|
1 | 1 | /****** |
2 | 2 | * name: arkenfox user.js |
3 | | -* date: 18 August 2022 |
4 | | -* version: 103 |
| 3 | +* date: 11 September 2022 |
| 4 | +* version: 104 |
5 | 5 | * url: https://github.com/arkenfox/user.js |
6 | 6 | * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt |
7 | 7 |
|
@@ -366,16 +366,6 @@ user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); |
366 | 366 | * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html |
367 | 367 | * [2] https://bugzilla.mozilla.org/381681 ***/ |
368 | 368 | user_pref("browser.formfill.enable", false); |
369 | | -/* 0811: disable Form Autofill |
370 | | - * [NOTE] Stored data is NOT secure (uses a JSON file) |
371 | | - * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes |
372 | | - * [SETTING] Privacy & Security>Forms and Autofill>Autofill addresses |
373 | | - * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill ***/ |
374 | | -user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+] |
375 | | -user_pref("extensions.formautofill.available", "off"); // [FF56+] |
376 | | -user_pref("extensions.formautofill.creditCards.available", false); // [FF57+] |
377 | | -user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+] |
378 | | -user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] |
379 | 369 | /* 0820: disable coloring of visited links |
380 | 370 | * [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive |
381 | 371 | * redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing |
@@ -480,7 +470,8 @@ user_pref("security.tls.enable_0rtt_data", false); |
480 | 470 | * [SETTING] Privacy & Security>Security>Certificates>Query OCSP responder servers... |
481 | 471 | * [1] https://en.wikipedia.org/wiki/Ocsp ***/ |
482 | 472 | user_pref("security.OCSP.enabled", 1); // [DEFAULT: 1] |
483 | | -/* 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail [SETUP-WEB] |
| 473 | +/* 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail |
| 474 | + * [SETUP-WEB] SEC_ERROR_OCSP_SERVER_ERROR |
484 | 475 | * When a CA cannot be reached to validate a cert, Firefox just continues the connection (=soft-fail) |
485 | 476 | * Setting this pref to true tells Firefox to instead terminate the connection (=hard-fail) |
486 | 477 | * It is pointless to soft-fail when an OCSP fetch fails: you cannot confirm a cert is still valid (it |
@@ -549,8 +540,6 @@ user_pref("browser.xul.error_pages.expert_bad_cert", true); |
549 | 540 |
|
550 | 541 | /*** [SECTION 1400]: FONTS ***/ |
551 | 542 | user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); |
552 | | -/* 1401: disable rendering of SVG OpenType fonts ***/ |
553 | | -user_pref("gfx.font_rendering.opentype_svg.enabled", false); |
554 | 543 | /* 1402: limit font visibility (Windows, Mac, some Linux) [FF94+] |
555 | 544 | * Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed |
556 | 545 | * In normal windows: uses the first applicable: RFP (4506) over TP over Standard |
@@ -750,7 +739,9 @@ user_pref("browser.contentblocking.category", "strict"); |
750 | 739 | * [3] https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning#storage_access_heuristics ***/ |
751 | 740 | // user_pref("privacy.antitracking.enableWebcompat", false); |
752 | 741 | /* 2710: enable state partitioning of service workers [FF96+] ***/ |
753 | | -user_pref("privacy.partition.serviceWorkers", true); |
| 742 | +user_pref("privacy.partition.serviceWorkers", true); // [DEFAULT: true FF105+] |
| 743 | +/* 2720: enable APS (Always Partitioning Storage) [FF104+] */ |
| 744 | +user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", true); |
754 | 745 |
|
755 | 746 | /*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/ |
756 | 747 | user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); |
@@ -1003,6 +994,15 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow |
1003 | 994 | * 0=desktop, 1=downloads (default), 2=last used |
1004 | 995 | * [SETTING] To set your default "downloads": General>Downloads>Save files to ***/ |
1005 | 996 | // user_pref("browser.download.folderList", 2); |
| 997 | +/* 5017: disable Form Autofill |
| 998 | + * If .supportedCountries includes your region (browser.search.region) and .supported |
| 999 | + * is "detect" (default), then the UI will show. Stored data is not secure, uses JSON |
| 1000 | + * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes |
| 1001 | + * [SETTING] Privacy & Security>Forms and Autofill>Autofill addresses |
| 1002 | + * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill ***/ |
| 1003 | + // user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+] |
| 1004 | + // user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+] |
| 1005 | + // user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] |
1006 | 1006 |
|
1007 | 1007 | /*** [SECTION 5500]: OPTIONAL HARDENING |
1008 | 1008 | Not recommended. Overriding these can cause breakage and performance issues, |
@@ -1041,6 +1041,8 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!"); |
1041 | 1041 | * [2] https://spectrum.ieee.org/tech-talk/telecom/security/more-worries-over-the-security-of-web-assembly |
1042 | 1042 | * [3] https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes ***/ |
1043 | 1043 | // user_pref("javascript.options.wasm", false); |
| 1044 | +/* 5507: disable rendering of SVG OpenType fonts ***/ |
| 1045 | + // user_pref("gfx.font_rendering.opentype_svg.enabled", false); |
1044 | 1046 |
|
1045 | 1047 | /*** [SECTION 6000]: DON'T TOUCH ***/ |
1046 | 1048 | user_pref("_user.js.parrot", "6000 syntax error: the parrot's 'istory!"); |
@@ -1083,6 +1085,11 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] |
1083 | 1085 | // user_pref("privacy.firstparty.isolate.use_site", ""); |
1084 | 1086 | // user_pref("privacy.window.name.update.enabled", ""); |
1085 | 1087 | // user_pref("security.insecure_connection_text.enabled", ""); |
| 1088 | +/* 6051: prefsCleaner: reset items removed from arkenfox FF102+ ***/ |
| 1089 | + // user_pref("extensions.formautofill.available", ""); |
| 1090 | + // user_pref("extensions.formautofill.addresses.supported", ""); |
| 1091 | + // user_pref("extensions.formautofill.creditCards.available", ""); |
| 1092 | + // user_pref("extensions.formautofill.creditCards.supported", ""); |
1086 | 1093 |
|
1087 | 1094 | /*** [SECTION 7000]: DON'T BOTHER ***/ |
1088 | 1095 | user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); |
@@ -1351,7 +1358,7 @@ user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+] |
1351 | 1358 | // 2801: delete cookies and site data on exit - replaced by sanitizeOnShutdown* (2810) |
1352 | 1359 | // 0=keep until they expire (default), 2=keep until you close Firefox |
1353 | 1360 | // [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed |
1354 | | - // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1681493,1681495,1681498,1759665 |
| 1361 | + // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1681493,1681495,1681498,1759665,1764761 |
1355 | 1362 | user_pref("network.cookie.lifetimePolicy", 2); |
1356 | 1363 | // 6012: disable SHA-1 certificates |
1357 | 1364 | // [-] https://bugzilla.mozilla.org/1766687 |
|
0 commit comments