summaryrefslogtreecommitdiff
path: root/libre-testing/iceweasel
diff options
context:
space:
mode:
authorAndré Fabian Silva Delgado <emulatorman@parabola.nu>2016-09-23 11:29:48 -0300
committerAndré Fabian Silva Delgado <emulatorman@parabola.nu>2016-09-23 11:29:48 -0300
commitd5e8ba9d872a0f16eaef0fe6cd5f50d5cd726358 (patch)
tree43f8507fa2c71e712dc44e7389c195b95cd21a8e /libre-testing/iceweasel
parentb97eed1a3eddbc830491b9421d0344b3267ac17e (diff)
iceweasel: move new security patches to [libre-testing] since it is under testing yet
Diffstat (limited to 'libre-testing/iceweasel')
-rw-r--r--libre-testing/iceweasel/PKGBUILD2
-rw-r--r--libre-testing/iceweasel/vendor.js545
2 files changed, 347 insertions, 200 deletions
diff --git a/libre-testing/iceweasel/PKGBUILD b/libre-testing/iceweasel/PKGBUILD
index 1fe2de715..2cccfc33f 100644
--- a/libre-testing/iceweasel/PKGBUILD
+++ b/libre-testing/iceweasel/PKGBUILD
@@ -76,7 +76,7 @@ sha256sums=('2f463afd3c74eb9477f58525214f06498357ff90f01b45fb2675fc77c57bcffe'
'56eba484179c7f498076f8dc603d8795e99dce8c6ea1da9736318c59d666bff6'
'87034dbb640f70454b27d1695a6f03b6fd1ab81c82eb4d8c771db925ae03d408'
'3aea6676f1e53a09673b6ae219d281fc28054beb6002b09973611c02f827651d'
- 'e1c82f5f683258e17f7b3dba62a938e4efe4d232f45a4b82e74cd2793fd5f7fe'
+ 'bad69fe557bcfa364449505c3fe8856ea38017eb0aca8c24ef8b4c3a70b6a8d3'
'e260e555b261aabab1e48786dd514eeea056e4402af7cfd4dfd1d32858441484'
'fbb6011501a74a8ea6d01c041870fcefb7ef2859c134aedc676e5f6452833f65'
'56eecee8162c138c442773d66483886f1242c8dd2b16eed5711ae5e63d9b0e3a')
diff --git a/libre-testing/iceweasel/vendor.js b/libre-testing/iceweasel/vendor.js
index ab4a9aedb..91d644a1b 100644
--- a/libre-testing/iceweasel/vendor.js
+++ b/libre-testing/iceweasel/vendor.js
@@ -1,213 +1,360 @@
-// Use LANG environment variable to choose locale
-pref("intl.locale.matchOS", true);
-
-// Disable default browser checking.
+pref("extensions.getAddons.search.url", "https://directory.fsf.org/wiki/GNU_IceCat");
+pref("extensions.getAddons.link.url", "https://directory.fsf.org/wiki/GNU_IceCat");
+pref("extensions.getAddons.search.browseURL", "https://directory.fsf.org/wiki/GNU_IceCat");
+//pref("accessibility.blockautorefresh", true);
+//pref("browser.meta_refresh_when_inactive.disabled", true);
+pref("extensions.webservice.discoverURL", "https://directory.fsf.org/wiki/GNU_IceCat");
+pref("app.faqURL", "https://libreplanet.org/wiki/Group:IceCat/FAQ");
+pref("app.update.auto", false);
+pref("app.update.checkInstallTime", false);
+pref("app.update.enabled", false);
+pref("app.update.staging.enabled", false);
+pref("app.update.url", "about:blank");
+pref("beacon.enabled", false);
+pref("breakpad.reportURL", "about:blank");
+pref("browser.EULA.override", true);
+pref("browser.aboutHomeSnippets.updateUrl", "about:blank");
+pref("browser.apps.URL", "about:blank");
+pref("browser.cache.disk.enable", false);
+pref("browser.cache.offline.enable", false);
+pref("browser.casting.enabled", false);
+pref("browser.search.order.US.1", "");
+pref("browser.search.order.US.2", "");
+pref("browser.search.order.US.3", "");
+pref("gecko.handlerService.schemes.mailto.0.name", "");
+pref("browser.disableResetPrompt", true);
+pref("browser.display.max_font_attempts",10);
+pref("browser.display.max_font_count",10);
+pref("browser.display.use_document_fonts", 0); // Prevent font fingerprinting
+pref("browser.download.manager.addToRecentDocs", false);
+pref("browser.download.manager.retention", 1);
+pref("browser.download.manager.scanWhenDone", false); // prevents AV remote reporting of downloads
+pref("browser.download.useDownloadDir", false);
+pref("browser.eme.ui.enabled", false);
+pref("browser.fixup.alternate.enabled", false);
+pref("browser.formfill.enable", false);
+pref("browser.history.allowPopState", false); // HTML5 privacy https://bugzilla.mozilla.org/show_bug.cgi?id=500328
+pref("browser.history.allowPushState", false);
+pref("browser.history.allowReplaceState", false);
+pref("browser.link.open_newwindow.restriction", 0); // Bug 9881: Open popups in new tabs (to avoid fullscreen popups)
+pref("browser.newtab.preload", false);
+pref("browser.newtabpage.directory.ping", "about:blank");
+pref("browser.newtabpage.directory.source", "about:blank");
+pref("browser.newtabpage.enabled", false);
+pref("browser.newtabpage.enhanced", false);
+pref("browser.newtabpage.introShown", true);
+pref("browser.pocket.api", "about:blank");
+pref("browser.pocket.enabled", false);
+pref("browser.pocket.enabledLocales", "about:blank");
+pref("browser.pocket.oAuthConsumerKey", "about:blank");
+pref("browser.pocket.site", "about:blank");
+pref("browser.pocket.useLocaleList", false);
+pref("browser.preferences.inContent",false);
+//pref("browser.privatebrowsing.autostart", true);
+pref("browser.rights.3.shown", true);
+pref("browser.safebrowsing.appRepURL", "about:blank");
+pref("browser.safebrowsing.enabled", false);
+pref("browser.safebrowsing.malware.enabled", false);
+pref("browser.safebrowsing.provider.mozilla.gethashURL", "about:blank");
+pref("browser.safebrowsing.provider.mozilla.updateURL", "about:blank");
+pref("browser.safebrowsing.downloads.remote.block_dangerous", false);
+pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false);
+pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
+pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
+pref("browser.safebrowsing.downloads.remote.enabled", false);
+pref("browser.safebrowsing.downloads.remote.url", "");
+pref("browser.safebrowsing.provider.google.gethashURL", "");
+pref("browser.safebrowsing.provider.google.updateURL", "");
+pref("browser.safebrowsing.provider.google.lists", "");
+pref("browser.search.geoSpecificDefaults.url", "about:blank");
+pref("browser.search.geoSpecificDefaults", false);
+pref("browser.search.geoip.url", "about:blank");
+pref("browser.search.suggest.enabled", false);
+pref("browser.search.update", false);
+pref("browser.selfsupport.url", "about:blank");
+pref("browser.send_pings", false);
+pref("browser.sessionstore.privacy_level", 2);
pref("browser.shell.checkDefaultBrowser", false);
-
+pref("browser.slowStartup.maxSamples", 0);
+pref("browser.slowStartup.notificationDisabled", true);
+pref("browser.slowStartup.samples", 0);
+pref("browser.snippets.enabled", false);
+pref("browser.snippets.geoUrl", "about:blank");
+pref("browser.snippets.statsUrl", "about:blank");
+pref("browser.snippets.syncPromo.enabled", false);
+pref("browser.snippets.updateUrl", "about:blank");
+pref("browser.startup.homepage_override.buildID", "20100101");
+pref("browser.startup.homepage_override.mstone", "9001.0.0");
+pref("browser.syncPromoViewsLeftMap", "{\"addons\":0, \"passwords\":0, \"bookmarks\":0}"); // Don't promote sync
+pref("browser.newtabpage.remote", false);
+pref("browser.tabs.crashReporting.sendReport", false);
+pref("browser.tabs.remote.desktopbehavior", false);
+pref("browser.toolbarbuttons.introduced.pocket-button", true);
+pref("browser.uitour.enabled", false); // https://trac.torproject.org/projects/tor/ticket/19047
+pref("browser.urlbar.maxRichResults", 0);
+pref("browser.webapps.checkForUpdates", 0);
+pref("browser.webapps.updateCheckUrl", "about:blank");
+pref("browser.zoom.siteSpecific", false);
+pref("camera.control.autofocus_moving_callback.enabled", false);
+pref("camera.control.face_detection.enabled", false);
+pref("captivedetect.canonicalURL", "about:blank");
+pref("datareporting.healthreport.about.reportUrl", "about:blank");
+pref("datareporting.healthreport.documentServerURI", "about:blank");
+pref("datareporting.healthreport.service.enabled", false); // Yes, all three of these must be set
+pref("datareporting.healthreport.uploadEnabled", false);
+pref("datareporting.policy.dataSubmissionEnabled", false);
+pref("datareporting.policy.dataSubmissionPolicyVersion", 2);
+pref("datareporting.policy.firstRunTime", 0);
+pref("device.sensors.enabled", false);
+pref("devtools.debugger.remote-enabled", false); // https://developer.mozilla.org/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop#Enable_remote_debugging
+pref("devtools.devices.url", "about:blank");
+pref("devtools.gcli.imgurUploadURL", "about:blank");
+pref("devtools.gcli.jquerySrc", "about:blank");
+pref("devtools.gcli.lodashSrc", "about:blank");
+pref("devtools.gcli.underscoreSrc", "about:blank");
+pref("devtools.remote.wifi.scan", false); // http://forum.top-hat-sec.com/index.php?topic=4951.5;wap2
+pref("devtools.remote.wifi.visible", false);
+pref("devtools.webide.adaptersAddonURL", "about:blank");
+pref("devtools.webide.adbAddonURL", "about:blank");
+pref("devtools.webide.addonsURL", "about:blank");
+pref("devtools.webide.enabled", false); //https://trac.torproject.org/projects/tor/ticket/16222
+pref("devtools.webide.simulatorAddonsURL", "about:blank");
+pref("devtools.webide.templatesURL", "about:blank");
+pref("dom.battery.enabled", false); // fingerprinting due to differing OS implementations
+pref("dom.enable_performance", false);
+pref("dom.event.clipboardevents.enabled",false);
+pref("dom.gamepad.enabled", false); // bugs.torproject.org/13023
+pref("dom.indexedDB.enabled", false);
+pref("dom.enable_user_timing", false);
+pref("dom.event.highrestimestamp.enabled", false);
+pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
+pref("dom.mozApps.signed_apps_installable_from", "about:blank");
+pref("dom.netinfo.enabled", false); // Network Information API provides general information about the system's connection type (WiFi, cellular, etc.)
+pref("dom.network.enabled",false); // fingerprinting due to differing OS implementations
+pref("dom.push.enabled", false);
+pref("dom.push.serverURL", "");
+pref("dom.presentation.discovery.enabled", false);
+pref("dom.presentation.discoverable", false);
+pref("dom.storage.enabled", false);
+pref("dom.telephony.enabled", false); // https://wiki.mozilla.org/WebAPI/Security/WebTelephony
+pref("dom.vibrator.enabled", false);
+pref("dom.vr.enabled", false);
+pref("dom.vr.cardboard.enabled", false);
+pref("dom.vr.oculus.enabled", false);
+pref("dom.vr.oculus050.enabled", false);
+pref("dom.vr.poseprediction.enabled", false);
+pref("dom.vr.add-test-devices", 0);
+pref("dom.workers.sharedWorkers.enabled", false); // See https://bugs.torproject.org/15562
+pref("dom.idle-observers-api.enabled", false); // disable idle observation
+pref("experiments.enabled", false);
+pref("experiments.manifest.uri", "about:blank");
+pref("extensions.blocklist.detailsURL", "about:blank");
+pref("extensions.blocklist.enabled", false);
+pref("extensions.blocklist.itemURL", "about:blank");
+pref("extensions.blocklist.url", "about:blank");
+pref("extensions.bootstrappedAddons", "{}");
+pref("extensions.databaseSchema", 3);
+pref("extensions.enabledScopes", 1);
// Don't disable our bundled extensions in the application directory
pref("extensions.autoDisableScopes", 11);
pref("extensions.shownSelectionUI", true);
-
-// Disable "alt" as a shortcut key to open full menu bar. Conflicts with "alt" as a modifier
-pref("ui.key.menuAccessKeyFocuses", false);
-
-// Disable the GeoLocation API for content
-pref("geo.enabled", false);
-
-// Make sure that the request URL of the GeoLocation backend is empty
-pref("geo.wifi.uri", "");
-
-// Disable Pocket and make sure that the request URLs of the Pocket are empty
-pref("browser.pocket.enabled", false);
-pref("browser.pocket.api", "");
-pref("browser.pocket.site", "");
-pref("browser.pocket.oAuthConsumerKey", "");
-pref("browser.pocket.useLocaleList", false);
-pref("browser.pocket.enabledLocales", "");
-
-// Disable Freedom Violating DRM Feature
-pref("browser.eme.ui.enabled", false);
-pref("media.eme.enabled", false);
-pref("media.eme.apiVisible", false);
-
-// Default to classic view for about:newtab
-pref("browser.newtabpage.enhanced", false);
-
-// Override add-on signing
-pref("xpinstall.signatures.required", false);
-
-// Poodle attack
-pref("security.tls.version.min", 1);
-
-// Don't call home for blacklisting
-pref("extensions.blocklist.enabled", false);
-
-// Disable plugin installer
-pref("plugins.hide_infobar_for_missing_plugin", true);
-pref("plugins.hide_infobar_for_outdated_plugin", true);
-pref("plugins.notifyMissingFlash", false);
-
-//https://developer.mozilla.org/en-US/docs/Web/API/MediaSource
-//pref("media.mediasource.enabled",true);
-
-//Speeding it up
-pref("network.http.pipelining", true);
-pref("network.http.proxy.pipelining", true);
-pref("network.http.pipelining.maxrequests", 10);
-pref("nglayout.initialpaint.delay", 0);
-
-// Disable third party cookies
-pref("network.cookie.cookieBehavior", 1);
-
-// Prevent EULA dialog to popup on first run
-pref("browser.EULA.override", true);
-
-// disable app updater url
-pref("app.update.url", "http://127.0.0.1/");"
-
-// Set useragent to Firefox compatible
-//pref("general.useragent.compatMode.firefox", true);
-// Spoof the useragent to a generic one
-pref("general.useragent.compatMode.firefox", true);
-// Spoof the useragent to a generic one
-pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0");
+pref("extensions.getAddons.cache.enabled", false); // https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
+pref("extensions.getAddons.get.url", "about:blank");
+pref("extensions.getAddons.getWithPerformance.url", "about:blank");
+pref("extensions.getAddons.recommended.url", "about:blank");
+pref("extensions.pendingOperations", false);
+pref("extensions.pocket.api", "about:blank");
+pref("extensions.pocket.enabled", false);
+pref("extensions.shownSelectionUI", true);
+pref("extensions.ui.lastCategory", "addons://list/extension");
+pref("extensions.update.autoUpdateDefault", false);
+pref("extensions.update.enabled", false); // Fingerprints all installed addons, best to let the user decide when to run updates manually.
+pref("extensions.update.background.url", ""); // User can still update manually, but we disable background updates.
+pref("extensions.systemAddon.update.url", ""); // The system add-ons infrastructure that's used to ship Hello and Pocket in Firefox
+pref("font.default.x-western", "sans-serif");
pref("general.appname.override", "Netscape");
-pref("general.appversion.override", "48.0");
-pref("general.buildID.override", "Gecko/20100101");
+pref("general.appversion.override", "5.0 (Windows)");
+pref("general.buildID.override", "20100101");
pref("general.oscpu.override", "Windows NT 6.1");
pref("general.platform.override", "Win32");
-
-// Privacy & Freedom Issues
-// https://webdevelopmentaid.wordpress.com/2013/10/21/customize-privacy-settings-in-mozilla-firefox-part-1-aboutconfig/
-// https://panopticlick.eff.org
-// http://ip-check.info
-// http://browserspy.dk
-// https://wiki.mozilla.org/Fingerprinting
-// http://www.browserleaks.com
-// http://fingerprint.pet-portal.eu
-pref("privacy.donottrackheader.enabled", true);
-pref("privacy.donottrackheader.value", 1);
-pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
-pref("browser.safebrowsing.enabled", false);
-pref("browser.safebrowsing.malware.enabled", false);
-//pref("services.sync.privacyURL", "https://www.gnu.org/software/gnuzilla/");
-pref("social.enabled", false);
-pref("social.remote-install.enabled", false);
-pref("datareporting.healthreport.uploadEnabled", false);
-pref("datareporting.healthreport.about.reportUrl", "127.0.0.1");
-pref("datareporting.healthreport.documentServerURI", "127.0.0.1");
+pref("general.productSub.override", "20100101");
+pref("general.useragent.compatMode.firefox", true);
+pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0");
+pref("general.useragent.vendor", "");
+pref("general.useragent.vendorSub", "");
+//pref("general.warnOnAboutConfig", false);
+pref("geo.enabled", false);
+pref("geo.wifi.uri", "about:blank");
+pref("gfx.direct2d.disabled", true);
+pref("gfx.downloadable_fonts.fallback_delay", -1);
+pref("gfx.font_rendering.opentype_svg.enabled", false); // https://wiki.mozilla.org/SVGOpenTypeFonts - iSEC Partners Report recommends to disable this
pref("healthreport.uploadEnabled", false);
-pref("social.toast-notifications.enabled", false);
-pref("datareporting.policy.dataSubmissionEnabled", false);
-pref("datareporting.healthreport.service.enabled", false);
-pref("browser.slowStartup.notificationDisabled", true);
-pref("network.http.sendRefererHeader", 2);
-//pref("network.http.referer.spoofSource", true);
-//http://grack.com/blog/2010/01/06/3rd-party-cookies-dom-storage-and-privacy/
-//pref("dom.storage.enabled", false);
-pref("dom.event.clipboardevents.enabled",false);
-pref("network.prefetch-next", false);
+pref("identity.fxaccounts.auth.uri", "about:blank");
+pref("intl.charset.default", "windows-1252");
+pref("intl.locale.matchOS", true);
+pref("javascript.options.asmjs", false); // Multiple security advisories, low level js
+pref("javascript.options.wasm", false); // https://hacks.mozilla.org/2016/03/a-webassembly-milestone/
+pref("javascript.use_us_english_locale", true);
+pref("javascript.options.typeinference", false);
+pref("javascript.options.baselinejit.content", false);
+pref("javascript.options.ion.content", false); // https://trac.torproject.org/projects/tor/ticket/9387#comment:43
+pref("keyword.enabled", false);
+pref("layers.acceleration.disabled", true);
+pref("layout.css.visited_links_enabled", false);
+pref("lightweightThemes.update.enabled", false); // We can update our themes manually, may fingerprint the user.
+pref("loop.copy.throttler", "about:blank");
+pref("loop.enabled",false); //Disable Firefox Hello
+pref("loop.facebook.appId", "about:blank");
+pref("loop.facebook.enabled", false);
+pref("loop.facebook.fallbackUrl", "about:blank");
+pref("loop.facebook.shareUrl", "about:blank");
+pref("loop.feedback.baseUrl", "about:blank");
+pref("loop.feedback.formURL", "about:blank");
+pref("loop.feedback.manualFormURL", "about:blank");
+pref("loop.gettingStarted.url", "about:blank");
+pref("loop.learnMoreUrl", "about:blank");
+pref("loop.legal.ToS_url", "about:blank");
+pref("loop.legal.privacy_url", "about:blank");
+pref("loop.linkClicker.url", "about:blank");
+pref("loop.oauth.google.redirect_uri", "about:blank");
+pref("loop.oauth.google.scope", "about:blank");
+pref("loop.remote.autostart", false);
+pref("loop.server", "about:blank");
+pref("loop.soft_start_hostname", "about:blank");
+pref("loop.support_url", "about:blank");
+pref("loop.throttled2",false);
+pref("mathml.disabled", true); // https://www.torproject.org/projects/torbrowser/design
+pref("media.audio_data.enabled", false);
+pref("media.autoplay.enabled", false);
+pref("media.cache_size", 0);
+pref("media.eme.apiVisible", false); // Disable Freedom Violating DRM Feature
+pref("media.eme.enabled", false);
+pref("media.getusermedia.screensharing.allowed_domains", ""); // We really don't want to be promoting Cisco and Cloudflare in a whitelist here.
+pref("media.getusermedia.screensharing.enabled", false);
+pref("media.gmp-eme-adobe.enabled", false);
+pref("media.gmp-gmpopenh264.enabled", false);
+pref("media.gmp-manager.url", "about:blank"); // Disable Gecko media plugins: https://wiki.mozilla.org/GeckoMediaPlugins
+pref("media.gmp-manager.url.override", "data:text/plain");
+pref("media.gmp-provider.enabled", false);
+pref("media.gmp.trial-create.enabled", false);
+pref("media.navigator.enabled", false);
+pref("media.peerconnection.enabled", false); // Disable WebRTC interfaces
+pref("media.peerconnection.ice.default_address_only", true);
+pref("media.video_stats.enabled", false);
+pref("media.webspeech.recognition.enable", false);
+pref("media.webspeech.synth.enabled", false);
+pref("network.allow-experiments", false);
+pref("network.http.altsvc.enabled", false);
+pref("network.http.altsvc.oe", false); // https://trac.torproject.org/projects/tor/ticket/16673
+pref("network.cookie.cookieBehavior", 1);
+pref("network.cookie.lifetimePolicy", 2);
pref("network.dns.disablePrefetch", true);
+pref("network.http.connection-retry-timeout", 0);
+pref("network.http.max-persistent-connections-per-proxy", 256);
+pref("network.http.pipelining", true);
+pref("network.http.pipelining.aggressive", true);
+pref("network.http.pipelining.max-optimistic-requests", 3);
+pref("network.http.pipelining.maxrequests", 10);
+pref("network.http.pipelining.maxrequests", 12);
+pref("network.http.pipelining.read-timeout", 60000);
+pref("network.http.pipelining.reschedule-timeout", 15000);
+pref("network.http.pipelining.ssl", true);
+pref("network.http.proxy.pipelining", true);
+pref("network.http.referer.spoofSource", true);
+pref("network.http.sendRefererHeader", 2);
pref("network.http.sendSecureXSiteReferrer", false);
-pref("toolkit.telemetry.enabled", false);
-// Do not tell what plugins do we have enabled: https://mail.mozilla.org/pipermail/firefox-dev/2013-November/001186.html
-pref("plugins.enumerable_names", "");
-pref("plugin.state.flash", 1);
-// Do not autoupdate search engines
-pref("browser.search.update", false);
-// Warn when the page tries to redirect or refresh
-//pref("accessibility.blockautorefresh", true);
-pref("dom.battery.enabled", false);
-pref("device.sensors.enabled", false);
-pref("camera.control.face_detection.enabled", false);
-pref("camera.control.autofocus_moving_callback.enabled", false);
+pref("network.http.spdy.enabled", false); // Stores state and may have keepalive issues (both fixable)
+pref("network.http.spdy.enabled.v2", false); // Seems redundant, but just in case
+pref("network.http.spdy.enabled.v3", false); // Seems redundant, but just in case
pref("network.http.speculative-parallel-limit", 0);
-
-// Crypto hardening
-// https://gist.github.com/haasn/69e19fc2fe0e25f3cff5
-//General settings
-//pref("security.tls.unrestricted_rc4_fallback", false);
-//pref("security.tls.insecure_fallback_hosts.use_static_list", false);
-//pref("security.tls.version.min", 1);
-//pref("security.ssl.require_safe_negotiation", true);
-//pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
-//pref("security.ssl3.rsa_seed_sha", true);
-//pref("security.OCSP.enabled", 1);
-//pref("security.OCSP.require", true);
-
-// Disable channel updates
-pref("app.update.enabled", false);
-pref("app.update.auto", false);
-
-pref("font.default.x-western", "sans-serif");
-
-// Preferences for the Get Add-ons panel
-pref ("extensions.webservice.discoverURL", "https://directory.fsf.org/wiki/GNU_IceCat");
-pref ("extensions.getAddons.search.url", "https://directory.fsf.org/wiki/GNU_IceCat");
-
-// Mobile
+pref("network.jar.block-remote-files", true); // https://bugzilla.mozilla.org/show_bug.cgi?id=1173171
+pref("network.jar.open-unsafe-types", false);
+pref("network.manage-offline-status", false); // https://trac.torproject.org/projects/tor/ticket/18945
+pref("network.predictor.enabled", false); // https://trac.torproject.org/projects/tor/ticket/16625
+pref("network.prefetch-next", false);
+pref("network.protocol-handler.external-default", false);
+pref("network.protocol-handler.external.mailto", false);
+pref("network.protocol-handler.external.news", false);
+pref("network.protocol-handler.external.nntp", false);
+pref("network.protocol-handler.external.snews", false);
+pref("network.protocol-handler.warn-external.mailto", true);
+pref("network.protocol-handler.warn-external.news", true);
+pref("network.protocol-handler.warn-external.nntp", true);
+pref("network.protocol-handler.warn-external.snews", true);
+pref("network.proxy.no_proxies_on", ""); // For fingerprinting and local service vulns (#10419)
+pref("network.proxy.socks", "127.0.0.1");
+pref("network.proxy.socks_port", 9050);
+pref("network.proxy.socks_remote_dns", true);
+pref("network.proxy.type", 0); // Setup for TOR for default proxy, but do not enable by default.
+pref("network.security.ports.banned", "9050,9051,9150,9151");
+pref("network.websocket.max-connections", 0);
+pref("nglayout.initialpaint.delay", 0);
+pref("noscript.forbidMedia", true);
+pref("offline-apps.allow_by_default", false); // https://support.mozilla.org/en-US/questions/1014708
+//pref("pdfjs.disabled", true); // https://www.exploit-db.com/exploits/37958/
+pref("permissions.memory_only", true);
+pref("pfs.datasource.url", "about:blank"); // Fingerprints the user, not HTTPS. Remove it.
+pref("pfs.filehint.url", "about:blank");
+pref("plugin.disable", true); // Disable to search plugins on first start
+pref("plugin.expose_full_path", false);
+pref("plugin.state.flash", 0);
+pref("plugin.state.libgnome-shell-browser-plugin", 0); // disable Gnome Shell Integration
+pref("plugins.click_to_play", true);
+pref("plugins.enumerable_names", "about:blank");
+pref("plugins.hideMissingPluginsNotification", true);
+pref("plugins.hide_infobar_for_missing_plugin", true);
+pref("plugins.hide_infobar_for_outdated_plugin", true);
+pref("plugins.notifyMissingFlash", false);
pref("privacy.announcements.enabled", false);
-pref("browser.snippets.enabled", false);
-pref("browser.snippets.syncPromo.enabled", false);
-pref("browser.snippets.geoUrl", "http://127.0.0.1/");
-pref("browser.snippets.updateUrl", "http://127.0.0.1/");
-pref("browser.snippets.statsUrl", "http://127.0.0.1/");
-pref("datareporting.policy.firstRunTime", 0);
-pref("datareporting.policy.dataSubmissionPolicyVersion", 2);
-pref("browser.webapps.checkForUpdates", 0);
-pref("browser.webapps.updateCheckUrl", "http://127.0.0.1/");
-pref("app.faqURL", "http://libreplanet.org/wiki/Group:IceCat/FAQ");
-
-// PFS url
-pref("pfs.datasource.url", "http://gnuzilla.gnu.org/plugins/PluginFinderService.php?mimetype=%PLUGIN_MIMETYPE%");
-pref("pfs.filehint.url", "http://gnuzilla.gnu.org/plugins/PluginFinderService.php?mimetype=%PLUGIN_MIMETYPE%");
-
-// Disable Gecko media plugins: https://wiki.mozilla.org/GeckoMediaPlugins
-pref("media.gmp-manager.url", "http://127.0.0.1/");
-pref("media.gmp-manager.url.override", "data:text/plain,");
-pref("media.gmp-provider.enabled", false);
-// Don't install openh264 codec
-pref("media.gmp-gmpopenh264.enabled", false);
-
-//Disable heartbeat
-pref("browser.selfsupport.url", "");
-
-//Disable Link to FireFox Marketplace, currently loaded with non-free "apps"
-pref("browser.apps.URL", "");
-
-//Disable Firefox Hello
-pref("loop.enabled",false);
-pref("loop.feedback.baseUrl", "");
-pref("loop.gettingStarted.url", "");
-pref("loop.learnMoreUrl", "");
-pref("loop.legal.ToS_url", "");
-pref("loop.legal.privacy_url", "");
-pref("loop.oauth.google.redirect_uri", "");
-pref("loop.oauth.google.scope", "");
-pref("loop.server", "");
-pref("loop.soft_start_hostname", "");
-pref("loop.support_url", "");
-pref("loop.throttled2",false);
-
-// Use old style preferences, that allow javascript to be disabled
-pref("browser.preferences.inContent",false);
-
-// Don't download ads for the newtab page
-pref("browser.newtabpage.directory.source", "");
-pref("browser.newtabpage.directory.ping", "");
-pref("browser.newtabpage.introShown", true);
-
-// Disable home snippets
-pref("browser.aboutHomeSnippets.updateUrl", "data:text/html");
-
-// Disable hardware acceleration and WebGL
-//pref("layers.acceleration.disabled", false);
-pref("webgl.disabled", false);
-
-// Disable SSDP
-pref("browser.casting.enabled", false);
-
-//Disable directory service
+pref("privacy.donottrackheader.enabled", false); // http://www.howtogeek.com/126705/why-enabling-do-not-track-doesnt-stop-you-from-being-tracked/
+pref("privacy.donottrackheader.value", 1);
+pref("privacy.thirdparty.isolate", 2); // Always enforce third party isolation
+pref("privacy.trackingprotection.enabled", true);
+pref("privacy.trackingprotection.pbmode.enabled", true);
+pref("security.OCSP.enabled", 0); // https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol#Privacy_concerns
+pref("security.OCSP.require", false);
+pref("security.ask_for_password", 0);
+pref("security.cert_pinning.enforcement_level", 2); // https://trac.torproject.org/projects/tor/ticket/16206
+pref("security.enable_tls_session_tickets", false);
+pref("security.mixed_content.block_active_content", true); // Note: Can be disabled for user experience. https://bugzilla.mozilla.org/show_bug.cgi?id=878890
+pref("security.nocertdb", false);
+pref("security.ssl.errorReporting.url", "");
+pref("security.ssl.errorReporting.enabled", false);
+pref("security.ssl.disable_session_identifiers", true);
+pref("security.ssl.enable_false_start", true);
+pref("security.ssl.require_safe_negotiation", true);
+pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
+pref("security.ssl3.rsa_seed_sha", true);
+pref("security.tls.insecure_fallback_hosts.use_static_list", false);
+pref("security.tls.unrestricted_rc4_fallback", false);
+pref("security.tls.version.max", 3);
+pref("security.tls.version.min", 1);
+pref("services.kinto.base", "");
+pref("services.sync.engine.addons", false);
+pref("services.sync.engine.prefs", false); // Never sync prefs, addons, or tabs with other browsers
+pref("services.sync.engine.tabs", false);
+pref("services.sync.prefs.sync.addons.ignoreUserEnabledChanges", false);
+pref("services.sync.prefs.sync.extensions.update.enabled", false);
+pref("services.sync.serverURL", "about:blank");
+pref("services.sync.jpake.serverURL", "about:blank");
+pref("signon.autofillForms", false); // disable cross-site form exposure from password manager - http://kb.mozillazine.org/Signon.autofillForms
+//pref("signon.rememberSignons", false);
pref("social.directories", "");
-pref("social.whitelist", "");
+pref("social.enabled", false);
+pref("social.remote-install.enabled", false);
pref("social.shareDirectory", "");
+pref("social.toast-notifications.enabled", false);
+pref("social.whitelist", "");
+pref("startup.homepage_override_url", "");
+pref("startup.homepage_welcome_url", "");
+pref("svg.in-content.enabled", true);
+pref("toolkit.telemetry.enabled", false);
+pref("toolkit.telemetry.server", "about:blank");
+pref("toolkit.telemetry.archive.enabled", false);
+pref("ui.key.menuAccessKeyFocuses", false); // Disable "alt" as a shortcut key to open full menu bar. Conflicts with "alt" as a modifier
+//pref("webgl.disable-extensions", true);
+//pref("webgl.disabled", true);
+pref("webgl.min_capability_mode", true);
+pref("xpinstall.signatures.required", true); // Requires AMO signing key for addons
+pref("xpinstall.whitelist.add", "");
+pref("xpinstall.whitelist.add.36", "");
generated by cgit v1.2.2 (git 2.25.0) at 2024-04-27 22:11:16 +0000