Git/firefox-user.js
1
0
Fork 0
mirror of https://github.com/arkenfox/user.js.git synced 2025-09-01 01:18:30 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: Git:82.0
Branches Tags
Git:master Git:Thorin-Oakenpants-patch-1
Git:140.0 Git:135.0 Git:133.0 Git:128.0 Git:126.1 Git:126.0 Git:122.0 Git:119.0 Git:118.0 Git:117.0 Git:115.1 Git:115.0 Git:112.0 Git:111.0 Git:110.0 Git:v110.0 Git:109.0 Git:108.0 Git:107.0 Git:106.0 Git:105.0 Git:104.0 Git:103.0 Git:102.1 Git:102.0 Git:101.0 Git:100.0 Git:99.0 Git:98.0 Git:97.0 Git:96.0 Git:95.0 Git:94.1 Git:94.0 Git:91.1 Git:93.0 Git:92.0 Git:91.0 Git:90.0 Git:89.0 Git:88.0 Git:87.0 Git:86.0 Git:85.0 Git:84.0 Git:83.0 Git:82.0 Git:v82.0-beta Git:81.0 Git:v81.0-beta Git:80.0 Git:v80.0-beta Git:79.0 Git:v79.0-beta Git:78.0 Git:v78.0-beta Git:77.0 Git:v77.0-beta Git:76.0 Git:v76.0-beta Git:75.0 Git:v75.0-beta Git:74.0 Git:v74.0-beta Git:73.0 Git:v73.0-beta Git:72.0 Git:v72.0-beta Git:71.0 Git:v71.0-beta Git:70.0 Git:v70.0-beta Git:69.0 Git:v69.0-beta Git:68.0 Git:v68.0-beta Git:67.0 Git:v67.0-beta Git:66.0 Git:v66.0-beta Git:65.0 Git:v65.0-beta Git:64.0 Git:v64.0-beta Git:63.0 Git:v63.0-beta Git:62.0 Git:v62.0-beta Git:61.0 Git:v61.0-beta Git:60.0 Git:v60.0-beta Git:59.0 Git:v59.0-alpha Git:58.0 Git:v58.0-alpha Git:57.0 Git:v57.0-alpha Git:56.0 Git:v56.0-alpha Git:55.0 Git:v55.0-alpha Git:54.0 Git:v54.0-alpha-rev1 Git:v54.0-alpha Git:53.0 Git:v53.0-alpha Git:52.0 Git:v52.0-alpha Git:51.0
..
compare: Git:85.0
Branches Tags
Git:Thorin-Oakenpants-patch-1 Git:master
Git:140.0 Git:135.0 Git:133.0 Git:128.0 Git:126.1 Git:126.0 Git:122.0 Git:119.0 Git:118.0 Git:117.0 Git:115.1 Git:115.0 Git:112.0 Git:111.0 Git:110.0 Git:v110.0 Git:109.0 Git:108.0 Git:107.0 Git:106.0 Git:105.0 Git:104.0 Git:103.0 Git:102.1 Git:102.0 Git:101.0 Git:100.0 Git:99.0 Git:98.0 Git:97.0 Git:96.0 Git:95.0 Git:94.1 Git:94.0 Git:91.1 Git:93.0 Git:92.0 Git:91.0 Git:90.0 Git:89.0 Git:88.0 Git:87.0 Git:86.0 Git:85.0 Git:84.0 Git:83.0 Git:82.0 Git:v82.0-beta Git:81.0 Git:v81.0-beta Git:80.0 Git:v80.0-beta Git:79.0 Git:v79.0-beta Git:78.0 Git:v78.0-beta Git:77.0 Git:v77.0-beta Git:76.0 Git:v76.0-beta Git:75.0 Git:v75.0-beta Git:74.0 Git:v74.0-beta Git:73.0 Git:v73.0-beta Git:72.0 Git:v72.0-beta Git:71.0 Git:v71.0-beta Git:70.0 Git:v70.0-beta Git:69.0 Git:v69.0-beta Git:68.0 Git:v68.0-beta Git:67.0 Git:v67.0-beta Git:66.0 Git:v66.0-beta Git:65.0 Git:v65.0-beta Git:64.0 Git:v64.0-beta Git:63.0 Git:v63.0-beta Git:62.0 Git:v62.0-beta Git:61.0 Git:v61.0-beta Git:60.0 Git:v60.0-beta Git:59.0 Git:v59.0-alpha Git:58.0 Git:v58.0-alpha Git:57.0 Git:v57.0-alpha Git:56.0 Git:v56.0-alpha Git:55.0 Git:v55.0-alpha Git:54.0 Git:v54.0-alpha-rev1 Git:v54.0-alpha Git:53.0 Git:v53.0-alpha Git:52.0 Git:v52.0-alpha Git:51.0

38 Commits
82.0 ... 85.0

Author SHA1 Message Date
Thorin-Oakenpants
fa78c53114 v85 2021-01-28 03:13:36 +00:00
Thorin-Oakenpants
2f6b14ab6e 1201: add error code, fixes #1094 2021-01-26 19:58:57 +00:00
Thorin-Oakenpants
2dd455ef83 network.http.redirection-limit, fixes #1100 2021-01-26 19:39:33 +00:00
Thorin-Oakenpants
306610da8e remove 2614, see #1100 2021-01-26 19:37:54 +00:00
earthlng
59ac1727f7 v4.14 - check for TLS1.2 (#1097) 2021-01-22 12:15:12 +00:00
Thorin-Oakenpants
c974b3252d move [STATS] from 1270 to 1201, #1094 2021-01-22 12:10:15 +00:00
Thorin-Oakenpants
480933484f 2624: windows.name default FF86+ 
https://bugzilla.mozilla.org/1685089
 2021-01-21 11:17:16 +00:00
earthlng
0cbd8a13a3 Update updater.bat 2021-01-19 17:17:03 +00:00
earthlng
ae6c76fe54 v4.13 - fix TLS issue with PowerShell 2021-01-19 17:07:39 +00:00
Thorin-Oakenpants
1f098f2eaf start 85-alpha, also fix #1090 2021-01-17 23:04:37 +00:00
earthlng
11977e7017 v2.4 - add strlen check for prefs.js 
cmd.exe has a command line length limit of 8192 characters. Abort if prefs.js contains strings that would get dropped while recreating the new prefs.js.
 2021-01-17 15:27:50 +00:00
Thorin-Oakenpants
27dd6aa62d 84 final 2021-01-05 13:13:52 +00:00
earthlng
c570e4fdbd Update troubleshooter.js 2020-12-30 15:12:07 +00:00
earthlng
da58f84fa6 Update troubleshooter.js 2020-12-30 15:06:49 +00:00
Thorin-Oakenpants
755a45505f snippets providers 
`browser.newtabpage.activity-stream.asrouter.providers.snippets`

These (which landed in FF64 with snippets above) are not in the user.js, so why bother with the snippet one
- `browser.newtabpage.activity-stream.asrouter.providers.cfr`
- `browser.newtabpage.activity-stream.asrouter.providers.onboarding`

also these aren't in the user.js
- `browser.newtabpage.activity-stream.asrouter.providers.cfr-fxa`
- `browser.newtabpage.activity-stream.asrouter.providers.message-groups`
- `browser.newtabpage.activity-stream.asrouter.providers.messaging-experiments`
- `browser.newtabpage.activity-stream.asrouter.providers.whats-new-panel`

There are no privacy concerns here. At the end of the day, what Firefox connects to and sends is E2EE and only used locally in non-web content: and you have other prefs and a UI to disable them from being displayed
 2020-12-30 10:25:26 +00:00
Thorin-Oakenpants
9d74cb9526 remove useless snippet pref 2020-12-30 10:17:35 +00:00
Thorin-Oakenpants
8c9d0bbe72 harden cross-domain referers, closes #1077 2020-12-27 05:01:33 +00:00
Thorin-Oakenpants
0152b38b8b add override recipes link to readme steps 2020-12-25 16:06:32 +00:00
Thorin-Oakenpants
e6cf90146a add override recipes 2020-12-25 15:55:01 +00:00
earthlng
63d1258f2e updater.sh v2.9 
rollout the latest changes
 2020-12-25 14:03:40 +00:00
ray851107
46bab27f94 updater.sh: support custom script names (#1075) 
thanks @ray851107
 2020-12-25 14:02:35 +00:00
Thorin-Oakenpants
2cfbba1472 search-to-tab: FF85+ 2020-12-19 07:23:13 +00:00
earthlng
c980bda695 Update troubleshooter.js 
oops
 2020-12-16 14:43:46 +00:00
earthlng
feaa1c3e99 prefs update 
`browser.storageManager.enabled` -- removed in FF61 (1428306)
`security.csp.experimentalEnabled` -- removed in FF68 (1386214)
`gfx.downloadable_fonts.woff2.enabled` -- removed in FF69 (1556991)
`plugin.sessionPermissionNow.intervalInMinutes` -- removed in FF70 (1581664)
`plugin.defaultXpi.state` -- removed in FF72 (1596090)
`geo.wifi.uri` -- renamed to `geo.provider.network.url` in FF74 (1613627)
`browser.tabs.remote.allowLinkedWebInFileUriProcess` -- removed in FF77 (1603007)
 2020-12-16 14:40:42 +00:00
Thorin-Oakenpants
aa1c2145bb layout.css.visited_links_enabled 2020-12-09 09:30:21 +00:00
Thorin-Oakenpants
335ee84540 remove layout.css.visited_links_enabled, #933 
This no longer has any affect since FF77+: see https://bugzilla.mozilla.org/1632765
 2020-12-09 09:26:50 +00:00
Thorin-Oakenpants
5c37d50f4e tidy 
- remove useless `see` word for reference links
- fixup 0701
   - "do not play nice" is not measurable
   - don't reference to self as a source: people can just search "VPN leak Ipv6" or something
 2020-12-07 19:34:14 +00:00
Thorin-Oakenpants
77abf35761 tidy 
- shrink and remove outdated info from section 0300 header
- combine some bugzillas
- drop some references
   - 1647829 for HTTPS-Only mode
   - hardware metrics: not going to implicitly encourage users to use this pref or tell them what sizes to use
- update [STATS]
   - also remove TLS [STATS].. stats on TLS 1.0 and 1.1 are irrelevant: the default is now TLS 1.2+
- single CRLite reference for all blog articles
- save 588 bytes so all you bastards can theoretically load Firefox just that tiny bit faster
 2020-12-06 21:09:07 +00:00
Thorin-Oakenpants
fa85c9da5b fixup double word 2020-11-23 10:46:30 +00:00
Thorin-Oakenpants
cf53982086 1244: CRLite, closes #1065 2020-11-22 18:15:25 +00:00
Thorin-Oakenpants
91cbc1e09a HTTPS-Only mode, closes #1047 2020-11-22 17:59:44 +00:00
Thorin-Oakenpants
a7e4268d8b 2730 appCache, closes #1055 2020-11-22 17:25:33 +00:00
Thorin-Oakenpants
699eacf1fd add FPI scheme, closes #1066 (#1067) 2020-11-22 17:21:31 +00:00
Thorin-Oakenpants
0189438e46 start 84-alpha 2020-11-22 17:11:31 +00:00
Thorin-Oakenpants
94712f59a3 83 final 2020-11-22 17:05:34 +00:00
Thorin-Oakenpants
ef93a754ce warnings always come after notes 2020-11-21 01:49:19 +00:00
earthlng
c6ddda1aa3 Update troubleshooter.js 
- add `privacy.window.name.update.enabled`
- remove `media.autoplay.enabled` (removed in FF63)
- remove `dom.indexedDB.enabled` (removed in FF72)
 2020-11-17 19:17:59 +00:00
Thorin-Oakenpants
ccbca41e2d start 83 alpha, fixup 1244 setting info 
`browser.preferences.exposeHTTPSOnly` is now default true
 2020-11-13 01:03:29 +00:00
7 changed files with 147 additions and 110 deletions
Expand all files Collapse all files

1
.github/ISSUE_TEMPLATE/troubleshooting-help.md vendored
View File

@ -15,6 +15,7 @@ Before you proceed...
- Note: We do not support forks - Note: We do not support forks
See also: See also:
- Override Recipes [issue 1080](https://github.com/arkenfox/user.js/issues/1080)
- Extension breakage due to prefs [issue 391](https://github.com/arkenfox/user.js/issues/391) - Extension breakage due to prefs [issue 391](https://github.com/arkenfox/user.js/issues/391)
- Prefs vs Recommended Extensions: Co-Existance+Enhancement | Conflicts [issue 350](https://github.com/arkenfox/user.js/issues/350) - Prefs vs Recommended Extensions: Co-Existance+Enhancement | Conflicts [issue 350](https://github.com/arkenfox/user.js/issues/350)

20
prefsCleaner.bat
View File

@ -3,7 +3,7 @@ TITLE prefs.js cleaner
REM ### prefs.js cleaner for Windows REM ### prefs.js cleaner for Windows
REM ## author: @claustromaniac REM ## author: @claustromaniac
REM ## version: 2.3 REM ## version: 2.4
CD /D "%~dp0" CD /D "%~dp0"
@ -13,7 +13,7 @@ ECHO:
ECHO ######################################## ECHO ########################################
ECHO #### prefs.js cleaner for Windows #### ECHO #### prefs.js cleaner for Windows ####
ECHO #### by claustromaniac #### ECHO #### by claustromaniac ####
ECHO #### v2.3 #### ECHO #### v2.4 ####
ECHO ######################################## ECHO ########################################
ECHO: ECHO:
CALL :message "This script should be run from your Firefox profile directory." CALL :message "This script should be run from your Firefox profile directory."
@ -28,6 +28,7 @@ IF ERRORLEVEL 3 (EXIT /B)
IF ERRORLEVEL 2 (GOTO :showhelp) IF ERRORLEVEL 2 (GOTO :showhelp)
IF NOT EXIST "user.js" (CALL :abort "user.js not found in the current directory." 30) IF NOT EXIST "user.js" (CALL :abort "user.js not found in the current directory." 30)
IF NOT EXIST "prefs.js" (CALL :abort "prefs.js not found in the current directory." 30) IF NOT EXIST "prefs.js" (CALL :abort "prefs.js not found in the current directory." 30)
CALL :strlenCheck
CALL :FFcheck CALL :FFcheck
CALL :message "Backing up prefs.js..." CALL :message "Backing up prefs.js..."
SET "_time=%time: =0%" SET "_time=%time: =0%"
@ -50,6 +51,21 @@ ECHO:
ECHO: %~1 ECHO: %~1
ECHO: ECHO:
GOTO :EOF GOTO :EOF
REM ### string length Check Function ####
:strlenCheck
SET /a cnt=0
setlocal ENABLEDELAYEDEXPANSION
FOR /F "tokens=1,* delims=:" %%G IN ('FINDSTR /N "^" prefs.js') DO (
ECHO:%%H >nul
SET /a cnt += 1
IF /I "%%G" NEQ "!cnt!" (
ECHO:
CALL :message "ERROR: line !cnt! in prefs.js is too long."
(CALL :abort "Aborting ..." 30)
)
)
endlocal
GOTO :EOF
REM ####### Firefox Check Function ###### REM ####### Firefox Check Function ######
:FFcheck :FFcheck
TASKLIST /FI "IMAGENAME eq firefox.exe" 2>NUL | FIND /I /N "firefox.exe">NUL TASKLIST /FI "IMAGENAME eq firefox.exe" 2>NUL | FIND /I /N "firefox.exe">NUL

7
scratchpad-scripts/arkenfox-clear-removed.js
View File

@ -1,7 +1,7 @@
/*** /***
This will reset the preferences that have been removed completely from the arkenfox user.js. This will reset the preferences that have been removed completely from the arkenfox user.js.
Last updated: 02-Nov-2020 Last updated: 26-Jan-2021
For instructions see: For instructions see:
https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts] https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts]
@ -229,6 +229,11 @@
'privacy.partition.network_state', 'privacy.partition.network_state',
'security.ssl3.dhe_rsa_aes_128_sha', 'security.ssl3.dhe_rsa_aes_128_sha',
'security.ssl3.dhe_rsa_aes_256_sha', 'security.ssl3.dhe_rsa_aes_256_sha',
/* 84-beta */
'browser.newtabpage.activity-stream.asrouter.providers.snippets',
'layout.css.visited_links_enabled',
/* 85-beta */
'network.http.redirection-limit',
/* reset parrot: check your open about:config after running the script */ /* reset parrot: check your open about:config after running the script */
'_user.js.parrot' '_user.js.parrot'
] ]

33
scratchpad-scripts/troubleshooter.js
View File

@ -1,5 +1,5 @@
/*** arkenfox user.js troubleshooter.js v1.6.2 ***/ /*** arkenfox user.js troubleshooter.js v1.6.3 ***/
(function() { (function() {
@ -17,9 +17,7 @@
/* Storage + Cache */ /* Storage + Cache */
'browser.cache.offline.enable', 'browser.cache.offline.enable',
'dom.indexedDB.enabled',
'dom.storage.enabled', 'dom.storage.enabled',
'browser.storageManager.enabled',
'dom.storageManager.enabled', 'dom.storageManager.enabled',
/* Workers, Web + Push Notifications */ /* Workers, Web + Push Notifications */
@ -34,7 +32,6 @@
/* Fonts */ /* Fonts */
'browser.display.use_document_fonts', 'browser.display.use_document_fonts',
'font.blacklist.underline_offset', 'font.blacklist.underline_offset',
'gfx.downloadable_fonts.woff2.enabled',
'gfx.font_rendering.graphite.enabled', 'gfx.font_rendering.graphite.enabled',
'gfx.font_rendering.opentype_svg.enabled', 'gfx.font_rendering.opentype_svg.enabled',
'layout.css.font-loading-api.enabled', 'layout.css.font-loading-api.enabled',
@ -47,12 +44,10 @@
'dom.IntersectionObserver.enabled', 'dom.IntersectionObserver.enabled',
'dom.popup_allowed_events', 'dom.popup_allowed_events',
'full-screen-api.enabled', 'full-screen-api.enabled',
'geo.wifi.uri',
'intl.accept_languages', 'intl.accept_languages',
'javascript.options.asmjs', 'javascript.options.asmjs',
'javascript.options.wasm', 'javascript.options.wasm',
'permissions.default.shortcuts', 'permissions.default.shortcuts',
'security.csp.experimentalEnabled',
/* Hardware */ /* Hardware */
'dom.vr.enabled', 'dom.vr.enabled',
@ -60,7 +55,6 @@
/* Audio + Video */ /* Audio + Video */
'dom.webaudio.enabled', 'dom.webaudio.enabled',
'media.autoplay.enabled',
'media.autoplay.default', // FF63+ 'media.autoplay.default', // FF63+
'media.autoplay.blocking_policy', // FF78+ 'media.autoplay.blocking_policy', // FF78+
@ -89,13 +83,11 @@
/* Plugins + Flash */ /* Plugins + Flash */
'plugin.default.state', 'plugin.default.state',
'plugin.defaultXpi.state',
'plugin.sessionPermissionNow.intervalInMinutes',
'plugin.state.flash', 'plugin.state.flash',
/* unlikely to cause problems */ /* unlikely to cause problems */
'browser.tabs.remote.allowLinkedWebInFileUriProcess',
'dom.popup_maximum', 'dom.popup_maximum',
'geo.provider.network.url',
'layout.css.visited_links_enabled', 'layout.css.visited_links_enabled',
'mathml.disabled', 'mathml.disabled',
'network.auth.subresource-http-auth-allow', 'network.auth.subresource-http-auth-allow',
@ -103,6 +95,7 @@
'network.protocol-handler.external.ms-windows-store', 'network.protocol-handler.external.ms-windows-store',
'privacy.trackingprotection.enabled', 'privacy.trackingprotection.enabled',
'security.data_uri.block_toplevel_data_uri_navigations', 'security.data_uri.block_toplevel_data_uri_navigations',
'privacy.window.name.update.enabled', // FF82+
'last.one.without.comma' 'last.one.without.comma'
] ]
@ -168,8 +161,8 @@
reapply(aALL); reapply(aALL);
myreset(aTmp.slice(0, _h(aTmp))); myreset(aTmp.slice(0, _h(aTmp)));
while (aTmp.length) { while (aTmp.length) {
alert("NOW TEST AGAIN !"); alert('NOW TEST AGAIN !');
if (confirm("if the problem still exists click OK, otherwise click cancel.")) { if (confirm('if the problem still exists click OK, otherwise click Cancel.')) {
aTmp = aTmp.slice(_h(aTmp)); aTmp = aTmp.slice(_h(aTmp));
} else { } else {
aTmp = aTmp.slice(0, _h(aTmp)); aTmp = aTmp.slice(0, _h(aTmp));
@ -183,16 +176,16 @@
if (aDbg.length == 1) return alert("narrowed it down to:\n\n"+aDbg[0].name+"\n"); if (aDbg.length == 1) return alert("narrowed it down to:\n\n"+aDbg[0].name+"\n");
if (aDbg.length == aALL.length) { if (aDbg.length == aALL.length) {
let msg = "Failed to narrow it down beyond the initial "+aALL.length+" prefs. The problem is most likely caused by at least 2 prefs!\n\n"; const msg = "Failed to narrow it down beyond the initial "+aALL.length+" prefs. The problem is most likely caused by at least 2 prefs!\n\n" +
msg += "Either those prefs are too far apart in the list or there are exactly 2 culprits and they just happen to be at the wrong place.\n\n"; "Either those prefs are too far apart in the list or there are exactly 2 culprits and they just happen to be at the wrong place.\n\n" +
msg += "In case it's the latter, the script can add a dummy pref and you can try again - Try again?"; "In case it's the latter, the script can add a dummy pref and you can try again - Try again?";
if (confirm(msg)) return _main([...aALL, oFILLER]); if (confirm(msg)) return _main([...aALL, oFILLER]);
} else if (aDbg.length > 10 && confirm("Narrowed it down to "+aDbg.length+" prefs. Try narrowing it down further?")) { } else if (aDbg.length > 10 && confirm("Narrowed it down to "+aDbg.length+" prefs. Try narrowing it down further?")) {
return _main(aDbg.reverse()); return _main(aDbg.reverse());
} }
alert("Narrowed it down to "+ aDbg.length.toString() +" prefs, check the console ..."); alert("Narrowed it down to "+ aDbg.length.toString() +" prefs, check the console ...");
console.log("The problem is caused by 2 or more of these prefs:"); console.log('The problem is caused by 2 or more of these prefs:');
for (const oPref of aDbg) console.log(oPref.name); for (const oPref of aDbg) console.log(oPref.name);
} }
@ -201,14 +194,18 @@
const aBAK = getMyList(aPREFS); const aBAK = getMyList(aPREFS);
//console.log(aBAK.length, "user-set prefs from our list detected and their values stored."); //console.log(aBAK.length, "user-set prefs from our list detected and their values stored.");
const sMsg = "all detected prefs reset.\n\n" +
"!! KEEP THIS PROMPT OPEN AND TEST THE SITE IN ANOTHER TAB !!\n\n" +
"IF the problem still exists, this script can't help you - click Cancel to re-apply your values and exit.\n\n" +
"Click OK if your problem is fixed.";
focus(); focus();
myreset(aBAK); myreset(aBAK);
if (!confirm("all detected prefs reset.\n\n!! KEEP THIS PROMPT OPEN AND TEST THE SITE IN ANOTHER TAB !!\n\nIF the problem still exists, this script can't help you - click cancel to re-apply your values and exit.\n\nClick OK if your problem is fixed.")) { if (!confirm(sMsg)) {
reapply(aBAK); reapply(aBAK);
return; return;
} }
_main(aBAK); _main(aBAK);
})(); })();

28
updater.bat
View File

@ -3,10 +3,10 @@ TITLE arkenfox user.js updater
REM ## arkenfox user.js updater for Windows REM ## arkenfox user.js updater for Windows
REM ## author: @claustromaniac REM ## author: @claustromaniac
REM ## version: 4.12 REM ## version: 4.14
REM ## instructions: https://github.com/arkenfox/user.js/wiki/3.3-Updater-Scripts REM ## instructions: https://github.com/arkenfox/user.js/wiki/3.3-Updater-Scripts
SET v=4.12 SET v=4.14
VERIFY ON VERIFY ON
CD /D "%~dp0" CD /D "%~dp0"
@ -28,6 +28,15 @@ SHIFT
GOTO parse GOTO parse
:endparse :endparse
FOR /F %%i IN ('PowerShell -Command "[Enum]::GetNames([Net.SecurityProtocolType]) -contains 'Tls12'"') DO (
IF "%%i" == "False" (
CALL :message "Your PowerShell version doesn't support TLS1.2 ^!"
ECHO: Instructions to update PowerShell are on the arkenfox wiki
PAUSE
EXIT
)
)
IF DEFINED _updateb ( IF DEFINED _updateb (
REM The normal flow here goes from phase 1 to phase 2 and then phase 3. REM The normal flow here goes from phase 1 to phase 2 and then phase 3.
IF NOT "!_myname:~0,9!"=="[updated]" ( IF NOT "!_myname:~0,9!"=="[updated]" (
@ -51,9 +60,7 @@ IF DEFINED _updateb (
CALL :message "Updating script..." CALL :message "Updating script..."
REM Uncomment the next line and comment out the PowerShell call for testing. REM Uncomment the next line and comment out the PowerShell call for testing.
REM COPY /B /Y "!_myname!.bat" "[updated]!_myname!.bat" >nul REM COPY /B /Y "!_myname!.bat" "[updated]!_myname!.bat" >nul
( CALL :psdownload https://raw.githubusercontent.com/arkenfox/user.js/master/updater.bat "[updated]!_myname!.bat"
PowerShell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/arkenfox/user.js/master/updater.bat', '[updated]!_myname!.bat')"
) >nul 2>&1
IF EXIST "[updated]!_myname!.bat" ( IF EXIST "[updated]!_myname!.bat" (
START /min CMD /C "[updated]!_myname!.bat" !_myparams! START /min CMD /C "[updated]!_myname!.bat" !_myparams!
) ELSE ( ) ELSE (
@ -132,9 +139,7 @@ IF DEFINED _log (
) )
IF EXIST user.js.new (DEL /F "user.js.new") IF EXIST user.js.new (DEL /F "user.js.new")
CALL :message "Retrieving latest user.js file from github repository..." CALL :message "Retrieving latest user.js file from github repository..."
( CALL :psdownload https://raw.githubusercontent.com/arkenfox/user.js/master/user.js "user.js.new"
PowerShell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/arkenfox/user.js/master/user.js', 'user.js.new')"
) >nul 2>&1
IF EXIST user.js.new ( IF EXIST user.js.new (
IF DEFINED _rfpalts ( IF DEFINED _rfpalts (
CALL :message "Activating RFP Alternatives section..." CALL :message "Activating RFP Alternatives section..."
@ -218,6 +223,13 @@ IF NOT "2"=="%_log%" (ECHO:)
ENDLOCAL ENDLOCAL
GOTO :EOF GOTO :EOF
::::::::::::::: Download :::::::::::::::
:psdownload
(
PowerShell -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object Net.WebClient).DownloadFile('%~1', '%~2')"
) >nul 2>&1
GOTO :EOF
::::::::::::::: Activate Section ::::::::::::::: ::::::::::::::: Activate Section :::::::::::::::
:activate :activate
:: arg1 = file :: arg1 = file

16
updater.sh
View File

@ -2,7 +2,7 @@
## arkenfox user.js updater for macOS and Linux ## arkenfox user.js updater for macOS and Linux
## version: 2.8 ## version: 2.9
## Author: Pat Johnson (@overdodactyl) ## Author: Pat Johnson (@overdodactyl)
## Additional contributors: @earthlng, @ema-pe, @claustromaniac ## Additional contributors: @earthlng, @ema-pe, @claustromaniac
@ -10,9 +10,9 @@
readonly CURRDIR=$(pwd) readonly CURRDIR=$(pwd)
sfp=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null) SCRIPT_FILE=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null)
[ -z "$sfp" ] && sfp=${BASH_SOURCE[0]} [ -z "$SCRIPT_FILE" ] && SCRIPT_FILE=${BASH_SOURCE[0]}
readonly SCRIPT_DIR=$(dirname "${sfp}") readonly SCRIPT_DIR=$(dirname "${SCRIPT_FILE}")
######################### #########################
@ -198,7 +198,7 @@ update_updater () {
declare -r tmpfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/updater.sh')" declare -r tmpfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/updater.sh')"
[ -z "${tmpfile}" ] && echo -e "${RED}Error! Could not download updater.sh${NC}" && return 1 # check if download failed [ -z "${tmpfile}" ] && echo -e "${RED}Error! Could not download updater.sh${NC}" && return 1 # check if download failed
if [[ $(get_updater_version "${SCRIPT_DIR}/updater.sh") < $(get_updater_version "${tmpfile}") ]]; then if [[ $(get_updater_version "$SCRIPT_FILE") < $(get_updater_version "${tmpfile}") ]]; then
if [ $UPDATE = 'check' ]; then if [ $UPDATE = 'check' ]; then
echo -e "There is a newer version of updater.sh available. ${RED}Update and execute Y/N?${NC}" echo -e "There is a newer version of updater.sh available. ${RED}Update and execute Y/N?${NC}"
read -p "" -n 1 -r read -p "" -n 1 -r
@ -208,9 +208,9 @@ update_updater () {
else else
return 0 # No update available return 0 # No update available
fi fi
mv "${tmpfile}" "${SCRIPT_DIR}/updater.sh" mv "${tmpfile}" "$SCRIPT_FILE"
chmod u+x "${SCRIPT_DIR}/updater.sh" chmod u+x "$SCRIPT_FILE"
"${SCRIPT_DIR}/updater.sh" "$@" -d "$SCRIPT_FILE" "$@" -d
exit 0 exit 0
} }

152
user.js
View File

@ -1,7 +1,7 @@
/****** /******
* name: arkenfox user.js * name: arkenfox user.js
* date: 12 Nov 2020 * date: 28 Jan 2021
* version 82 * version 85
* url: https://github.com/arkenfox/user.js * url: https://github.com/arkenfox/user.js
* license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
@ -25,6 +25,7 @@
[SETUP-CHROME] changes how Firefox itself behaves (i.e. not directly website related) [SETUP-CHROME] changes how Firefox itself behaves (i.e. not directly website related)
[SETUP-PERF] may impact performance [SETUP-PERF] may impact performance
[WARNING] used sparingly, heed them [WARNING] used sparingly, heed them
6. Override Recipes: https://github.com/arkenfox/user.js/issues/1080
* RELEASES: https://github.com/arkenfox/user.js/releases * RELEASES: https://github.com/arkenfox/user.js/releases
@ -34,6 +35,7 @@
- re-enable section 4600 if you don't use RFP - re-enable section 4600 if you don't use RFP
ESR78 ESR78
- If you are not using arkenfox v78... (not a definitive list) - If you are not using arkenfox v78... (not a definitive list)
- 1244: HTTPS-Only mode is enabled
- 1401: document fonts is inactive as it is now covered by RFP in FF80+ - 1401: document fonts is inactive as it is now covered by RFP in FF80+
- 4600: some prefs may apply even if you use RFP (currently none apply as of FF84) - 4600: some prefs may apply even if you use RFP (currently none apply as of FF84)
- 9999: switch the appropriate deprecated section(s) back on - 9999: switch the appropriate deprecated section(s) back on
@ -114,7 +116,6 @@ user_pref("browser.newtabpage.activity-stream.telemetry", false);
* Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server * Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server
* [1] https://abouthome-snippets-service.readthedocs.io/ ***/ * [1] https://abouthome-snippets-service.readthedocs.io/ ***/
user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); user_pref("browser.newtabpage.activity-stream.feeds.snippets", false);
user_pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", "{}");
/* 0105c: disable Activity Stream Top Stories, Pocket-based and/or sponsored content ***/ /* 0105c: disable Activity Stream Top Stories, Pocket-based and/or sponsored content ***/
user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);
@ -171,19 +172,17 @@ user_pref("browser.region.update.enabled", false); // [[FF79+]
* [TEST] https://addons.mozilla.org/about ***/ * [TEST] https://addons.mozilla.org/about ***/
user_pref("intl.accept_languages", "en-US, en"); user_pref("intl.accept_languages", "en-US, en");
/* 0211: enforce US English locale regardless of the system locale /* 0211: enforce US English locale regardless of the system locale
* [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages, see [2] * [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages [1]
* [1] https://bugzilla.mozilla.org/867501 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 ***/
* [2] https://bugzilla.mozilla.org/1629630 ***/
user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF]
/*** [SECTION 0300]: QUIET FOX /*** [SECTION 0300]: QUIET FOX
Starting in user.js v67, we only disable the auto-INSTALL of Firefox. You still get prompts We only disable the auto-INSTALL of Firefox (app) updates. You still get prompts to update,
to update, in one click. We have NEVER disabled auto-CHECKING, and highly discourage that. and it only takes one click. We highly discourage disabling auto-CHECKING for updates.
Previously we also disabled auto-INSTALLING of extensions (302b).
There are many legitimate reasons to turn off auto-INSTALLS, including hijacked or monetized Legitimate reasons to disable auto-INSTALLS include hijacked/monetized extensions, time
extensions, time constraints, legacy issues, dev/testing, and fear of breakage/bugs. It is constraints, legacy issues, dev/testing, and fear of breakage/bugs. It is still important
still important to do updates for security reasons, please do so manually if you make changes. to do updates for security reasons, please do so manually if you make changes.
***/ ***/
user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!");
/* 0301b: disable auto-CHECKING for extension and theme updates ***/ /* 0301b: disable auto-CHECKING for extension and theme updates ***/
@ -216,11 +215,11 @@ user_pref("extensions.htmlaboutaddons.recommendations.enabled", false);
* IF unified=true then .enabled ONLY controls whether to record extended data * IF unified=true then .enabled ONLY controls whether to record extended data
* so make sure to have both set as false * so make sure to have both set as false
* [NOTE] FF58+ 'toolkit.telemetry.enabled' is now LOCKED to reflect prerelease * [NOTE] FF58+ 'toolkit.telemetry.enabled' is now LOCKED to reflect prerelease
* or release builds (true and false respectively), see [2] * or release builds (true and false respectively) [2]
* [1] https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/internals/preferences.html * [1] https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/internals/preferences.html
* [2] https://medium.com/georg-fritzsche/data-preference-changes-in-firefox-58-2d5df9c428b5 ***/ * [2] https://medium.com/georg-fritzsche/data-preference-changes-in-firefox-58-2d5df9c428b5 ***/
user_pref("toolkit.telemetry.unified", false); user_pref("toolkit.telemetry.unified", false);
user_pref("toolkit.telemetry.enabled", false); // see [NOTE] above FF58+ user_pref("toolkit.telemetry.enabled", false); // see [NOTE]
user_pref("toolkit.telemetry.server", "data:,"); user_pref("toolkit.telemetry.server", "data:,");
user_pref("toolkit.telemetry.archive.enabled", false); user_pref("toolkit.telemetry.archive.enabled", false);
user_pref("toolkit.telemetry.newProfilePing.enabled", false); // [FF55+] user_pref("toolkit.telemetry.newProfilePing.enabled", false); // [FF55+]
@ -303,7 +302,7 @@ user_pref("browser.safebrowsing.downloads.remote.url", "");
* [SETTING] Privacy & Security>Security>... "Warn you about unwanted and uncommon software" ***/ * [SETTING] Privacy & Security>Security>... "Warn you about unwanted and uncommon software" ***/
// user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); // user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
// user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false); // user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
/* 0419: disable 'ignore this warning' on SB warnings /* 0419: disable 'ignore this warning' on SB warnings [FF45+]
* If clicked, it bypasses the block for that session. This is a means for admins to enforce SB * If clicked, it bypasses the block for that session. This is a means for admins to enforce SB
* [TEST] see github wiki APPENDIX A: Test Sites: Section 5 * [TEST] see github wiki APPENDIX A: Test Sites: Section 5
* [1] https://bugzilla.mozilla.org/1226490 ***/ * [1] https://bugzilla.mozilla.org/1226490 ***/
@ -377,16 +376,15 @@ user_pref("browser.send_pings.require_same_host", true); // defense-in-depth
/*** [SECTION 0700]: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc ***/ /*** [SECTION 0700]: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc ***/
user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost!"); user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost!");
/* 0701: disable IPv6 /* 0701: disable IPv6
* IPv6 can be abused, especially with MAC addresses, and they do not play nice with VPNs. That's * IPv6 can be abused, especially with MAC addresses, and can leak with VPNs. That's even
* even assuming your ISP and/or router and/or website can handle it. Sites will fall back to IPv4 * assuming your ISP and/or router and/or website can handle it. Sites will fall back to IPv4
* [STATS] Firefox telemetry (June 2020) shows only 5% of all connections are IPv6 * [STATS] Firefox telemetry (Dec 2020) shows ~8% of all connections are IPv6
* [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an * [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an
* OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, * OS/network level, and/or configured properly in VPN setups. If you are not masking your IP,
* then this won't make much difference. If you are masking your IP, then it can only help. * then this won't make much difference. If you are masking your IP, then it can only help.
* [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT" * [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT"
* [TEST] https://ipleak.org/ * [TEST] https://ipleak.org/
* [1] https://github.com/arkenfox/user.js/issues/437#issuecomment-403740626 * [1] https://www.internetsociety.org/tag/ipv6-security/ (see Myths 2,4,5,6) ***/
* [2] https://www.internetsociety.org/tag/ipv6-security/ (see Myths 2,4,5,6) ***/
user_pref("network.dns.disableIPv6", true); user_pref("network.dns.disableIPv6", true);
/* 0702: disable HTTP2 /* 0702: disable HTTP2
* HTTP2 raises concerns with "multiplexing" and "server push", does nothing to * HTTP2 raises concerns with "multiplexing" and "server push", does nothing to
@ -457,14 +455,6 @@ user_pref("keyword.enabled", false);
user_pref("browser.fixup.alternate.enabled", false); user_pref("browser.fixup.alternate.enabled", false);
/* 0803: display all parts of the url in the location bar ***/ /* 0803: display all parts of the url in the location bar ***/
user_pref("browser.urlbar.trimURLs", false); user_pref("browser.urlbar.trimURLs", false);
/* 0805: disable coloring of visited links - CSS history leak
* [NOTE] This has NEVER been fully "resolved": in Mozilla/docs it is stated it's
* only in 'certain circumstances', also see latest comments in [2]
* [TEST] https://earthlng.github.io/testpages/visited_links.html (see github wiki APPENDIX A on how to use)
* [1] https://dbaron.org/mozilla/visited-privacy
* [2] https://bugzilla.mozilla.org/147777
* [3] https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector ***/
user_pref("layout.css.visited_links_enabled", false);
/* 0807: disable live search suggestions /* 0807: disable live search suggestions
/* [NOTE] Both must be true for the location bar to work /* [NOTE] Both must be true for the location bar to work
* [SETUP-CHROME] Change these if you trust and use a privacy respecting search engine * [SETUP-CHROME] Change these if you trust and use a privacy respecting search engine
@ -485,6 +475,10 @@ user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0);
// user_pref("browser.urlbar.suggest.bookmark", false); // user_pref("browser.urlbar.suggest.bookmark", false);
// user_pref("browser.urlbar.suggest.openpage", false); // user_pref("browser.urlbar.suggest.openpage", false);
// user_pref("browser.urlbar.suggest.topsites", false); // [FF78+] // user_pref("browser.urlbar.suggest.topsites", false); // [FF78+]
/* 0850b: disable tab-to-search [FF85+]
* Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search
* [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest>Search engines ***/
// user_pref("browser.urlbar.suggest.engines", false);
/* 0850c: disable location bar dropdown /* 0850c: disable location bar dropdown
* This value controls the total number of entries to appear in the location bar dropdown * This value controls the total number of entries to appear in the location bar dropdown
* [NOTE] Items (bookmarks/history/openpages) with a high "frecency"/"bonus" will always * [NOTE] Items (bookmarks/history/openpages) with a high "frecency"/"bonus" will always
@ -497,7 +491,7 @@ user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0);
* [1] https://support.mozilla.org/en-US/kb/address-bar-autocomplete-firefox#w_url-autocomplete ***/ * [1] https://support.mozilla.org/en-US/kb/address-bar-autocomplete-firefox#w_url-autocomplete ***/
// user_pref("browser.urlbar.autoFill", false); // user_pref("browser.urlbar.autoFill", false);
/* 0860: disable search and form history /* 0860: disable search and form history
* [SETUP-WEB] Be aware that autocomplete form data can be read by third parties, see [1] [2] * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2]
* [NOTE] We also clear formdata on exit (see 2803) * [NOTE] We also clear formdata on exit (see 2803)
* [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history
* [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html
@ -594,7 +588,7 @@ user_pref("browser.sessionstore.privacy_level", 2);
/* 1022: disable resuming session from crash ***/ /* 1022: disable resuming session from crash ***/
// user_pref("browser.sessionstore.resume_from_crash", false); // user_pref("browser.sessionstore.resume_from_crash", false);
/* 1023: set the minimum interval between session save operations /* 1023: set the minimum interval between session save operations
* Increasing this can help on older machines and some websites, as well as reducing writes, see [1] * Increasing this can help on older machines and some websites, as well as reducing writes [1]
* Default is 15000 (15 secs). Try 30000 (30 secs), 60000 (1 min) etc * Default is 15000 (15 secs). Try 30000 (30 secs), 60000 (1 min) etc
* [SETUP-CHROME] This can also affect entries in the "Recently Closed Tabs" feature: * [SETUP-CHROME] This can also affect entries in the "Recently Closed Tabs" feature:
* i.e. the longer the interval the more chance a quick tab open/close won't be captured. * i.e. the longer the interval the more chance a quick tab open/close won't be captured.
@ -630,18 +624,19 @@ user_pref("browser.shell.shortcutFavicons", false);
user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
/** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/ /** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/
/* 1201: require safe negotiation /* 1201: require safe negotiation
* Blocks connections to servers that don't support RFC 5746 [2] as they're potentially * Blocks connections (SSL_ERROR_UNSAFE_NEGOTIATION) to servers that don't support RFC 5746 [2]
* vulnerable to a MiTM attack [3]. A server *without* RFC 5746 can be safe from the attack * as they're potentially vulnerable to a MiTM attack [3]. A server without RFC 5746 can be
* if it disables renegotiations but the problem is that the browser can't know that. * safe from the attack if it disables renegotiations but the problem is that the browser can't
* Setting this pref to true is the only way for the browser to ensure there will be * know that. Setting this pref to true is the only way for the browser to ensure there will be
* no unsafe renegotiations on the channel between the browser and the server. * no unsafe renegotiations on the channel between the browser and the server.
* [STATS] SSL Labs (Dec 2020) reports 99.0% of sites have secure renegotiation [4]
* [1] https://wiki.mozilla.org/Security:Renegotiation * [1] https://wiki.mozilla.org/Security:Renegotiation
* [2] https://tools.ietf.org/html/rfc5746 * [2] https://tools.ietf.org/html/rfc5746
* [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 ***/ * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
* [4] https://www.ssllabs.com/ssl-pulse/ ***/
user_pref("security.ssl.require_safe_negotiation", true); user_pref("security.ssl.require_safe_negotiation", true);
/* 1202: control TLS versions with min and max /* 1202: control TLS versions with min and max
* 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3 * 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
* [STATS] Firefox telemetry (June 2020) shows only 0.16% of SSL handshakes use 1.0 or 1.1
* [WARNING] Leave these at default, otherwise you alter your TLS fingerprint. * [WARNING] Leave these at default, otherwise you alter your TLS fingerprint.
* [1] https://www.ssllabs.com/ssl-pulse/ ***/ * [1] https://www.ssllabs.com/ssl-pulse/ ***/
// user_pref("security.tls.version.min", 3); // [DEFAULT: 3] // user_pref("security.tls.version.min", 3); // [DEFAULT: 3]
@ -716,6 +711,12 @@ user_pref("security.family_safety.mode", 0);
* by inspecting ALL your web traffic, then leave at current default=1 * by inspecting ALL your web traffic, then leave at current default=1
* [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206 ***/ * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206 ***/
user_pref("security.cert_pinning.enforcement_level", 2); user_pref("security.cert_pinning.enforcement_level", 2);
/* 1224: enforce CRLite [FF73+]
* In FF84+ it covers valid certs and in mode 2 doesn't fall back to OCSP
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1429800,1670985
* [2] https://blog.mozilla.org/security/tag/crlite/ ***/
user_pref("security.remote_settings.crlite_filters.enabled", true);
user_pref("security.pki.crlite_mode", 2);
/** MIXED CONTENT ***/ /** MIXED CONTENT ***/
/* 1240: enforce no insecure active content on https pages /* 1240: enforce no insecure active content on https pages
@ -728,14 +729,21 @@ user_pref("security.mixed_content.block_display_content", true);
user_pref("security.mixed_content.block_object_subrequest", true); user_pref("security.mixed_content.block_object_subrequest", true);
/* 1244: enable HTTPS-Only mode [FF76+] /* 1244: enable HTTPS-Only mode [FF76+]
* When "https_only_mode" (all windows) is true, "https_only_mode_pbm" (private windows only) is ignored * When "https_only_mode" (all windows) is true, "https_only_mode_pbm" (private windows only) is ignored
* [WARNING] This is experimental [1] and you can't set exceptions if FPI is enabled [2] (fixed in FF83) * [SETTING] to add site exceptions: Page Info>HTTPS-Only mode>On/Off/Off temporarily
* [SETTING] to add site exceptions: Page Info>Permissions>Use insecure HTTP (FF80+) * [SETTING] Privacy & Security>HTTPS-Only Mode
* [SETTING] Privacy & Security>HTTPS-Only Mode (FF80+ with browser.preferences.exposeHTTPSOnly = true) * [TEST] http://example.com [upgrade]
* [1] https://bugzilla.mozilla.org/1613063 [META] * [TEST] http://neverssl.org/ [no upgrade]
* [2] https://bugzilla.mozilla.org/1647829 ***/ * [1] https://bugzilla.mozilla.org/1613063 [META] ***/
// user_pref("dom.security.https_only_mode", true); // [FF76+] user_pref("dom.security.https_only_mode", true); // [FF76+]
// user_pref("dom.security.https_only_mode_pbm", true); // [FF80+] // user_pref("dom.security.https_only_mode_pbm", true); // [FF80+]
// user_pref("dom.security.https_only_mode.upgrade_local", true); // [FF77+] /* 1245: enable HTTPS-Only mode for local resources [FF77+] ***/
// user_pref("dom.security.https_only_mode.upgrade_local", true);
/* 1246: disable HTTP background requests [FF82+]
* When attempting to upgrade, if the server doesn't respond within 3 seconds, firefox
* sends HTTP requests in order to check if the server supports HTTPS or not.
* This is done to avoid waiting for a timeout which takes 90 seconds
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1642387,1660945 ***/
user_pref("dom.security.https_only_mode_send_http_background_request", false);
/** CIPHERS [WARNING: do not meddle with your cipher suite: see the section 1200 intro] /** CIPHERS [WARNING: do not meddle with your cipher suite: see the section 1200 intro]
* These are all the ciphers still using SHA-1 and CBC which are weaker than the available alternatives. (see "Cipher Suites" in [1]) * These are all the ciphers still using SHA-1 and CBC which are weaker than the available alternatives. (see "Cipher Suites" in [1])
@ -760,10 +768,8 @@ user_pref("security.mixed_content.block_object_subrequest", true);
/** UI (User Interface) ***/ /** UI (User Interface) ***/
/* 1270: display warning on the padlock for "broken security" (if 1201 is false) /* 1270: display warning on the padlock for "broken security" (if 1201 is false)
* Bug: warning padlock not indicated for subresources on a secure page! [2] * Bug: warning padlock not indicated for subresources on a secure page! [2]
* [STATS] SSL Labs (June 2020) reports 98.8% of sites have secure renegotiation [3]
* [1] https://wiki.mozilla.org/Security:Renegotiation * [1] https://wiki.mozilla.org/Security:Renegotiation
* [2] https://bugzilla.mozilla.org/1353705 * [2] https://bugzilla.mozilla.org/1353705 ***/
* [3] https://www.ssllabs.com/ssl-pulse/ ***/
user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
/* 1271: control "Add Security Exception" dialog on SSL warnings /* 1271: control "Add Security Exception" dialog on SSL warnings
* 0=do neither 1=pre-populate url 2=pre-populate url + pre-fetch cert (default) * 0=do neither 1=pre-populate url 2=pre-populate url + pre-fetch cert (default)
@ -794,24 +800,21 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
* [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/ * [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/
user_pref("gfx.font_rendering.opentype_svg.enabled", false); user_pref("gfx.font_rendering.opentype_svg.enabled", false);
/* 1408: disable graphite /* 1408: disable graphite
* Graphite has had many critical security issues in the past, see [1] * Graphite has had many critical security issues in the past [1]
* [1] https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778 * [1] https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778
* [2] https://en.wikipedia.org/wiki/Graphite_(SIL) ***/ * [2] https://en.wikipedia.org/wiki/Graphite_(SIL) ***/
user_pref("gfx.font_rendering.graphite.enabled", false); user_pref("gfx.font_rendering.graphite.enabled", false);
/* 1409: limit system font exposure to a whitelist [FF52+] [RESTART] /* 1409: limit system font exposure to a whitelist [FF52+] [RESTART]
* If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed
* [WARNING] **DO NOT USE**: in FF80+ RFP covers this, and non-RFP users should use font vis (4618)
* [NOTE] In FF81+ the whitelist **overrides** RFP's font visibility (see 4618) * [NOTE] In FF81+ the whitelist **overrides** RFP's font visibility (see 4618)
* [WARNING] **DO NOT USE**: in FF80+ RFP covers this, and non-RFP users should use font vis (4618)
* [1] https://bugzilla.mozilla.org/1121643 ***/ * [1] https://bugzilla.mozilla.org/1121643 ***/
// user_pref("font.system.whitelist", ""); // [HIDDEN PREF] // user_pref("font.system.whitelist", ""); // [HIDDEN PREF]
/*** [SECTION 1600]: HEADERS / REFERERS /*** [SECTION 1600]: HEADERS / REFERERS
Only *cross domain* referers need controlling: leave 1601, 1602, 1605 and 1606 alone Only *cross domain* referers need controlling: leave 1601, 1602, 1605 and 1606 alone
--- ---
harden it a bit: set XOriginPolicy (1603) to 1 (as per the settings below) Expect some breakage: Use an extension if you need precise control
harden it a bit more: set XOriginPolicy (1603) to 2 (and optionally 1604 to 1 or 2), expect breakage
---
If you want any REAL control over referers and breakage, then use an extension
--- ---
full URI: https://example.com:8888/foo/bar.html?id=1234 full URI: https://example.com:8888/foo/bar.html?id=1234
scheme+host+port+path: https://example.com:8888/foo/bar.html scheme+host+port+path: https://example.com:8888/foo/bar.html
@ -822,17 +825,17 @@ user_pref("gfx.font_rendering.graphite.enabled", false);
user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!");
/* 1601: ALL: control when images/links send a referer /* 1601: ALL: control when images/links send a referer
* 0=never, 1=send only when links are clicked, 2=for links and images (default) ***/ * 0=never, 1=send only when links are clicked, 2=for links and images (default) ***/
// user_pref("network.http.sendRefererHeader", 2); // [DEFAULT: 2] // user_pref("network.http.sendRefererHeader", 2);
/* 1602: ALL: control the amount of information to send /* 1602: ALL: control the amount of information to send
* 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/
// user_pref("network.http.referer.trimmingPolicy", 0); // [DEFAULT: 0] // user_pref("network.http.referer.trimmingPolicy", 0);
/* 1603: CROSS ORIGIN: control when to send a referer /* 1603: CROSS ORIGIN: control when to send a referer
* 0=always (default), 1=only if base domains match, 2=only if hosts match * 0=always (default), 1=only if base domains match, 2=only if hosts match
* [SETUP-WEB] Known to cause issues with older modems/routers and some sites e.g vimeo, icloud ***/ * [SETUP-WEB] Known to cause issues with older modems/routers and some sites e.g vimeo, icloud ***/
user_pref("network.http.referer.XOriginPolicy", 1); user_pref("network.http.referer.XOriginPolicy", 2);
/* 1604: CROSS ORIGIN: control the amount of information to send [FF52+] /* 1604: CROSS ORIGIN: control the amount of information to send [FF52+]
* 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/
user_pref("network.http.referer.XOriginTrimmingPolicy", 0); // [DEFAULT: 0] user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
/* 1605: ALL: disable spoofing a referer /* 1605: ALL: disable spoofing a referer
* [WARNING] Do not set this to true, as spoofing effectively disables the anti-CSRF * [WARNING] Do not set this to true, as spoofing effectively disables the anti-CSRF
* (Cross-Site Request Forgery) protections that some sites may rely on ***/ * (Cross-Site Request Forgery) protections that some sites may rely on ***/
@ -903,7 +906,7 @@ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!");
* [1] https://www.privacytools.io/#webrtc ***/ * [1] https://www.privacytools.io/#webrtc ***/
user_pref("media.peerconnection.enabled", false); user_pref("media.peerconnection.enabled", false);
/* 2002: limit WebRTC IP leaks if using WebRTC /* 2002: limit WebRTC IP leaks if using WebRTC
* In FF70+ these settings match Mode 4 (Mode 3 in older versions), see [3] * In FF70+ these settings match Mode 4 (Mode 3 in older versions) [3]
* [TEST] https://browserleaks.com/webrtc * [TEST] https://browserleaks.com/webrtc
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1189041,1297416,1452713 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1189041,1297416,1452713
* [2] https://wiki.mozilla.org/Media/WebRTC/Privacy * [2] https://wiki.mozilla.org/Media/WebRTC/Privacy
@ -1022,7 +1025,7 @@ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!
* [NOTE] This will break some sites' functionality e.g. Outlook, Twitter, Facebook, Wordpress * [NOTE] This will break some sites' functionality e.g. Outlook, Twitter, Facebook, Wordpress
* This applies to onCut/onCopy/onPaste events - i.e. it requires interaction with the website * This applies to onCut/onCopy/onPaste events - i.e. it requires interaction with the website
* [WARNING] If both 'middlemouse.paste' and 'general.autoScroll' are true (at least one * [WARNING] If both 'middlemouse.paste' and 'general.autoScroll' are true (at least one
* is default false) then enabling this pref can leak clipboard content, see [1] * is default false) then enabling this pref can leak clipboard content [1]
* [1] https://bugzilla.mozilla.org/1528289 */ * [1] https://bugzilla.mozilla.org/1528289 */
// user_pref("dom.event.clipboardevents.enabled", false); // user_pref("dom.event.clipboardevents.enabled", false);
/* 2404: disable clipboard commands (cut/copy) from "non-privileged" content [FF41+] /* 2404: disable clipboard commands (cut/copy) from "non-privileged" content [FF41+]
@ -1071,7 +1074,7 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m
* Initially a Linux issue (high precision readout) that was fixed. * Initially a Linux issue (high precision readout) that was fixed.
* However, it is still another metric for fingerprinting, used to raise entropy. * However, it is still another metric for fingerprinting, used to raise entropy.
* e.g. do you have a battery or not, current charging status, charge level, times remaining etc * e.g. do you have a battery or not, current charging status, charge level, times remaining etc
* [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code, see [1] * [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code [1]
* [1] https://bugzilla.mozilla.org/1313580 ***/ * [1] https://bugzilla.mozilla.org/1313580 ***/
// user_pref("dom.battery.enabled", false); // user_pref("dom.battery.enabled", false);
/* 2505: disable media device enumeration [FF29+] /* 2505: disable media device enumeration [FF29+]
@ -1140,10 +1143,6 @@ user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false]
/* 2611: disable middle mouse click opening links from clipboard /* 2611: disable middle mouse click opening links from clipboard
* [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10089 ***/ * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10089 ***/
user_pref("middlemouse.contentLoadURL", false); user_pref("middlemouse.contentLoadURL", false);
/* 2614: limit HTTP redirects (this does not control redirects with HTML meta tags or JS)
* [NOTE] A low setting of 5 or under will probably break some sites (e.g. gmail logins)
* To control HTML Meta tag and JS redirects, use an extension. Default is 20 ***/
user_pref("network.http.redirection-limit", 10);
/* 2615: disable websites overriding Firefox's keyboard shortcuts [FF58+] /* 2615: disable websites overriding Firefox's keyboard shortcuts [FF58+]
* 0 (default) or 1=allow, 2=block * 0 (default) or 1=allow, 2=block
* [SETTING] to add site exceptions: Page Info>Permissions>Override Keyboard Shortcuts ***/ * [SETTING] to add site exceptions: Page Info>Permissions>Override Keyboard Shortcuts ***/
@ -1187,7 +1186,10 @@ user_pref("permissions.delegation.enabled", false);
/* 2624: enable "window.name" protection [FF82+] /* 2624: enable "window.name" protection [FF82+]
* If a new page from another domain is loaded into a tab, then window.name is set to an empty string. The original * If a new page from another domain is loaded into a tab, then window.name is set to an empty string. The original
* string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks ***/ * string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks ***/
user_pref("privacy.window.name.update.enabled", true); user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true FF86+]
/* 2625: disable bypassing 3rd party extension install prompts [FF82+]
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1659530,1681331 ***/
user_pref("extensions.postDownloadThirdPartyPrompt", false);
/** DOWNLOADS ***/ /** DOWNLOADS ***/
/* 2650: discourage downloading to desktop /* 2650: discourage downloading to desktop
@ -1268,8 +1270,10 @@ user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+]
* [WARNING] This will break a LOT of sites' functionality AND extensions! * [WARNING] This will break a LOT of sites' functionality AND extensions!
* You are better off using an extension for more granular control ***/ * You are better off using an extension for more granular control ***/
// user_pref("dom.storage.enabled", false); // user_pref("dom.storage.enabled", false);
/* 2730: disable offline cache ***/ /* 2730: enforce no offline cache storage (appCache)
user_pref("browser.cache.offline.enable", false); * The API is easily fingerprinted, use the "storage" pref instead ***/
// user_pref("browser.cache.offline.enable", false);
user_pref("browser.cache.offline.storage.enable", false); // [FF71+] [DEFAULT: false FF84+]
/* 2740: disable service worker cache and cache storage /* 2740: disable service worker cache and cache storage
* [NOTE] We clear service worker cache on exiting Firefox (see 2803) * [NOTE] We clear service worker cache on exiting Firefox (see 2803)
* [1] https://w3c.github.io/ServiceWorker/#privacy ***/ * [1] https://w3c.github.io/ServiceWorker/#privacy ***/
@ -1364,19 +1368,22 @@ user_pref("privacy.sanitize.timeSpan", 0);
user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out"); user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out");
/* 4001: enable First Party Isolation [FF51+] /* 4001: enable First Party Isolation [FF51+]
* [SETUP-WEB] May break cross-domain logins and site functionality until perfected * [SETUP-WEB] May break cross-domain logins and site functionality until perfected
* [1] https://bugzilla.mozilla.org/1260931 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1260931,1299996 ***/
* [2] https://bugzilla.mozilla.org/1299996 [META] ***/
user_pref("privacy.firstparty.isolate", true); user_pref("privacy.firstparty.isolate", true);
/* 4002: enforce FPI restriction for window.opener [FF54+] /* 4002: enforce FPI restriction for window.opener [FF54+]
* [NOTE] Setting this to false may reduce the breakage in 4001 * [NOTE] Setting this to false may reduce the breakage in 4001
* FF65+ blocks postMessage with targetOrigin "*" if originAttributes don't match. But * FF65+ blocks postMessage with targetOrigin "*" if originAttributes don't match. But
* to reduce breakage it ignores the 1st-party domain (FPD) originAttribute, see [2],[3] * to reduce breakage it ignores the 1st-party domain (FPD) originAttribute [2][3]
* The 2nd pref removes that limitation and will only allow communication if FPDs also match. * The 2nd pref removes that limitation and will only allow communication if FPDs also match.
* [1] https://bugzilla.mozilla.org/1319773#c22 * [1] https://bugzilla.mozilla.org/1319773#c22
* [2] https://bugzilla.mozilla.org/1492607 * [2] https://bugzilla.mozilla.org/1492607
* [3] https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage ***/ * [3] https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage ***/
// user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAULT: true] // user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAULT: true]
// user_pref("privacy.firstparty.isolate.block_post_message", true); // user_pref("privacy.firstparty.isolate.block_post_message", true);
/* 4003: enable scheme with FPI [FF78+]
* [NOTE] Experimental: existing data and site permissions are incompatible
* and some site exceptions may not work e.g. HTTPS-only mode (see 1244) ***/
// user_pref("privacy.firstparty.isolate.use_site", true);
/*** [SECTION 4500]: RFP (RESIST FINGERPRINTING) /*** [SECTION 4500]: RFP (RESIST FINGERPRINTING)
RFP covers a wide range of ongoing fingerprinting solutions. RFP covers a wide range of ongoing fingerprinting solutions.
@ -1452,8 +1459,7 @@ user_pref("privacy.resistFingerprinting", true);
/* 4502: set new window sizes to round to hundreds [FF55+] [SETUP-CHROME] /* 4502: set new window sizes to round to hundreds [FF55+] [SETUP-CHROME]
* Width will round down to multiples of 200s and height to 100s, to fit your screen. * Width will round down to multiples of 200s and height to 100s, to fit your screen.
* The override values are a starting point to round from if you want some control * The override values are a starting point to round from if you want some control
* [1] https://bugzilla.mozilla.org/1330882 * [1] https://bugzilla.mozilla.org/1330882 ***/
* [2] https://hardware.metrics.mozilla.com/ ***/
// user_pref("privacy.window.maxInnerWidth", 1000); // user_pref("privacy.window.maxInnerWidth", 1000);
// user_pref("privacy.window.maxInnerHeight", 1000); // user_pref("privacy.window.maxInnerHeight", 1000);
/* 4503: disable mozAddonManager Web API [FF57+] /* 4503: disable mozAddonManager Web API [FF57+]
@ -1461,7 +1467,7 @@ user_pref("privacy.resistFingerprinting", true);
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/
user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF] user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF]
/* 4504: enable RFP letterboxing [FF67+] /* 4504: enable RFP letterboxing [FF67+]
* Dynamically resizes the inner window by applying margins in stepped ranges, see [2] * Dynamically resizes the inner window by applying margins in stepped ranges [2]
* If you use the dimension pref, then it will only apply those resolutions. The format is * If you use the dimension pref, then it will only apply those resolutions. The format is
* "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000, 1600x900") * "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000, 1600x900")
* [SETUP-WEB] This does NOT require RFP (see 4501) **for now**, so if you're not using 4501, or you are but * [SETUP-WEB] This does NOT require RFP (see 4501) **for now**, so if you're not using 4501, or you are but
@ -1571,7 +1577,7 @@ user_pref("ui.use_standins_for_native_colors", true);
user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF] user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF]
// FF80+ // FF80+
// 4618: limit font visbility (non-ANDROID) [FF79+] // 4618: limit font visbility (non-ANDROID) [FF79+]
// Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts, see [1] // Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1]
// 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts // 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts
// [NOTE] Bundled fonts are auto-allowed // [NOTE] Bundled fonts are auto-allowed
// [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc // [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc