73 final

Update troubleshooting-help.md
2025-09-01 17:38:30 +02:00 · 2020-03-12 03:37:46 +00:00 · 2020-02-25 00:21:42 +00:00 · 2020-02-25 00:20:19 +00:00 · 2020-02-22 13:56:30 +00:00 · 2020-02-15 12:55:59 +00:00
4 changed files with 120 additions and 201 deletions
--- a/.github/ISSUE_TEMPLATE/troubleshooting-help.md
+++ b/.github/ISSUE_TEMPLATE/troubleshooting-help.md
@ -8,11 +8,11 @@ assignees: ''
 ---
 Before you proceed...
-  - Keep reading this. Seriously.
+  - Issues will be closed as invalid if you do not [troubleshoot](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.4-Troubleshooting), including
-  - Note that we do not support forks (i.e. IceCat, Pale Moon, WaterFox, etc).
+     - confirming the problem is caused by the `user.js`
-  - Make sure you searched for the `[Setup` tags in the `user.js`.
+     - searching the `[Setup` tags in the `user.js`
  - Search the GitHub repository. The information you need is most likely here already.
-  - Check out our [troubleshooting](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.4-Troubleshooting) wiki page, including steps to see if the problem is caused by the `user.js` or an extension.
+  - Note: We do not support forks
 See also:
  - Extension breakage due to prefs [issue 391](https://github.com/ghacksuserjs/ghacks-user.js/issues/391)
--- a/prefsCleaner.sh
+++ b/prefsCleaner.sh
@ -2,7 +2,7 @@
 ## prefs.js cleaner for Linux/Mac
 ## author: @claustromaniac
-## version: 1.1
+## version: 1.2
 ## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh
@ -27,7 +27,7 @@ fQuit() {
 fFF_check() {
 	# there are many ways to see if firefox is running or not, some more reliable than others
 	# this isn't elegant and might not be future-proof but should at least be compatible with any environment
-	while [ -e webappsstore.sqlite-shm ]; do
+	while [ -e lock ]; do
 		echo -e "\nThis Firefox profile seems to be in use. Close Firefox and try again.\n"
 		read -p "Press any key to continue."
 	done
@ -58,7 +58,7 @@ echo -e "\n\n"
 echo "                   ╔══════════════════════════╗"
 echo "                   ║     prefs.js cleaner     ║"
 echo "                   ║    by claustromaniac     ║"
-echo "                   ║           v1.1           ║"
+echo "                   ║           v1.2           ║"
 echo "                   ╚══════════════════════════╝"
 echo -e "\nThis script should be run from your Firefox profile directory.\n"
 echo "It will remove any entries from prefs.js that also exist in user.js."
--- a/scratchpad-scripts/ghacks-clear-[removed].js
+++ b/scratchpad-scripts/ghacks-clear-[removed].js
@ -1,7 +1,7 @@
 /***
 This will reset the preferences that have been removed completely from the ghacks user.js.
- Last updated: 11-November-2019
+ Last updated: 19-December-2019
 For instructions see:
 https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts]
@ -215,6 +215,9 @@
    'security.insecure_connection_icon.pbmode.enabled',
    'security.insecure_connection_text.pbmode.enabled',
    'webgl.dxgl.enabled',
    /* 71-beta */
    'media.block-autoplay-until-in-foreground',
    'middlemouse.paste',
    /* reset parrot: check your open about:config after running the script */
    '_user.js.parrot'
  ]
--- a/user.js
+++ b/user.js
@ -1,8 +1,7 @@
 /******
 * name: ghacks user.js
-* date: 03 December 2019
+* date: 11 March 2020
-* version 70: Pinpants Wizard
+* version 73
 *   "Ever since I was a young pants, I've played the silver ball"
 * authors: v52+ github | v51- www.ghacks.net
 * url: https://github.com/ghacksuserjs/ghacks-user.js
 * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt
@ -83,6 +82,12 @@
 * [1] https://blog.mozilla.org/nnethercote/2018/03/09/a-new-preferences-parser-for-firefox/ ***/
 user_pref("_user.js.parrot", "START: Oh yes, the Norwegian Blue... what's wrong with it?");
 /* 0000: disable about:config warning
 * FF71-72: chrome://global/content/config.xul
 * FF73+: chrome://global/content/config.xhtml ***/
 user_pref("general.warnOnAboutConfig", false); // XUL/XHTML version
 user_pref("browser.aboutConfig.showWarning", false); // HTML version [FF71+]
 /*** [SECTION 0100]: STARTUP ***/
 user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!");
 /* 0101: disable default browser check
@ -108,7 +113,6 @@ user_pref("browser.newtab.preload", false);
 /* 0105a: disable Activity Stream telemetry ***/
 user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
 user_pref("browser.newtabpage.activity-stream.telemetry", false);
 user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", "");
 /* 0105b: disable Activity Stream Snippets
 * Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server
 * [1] https://abouthome-snippets-service.readthedocs.io/ ***/
@ -194,16 +198,17 @@ user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the
   // user_pref("extensions.update.enabled", false);
 /* 0302a: disable auto-INSTALLING Firefox updates [NON-WINDOWS FF65+]
 * [NOTE] In FF65+ on Windows this SETTING (below) is now stored in a file and the pref was removed
- * [SETTING] General>Firefox Updates>Check for updates but let you choose... ***/
+ * [SETTING] General>Firefox Updates>Check for updates but let you choose to install them ***/
 user_pref("app.update.auto", false);
 /* 0302b: disable auto-INSTALLING extension and theme updates (after the check in 0301b)
 * [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) ***/
   // user_pref("extensions.update.autoUpdateDefault", false);
 /* 0306: disable extension metadata
- * used when installing/updating an extension, and in daily background update checks: if false, it
+ * used when installing/updating an extension, and in daily background update checks:
- * hides the expanded text description (if it exists) when you "show more details about an addon" ***/
+ * when false, extension detail tabs will have no description ***/
   // user_pref("extensions.getAddons.cache.enabled", false);
-/* 0308: disable search update
+/* 0308: disable search engine updates (e.g. OpenSearch)
 * [NOTE] This does not affect Mozilla's built-in or Web Extension search engines
 * [SETTING] General>Firefox Updates>Automatically update search engines ***/
 user_pref("browser.search.update", false);
 /* 0309: disable sending Flash crash reports ***/
@ -232,7 +237,6 @@ user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); // [FF55+]
 user_pref("toolkit.telemetry.updatePing.enabled", false); // [FF56+]
 user_pref("toolkit.telemetry.bhrPing.enabled", false); // [FF57+] Background Hang Reporter
 user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // [FF57+]
 user_pref("toolkit.telemetry.hybridContent.enabled", false); // [FF59+]
 /* 0331: disable Telemetry Coverage
 * [1] https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/ ***/
 user_pref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF]
@ -250,7 +254,7 @@ user_pref("datareporting.policy.dataSubmissionEnabled", false);
 user_pref("app.shield.optoutstudies.enabled", false);
 /* 0343: disable personalized Extension Recommendations in about:addons and AMO [FF65+]
 * [NOTE] This pref has no effect when Health Reports (0340) are disabled
- * [SETTING] Privacy & Security>Firefox Data Collection & Use>...>Allow Firefox to make personalized extension rec.
+ * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to make personalized extension recommendations
 * [1] https://support.mozilla.org/kb/personalized-extension-recommendations ***/
 user_pref("browser.discovery.enabled", false);
 /* 0350: disable Crash Reports ***/
@ -354,7 +358,7 @@ user_pref("browser.ping-centre.telemetry", false);
 /* 0517: disable Form Autofill
 * [NOTE] Stored data is NOT secure (uses a JSON file)
 * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes
- * [SETTING] Privacy & Security>Forms & Passwords>Autofill addresses
+ * [SETTING] Privacy & Security>Forms and Autofill>Autofill addresses (FF74+)
 * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill
 * [2] https://www.ghacks.net/2017/05/24/firefoxs-new-form-autofill-is-awesome/ ***/
 user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+]
@ -404,7 +408,7 @@ user_pref("network.dns.disableIPv6", true);
 * HTTP2 raises concerns with "multiplexing" and "server push", does nothing to
 * enhance privacy, and opens up a number of server-side fingerprinting opportunities.
 * [WARNING] Disabling this made sense in the past, and doesn't break anything, but HTTP2 is
- * at 35% (April 2019) and growing [5]. Don't be that one person using HTTP1.1 on HTTP2 sites
+ * at 40% (December 2019) and growing [5]. Don't be that one person using HTTP1.1 on HTTP2 sites
 * [1] https://http2.github.io/faq/
 * [2] https://blog.scottlogic.com/2014/11/07/http-2-a-quick-look.html
 * [3] https://http2.github.io/http2-spec/#rfc.section.10.8
@ -511,11 +515,12 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false);
 /* 0850e: disable location bar one-off searches [FF51+]
 * [1] https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/
   // user_pref("browser.urlbar.oneOffSearches", false);
-/* 0860: disable search and form history [SETUP-WEB]
+/* 0860: disable search and form history
- * [WARNING] Autocomplete form data is still (in April 2019) easily read by third parties, see [1]
+ * [SETUP-WEB] Be aware thet autocomplete form data can be read by third parties, see [1] [2]
- * [NOTE] We also clear formdata on exiting Firefox (see 2803)
+ * [NOTE] We also clear formdata on exit (see 2803)
 * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history
- * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html ***/
+ * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html
 * [2] https://bugzilla.mozilla.org/381681 ***/
 user_pref("browser.formfill.enable", false);
 /* 0862: disable browsing and download history
 * [NOTE] We also clear history and downloads on exiting Firefox (see 2803)
@ -533,11 +538,11 @@ user_pref("browser.taskbar.previews.enable", false);
 user_pref("_user.js.parrot", "0900 syntax error: the parrot's expired!");
 /* 0901: disable saving passwords
 * [NOTE] This does not clear any passwords already saved
- * [SETTING] Privacy & Security>Forms & Passwords>Ask to save logins and passwords for websites ***/
+ * [SETTING] Privacy & Security>Logins and Passwords>Ask to save logins and passwords for websites ***/
   // user_pref("signon.rememberSignons", false);
-/* 0902: use a master password (recommended if you save passwords)
+/* 0902: use a master password
 * There are no preferences for this. It is all handled internally.
- * [SETTING] Privacy & Security>Forms & Passwords>Use a master password
+ * [SETTING] Privacy & Security>Logins and Passwords>Use a master password
 * [1] https://support.mozilla.org/kb/use-master-password-protect-stored-logins ***/
 /* 0903: set how often Firefox should ask for the master password
 * 0=the first time (default), 1=every time it's needed, 2=every n minutes (see 0904) ***/
@ -547,7 +552,8 @@ user_pref("security.ask_for_password", 2);
 user_pref("security.password_lifetime", 5);
 /* 0905: disable auto-filling username & password form fields
 * can leak in cross-site forms *and* be spoofed
- * [NOTE] Username & password is still available when you enter the field ***/
+ * [NOTE] Username & password is still available when you enter the field
 * [SETTING] Privacy & Security>Logins and Passwords>Autofill logins and passwords ***/
 user_pref("signon.autofillForms", false);
 /* 0909: disable formless login capture for Password Manager [FF51+] ***/
 user_pref("signon.formlessCapture.enabled", false);
@ -635,8 +641,15 @@ user_pref("browser.shell.shortcutFavicons", false);
 ***/
 user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
 /** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/
-/* 1201: disable old SSL/TLS "insecure" negotiation (vulnerable to a MiTM attack)
+/* 1201: require safe negotiation
- * [1] https://wiki.mozilla.org/Security:Renegotiation ***/
+ * Blocks connections to servers that don't support RFC 5746 [2] as they're potentially
 * vulnerable to a MiTM attack [3]. A server *without* RFC 5746 can be safe from the attack
 * if it disables renegotiations but the problem is that the browser can't know that.
 * Setting this pref to true is the only way for the browser to ensure there will be
 * no unsafe renegotiations on the channel between the browser and the server.
 * [1] https://wiki.mozilla.org/Security:Renegotiation
 * [2] https://tools.ietf.org/html/rfc5746
 * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 ***/
 user_pref("security.ssl.require_safe_negotiation", true);
 /* 1202: control TLS versions with min and max
 * 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
@ -709,7 +722,7 @@ user_pref("security.family_safety.mode", 0);
   // user_pref("security.nocertdb", true); // [HIDDEN PREF]
 /* 1223: enforce strict pinning
 * PKP (Public Key Pinning) 0=disabled 1=allow user MiTM (such as your antivirus), 2=strict
- * [WARNING] If you rely on an AV (antivirus) to protect your web browsing
+ * [SETUP-WEB] If you rely on an AV (antivirus) to protect your web browsing
 * by inspecting ALL your web traffic, then leave at current default=1
 * [1] https://trac.torproject.org/projects/tor/ticket/16206 ***/
 user_pref("security.cert_pinning.enforcement_level", 2);
@ -742,8 +755,10 @@ user_pref("security.mixed_content.block_object_subrequest", true);
   // user_pref("security.ssl3.rsa_aes_256_sha", false);
 /** UI (User Interface) ***/
-/* 1270: display warning (red padlock) for "broken security" (see 1201)
+/* 1270: display warning on the padlock for "broken security" (if 1201 is false)
- * [1] https://wiki.mozilla.org/Security:Renegotiation ***/
+ * Bug: warning padlock not indicated for subresources on a secure page! [2]
 * [1] https://wiki.mozilla.org/Security:Renegotiation
 * [2] https://bugzilla.mozilla.org/1353705 ***/
 user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
 /* 1271: control "Add Security Exception" dialog on SSL warnings
 * 0=do neither 1=pre-populate url 2=pre-populate url + pre-fetch cert (default)
@ -773,9 +788,10 @@ user_pref("browser.display.use_document_fonts", 0);
 /* 1404: disable rendering of SVG OpenType fonts
 * [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/
 user_pref("gfx.font_rendering.opentype_svg.enabled", false);
-/* 1408: disable graphite which FF49 turned back on by default
+/* 1408: disable graphite
- * In the past it had security issues. Update: This continues to be the case, see [1]
+ * Graphite has had many critical security issues in the past, see [1]
- * [1] https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778 ***/
+ * [1] https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778
 * [2] https://en.wikipedia.org/wiki/Graphite_(SIL) ***/
 user_pref("gfx.font_rendering.graphite.enabled", false);
 /* 1409: limit system font exposure to a whitelist [FF52+] [RESTART]
 * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed.
@ -832,8 +848,8 @@ user_pref("network.http.referer.XOriginTrimmingPolicy", 0); // [DEFAULT: 0]
 * [1] https://bugzilla.mozilla.org/1305144 ***/
 user_pref("network.http.referer.hideOnionSource", true);
 /* 1610: ALL: enable the DNT (Do Not Track) HTTP header
- * [NOTE] DNT is enforced with Tracking Protection regardless of this pref
+ * [NOTE] DNT is enforced with Enhanced Tracking Protection regardless of this pref
- * [SETTING] Privacy & Security>Content Blocking>Send websites a "Do Not Track"... ***/
+ * [SETTING] Privacy & Security>Enhanced Tracking Protection>Send websites a "Do Not Track" signal... ***/
 user_pref("privacy.donottrackheader.enabled", true);
 /*** [SECTION 1700]: CONTAINERS
@ -921,9 +937,6 @@ user_pref("media.getusermedia.audiocapture.enabled", false);
   // user_pref("media.autoplay.default", 5);
 /* 2031: disable autoplay of HTML5 media if you interacted with the site [FF66+] ***/
 user_pref("media.autoplay.enabled.user-gestures-needed", false);
 /* 2032: disable autoplay of HTML5 media in non-active tabs [FF51+]
 * [1] https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/ ***/
 user_pref("media.block-autoplay-until-in-foreground", true); // [DEFAULT: true]
 /*** [SECTION 2200]: WINDOW MEDDLING & LEAKS / POPUPS ***/
 user_pref("_user.js.parrot", "2200 syntax error: the parrot's 'istory!");
@ -1015,14 +1028,12 @@ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!
   // user_pref("dom.event.contextmenu.enabled", false);
 /* 2402: disable website access to clipboard events/content
 * [SETUP-WEB] This will break some sites functionality such as pasting into facebook, wordpress
- * this applies to onCut, onCopy, onPaste events - i.e. you have to interact with
+ * This applies to onCut/onCopy/onPaste events - i.e. it requires interaction with the website
- * the website for it to look at the clipboard
+ * [WARNING] If both 'middlemouse.paste' and 'general.autoScroll' are true (at least one
- * [1] https://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/ ***/
+ * is default false) then enabling this pref can leak clipboard content, see [2]
 * [1] https://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/
 * [2] https://bugzilla.mozilla.org/1528289 */
 user_pref("dom.event.clipboardevents.enabled", false);
 /* 2403: disable middlemouse paste leaking clipboard content on Linux after autoscroll
 * Defense in depth if clipboard events are enabled (see 2402)
 * [1] https://bugzilla.mozilla.org/1528289 */
 user_pref("middlemouse.paste", false); // [DEFAULT: false on Windows]
 /* 2404: disable clipboard commands (cut/copy) from "non-privileged" content [FF41+]
 * this disables document.execCommand("cut"/"copy") to protect your clipboard
 * [1] https://bugzilla.mozilla.org/1170911 ***/
@ -1069,10 +1080,6 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m
 * [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code. see [1]
 * [1] https://bugzilla.mozilla.org/1313580 ***/
   // user_pref("dom.battery.enabled", false);
 /* 2504: disable virtual reality devices
 * Optional protection depending on your connected devices
 * [1] https://developer.mozilla.org/docs/Web/API/WebVR_API ***/
   // user_pref("dom.vr.enabled", false);
 /* 2505: disable media device enumeration [FF29+]
 * [NOTE] media.peerconnection.enabled should also be set to false (see 2001)
 * [1] https://wiki.mozilla.org/Media/getUserMedia
@ -1093,6 +1100,15 @@ user_pref("dom.webaudio.enabled", false);
 * [1] https://github.com/WICG/media-capabilities
 * [2] https://wicg.github.io/media-capabilities/#security-privacy-considerations ***/
   // user_pref("media.media-capabilities.enabled", false);
 /* 2520: disable virtual reality devices
 * Optional protection depending on your connected devices
 * [1] https://developer.mozilla.org/docs/Web/API/WebVR_API ***/
   // user_pref("dom.vr.enabled", false);
 /* 2521: set a default permission for Virtual Reality (see 2520) [FF73+]
 * 0=always ask (default), 1=allow, 2=block
 * [SETTING] to add site exceptions: Page Info>Permissions>Access Virtual Reality Devices
 * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Virtual Reality>Settings ***/
   // user_pref("permissions.default.xr", 0);
 /*** [SECTION 2600]: MISCELLANEOUS ***/
 user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!");
@ -1120,11 +1136,9 @@ user_pref("browser.uitour.url", "");
 * [SETTING] Devtools>Advanced Settings>Enable browser chrome and add-on debugging toolboxes
 * [1] https://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/
 user_pref("devtools.chrome.enabled", false);
-/* 2608: disable WebIDE to prevent remote debugging and ADB extension download
+/* 2608: disable remote debugging
 * [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/
 user_pref("devtools.debugger.remote-enabled", false);
 user_pref("devtools.webide.enabled", false); // [DEFAULT: false FF70+]
 user_pref("devtools.webide.autoinstallADBExtension", false); // [FF64+]
 /* 2609: disable MathML (Mathematical Markup Language) [FF51+] [SETUP-HARDEN]
 * [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#misc
 * [1] https://bugzilla.mozilla.org/1173199 ***/
@ -1151,8 +1165,8 @@ user_pref("permissions.manager.defaultsUrl", "");
 /* 2617: remove webchannel whitelist ***/
 user_pref("webchannel.allowObject.urlWhitelist", "");
 /* 2619: enforce Punycode for Internationalized Domain Names to eliminate possible spoofing
- * Firefox has *some* protections, but it is better to be safe than sorry. The downside: it will also
+ * Firefox has *some* protections, but it is better to be safe than sorry
- * display legitimate IDN's punycoded, which might be undesirable for users of non-latin alphabets
+ * [SETUP-WEB] Might be undesirable for non-latin alphabet users since legitimate IDN's are also punycoded
 * [TEST] https://www.xn--80ak6aa92e.com/ (www.apple.com)
 * [1] https://wiki.mozilla.org/IDN_Display_Algorithm
 * [2] https://en.wikipedia.org/wiki/IDN_homograph_attack
@ -1234,8 +1248,10 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin
 * 0=Accept cookies and site data, 1=(Block) All third-party cookies, 2=(Block) All cookies,
 * 3=(Block) Cookies from unvisited websites, 4=(Block) Cross-site and social media trackers (FF63+) (default FF69+)
 * [NOTE] You can set exceptions under site permissions or use an extension
- * [SETTING] Privacy & Security>Content Blocking>Custom>Choose what to block>Cookies ***/
+ * [NOTE] Enforcing category to custom ensures ETP related prefs are always honored
 * [SETTING] Privacy & Security>Enhanced Tracking Protection>Custom>Cookies ***/
 user_pref("network.cookie.cookieBehavior", 1);
 user_pref("browser.contentblocking.category", "custom");
 /* 2702: set third-party cookies (i.e ALL) (if enabled, see 2701) to session-only
   and (FF58+) set third-party non-secure (i.e HTTP) cookies to session-only
   [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and
@ -1252,20 +1268,8 @@ user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+]
 * [WARNING] This will break a LOT of sites' functionality AND extensions!
 * You are better off using an extension for more granular control ***/
   // user_pref("dom.storage.enabled", false);
 /* 2720: enforce IndexedDB (IDB) as enabled
 * IDB is required for extensions and Firefox internals (even before FF63 in [1])
 * To control *website* IDB data, control allowing cookies and service workers, or use
 * Temporary Containers. To mitigate *website* IDB, FPI helps (4001), and/or sanitize
 * on close (Offline Website Data, see 2800) or on-demand (Ctrl-Shift-Del), or automatically
 * via an extension. Note that IDB currently cannot be sanitized by host.
 * [1] https://blog.mozilla.org/addons/2018/08/03/new-backend-for-storage-local-api/ ***/
 user_pref("dom.indexedDB.enabled", true); // [DEFAULT: true]
 /* 2730: disable offline cache ***/
 user_pref("browser.cache.offline.enable", false);
 /* 2731: enforce websites to ask to store data for offline use
 * [1] https://support.mozilla.org/questions/1098540
 * [2] https://bugzilla.mozilla.org/959985 ***/
 user_pref("offline-apps.allow_by_default", false);
 /* 2740: disable service worker cache and cache storage
 * [NOTE] We clear service worker cache on exiting Firefox (see 2803)
 * [1] https://w3c.github.io/ServiceWorker/#privacy ***/
@ -1353,7 +1357,7 @@ user_pref("privacy.sanitize.timeSpan", 0);
 ** 1542309 - isolate top-level domain URLs when host is in the public suffix list (FF68+)
 ** 1506693 - isolate pdfjs range-based requests (FF68+)
 ** 1330467 - isolate site permissions (FF69+)
- ** 1534339 - isolate IPv6 (coming soon)
+ ** 1534339 - isolate IPv6 (FF73+)
 ***/
 user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out");
 /* 4001: enable First Party Isolation [FF51+]
@ -1368,7 +1372,7 @@ user_pref("privacy.firstparty.isolate", true);
 * [1] https://bugzilla.mozilla.org/1319773#c22
 * [2] https://bugzilla.mozilla.org/1492607
 * [3] https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage ***/
-user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAULT: true]
+   // user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAULT: true]
   // user_pref("privacy.firstparty.isolate.block_post_message", true); // [HIDDEN PREF ESR]
 /*** [SECTION 4500]: RFP (RESIST FINGERPRINTING)
@ -1430,10 +1434,11 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAUL
      FF65: pointerEvent.pointerid (1492766)
 ** 1485266 - disable exposure of system colors to CSS or canvas (see 4615) (FF67+)
 ** 1407366 - enable inner window letterboxing (see 4504) (FF67+)
- ** 1540726 - return "light" with prefers-color-scheme (FF67+)
+ ** 1494034 - return "light" with prefers-color-scheme (see 4616) (FF67+)
      [1] https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme
 ** 1564422 - spoof audioContext outputLatency (FF70+)
 ** 1595823 - spoof audioContext sampleRate (FF72+)
 ** 1607316 - spoof pointer as coarse and hover as none (ANDROID) (FF74+)
 ***/
 user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
 /* 4501: enable privacy.resistFingerprinting [FF41+]
@ -1560,6 +1565,9 @@ user_pref("dom.w3c_pointer_events.enabled", false);
   // [SETUP-CHROME] Might affect CSS in themes and extensions
   // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876
 user_pref("ui.use_standins_for_native_colors", true);
 // 4616: enforce prefers-color-scheme as light [FF67+]
   // 0=light, 1=dark : This overrides your OS value
 user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF]
 // * * * /
 // ***/
@ -1604,8 +1612,6 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!");
   // user_pref("browser.tabs.warnOnOpen", false);
   // user_pref("full-screen-api.warning.delay", 0);
   // user_pref("full-screen-api.warning.timeout", 0);
   // user_pref("general.warnOnAboutConfig", false);
   // user_pref("browser.aboutConfig.showWarning", false); // [FF67+]
 /* APPEARANCE ***/
   // user_pref("browser.download.autohideButton", false); // [FF57+]
   // user_pref("toolkit.cosmeticAnimations.enabled", false); // [FF55+]
@ -1619,10 +1625,10 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!");
   // user_pref("browser.tabs.closeWindowWithLastTab", false);
   // user_pref("browser.tabs.loadBookmarksInTabs", true); // open bookmarks in a new tab [FF57+]
   // user_pref("browser.urlbar.decodeURLsOnCopy", true); // see bugzilla 1320061 [FF53+]
-   // user_pref("general.autoScroll", false); // middle-click enabling auto-scrolling [WINDOWS] [MAC]
+   // user_pref("general.autoScroll", false); // middle-click enabling auto-scrolling [DEFAULT: false on Linux]
   // user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART]
   // user_pref("view_source.tab", false); // view "page/selection source" in a new window [FF68+, FF59 and under]
-/* UX: FEATURES: disable and hide the icons and menus ***/
+/* UX FEATURES: disable and hide the icons and menus ***/
   // user_pref("browser.messaging-system.whatsNewPanel.enabled", false); // What's New [FF69+]
   // user_pref("extensions.pocket.enabled", false); // Pocket Account [FF46+]
   // user_pref("identity.fxaccounts.enabled", false); // Firefox Accounts & Sync [FF60+] [RESTART]
@ -1637,130 +1643,11 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!");
   // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR)
 /*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED
-     Documentation denoted as [-]. Items deprecated prior to FF61 have been archived at [1], which
+     Documentation denoted as [-]. Items deprecated in FF68 or earlier have been archived at [1],
-     also provides a link-clickable, viewer-friendly version of the deprecated bugzilla tickets
+     which also provides a link-clickable, viewer-friendly version of the deprecated bugzilla tickets
     [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/123
 ***/
 user_pref("_user.js.parrot", "9999 syntax error: the parrot's deprecated!");
 /* FF61
 // 0501: disable experiments
   // [1] https://wiki.mozilla.org/Telemetry/Experiments
   // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1420908,1450801
 user_pref("experiments.enabled", false);
 user_pref("experiments.manifest.uri", "");
 user_pref("experiments.supported", false);
 user_pref("experiments.activeExperiment", false);
 // 2612: disable remote JAR files being opened, regardless of content type [FF42+]
   // [1] https://bugzilla.mozilla.org/1173171
   // [2] https://www.fxsitecompat.com/en-CA/docs/2015/jar-protocol-support-has-been-disabled-by-default/
   // [-] https://bugzilla.mozilla.org/1427726
 user_pref("network.jar.block-remote-files", true);
 // 2613: disable JAR from opening Unsafe File Types
   // [-] https://bugzilla.mozilla.org/1427726
 user_pref("network.jar.open-unsafe-types", false);
 // ***/
 /* FF62
 // 1803: disable Java plugin
   // [-] (part5) https://bugzilla.mozilla.org/1461243
 user_pref("plugin.state.java", 0);
 // ***/
 /* FF63
 // 0205: disable GeoIP-based search results
   // [NOTE] May not be hidden if Firefox has changed your settings due to your locale
   // [-] https://bugzilla.mozilla.org/1462015
 user_pref("browser.search.countryCode", "US"); // [HIDDEN PREF]
 // 0301a: disable auto-update checks for Firefox
   // [SETTING] General>Firefox Updates>Never check for updates
   // [-] https://bugzilla.mozilla.org/1420514
   // user_pref("app.update.enabled", false);
 // 0503: disable "Savant" Shield study [FF61+]
   // [-] https://bugzilla.mozilla.org/1457226
 user_pref("shield.savant.enabled", false);
 // 1031: disable favicons in tabs and new bookmarks - merged into browser.chrome.site_icons
   // [-] https://bugzilla.mozilla.org/1453751
   // user_pref("browser.chrome.favicons", false);
 // 2030: disable autoplay of HTML5 media - replaced by media.autoplay.default
   // This may break video playback on various sites
   // [-] https://bugzilla.mozilla.org/1470082
 user_pref("media.autoplay.enabled", false);
 // 2704: set cookie lifetime in days (see 2703)
   // [-] https://bugzilla.mozilla.org/1457170
   // user_pref("network.cookie.lifetime.days", 90); // [DEFAULT: 90]
 // 5000's: enable "Ctrl+Tab cycles through tabs in recently used order" - replaced by browser.ctrlTab.recentlyUsedOrder
   // [-] https://bugzilla.mozilla.org/1473595
   // user_pref("browser.ctrlTab.previews", true);
 // ***/
 /* FF64
 // 0516: disable Onboarding [FF55+]
   // Onboarding is an interactive tour/setup for new installs/profiles and features. Every time
   // about:home or about:newtab is opened, the onboarding overlay is injected into that page
   // [NOTE] Onboarding uses Google Analytics [2], and leaks resource://URIs [3]
   // [1] https://wiki.mozilla.org/Firefox/Onboarding
   // [2] https://github.com/mozilla/onboard/commit/db4d6c8726c89a5d6a241c1b1065827b525c5baf
   // [3] https://bugzilla.mozilla.org/863246#c154
   // [-] https://bugzilla.mozilla.org/1462415
 user_pref("browser.onboarding.enabled", false);
 // 2608: disable WebIDE ADB extension downloads - both renamed
   // [1] https://trac.torproject.org/projects/tor/ticket/16222
   // [-] https://bugzilla.mozilla.org/1491315
 user_pref("devtools.webide.autoinstallADBHelper", false);
 user_pref("devtools.webide.adbAddonURL", "");
 // 2681: disable CSP violation events [FF59+]
   // [1] https://developer.mozilla.org/docs/Web/API/SecurityPolicyViolationEvent
   // [-] https://bugzilla.mozilla.org/1488165
 user_pref("security.csp.enable_violation_events", false);
 // ***/
 /* FF65
 // 0850a: disable location bar autocomplete and suggestion types
   // If you enforce any of the suggestion types (see the other 0850a), you MUST enforce 'autocomplete'
   //   - If *ALL* of the suggestion types are false, 'autocomplete' must also be false
   //   - If *ANY* of the suggestion types are true, 'autocomplete' must also be true
   // [-] https://bugzilla.mozilla.org/1502392
 user_pref("browser.urlbar.autocomplete.enabled", false);
 // 0908: remove user & password info when attempting to fix an entered URL (i.e. 0802 is true)
   // e.g. //user:password@foo -> //user@(prefix)foo(suffix) NOT //user:password@(prefix)foo(suffix)
   // [-] https://bugzilla.mozilla.org/1510580
 user_pref("browser.fixup.hide_user_pass", true); // [DEFAULT: true]
 // ***/
 /* FF66
 // 0380: disable Browser Error Reporter [FF60+]
   // [1] https://support.mozilla.org/en-US/kb/firefox-nightly-error-collection
   // [2] https://firefox-source-docs.mozilla.org/browser/browser/BrowserErrorReporter.html
   // [-] https://bugzilla.mozilla.org/1509888
 user_pref("browser.chrome.errorReporter.enabled", false);
 user_pref("browser.chrome.errorReporter.submitUrl", "");
 // 0502: disable Mozilla permission to silently opt you into tests
   // [-] https://bugzilla.mozilla.org/1415625
 user_pref("network.allow-experiments", false);
 // ***/
 /* FF67
 // 2428: enforce DOMHighResTimeStamp API
   // [WARNING] Required for normalization of timestamps and any timer resolution mitigations
   // [-] https://bugzilla.mozilla.org/1485264
 user_pref("dom.event.highrestimestamp.enabled", true); // [DEFAULT: true]
 // 5000's: disable CFR [FF64+] - split into two new prefs: *cfr.addons, *cfr.features
   // [SETTING] General>Browsing>Recommend extensions as you browse
   // [1] https://support.mozilla.org/en-US/kb/extension-recommendations
   // [-] https://bugzilla.mozilla.org/1528953
   // user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", false);
 // ***/
 /* FF68
 // 0105b: disable Activity Stream Legacy Snippets
   // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1546190,1540939
 user_pref("browser.newtabpage.activity-stream.disableSnippets", true);
 user_pref("browser.aboutHomeSnippets.updateUrl", "");
 // 0307: disable auto updating of lightweight themes (LWT)
   // Not to be confused with themes in 0301* + 0302*, which use the FF55+ Theme API
   // Mozilla plan to convert existing LWTs and remove LWT support in the future, see [1]
   // [1] https://blog.mozilla.org/addons/2018/09/20/future-themes-here/
   // [-] (part3b) https://bugzilla.mozilla.org/1525762
 user_pref("lightweightThemes.update.enabled", false);
 // 2682: enable CSP 1.1 experimental hash-source directive [FF29+]
   // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=855326,883975
   // [-] https://bugzilla.mozilla.org/1386214
 user_pref("security.csp.experimentalEnabled", true);
 // ***/
 /* ESR68.x still uses all the following prefs
 // [NOTE] replace the * with a slash in the line above to re-enable them
 // FF69
@ -1774,6 +1661,35 @@ user_pref("plugins.click_to_play", true); // [DEFAULT: true FF25+]
   // [-] https://bugzilla.mozilla.org/1562331
   // user_pref("media.autoplay.allow-muted", false);
 // * * * /
 // FF71
 // 2608: disable WebIDE and ADB extension download
   // [1] https://trac.torproject.org/projects/tor/ticket/16222
   // [-] https://bugzilla.mozilla.org/1539462
 user_pref("devtools.webide.enabled", false); // [DEFAULT: false FF70+]
 user_pref("devtools.webide.autoinstallADBExtension", false); // [FF64+]
 // 2731: enforce websites to ask to store data for offline use
   // [1] https://support.mozilla.org/questions/1098540
   // [2] https://bugzilla.mozilla.org/959985
   // [-] https://bugzilla.mozilla.org/1574480
 user_pref("offline-apps.allow_by_default", false);
 // * * * /
 // FF72
 // 0105a: disable Activity Stream telemetry
   // [-] https://bugzilla.mozilla.org/1597697
 user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", "");
 // 0330: disable Hybdrid Content telemetry
   // [-] https://bugzilla.mozilla.org/1520491
 user_pref("toolkit.telemetry.hybridContent.enabled", false); // [FF59+]
 // 2720: enforce IndexedDB (IDB) as enabled
   // IDB is required for extensions and Firefox internals (even before FF63 in [1])
   // To control *website* IDB data, control allowing cookies and service workers, or use
   // Temporary Containers. To mitigate *website* IDB, FPI helps (4001), and/or sanitize
   // on close (Offline Website Data, see 2800) or on-demand (Ctrl-Shift-Del), or automatically
   // via an extension. Note that IDB currently cannot be sanitized by host.
   // [1] https://blog.mozilla.org/addons/2018/08/03/new-backend-for-storage-local-api/
   // [-] https://bugzilla.mozilla.org/1488583
 user_pref("dom.indexedDB.enabled", true); // [DEFAULT: true]
 // * * * /
 // ***/
 /* END: internal custom pref to test for syntax errors ***/
Author	SHA1	Message	Date
Thorin-Oakenpants	4139630635	73 final	2020-03-12 03:37:46 +00:00
Thorin-Oakenpants	a542701ba5	Update troubleshooting-help.md	2020-02-25 00:21:42 +00:00
Thorin-Oakenpants	e67a0c868d	Update troubleshooting-help.md	2020-02-25 00:20:19 +00:00
Thorin-Oakenpants	1afd52de6e	0306: minor tweak There is no "show more details about an addon" anymore since they moved to the new html/card layout	2020-02-22 13:56:30 +00:00
Thorin-Oakenpants	64f34f1471	73-beta	2020-02-15 12:55:59 +00:00
Thorin-Oakenpants	5f3e3b2691	VR default prompt, RFP info, start 73-alpha	2020-02-14 01:00:02 +00:00
earthlng	1ce1f74494	Update user.js	2020-02-12 12:03:29 +00:00
earthlng	03f558b09c	nit: 0517 SETTING we don't include `Options>` in [SETTING] lines	2020-02-10 17:12:08 +00:00
earthlng	cd9fc110b0	v1.2 look for `lock` file instead of `webappsstore.sqlite-shm` to detect if firefox is running or not (with this profile) see https://github.com/ghacksuserjs/ghacks-user.js/pull/405#issuecomment-581447586 and follow-up comments. Thanks @atomGit for reporting the issue and @rusty-snake for confirming it.	2020-02-10 16:47:17 +00:00
Thorin-Oakenpants	7619e312de	72 final	2020-01-24 16:48:16 +00:00
Thorin-Oakenpants	5d2c5de11c	fixup deprecated ESR-cycle version	2020-01-15 02:53:07 +00:00
Thorin-Oakenpants	e1022c2e72	72-beta	2020-01-14 17:38:22 +00:00
Thorin-Oakenpants	e431b324c8	FF72 deprecated	2020-01-08 02:53:25 +00:00
Thorin-Oakenpants	18ad40a5c6	systemUsesDarkTheme -> RFP Alts	2019-12-25 02:14:49 +00:00
rusty-snake	315de066ec	typo (#870 )	2019-12-24 11:49:19 +00:00
Thorin-Oakenpants	85273d0f19	0517: setting tag	2019-12-22 07:13:48 +00:00
Thorin-Oakenpants	ef293b57a7	5000s: add ui.systemUsesDarkTheme	2019-12-22 06:14:25 +00:00
Thorin-Oakenpants	79d316fd22	remove old deprecations	2019-12-19 16:37:19 +00:00
Thorin-Oakenpants	ed60588473	72-alpha start	2019-12-19 16:34:44 +00:00
Thorin-Oakenpants	07c128a190	71 final	2019-12-19 16:31:51 +00:00
Thorin-Oakenpants	5b1d56933b	middlemouse.paste, see #735	2019-12-19 16:21:21 +00:00
Thorin-Oakenpants	34cfcedc1b	2402+2403, finally closes #735	2019-12-19 16:19:39 +00:00
Thorin-Oakenpants	f9146fdf24	update setting tags, minor tweaks	2019-12-18 09:46:21 +00:00
Thorin-Oakenpants	a1cdbc8324	1408 graphite, closes #1408 and 2619 puncyode	2019-12-18 07:46:44 +00:00
earthlng	cd07641a9d	2701: make sure cookieBehavior is always honored (#866 ) see #862	2019-12-18 05:02:25 +00:00
earthlng	9c02949e04	0000: config.xhtml in FF73+ (#865 )	2019-12-17 15:00:34 +00:00
Thorin-Oakenpants	1ef62a1036	media.block-autoplay-until-in-foreground #840	2019-12-12 01:24:12 +00:00
Thorin-Oakenpants	5672bc8cc8	2032 removed, 4002 inactive, closes #840	2019-12-12 01:21:17 +00:00
Thorin-Oakenpants	df1732745d	0308: seach engine updates: better info #840	2019-12-10 22:07:23 +00:00
Thorin-Oakenpants	30daf8640c	FPI stuff	2019-12-09 20:18:42 +00:00
earthlng	4074a37e1d	1201 + 1270 update (#859 ) trim by a line, remove extra space, fixup on red, indicate it only applies if 1201 is false	2019-12-07 18:26:39 +00:00
Thorin-Oakenpants	97043b0ce1	71-beta	2019-12-06 12:19:21 +00:00
Thorin-Oakenpants	42ea484017	71 deprecated (#856 )	2019-12-04 14:13:49 +13:00
Thorin-Oakenpants	3f6340b69c	OMG!!	2019-12-03 14:51:44 +00:00
earthlng	884e84a4cb	about:config warning back to the top + active (#855 )	2019-12-04 03:44:59 +13:00