summaryrefslogtreecommitdiff
path: root/nonprism/iceweasel-hardened-preferences
diff options
context:
space:
mode:
authorGaming4JC <g4jc@openmailbox.org>2017-01-02 10:36:07 -0500
committerGaming4JC <g4jc@openmailbox.org>2017-01-02 10:36:07 -0500
commit9583ad7a2b31af70f21b9e78c5ea69ef17cf4c34 (patch)
tree77221ce8aaee16ec6e601517dbe48afbab4de842 /nonprism/iceweasel-hardened-preferences
parentf25df79ef8c9ba289d0ab8e111ada8de217c1f6e (diff)
Update Iceweasel-hardened pref for v50
Diffstat (limited to 'nonprism/iceweasel-hardened-preferences')
-rw-r--r--nonprism/iceweasel-hardened-preferences/PKGBUILD12
-rw-r--r--nonprism/iceweasel-hardened-preferences/iceweasel-branding.js62
-rw-r--r--nonprism/iceweasel-hardened-preferences/iceweasel-hardened.install4
3 files changed, 67 insertions, 11 deletions
diff --git a/nonprism/iceweasel-hardened-preferences/PKGBUILD b/nonprism/iceweasel-hardened-preferences/PKGBUILD
index f0fbeb9b9..8abcd2cfb 100644
--- a/nonprism/iceweasel-hardened-preferences/PKGBUILD
+++ b/nonprism/iceweasel-hardened-preferences/PKGBUILD
@@ -2,8 +2,8 @@
# Contributor: André Silva <emulatorman@parabola.nu>
pkgname=iceweasel-hardened-preferences
-pkgver=0.1
-pkgrel=9
+pkgver=0.2
+pkgrel=1
pkgdesc="Hardened preferences script which runs Iceweasel to protect from a variety of privacy, security, and fingerprinting attacks."
arch=(any)
license=(MPL)
@@ -19,12 +19,12 @@ source=('firefox-branding.js'
'iceweasel-hardened.install')
sha512sums=('cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e'
'd542452fa1d619d22e9c9b6e4af58d7310abdc5c81d871a1abbddb0087c53913c8a244af2b7be416a2c439383afc2480c439078ebde0ccac518300d9027b4800'
-'c05992d3db2466928cf001b344fe01e08afc667296f65284f84fc5ba24c7d4fe71c2cb5e7b69776d31db3726f05b1176a3bd20ee077d6a0b43e6c5a007bc7563'
-'26e48145cfeaf8f243c6f4f30ccc806aea3fb825370e43b34dab33e1404a88849c888bf25a0b2038b3535b2d45569af24652894bb7a845b9bbc90fa23787cd2e')
+'c5678128d9b3a442322c9c5ea3aaec8df7e891eca575bd798fd6a820c7f6e39daaed3fcf4b796a0298243ed645ed5a6075d26df2152cb82037104872eb3dbd3f'
+'6dac0640bc84606be573cd5e8f2c2c5b40f30c3c9660b43e3df06dbce7e18f039fcff4e663d4eae61371c949ea78bdda2dd58339100942965b108b29c9d80375')
whirlpoolsums=('19fa61d75522a4669b44e39c1d2e1726c530232130d407f89afee0964997f7a73e83be698b288febcf88e3e03c4f0757ea8964e59b63d93708b138cc42a66eb3'
'f7cb38e58f644ddeae9f931c290ae1d96e54d0a8937171f2ebad498b65b87f2115cbd0a0f2a55e12dceba7a387e70fd2432678010a87975f8322c9c27b41efd2'
-'75096151a65da722382b51ee0655e76cdba717e4bc3ffe9fda731435ac061447e7e019d8e8b50c659b1ab66dd64eabe99798c81fac21cad31cc843b62a05e51d'
-'1b1e6202ce3fbf05e0513af03e94f2ad5a70b774404dd72260363fdc1f810047cbfb9889ad6f800f5bbe87b050c2556ea30567baf7b07e67f1afc05fc665fb5e')
+'111d468f523136ffaf6b886fbca966ec680d5dcdb6afa7ffc308146339672b4f68e721de25cb811d63a58d6b80582befaa59b93b9e5641d7421652eab55323f8'
+'e9c71ee315adf97e0da1f0395a16ac6adf64490da3883875182c9468f15b3707ddfc304b3acfdf05646533239c5dc2ff8e38652d0246f2b07fc9e620ef7d694e')
package() {
install -Dm644 iceweasel-branding.js "$pkgdir"/usr/lib/iceweasel/browser/defaults/preferences/iceweasel-branding.js
diff --git a/nonprism/iceweasel-hardened-preferences/iceweasel-branding.js b/nonprism/iceweasel-hardened-preferences/iceweasel-branding.js
index 120fa2543..daa92b859 100644
--- a/nonprism/iceweasel-hardened-preferences/iceweasel-branding.js
+++ b/nonprism/iceweasel-hardened-preferences/iceweasel-branding.js
@@ -1,6 +1,8 @@
/******************************************************************************
- * user.js *
- * https://github.com/pyllyukko/user.js *
+ * user.js *
+ * Adapted from... *
+ * https://github.com/pyllyukko/user.js *
+ * https://github.com/The-OP/Fox/tree/master/prefs *
******************************************************************************/
/*****************************************************************************
@@ -71,6 +73,7 @@ pref("services.kinto.base", "");
// https://hg.mozilla.org/releases/mozilla-beta/file/00bcc10b3bdc/dom/presentation/provider/MulticastDNSDeviceProvider.cpp#l18
pref("dom.presentation.discovery.enabled", false);
pref("dom.presentation.discoverable", false);
+pref("dom.presentation.discovery.legacy.enabled", false);
// http://kb.mozillazine.org/Dom.storage.enabled
// http://dev.w3.org/html5/webstorage/#dom-localstorage
@@ -161,6 +164,7 @@ pref("dom.indexedDB.enabled", false);
// Disable gamepad input
// http://www.w3.org/TR/gamepad/
pref("dom.gamepad.enabled", false);
+pref("dom.gamepad.test.enabled", false);
// Disable virtual reality devices
// https://developer.mozilla.org/en-US/Firefox/Releases/36#Interfaces.2FAPIs.2FDOM
@@ -196,8 +200,42 @@ pref("webgl.disabled", true);
pref("webgl.enable-debug-renderer-info", false);
pref("webgl.disable-extensions", false);
pref("webgl.min_capability_mode", true);
+pref("webgl.disable-wgl", true);
+pref("webgl.enable-webgl2", false);
// somewhat related...
-pref("pdfjs.enableWebGL", false);
+pref("pdfjs.enableWebGL", false);
+
+// Disable File and Directory Entries API (Imported from Edge/Chromium)
+// https://developer.mozilla.org/en-US/Firefox/Releases/50#Files_and_directories
+// https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API
+// https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API/Introduction
+// https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API/Firefox_support
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1265767
+pref("dom.webkitBlink.filesystem.enabled", false);
+// https://developer.mozilla.org/en-US/docs/Web/API/HTMLInputElement/webkitdirectory
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1258489
+// https://hg.mozilla.org/releases/mozilla-release/rev/133af19777be
+pref("dom.webkitBlink.dirPicker.enabled", false);
+
+// Directory Upload API, webkitdirectory
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1188880
+// https://bugzilla.mozilla.org/show_bug.cgi?id=907707
+// https://wicg.github.io/directory-upload/proposal.html
+pref("dom.input.dirpicker", false);
+
+// Disable FlyWeb
+// http://www.ghacks.net/2016/07/26/firefox-flyweb/
+// https://www.reddit.com/r/firefox/comments/4uwd1n/flyweb_we_dont_need_no_stinking_iot_apps/
+// https://hg.mozilla.org/releases/mozilla-release/rev/576019c74103
+// https://hg.mozilla.org/releases/mozilla-release/file/8dc18bf5abac/browser/extensions/flyweb/bootstrap.js#l36
+pref("dom.flyweb.enabled", false);
+
+
+// Disable Pointer Lock API.
+// https://developer.mozilla.org/en-US/docs/Web/API/Pointer_Lock_API
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1273351
+ pref("full-screen-api.pointer-lock.enabled", false);
+pref("pointer-lock-api.prefixed.enabled", false);
/******************************************************************************
* Misc *
@@ -286,6 +324,7 @@ pref("browser.urlbar.filter.javascript", true);
pref("javascript.options.asmjs", false);
// https://hacks.mozilla.org/2016/03/a-webassembly-milestone/
pref("javascript.options.wasm", false);
+pref("javascript.options.wasm_baselinejit", false);
// https://trac.torproject.org/projects/tor/ticket/9387#comment:43
pref("javascript.options.typeinference", false);
pref("javascript.options.baselinejit.content", false);
@@ -547,6 +586,20 @@ pref("browser.safebrowsing.provider.google.gethashURL", "");
pref("browser.safebrowsing.provider.google.updateURL", "");
pref("browser.safebrowsing.provider.google.lists", "");
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1025965
+user_pref("browser.safebrowsing.phishing.enabled", false);
+user_pref("browser.safebrowsing.provider.google4.lists", "");
+user_pref("browser.safebrowsing.provider.google4.updateURL", "");
+user_pref("browser.safebrowsing.provider.google4.gethashURL", "");
+user_pref("browser.safebrowsing.provider.google4.reportURL", "");
+user_pref("browser.safebrowsing.provider.mozilla.lists", "");
+
+// Disable Microsoft Family Safety MiTM support
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1239166
+// https://wiki.mozilla.org/SecurityEngineering/Untrusted_Certificates_in_Windows_Child_Mode
+// https://hg.mozilla.org/releases/mozilla-release/file/ddb37c386bb2ffa180117b4d30ca3b41a8af233c/security/manager/ssl/nsNSSComponent.cpp#l782
+user_pref("security.family_safety.mode", 0);
+
// Disable pocket
// https://support.mozilla.org/en-US/kb/save-web-pages-later-pocket-firefox
pref("browser.pocket.enabled", false);
@@ -706,6 +759,9 @@ pref("browser.webapps.checkForUpdates", 0);
pref("browser.webapps.updateCheckUrl", "about:blank");
pref("dom.mozApps.signed_apps_installable_from", "");
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1223838#c31
+pref("network.http.enablePerElementReferrer", false);
+
// Disable Favicon lookups
// http://kb.mozillazine.org/Browser.chrome.favicons
// pref("browser.chrome.favicons", false);
diff --git a/nonprism/iceweasel-hardened-preferences/iceweasel-hardened.install b/nonprism/iceweasel-hardened-preferences/iceweasel-hardened.install
index 6e59a0c98..a40085990 100644
--- a/nonprism/iceweasel-hardened-preferences/iceweasel-hardened.install
+++ b/nonprism/iceweasel-hardened-preferences/iceweasel-hardened.install
@@ -1,6 +1,6 @@
post_install() {
echo "..."
- echo "Note: It is now required to use iceweasel-hardened or iceweasel binaries separately. They cannot run at the same time, but can be ran interchangebly."
+ echo "Note: It is now required to use iceweasel-hardened or iceweasel binaries separately. They cannot run at the same time, but can be ran interchangebly. Additionally some user.js preferences may be overriden in your normal profile due to Mozilla bug #1322624."
echo "..."
- echo "Nota: ahora se require usar los binarios iceweasel-hardened o iceweasel de forma separada. No pueden ser usados al mismo tiempo, pero sí de manera alterna."
+ echo "Nota: ahora se require usar los binarios iceweasel-hardened o iceweasel de forma separada. No pueden ser usados al mismo tiempo, pero sí de manera alterna. Además, algunas preferencias de user.js pueden ser anuladas en tu perfil normal debido al error #1322624 de Mozilla."
} \ No newline at end of file
generated by cgit v1.2.2 (git 2.25.0) at 2024-05-02 07:47:32 +0000