.new"
|
||||
IF DEFINED _merge (
|
||||
CALL :message "Merging user-overrides.js..."
|
||||
CALL :merge user.js
|
||||
CALL :merge user.js.new
|
||||
) ELSE (
|
||||
CALL :message "user-overrides.js appended."
|
||||
)
|
||||
) ELSE (CALL :message "user-overrides.js not found.")
|
||||
ECHO:
|
||||
)
|
||||
CALL :message "Handling backups..."
|
||||
SET "changed="
|
||||
IF EXIST user.js.bak (
|
||||
FC user.js.bak user.js >nul && SET "changed=false" || SET "changed=true"
|
||||
IF EXIST user.js (
|
||||
FC user.js.new user.js >nul && SET "_changed=false" || SET "_changed=true"
|
||||
)
|
||||
IF "!changed!"=="true" (
|
||||
IF EXIST user.js.old.bak DEL /F user.js.old.bak
|
||||
IF "!_changed!"=="true" (
|
||||
CALL :message "Backing up..."
|
||||
IF DEFINED _singlebackup (
|
||||
MOVE /Y user.js user.js.bak >nul
|
||||
) ELSE (
|
||||
MOVE /Y user.js "user-backup-!date:/=-!_!time::=.!.js" >nul
|
||||
)
|
||||
REN user.js.new user.js
|
||||
CALL :message "Update complete."
|
||||
) ELSE (
|
||||
IF "!changed!"=="false" (
|
||||
DEL /F user.js.bak
|
||||
IF EXIST user.js.old.bak REN user.js.old.bak user.js.bak
|
||||
IF "!_changed!"=="false" (
|
||||
DEL /F user.js.new >nul
|
||||
CALL :message "Update completed without changes."
|
||||
) ELSE (CALL :message "Update complete.")
|
||||
) ELSE (
|
||||
REN user.js.new user.js
|
||||
CALL :message "Update complete."
|
||||
)
|
||||
)
|
||||
ECHO:
|
||||
) ELSE (
|
||||
IF EXIST user.js.bak (REN user.js.bak user.js)
|
||||
IF EXIST user.js.old.bak (REN user.js.old.bak user.js.bak)
|
||||
CALL :message "Update failed. Make sure PowerShell is allowed internet access."
|
||||
ECHO: No changes were made.
|
||||
)
|
||||
@ -200,27 +196,27 @@ REM ############ Merge function ############
|
||||
:merge
|
||||
SETLOCAL DisableDelayedExpansion
|
||||
(
|
||||
FOR /F "tokens=1,* delims=," %%G IN ('FINDSTR /B /I /C:"user_pref" "%~1"') DO (SET "%%G=%%H")
|
||||
FOR /F tokens^=2^,^*^ delims^=^'^" %%G IN ('FINDSTR /B /R /C:"user_pref.*\)[ ]*;" "%~1"') DO (IF NOT "%%H"=="" (SET "%%G=%%H"))
|
||||
FOR /F "tokens=1,* delims=:" %%I IN ('FINDSTR /N "^" "%~1"') DO (
|
||||
IF ""=="%%J" (
|
||||
ECHO:
|
||||
SET "_temp=%%J"
|
||||
SETLOCAL EnableDelayedExpansion
|
||||
IF NOT "!_temp:~0,9!"=="user_pref" (
|
||||
ENDLOCAL & ECHO:%%J
|
||||
) ELSE (
|
||||
FOR /F "delims=," %%K IN ("%%J") DO (
|
||||
IF NOT [user_pref("_user.js.parrot"]==[%%K] (
|
||||
IF DEFINED %%K (
|
||||
SETLOCAL EnableDelayedExpansion
|
||||
FOR /F "delims=" %%L IN ("!%%K!") DO (
|
||||
ENDLOCAL
|
||||
IF NOT "%%L"=="ALREADY MERGED" (
|
||||
ECHO:%%K,%%L
|
||||
SET "%%K=ALREADY MERGED"
|
||||
IF "!_temp:;=!"=="!_temp!" (
|
||||
ENDLOCAL & ECHO:%%J
|
||||
) ELSE (
|
||||
ENDLOCAL
|
||||
FOR /F tokens^=2^ delims^=^'^" %%K IN ("%%J") DO (
|
||||
IF NOT "_user.js.parrot"=="%%K" (
|
||||
IF DEFINED %%K (
|
||||
SETLOCAL EnableDelayedExpansion
|
||||
FOR /F "delims=" %%L IN ("!%%K!") DO (
|
||||
ENDLOCAL & ECHO:user_pref("%%K"%%L
|
||||
SET "%%K="
|
||||
)
|
||||
)
|
||||
) ELSE (
|
||||
ECHO:%%J
|
||||
)
|
||||
) ELSE (
|
||||
ECHO:%%J
|
||||
) ELSE (ECHO:%%J)
|
||||
)
|
||||
)
|
||||
)
|
||||
@ -231,7 +227,7 @@ ENDLOCAL
|
||||
GOTO :EOF
|
||||
REM ############### Help ##################
|
||||
:showhelp
|
||||
MODE 80,43
|
||||
MODE 80,46
|
||||
CLS
|
||||
CALL :message "Available arguments (case-insensitive):"
|
||||
CALL :message " -log"
|
||||
@ -239,7 +235,7 @@ ECHO: Write the console output to a logfile (user.js-update-log.txt)
|
||||
CALL :message " -logP"
|
||||
ECHO: Like -log, but also open the logfile after updating.
|
||||
CALL :message " -merge"
|
||||
ECHO: Merge overrides instead of appending them. One-line comments and
|
||||
ECHO: Merge overrides instead of appending them. Single-line comments and
|
||||
ECHO: _user.js.parrot lines are appended normally. Overrides for inactive
|
||||
ECHO: user.js prefs will be appended. When -Merge and -MultiOverrides are used
|
||||
ECHO: together, a user-overrides-merged.js file is also generated in the root
|
||||
@ -254,6 +250,9 @@ ECHO: instead of the default user-overrides.js file. Files are appended in
|
||||
ECHO: alphabetical order.
|
||||
CALL :message " -unattended"
|
||||
ECHO: Run without user input.
|
||||
CALL :message " -singleBackup"
|
||||
ECHO: Use a single backup file and overwrite it on new updates, instead of
|
||||
ECHO: cumulative backups. This was the default behaviour before v4.3.
|
||||
CALL :message " -updatebatch"
|
||||
ECHO: Update the script itself on execution, before the normal routine.
|
||||
CALL :message ""
|
||||
|
190
user.js
190
user.js
@ -1,10 +1,11 @@
|
||||
/******
|
||||
* name: ghacks user.js
|
||||
* date: 20 November 2017
|
||||
* version 57: I Love Rock 'n' Pants
|
||||
* "Singing, I love rock and pants. So put another dime in the jukebox, baby"
|
||||
* date: 3 February 2018
|
||||
* version 58: Pantslide
|
||||
* "I took my pants, took em down, I climbed a mountain and I turned around"
|
||||
* authors: v52+ github | v51- www.ghacks.net
|
||||
* url: https://github.com/ghacksuserjs/ghacks-user.js
|
||||
* license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt
|
||||
|
||||
* releases: These are end-of-stable-life-cycle legacy archives.
|
||||
*Always* use the master branch user.js for a current up-to-date version.
|
||||
@ -19,8 +20,8 @@
|
||||
3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum
|
||||
* Auto-installing updates for Firefox and extensions are disabled (section 0302's)
|
||||
* Some user data is erased on close (section 2800), namely history (browsing, form, download)
|
||||
* Cookies are denied by default (2701), we use site exceptions. This breaks extensions
|
||||
that use IndexedDB, so you need to allow exceptions for those as well: see [1] below
|
||||
* Cookies are denied by default (2701), we use site exceptions. In Firefox 58 and lower, this breaks
|
||||
extensions that use IndexedDB, so you need to allow exceptions for those as well: see [1] below
|
||||
[1] https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.1.1-Setting-Extension-Permission-Exceptions
|
||||
* EACH RELEASE check:
|
||||
- 4600s: reset prefs made redundant due to privacy.resistFingerprinting (RPF)
|
||||
@ -44,6 +45,9 @@
|
||||
* [2] https://en.wikipedia.org/wiki/Warrant_canary ***/
|
||||
user_pref("_user.js.parrot", "START: Oh yes, the Norwegian Blue... what's wrong with it?");
|
||||
|
||||
/* 0000: disable about:config warning ***/
|
||||
user_pref("general.warnOnAboutConfig", false);
|
||||
|
||||
/* 0001: start Firefox in PB (Private Browsing) mode
|
||||
* [SETTING-56+] Options>Privacy & Security>History>Custom Settings>Always use private browsing mode
|
||||
* [SETTING-ESR] Options>Privacy>History>Custom Settings>Always use private browsing mode
|
||||
@ -91,6 +95,9 @@ user_pref("browser.search.geoip.url", "");
|
||||
user_pref("intl.locale.matchOS", false);
|
||||
/* 0204: set APP locale ***/
|
||||
user_pref("general.useragent.locale", "en-US");
|
||||
/* 0205: set OS & APP locale (replaces 0203 + 0204) (FF59+)
|
||||
* If set to empty, the OS locales are used. If not set at all, default locale is used ***/
|
||||
user_pref("intl.locale.requested", "en-US"); // (hidden pref)
|
||||
/* 0206: disable geographically specific results/search engines e.g. "browser.search.*.US"
|
||||
* i.e. ignore all of Mozilla's various search engines in multiple locales ***/
|
||||
user_pref("browser.search.geoSpecificDefaults", false);
|
||||
@ -189,7 +196,8 @@ user_pref("breakpad.reportURL", "");
|
||||
/* 0351: disable sending of crash reports (FF44+) ***/
|
||||
user_pref("browser.tabs.crashReporting.sendReport", false);
|
||||
user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // (FF51+)
|
||||
user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); // (FF51+)
|
||||
user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); // (FF51-57)
|
||||
user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // (FF58+)
|
||||
/* 0360: disable new tab tile ads & preload & marketing junk ***/
|
||||
user_pref("browser.newtab.preload", false);
|
||||
user_pref("browser.newtabpage.directory.source", "data:text/plain,");
|
||||
@ -273,6 +281,9 @@ user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); //
|
||||
* [TEST] see github wiki APPENDIX C: Test Sites: Section 5
|
||||
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1226490 ***/
|
||||
// user_pref("browser.safebrowsing.allowOverride", false);
|
||||
/* 0417: disable data sharing (FF58+) ***/
|
||||
user_pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false);
|
||||
user_pref("browser.safebrowsing.provider.google4.dataSharingURL", "");
|
||||
/** TRACKING PROTECTION (TP)
|
||||
There are NO privacy concerns here, but we strongly recommend to use uBlock Origin as well,
|
||||
as it offers more comprehensive and specialized lists. It also allows per domain control. ***/
|
||||
@ -591,7 +602,7 @@ user_pref("browser.cache.disk_cache_ssl", false);
|
||||
* [NOTE] Not recommended unless you know what you're doing
|
||||
* [1] http://kb.mozillazine.org/Browser.sessionhistory.max_total_viewers ***/
|
||||
// user_pref("browser.sessionhistory.max_total_viewers", 0);
|
||||
/* 1006: disable permissions manager from writing to disk (requires restart)
|
||||
/* 1006: disable permissions manager from writing to disk [RESTART]
|
||||
* [NOTE] This means any permission changes are session only
|
||||
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=967812 ***/
|
||||
// user_pref("permissions.memory_only", true); // (hidden pref)
|
||||
@ -635,52 +646,6 @@ user_pref("browser.shell.shortcutFavicons", false);
|
||||
/* 1032: disable favicons in web notifications ***/
|
||||
user_pref("alerts.showFavicons", false);
|
||||
|
||||
/*** 1100: MULTI-PROCESS (e10s)
|
||||
We recommend you let Firefox handle this. Until e10s is enforced, if
|
||||
- all your legacy extensions have the 'multiprocessCompatible' flag as true, then FF = e10s
|
||||
- any legacy extensions have 'multiprocessCompatible' flag as false, then FF != e10s
|
||||
- any legacy extensions are missing the 'multiprocessCompatible' flag, then they *might* be disabled
|
||||
[1] https://blog.mozilla.org/addons/2017/02/16/the-road-to-firefox-57-compatibility-milestones/
|
||||
***/
|
||||
user_pref("_user.js.parrot", "1100 syntax error: the parrot's bought the farm!");
|
||||
/* 1101: start the browser in e10s mode (FF48+)
|
||||
* about:support>Application Basics>Multiprocess Windows ***/
|
||||
// user_pref("browser.tabs.remote.autostart", true);
|
||||
// user_pref("browser.tabs.remote.autostart.2", true); // (FF49+) (hidden pref)
|
||||
// user_pref("browser.tabs.remote.force-enable", true); // (hidden pref)
|
||||
// user_pref("extensions.e10sBlocksEnabling", false);
|
||||
/* 1102: control number of content rendering processes
|
||||
* [SETTING] Options>General>Performance>Custom>Content process limit
|
||||
* [1] https://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/
|
||||
* [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1207306 ***/
|
||||
// user_pref("dom.ipc.processCount", 4);
|
||||
/* 1103: enable extension code to run in a separate process (webext-oop) (FF53+)
|
||||
* [1] https://wiki.mozilla.org/WebExtensions/Implementing_APIs_out-of-process ***/
|
||||
// user_pref("extensions.webextensions.remote", true);
|
||||
/* 1104: enforce separate content process for file://URLs (FF53+)
|
||||
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1147911
|
||||
* [2] https://www.ghacks.net/2016/11/27/firefox-53-exclusive-content-process-for-local-files/ ***/
|
||||
user_pref("browser.tabs.remote.separateFileUriProcess", true);
|
||||
/* 1105: enable console shim warnings for legacy extensions with the 'multiprocessCompatible' flag as false ***/
|
||||
user_pref("dom.ipc.shims.enabledWarnings", true);
|
||||
/* 1106: control number of extension processes ***/
|
||||
// user_pref("dom.ipc.processCount.extension", 1);
|
||||
/* 1107: control number of file processes ***/
|
||||
// user_pref("dom.ipc.processCount.file", 1);
|
||||
/* 1108: block web content in file processes (FF55+)
|
||||
* [WARNING] [SETUP] You may want to disable this for corporate or developer environments
|
||||
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1343184 ***/
|
||||
user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false);
|
||||
/* 1110: set sandbox level. DO NOT MEDDLE WITH THESE. They are included to inform you NOT to play
|
||||
* with them. The values are integers, but the code below deliberately contains a data mismatch
|
||||
* [1] https://wiki.mozilla.org/Security/Sandbox
|
||||
* [2] https://www.ghacks.net/2017/01/23/how-to-change-firefoxs-sandbox-security-level/#comment-4105173 ***/
|
||||
// user_pref("security.sandbox.content.level", "donotuse");
|
||||
// user_pref("dom.ipc.plugins.sandbox-level.default", "donotuse");
|
||||
// user_pref("dom.ipc.plugins.sandbox-level.flash", "donotuse");
|
||||
/* 1111: enable sandbox logging ***/
|
||||
// user_pref("security.sandbox.logging.enabled", true);
|
||||
|
||||
/*** 1200: HTTPS ( SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS )
|
||||
Note that your cipher and other settings can be used server side as a fingerprint attack
|
||||
vector, see [1] (It's quite technical but the first part is easy to understand
|
||||
@ -732,17 +697,20 @@ user_pref("security.tls.enable_0rtt_data", false); // (FF55+ default true)
|
||||
/* 1210: enable OCSP Stapling
|
||||
* [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/
|
||||
user_pref("security.ssl.enable_ocsp_stapling", true);
|
||||
/* 1211: control use of OCSP responder servers to confirm current validity of certificates
|
||||
* 0=disable, 1=validate only certificates that specify an OCSP service URL (default)
|
||||
* 2=enable and use values in security.OCSP.URL and security.OCSP.signing.
|
||||
/* 1211: control when to use OCSP fetching (to confirm current validity of certificates)
|
||||
* 0=disabled, 1=enabled (default), 2=enabled for EV certificates only
|
||||
* OCSP (non-stapled) leaks information about the sites you visit to the CA (cert authority)
|
||||
* It's a trade-off between security (checking) and privacy (leaking info to the CA)
|
||||
* [NOTE] This pref only controls OCSP fetching and does not affect OCSP stapling
|
||||
* [1] https://en.wikipedia.org/wiki/Ocsp ***/
|
||||
user_pref("security.OCSP.enabled", 1);
|
||||
/* 1212: enable OCSP revocation. When a CA cannot be reached to validate a cert, Firefox currently
|
||||
* continues the connection. With OCSP revocation, Firefox terminates the connection instead.
|
||||
* [WARNING] Since FF44 the default is false. If set to true, this will cause some site breakage
|
||||
* [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/
|
||||
/* 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail
|
||||
* When a CA cannot be reached to validate a cert, Firefox just continues the connection (=soft-fail)
|
||||
* Setting this pref to true tells Firefox to instead terminate the connection (=hard-fail)
|
||||
* It is pointless to soft-fail when an OCSP fetch fails: you cannot confirm a cert is still valid (it
|
||||
* could have been revoked) and/or you could be under attack (e.g. malicious blocking of OCSP servers)
|
||||
* [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
|
||||
* [2] https://www.imperialviolet.org/2014/04/19/revchecking.html ***/
|
||||
user_pref("security.OCSP.require", true);
|
||||
/** CERTS / HSTS (HTTP Strict Transport Security) / HPKP (HTTP Public Key Pinning) ***/
|
||||
/* 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+)
|
||||
@ -751,7 +719,7 @@ user_pref("security.OCSP.require", true);
|
||||
* 2=detect Family Safety mode and import the root
|
||||
* [1] https://trac.torproject.org/projects/tor/ticket/21686 ***/
|
||||
user_pref("security.family_safety.mode", 0);
|
||||
/* 1221: disable intermediate certificate caching (fingerprinting attack vector)
|
||||
/* 1221: disable intermediate certificate caching (fingerprinting attack vector) [RESTART]
|
||||
* [NOTE] This may be better handled under FPI (ticket 1323644, part of Tor Uplift)
|
||||
* [WARNING] This affects login/cert/key dbs. The effect is all credentials are session-only.
|
||||
* Saved logins and passwords are not available. Reset the pref and restart to return them.
|
||||
@ -774,9 +742,8 @@ user_pref("network.stricttransportsecurity.preloadlist", true);
|
||||
/* 1240: disable insecure active content on https pages - mixed content
|
||||
* [1] https://trac.torproject.org/projects/tor/ticket/21323 ***/
|
||||
user_pref("security.mixed_content.block_active_content", true);
|
||||
/* 1241: disable insecure passive content (such as images) on https pages - mixed context
|
||||
* [WARNING] When set to true, this will visually break many sites (March 2017) ***/
|
||||
// user_pref("security.mixed_content.block_display_content", true);
|
||||
/* 1241: disable insecure passive content (such as images) on https pages - mixed context ***/
|
||||
user_pref("security.mixed_content.block_display_content", true);
|
||||
/* 1242: enable Mixed-Content-Blocker to use the HSTS cache but disable the HSTS Priming requests (FF51+)
|
||||
* Allow resources from domains with an existing HSTS cache record or in the HSTS preload list
|
||||
* to be upgraded to HTTPS internally but disable sending out HSTS Priming requests, because
|
||||
@ -818,7 +785,7 @@ user_pref("security.pki.sha1_enforcement_level", 1);
|
||||
* [1] https://wiki.mozilla.org/Security:Renegotiation ***/
|
||||
user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
|
||||
/* 1271: control "Add Security Exception" dialog on SSL warnings
|
||||
* 0=do neither 1=pre-populate url 2+pre-populate url + pre-fetch cert (default)
|
||||
* 0=do neither 1=pre-populate url 2=pre-populate url + pre-fetch cert (default)
|
||||
* [1] https://github.com/pyllyukko/user.js/issues/210 ***/
|
||||
user_pref("browser.ssl_override_behavior", 1);
|
||||
/* 1272: display advanced information on Insecure Connection warning pages
|
||||
@ -855,12 +822,12 @@ user_pref("gfx.downloadable_fonts.enabled", true);
|
||||
/* 1404: disable rendering of SVG OpenType fonts
|
||||
* [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/
|
||||
user_pref("gfx.font_rendering.opentype_svg.enabled", false);
|
||||
/* 1405: disable WOFF2 (Web Open Font Format) ***/
|
||||
/* 1405: disable WOFF2 (Web Open Font Format) (FF35+) ***/
|
||||
user_pref("gfx.downloadable_fonts.woff2.enabled", false);
|
||||
/* 1406: disable CSS Font Loading API
|
||||
* [SETUP] Disabling fonts can uglify the web a fair bit. ***/
|
||||
user_pref("layout.css.font-loading-api.enabled", false);
|
||||
/* 1407: disable special underline handling for a few fonts which you will probably never use.
|
||||
/* 1407: disable special underline handling for a few fonts which you will probably never use [RESTART]
|
||||
* Any of these fonts on your system can be enumerated for fingerprinting. Requires restart.
|
||||
* [1] http://kb.mozillazine.org/Font.blacklist.underline_offset ***/
|
||||
user_pref("font.blacklist.underline_offset", "");
|
||||
@ -868,7 +835,7 @@ user_pref("font.blacklist.underline_offset", "");
|
||||
* In the past it had security issues. Update: This continues to be the case, see [1]
|
||||
* [1] https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778 ***/
|
||||
user_pref("gfx.font_rendering.graphite.enabled", false);
|
||||
/* 1409: limit system font exposure to a whitelist (FF52+) [SETUP]
|
||||
/* 1409: limit system font exposure to a whitelist (FF52+) [SETUP] [RESTART]
|
||||
* If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed.
|
||||
* [NOTE] Creating your own probably highly-unique whitelist will raise your entropy. If
|
||||
* you block sites choosing fonts in 1401, this preference is irrelevant. In future,
|
||||
@ -905,7 +872,8 @@ user_pref("network.http.sendRefererHeader", 2);
|
||||
user_pref("network.http.referer.trimmingPolicy", 0);
|
||||
/* 1603: CROSS ORIGIN: control when to send a referer [SETUP]
|
||||
* 0=always (default), 1=only if base domains match, 2=only if hosts match
|
||||
* [NOTE] 1=less breakage, possible leakage 2=less leakage, more breakage ***/
|
||||
* [NOTE] 1=less breakage, possible leakage 2=less leakage, more breakage
|
||||
* [WARNING] Reset to default 0 if you have issues accessing your modem/router ***/
|
||||
user_pref("network.http.referer.XOriginPolicy", 1);
|
||||
/* 1604: CROSS ORIGIN: control the amount of information to send (FF52+)
|
||||
* 0=send full URI (default) 1=scheme+host+path+port 2=scheme+host+port ***/
|
||||
@ -992,7 +960,7 @@ user_pref("media.gmp-widevinecdm.autoupdate", false);
|
||||
/* 1830: disable all DRM content (EME: Encryption Media Extension) [SETUP]
|
||||
* [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/
|
||||
user_pref("media.eme.enabled", false); // Options>Content>Play DRM Content
|
||||
user_pref("browser.eme.ui.enabled", false); // hides "Play DRM Content" checkbox, restart required
|
||||
user_pref("browser.eme.ui.enabled", false); // hides "Play DRM Content" checkbox [RESTART]
|
||||
/* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate"
|
||||
* This is the bundled codec used for video chat in WebRTC ***/
|
||||
user_pref("media.gmp-gmpopenh264.enabled", false); // (hidden pref)
|
||||
@ -1038,6 +1006,12 @@ user_pref("media.getusermedia.browser.enabled", false);
|
||||
user_pref("media.getusermedia.audiocapture.enabled", false);
|
||||
/* 2023: disable camera stuff ***/
|
||||
user_pref("camera.control.face_detection.enabled", false);
|
||||
/* 2024: set a default permission for Camera/Microphone (FF58+)
|
||||
* 0=always ask (default), 1=allow, 2=block
|
||||
* [SETTING] to add site exceptions: Page Info>Permissions>Use the Camera/Microphone
|
||||
* [SETTING] to manage site exceptions: Options>Privacy>Permissions>Camera/Microphone>Settings ***/
|
||||
// user_pref("permissions.default.camera", 2);
|
||||
// user_pref("permissions.default.microphone", 2);
|
||||
/* 2026: disable canvas capture stream
|
||||
* [1] https://developer.mozilla.org/docs/Web/API/HTMLCanvasElement/captureStream ***/
|
||||
user_pref("canvas.capturestream.enabled", false);
|
||||
@ -1095,7 +1069,8 @@ user_pref("dom.disable_beforeunload", true);
|
||||
communicate between browsing contexts (windows/tabs/iframes) and can even control your cache.
|
||||
|
||||
[WARNING] Disabling workers *will* break sites (e.g. Google Street View, Twitter).
|
||||
It is recommended that you use a separate profile for these sorts of sites.
|
||||
[UPDATE] uMatrix 1.2.0+ allows a per-scope control for workers (2301) and service workers (2302)
|
||||
#Required reading [#] https://github.com/gorhill/uMatrix/releases/tag/1.2.0
|
||||
|
||||
[1] Web Workers: https://developer.mozilla.org/docs/Web/API/Web_Workers_API
|
||||
[2] Worker: https://developer.mozilla.org/docs/Web/API/Worker
|
||||
@ -1116,11 +1091,14 @@ user_pref("dom.workers.enabled", false);
|
||||
* [NOTE] Service workers only run over HTTPS. Service Workers have no DOM access. ***/
|
||||
user_pref("dom.serviceWorkers.enabled", false);
|
||||
/* 2304: disable web notifications
|
||||
* [NOTE] You can still override individual domains under site permissions (FF44+)
|
||||
* [1] https://developer.mozilla.org/docs/Web/API/Notifications_API ***/
|
||||
user_pref("dom.webnotifications.enabled", false);
|
||||
user_pref("dom.webnotifications.serviceworker.enabled", false);
|
||||
/* 2305: disable push notifications (FF44+)
|
||||
user_pref("dom.webnotifications.enabled", false); // (FF22+)
|
||||
user_pref("dom.webnotifications.serviceworker.enabled", false); // (FF44+)
|
||||
/* 2305: set a default permission for Notifications (see 2304) (FF58+)
|
||||
* [SETTING] to add site exceptions: Page Info>Permissions>Receive Notifications
|
||||
* [SETTING] to manage site exceptions: Options>Privacy>Permissions>Notifications>Settings ***/
|
||||
// user_pref("permissions.default.desktop-notification", 2); // 0=always ask (default), 1=allow, 2=block
|
||||
/* 2306: disable push notifications (FF44+)
|
||||
* web apps can receive messages pushed to them from a server, whether or
|
||||
* not the web app is in the foreground, or even currently loaded
|
||||
* [1] https://developer.mozilla.org/docs/Web/API/Push_API ***/
|
||||
@ -1154,10 +1132,11 @@ user_pref("dom.idle-observers-api.enabled", false);
|
||||
/* 2418: disable full-screen API
|
||||
* false=block, true=ask ***/
|
||||
user_pref("full-screen-api.enabled", false);
|
||||
/* 2420: disable support for asm.js ( http://asmjs.org/ )
|
||||
/* 2420: disable asm.js (http://asmjs.org/) (FF22+)
|
||||
* [1] https://www.mozilla.org/security/advisories/mfsa2015-29/
|
||||
* [2] https://www.mozilla.org/security/advisories/mfsa2015-50/
|
||||
* [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712 ***/
|
||||
* [3] https://www.mozilla.org/security/advisories/mfsa2017-01/#CVE-2017-5375
|
||||
* [4] https://www.mozilla.org/security/advisories/mfsa2017-05/#CVE-2017-5400 ***/
|
||||
user_pref("javascript.options.asmjs", false);
|
||||
/* 2421: disable Ion and baseline JIT to help harden JS against exploits such as CVE-2015-0817
|
||||
* [WARNING] Causes the odd site issue and there is also a performance loss
|
||||
@ -1175,6 +1154,10 @@ user_pref("javascript.options.wasm", false);
|
||||
* [2] https://w3c.github.io/IntersectionObserver/
|
||||
* [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1243846 ***/
|
||||
user_pref("dom.IntersectionObserver.enabled", false);
|
||||
/* 2427: disable Shared Memory (Spectre mitigation)
|
||||
* [1] https://github.com/tc39/ecmascript_sharedmem/blob/master/TUTORIAL.md
|
||||
* [2] https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/ ***/
|
||||
user_pref("javascript.options.shared_memory", false);
|
||||
|
||||
/*** 2500: HARDWARE FINGERPRINTING ***/
|
||||
user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!");
|
||||
@ -1201,16 +1184,6 @@ user_pref("dom.webaudio.enabled", false);
|
||||
* [1] https://developer.mozilla.org/docs/Web/Events/devicechange
|
||||
* [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/ondevicechange ***/
|
||||
user_pref("media.ondevicechange.enabled", false);
|
||||
/* 2513: disable Presentation API
|
||||
* [WARNING] [SETUP] Optional protection depending on your connected devices
|
||||
* [1] https://wiki.mozilla.org/WebAPI/PresentationAPI
|
||||
* [2] https://www.w3.org/TR/presentation-api/ ***/
|
||||
// user_pref("dom.presentation.enabled", false);
|
||||
// user_pref("dom.presentation.controller.enabled", false);
|
||||
// user_pref("dom.presentation.discoverable", false);
|
||||
// user_pref("dom.presentation.discovery.enabled", false);
|
||||
// user_pref("dom.presentation.receiver.enabled", false);
|
||||
// user_pref("dom.presentation.session_transport.data_channel.enable", false);
|
||||
|
||||
/*** 2600: MISC - LEAKS / FINGERPRINTING / PRIVACY / SECURITY ***/
|
||||
user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!");
|
||||
@ -1321,10 +1294,18 @@ user_pref("browser.uitour.url", "");
|
||||
/* 2629: disable remote JAR files being opened, regardless of content type (FF42+)
|
||||
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1173171 ***/
|
||||
user_pref("network.jar.block-remote-files", true);
|
||||
/* 2630: prevent accessibility services from accessing your browser
|
||||
/* 2630: prevent accessibility services from accessing your browser [RESTART]
|
||||
* [SETTING] Options>Privacy & Security>Permissions>Prevent accessibility services from accessing your browser
|
||||
* [1] https://support.mozilla.org/kb/accessibility-services ***/
|
||||
user_pref("accessibility.force_disabled", 1);
|
||||
/* 2631: block web content in file processes (FF55+)
|
||||
* [WARNING] [SETUP] You may want to disable this for corporate or developer environments
|
||||
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1343184 ***/
|
||||
user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false);
|
||||
/* 2632: disable websites overriding Firefox's keyboard shortcuts (FF58+)
|
||||
* [SETTING] to add site exceptions: Page Info>Permissions>Override Keyboard Shortcuts
|
||||
* [NOTE] At the time of writing, causes issues with delete and backspace keys ***/
|
||||
// user_pref("permissions.default.shortcuts", 2); // 0 (default) or 1=allow, 2=block
|
||||
/* 2662: disable "open with" in download dialog (FF50+)
|
||||
* This is very useful to enable when the browser is sandboxed (e.g. via AppArmor)
|
||||
* in such a way that it is forbidden to run external applications.
|
||||
@ -1407,10 +1388,14 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin
|
||||
* [NOTE] This also controls access to 3rd party Web Storage, IndexedDB, Cache API and Service Worker Cache
|
||||
* [1] https://www.fxsitecompat.com/en-CA/docs/2015/web-storage-indexeddb-cache-api-now-obey-third-party-cookies-preference/ ***/
|
||||
user_pref("network.cookie.cookieBehavior", 2);
|
||||
/* 2702: set third-party cookies (if enabled, see above pref) to session-only
|
||||
/* 2702: set third-party cookies (i.e ALL) (if enabled, see above pref) to session-only
|
||||
and (FF58+) set third-party non-secure (i.e HTTP) cookies to session-only
|
||||
[NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and
|
||||
.nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones
|
||||
* [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/
|
||||
* [2] http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly ***/
|
||||
user_pref("network.cookie.thirdparty.sessionOnly", true);
|
||||
user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // (FF58+)
|
||||
/* 2703: set cookie lifetime policy
|
||||
* 0=until they expire (default), 2=until you close Firefox, 3=for n days (see next pref)
|
||||
* [SETTING-56+] Options>Privacy & Security>History>Custom Settings>Accept cookies from sites>Keep until
|
||||
@ -1433,7 +1418,7 @@ user_pref("extensions.webextensions.keepStorageOnUninstall", false);
|
||||
user_pref("extensions.webextensions.keepUuidOnUninstall", false);
|
||||
/* 2720: disable JS storing data permanently [SETUP]
|
||||
* [WARNING] This BREAKS uBlock Origin [1.14.0+] and other extensions that require IndexedDB
|
||||
* [1] https://github.com/gorhill/uBlock/releases/tag/1.14.0
|
||||
* [1] https://github.com/gorhill/uBlock/releases/tag/1.14.0
|
||||
* [WARNING] This *will* break other extensions including legacy, and *will* break some sites ***/
|
||||
// user_pref("dom.indexedDB.enabled", false);
|
||||
/* 2730: disable offline cache ***/
|
||||
@ -1531,10 +1516,10 @@ user_pref("privacy.sanitize.timeSpan", 0);
|
||||
** 1344170 - isolate blob: URI (FF55+)
|
||||
** 1300671 - isolate data:, about: URLs (FF55+)
|
||||
|
||||
NOTE: FPI has some unresolved issues
|
||||
** 1381197 - extensions cannot control cookies with FPI Origin Attributes
|
||||
** 1418931 - IndexedDB (Offline Website Data) with FPI Origin Attributes
|
||||
NOTE: FPI has some issues depending on your Firefox release
|
||||
** 1418931 - [fixed in FF58+] IndexedDB (Offline Website Data) with FPI Origin Attributes
|
||||
are not removed with "Clear All/Recent History" or "On Close"
|
||||
** 1381197 - [fixed in FF59+] extensions cannot control cookies with FPI Origin Attributes
|
||||
***/
|
||||
user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out");
|
||||
/* 4001: enable First Party Isolation (FF51+)
|
||||
@ -1569,26 +1554,30 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true);
|
||||
This spoof *shouldn't* affect core chrome/Firefox performance
|
||||
** 1217238 - reduce precision of time exposed by javascript (FF55+)
|
||||
** 1369303 - spoof/disable performance API (see 2410-deprecated, 4602, 4603) (FF56+)
|
||||
** 1333651 & 1383495 & 1396468 & 1393283 - spoof Navigator API (see section 4700) (FF56+)
|
||||
** 1333651 & 1383495 & 1396468 & 1393283 & 1404608 - spoof Navigator API (see section 4700) (FF56+)
|
||||
FF56: The version number will be rounded down to the nearest multiple of 10
|
||||
FF57+: The version number will match current ESR
|
||||
FF59+: The OS will be reported as Windows, OSX, Android, or Linux (to reduce breakage)
|
||||
** 1369319 - disable device sensor API (see 4604) (FF56+)
|
||||
** 1369357 - disable site specific zoom (see 4605) (FF56+)
|
||||
** 1337161 - hide gamepads from content (see 4606) (FF56+)
|
||||
** 1372072 - spoof network information API as "unknown" (see 4607) (FF56+)
|
||||
** 1333641 - reduce fingerprinting in WebSpeech API (see 4608) (FF56+)
|
||||
** 1372069 & 1403813 - block geolocation requests (same as if you deny a site permission) (see 4609) (FF56+)
|
||||
** 1372069 & 1403813 - block geolocation requests (same as if you deny a site permission) (see 4609, 4612) (FF56+)
|
||||
** 1369309 - spoof media statistics (see 4610) (FF57+)
|
||||
** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 4611) (FF57+)
|
||||
** 1217290 - enable fingerprinting resistance for WebGL (see 2010-12) (FF57+)
|
||||
** 1382545 - reduce fingerprinting in Animation API (FF57+)
|
||||
** 1354633 - limit MediaError.message to a whitelist (FF57+)
|
||||
** 1382533 - enable fingerprinting resistance for Presentation API (see 2513) (FF57+)
|
||||
** 1382533 - enable fingerprinting resistance for Presentation API (FF57+)
|
||||
This blocks exposure of local IP Addresses via mDNS (Multicast DNS)
|
||||
** 967895 - enable site permission prompt before allowing canvas data extraction (FF58+)
|
||||
In FF59+ this is controllable via the site permissions panel, see 1413780 (FF59+)
|
||||
** 1372073 - spoof/block fingerprinting in MediaDevices API (FF59+)
|
||||
** 1039069 - warn when language prefs are set to non en-US (see 0207, 0208) (FF59+)
|
||||
** 1222285 - spoof keyboard events and suppress keyboard modifier events (FF59+)
|
||||
Spoofing mimics the content language of the document. Currently it only supports en-US.
|
||||
Modifier events suppressed are SHIFT, CTRL and both ALT keys. Chrome is not affected.
|
||||
***/
|
||||
user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
|
||||
/* 4501: enable privacy.resistFingerprinting (FF41+)
|
||||
@ -1672,6 +1661,12 @@ user_pref("media.video_stats.enabled", false);
|
||||
// [2] https://trac.torproject.org/projects/tor/ticket/10286
|
||||
// user_pref("dom.w3c_touch_events.enabled", 0);
|
||||
// * * * /
|
||||
// FF58+
|
||||
// 4612: [new] set a default permission for Location (FF58+)
|
||||
// [SETTING] to add site exceptions: Page Info>Permissions>Access Your Location
|
||||
// [SETTING] to manage site exceptions: Options>Privacy>Permissions>Location>Settings
|
||||
// user_pref("permissions.default.geo", 2); // 0=always ask (default), 1=allow, 2=block
|
||||
// * * * /
|
||||
// ***/
|
||||
|
||||
/*** 4700: RFP (4500) ALTERNATIVES - NAVIGATOR / USER AGENT (UA) SPOOFING
|
||||
@ -1704,14 +1699,13 @@ user_pref("_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow
|
||||
// user_pref("general.platform.override", "Win32"); // (hidden pref)
|
||||
/* 4706: navigator.oscpu leaks in JS ***/
|
||||
// user_pref("general.oscpu.override", "Windows NT 6.1"); // (hidden pref)
|
||||
/* 4707: general.useragent.locale (related, see 0204) ***/
|
||||
/* 4707: general.useragent.locale (related, see 0204 deprecated FF59+) ***/
|
||||
|
||||
/*** 5000: PERSONAL SETTINGS [SETUP]
|
||||
Settings that are handy to migrate and/or are not in the Options interface. Users
|
||||
can put their own non-security/privacy/fingerprinting/tracking stuff here ***/
|
||||
user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!");
|
||||
/* 5001: disable annoying warnings ***/
|
||||
user_pref("general.warnOnAboutConfig", false);
|
||||
user_pref("browser.tabs.warnOnClose", false);
|
||||
user_pref("browser.tabs.warnOnCloseOtherTabs", false);
|
||||
user_pref("browser.tabs.warnOnOpen", false);
|
||||
|
Reference in New Issue
Block a user