From d485f24df58a49af09892a68df0e4b3ee1ada97d Mon Sep 17 00:00:00 2001 From: Freemor Date: Sun, 28 Oct 2018 15:08:31 -0300 Subject: Tweak [iceweasel-hardened-preferences] to make it work with v61+ - rename iceweasel-branding.js to iceweasel-hardeded.prefs to stop regular iceweasel loading it. - Tweak the iceweasel-hardened script to use the renamed file. --- nonprism/iceweasel-hardened-preferences/PKGBUILD | 8 +- .../iceweasel-branding.js | 1986 -------------------- .../iceweasel-hardened.prefs | 1986 ++++++++++++++++++++ .../iceweasel-hardened.sh | 2 +- 4 files changed, 1991 insertions(+), 1991 deletions(-) delete mode 100644 nonprism/iceweasel-hardened-preferences/iceweasel-branding.js create mode 100644 nonprism/iceweasel-hardened-preferences/iceweasel-hardened.prefs (limited to 'nonprism') diff --git a/nonprism/iceweasel-hardened-preferences/PKGBUILD b/nonprism/iceweasel-hardened-preferences/PKGBUILD index 9fc5eccf7..da75ff426 100644 --- a/nonprism/iceweasel-hardened-preferences/PKGBUILD +++ b/nonprism/iceweasel-hardened-preferences/PKGBUILD @@ -3,7 +3,7 @@ pkgname=iceweasel-hardened-preferences pkgver=1.0 -pkgrel=2 +pkgrel=3 pkgdesc="Hardened preferences script which runs Iceweasel to protect from a variety of privacy, security, and fingerprinting attacks." arch=(any) license=(MPL) @@ -17,15 +17,15 @@ url="https://wiki.parabola.nu/${pkgname%%-*}" install=iceweasel-hardened.install source=('firefox-branding.js' 'iceweasel-hardened.sh' -'iceweasel-branding.js' +'iceweasel-hardened.prefs' 'iceweasel-hardened.install') sha512sums=('cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e' - '10414e863be42086221fc04cfeaadd4790dc3af138b1ecaaf70e237087de4cfa64af544f7c750691f4a197a7ad8951f64b8f7398fae6cf991031f73735271be0' + '511f8de16b5f34ee979144468c87ecbbc3394e01f460d522335b0d1e232d6576fa164a7300c392b9e4722f78de5ca0527f42841674e5370309715aa14c3a2bf3' 'f0062cf0b353cff37817154e256279e1cd1de90b9515385571964540ae3a1c1c309418fddfab1742b5b02819af1b96ab8b0c44c27cf5ef346d5495fa3af46ec8' 'e9baa13d50195ff5be507093c45c00bb06a77c9e633ac183ec2fd74eebb11bfc07bde334fe4455b763e8700cde146ae223578ebd8d13066739220502b6eebff6') package() { - install -Dm644 iceweasel-branding.js "$pkgdir"/usr/lib/iceweasel/browser/defaults/preferences/iceweasel-branding.js + install -Dm644 iceweasel-hardened.prefs "$pkgdir"/usr/lib/iceweasel/browser/defaults/preferences/iceweasel-hardened.prefs install -Dm766 firefox-branding.js "$pkgdir"/usr/lib/iceweasel/browser/defaults/preferences/firefox-branding.js install -Dm755 iceweasel-hardened.sh "$pkgdir"/usr/bin/iceweasel-hardened } diff --git a/nonprism/iceweasel-hardened-preferences/iceweasel-branding.js b/nonprism/iceweasel-hardened-preferences/iceweasel-branding.js deleted file mode 100644 index 399cfda50..000000000 --- a/nonprism/iceweasel-hardened-preferences/iceweasel-branding.js +++ /dev/null @@ -1,1986 +0,0 @@ -/**************************************************************************** - * user.js * - * Adapted from... * - * https://github.com/pyllyukko/user.js * - * https://github.com/The-OP/Fox/tree/master/prefs * - * https://github.com/ghacksuserjs/ghacks-user.js * - ******************************************************************************/ - - /***************************************************************************** - * Avoid hardware based fingerprintings * - * Canvas/Font's/Plugins * - ******************************************************************************/ -// https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration -// https://www.macromedia.com/support/documentation/en/flashplayer/help/help01.html -// https://github.com/dillbyrne/random-agent-spoofer/issues/74 -pref("gfx.direct2d.disabled", true); -pref("layers.acceleration.disabled", true); -pref("gfx.downloadable_fonts.fallback_delay", -1); -pref("intl.charset.default", "windows-1252"); -pref("privacy.use_utc_timezone", true); -pref("privacy.suppressModifierKeyEvents", true); // Bug #17009: Suppress ALT and SHIFT events" -pref("noscript.forbidFonts", true); -pref("dom.maxHardwareConcurrency", 1); // Bug 21675: Spoof single-core cpu - -// Tor Browser Font config -// https://gitweb.torproject.org/tor-browser.git/tree/browser/app/profile/000-tor-browser.js?h=tor-browser-52.1.0esr-7.0-2 -pref("font.default.lo", "Noto Sans Lao"); -pref("font.default.my", "Noto Sans Myanmar"); -pref("font.default.x-western", "sans-serif"); -pref("font.name-list.cursive.ar", "Noto Naskh Arabic, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.cursive.he", "Noto Sans Hebrew, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.cursive.x-cyrillic", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.cursive.x-unicode", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.cursive.x-western", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.fantasy.ar", "Noto Naskh Arabic, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.fantasy.el", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.fantasy.he", "Noto Sans Hebrew, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.fantasy.x-cyrillic", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.fantasy.x-unicode", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.fantasy.x-western", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.monospace.ar", "Noto Naskh Arabic, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto -Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.monospace.el", "Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto -Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans -Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto -Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto -Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.monospace.he", "Noto Sans Hebrew, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto -Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.monospace.ja", "Noto Sans JP Regular, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, -Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.monospace.ko", "Noto Sans KR Regular, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, -Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.monospace.th", "Noto Sans Thai, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto -Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.monospace.x-armn", "Noto Sans Armenian, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, -Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.monospace.x-beng", "Noto Sans Bengali, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, -Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.monospace.x-cyrillic", "Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans -Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, -Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans -Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans -Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.monospace.x-devanagari", "Noto Sans Devanagari, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans -Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, -Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans -Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans -Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, -Noto Serif Thai"); -pref("font.name-list.monospace.x-ethi", "Noto Sans Ethiopic, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, -Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.monospace.x-geor", "Noto Sans Georgian, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, -Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.monospace.x-gujr", "Noto Sans Gujarati, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, -Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.monospace.x-guru", "Noto Sans Gurmukhi, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, -Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.monospace.x-khmr", "Noto Sans Khmer, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, -Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.monospace.x-knda", "Noto Sans Kannada, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, -Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.monospace.x-mlym", "Noto Sans Malayalam, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, -Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.monospace.x-orya", "Noto Sans Oriya, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, -Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.monospace.x-sinh", "Noto Sans Sinhala, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, -Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.monospace.x-tamil", "Noto Sans Tamil, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, -Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.monospace.x-telu", "Noto Sans Telugu, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, -Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.monospace.x-tibt", "Noto Sans Tibetan, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, -Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.monospace.x-unicode", "Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans -Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, -Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans -Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans -Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.monospace.x-western", "Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans -Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, -Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans -Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans -Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.monospace.zh-CN", "Noto Sans SC Regular, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, -Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.monospace.zh-HK", "Noto Sans TC Regular, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, -Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.monospace.zh-TW", "Noto Sans TC Regular, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, -Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.sans-serif.ar", "Noto Naskh Arabic, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans -Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, -Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans -Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans -Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.sans-serif.el", "Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans -JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, -Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, -Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, -Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.sans-serif.he", "Noto Sans Hebrew, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans -Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, -Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans -Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans -Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.sans-serif.ja", "Noto Sans JP Regular, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans -Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, -Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans -Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans -Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.sans-serif.ko", "Noto Sans KR Regular, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans -Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, -Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans -Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans -Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.sans-serif.th", "Noto Sans Thai, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans -Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, -Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans -Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans -Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.sans-serif.x-armn", "Noto Sans Armenian, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto -Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.sans-serif.x-beng", "Noto Sans Bengali, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto -Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.sans-serif.x-cyrillic", "Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, -Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans -Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto -Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto -Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.sans-serif.x-devanagari", "Noto Sans Devanagari, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, -Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.sans-serif.x-ethi", "Noto Sans Ethiopic, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto -Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.sans-serif.x-geor", "Noto Sans Georgian, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto -Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.sans-serif.x-gujr", "Noto Sans Gujarati, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto -Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.sans-serif.x-guru", "Noto Sans Gurmukhi, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto -Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.sans-serif.x-khmr", "Noto Sans Khmer, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans -Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, -Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans -Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans -Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.sans-serif.x-knda", "Noto Sans Kannada, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto -Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.sans-serif.x-mlym", "Noto Sans Malayalam, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto -Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.sans-serif.x-orya", "Noto Sans Oriya, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans -Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, -Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans -Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans -Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.sans-serif.x-sinh", "Noto Sans Sinhala, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto -Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.sans-serif.x-tamil", "Noto Sans Tamil, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans -Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, -Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans -Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans -Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.sans-serif.x-telu", "Noto Sans Telugu, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans -Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, -Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans -Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans -Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.sans-serif.x-tibt", "Noto Sans Tibetan, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto -Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.sans-serif.x-unicode", "Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto -Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans -Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto -Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto -Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.sans-serif.x-western", "Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto -Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans -Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto -Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto -Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.sans-serif.zh-CN", "Noto Sans SC Regular, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto -Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.sans-serif.zh-HK", "Noto Sans TC Regular, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto -Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.sans-serif.zh-TW", "Noto Sans TC Regular, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto -Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans -Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, -Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto -Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.serif.ar", "Noto Naskh Arabic, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.serif.el", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.serif.he", "Tinos, Georgia, Noto Sans Hebrew, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.serif.ja", "Noto Sans JP Regular, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.serif.ko", "Noto Sans KR Regular, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.serif.th", "Noto Serif Thai, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.serif.x-armn", "Noto Serif Armenian, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.serif.x-beng", "Noto Sans Bengali, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.serif.x-cyrillic", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.serif.x-devanagari", "Noto Sans Devanagari, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif -Thai"); -pref("font.name-list.serif.x-ethi", "Noto Sans Ethiopic, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.serif.x-geor", "Noto Sans Georgian, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.serif.x-gujr", "Noto Sans Gujarati, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.serif.x-guru", "Noto Sans Gurmukhi, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.serif.x-khmr", "Noto Serif Khmer, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.serif.x-knda", "Noto Sans Kannada, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.serif.x-mlym", "Noto Sans Malayalam, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.serif.x-orya", "Noto Sans Oriya, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.serif.x-sinh", "Noto Sans Sinhala, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.serif.x-tamil", "Noto Sans Tamil, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.serif.x-telu", "Noto Sans Telugu, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.serif.x-tibt", "Noto Sans Tibetan, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.serif.x-unicode", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.serif.x-western", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.serif.zh-CN", "Noto Sans SC Regular, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.serif.zh-HK", "Noto Sans TC Regular, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name-list.serif.zh-TW", "Noto Sans TC Regular, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); -pref("font.name.cursive.ar", "Noto Naskh Arabic"); -pref("font.name.cursive.el", "Tinos, Georgia"); -pref("font.name.cursive.he", "Noto Sans Hebrew"); -pref("font.name.cursive.x-cyrillic", "Tinos, Georgia"); -pref("font.name.cursive.x-unicode", "Tinos, Georgia"); -pref("font.name.cursive.x-western", "Tinos, Georgia"); -pref("font.name.fantasy.ar", "Noto Naskh Arabic"); -pref("font.name.fantasy.el", "Tinos, Georgia"); -pref("font.name.fantasy.he", "Noto Sans Hebrew"); -pref("font.name.fantasy.x-cyrillic", "Tinos, Georgia"); -pref("font.name.fantasy.x-unicode", "Tinos, Georgia"); -pref("font.name.fantasy.x-western", "Tinos, Georgia"); -pref("font.name.monospace.ar", "Noto Naskh Arabic"); -pref("font.name.monospace.el", "Tinos, Georgia"); -pref("font.name.monospace.he", "Noto Sans Hebrew"); -pref("font.name.monospace.ja", "Noto Sans JP Regular"); -pref("font.name.monospace.ko", "Noto Sans KR Regular"); -pref("font.name.monospace.my", "Noto Sans Myanmar"); -pref("font.name.monospace.th", "Noto Sans Thai"); -pref("font.name.monospace.x-armn", "Noto Sans Armenian"); -pref("font.name.monospace.x-beng", "Noto Sans Bengali"); -pref("font.name.monospace.x-cyrillic", "Cousine, Courier, Courier New"); -pref("font.name.monospace.x-devanagari", "Noto Sans Devanagari"); -pref("font.name.monospace.x-ethi", "Noto Sans Ethiopic"); -pref("font.name.monospace.x-geor", "Noto Sans Georgian"); -pref("font.name.monospace.x-gujr", "Noto Sans Gujarati"); -pref("font.name.monospace.x-guru", "Noto Sans Gurmukhi"); -pref("font.name.monospace.x-khmr", "Noto Sans Khmer"); -pref("font.name.monospace.x-knda", "Noto Sans Kannada"); -pref("font.name.monospace.x-mlym", "Noto Sans Malayalam"); -pref("font.name.monospace.x-orya", "Noto Sans Oriya"); -pref("font.name.monospace.x-sinh", "Noto Sans Sinhala"); -pref("font.name.monospace.x-tamil", "Noto Sans Tamil"); -pref("font.name.monospace.x-telu", "Noto Sans Telugu"); -pref("font.name.monospace.x-tibt", "Noto Sans Tibetan"); -pref("font.name.monospace.x-unicode", "Cousine, Courier, Courier New"); -pref("font.name.monospace.x-western", "Cousine, Courier, Courier New"); -pref("font.name.monospace.zh-CN", "Noto Sans SC Regular"); -pref("font.name.monospace.zh-HK", "Noto Sans TC Regular"); -pref("font.name.monospace.zh-TW", "Noto Sans TC Regular"); -pref("font.name.sans-serif.ar", "Noto Naskh Arabic"); -pref("font.name.sans-serif.el", "Arimo, Arial, Verdana"); -pref("font.name.sans-serif.he", "Noto Sans Hebrew"); -pref("font.name.sans-serif.ja", "Noto Sans JP Regular"); -pref("font.name.sans-serif.ko", "Noto Sans KR Regular"); -pref("font.name.sans-serif.th", "Noto Sans Thai"); -pref("font.name.sans-serif.x-armn", "Noto Sans Armenian"); -pref("font.name.sans-serif.x-beng", "Noto Sans Bengali"); -pref("font.name.sans-serif.x-cyrillic", "Arimo, Arial, Verdana"); -pref("font.name.sans-serif.x-devanagari", "Noto Sans Devanagari"); -pref("font.name.sans-serif.x-ethi", "Noto Sans Ethiopic"); -pref("font.name.sans-serif.x-geor", "Noto Sans Georgian"); -pref("font.name.sans-serif.x-gujr", "Noto Sans Gujarati"); -pref("font.name.sans-serif.x-guru", "Noto Sans Gurmukhi"); -pref("font.name.sans-serif.x-khmr", "Noto Sans Khmer"); -pref("font.name.sans-serif.x-knda", "Noto Sans Kannada"); -pref("font.name.sans-serif.x-mlym", "Noto Sans Malayalam"); -pref("font.name.sans-serif.x-orya", "Noto Sans Oriya"); -pref("font.name.sans-serif.x-sinh", "Noto Sans Sinhala"); -pref("font.name.sans-serif.x-tamil", "Noto Sans Tamil"); -pref("font.name.sans-serif.x-telu", "Noto Sans Telugu"); -pref("font.name.sans-serif.x-tibt", "Noto Sans Tibetan"); -pref("font.name.sans-serif.x-unicode", "Arimo, Arial, Verdana"); -pref("font.name.sans-serif.x-western", "Arimo, Arial, Verdana"); -pref("font.name.sans-serif.zh-CN", "Noto Sans SC Regular"); -pref("font.name.sans-serif.zh-HK", "Noto Sans TC Regular"); -pref("font.name.sans-serif.zh-TW", "Noto Sans TC Regular"); -pref("font.name.sans.my", "Noto Sans Myanmar"); -pref("font.name.serif.ar", "Noto Naskh Arabic"); -pref("font.name.serif.el", "Tinos, Georgia"); -pref("font.name.serif.he", "Noto Sans Hebrew"); -pref("font.name.serif.ja", "Noto Sans JP Regular"); -pref("font.name.serif.ko", "Noto Sans KR Regular"); -pref("font.name.serif.my", "Noto Sans Myanmar"); -pref("font.name.serif.th", "Noto Serif Thai"); -pref("font.name.serif.x-armn", "Noto Serif Armenian"); -pref("font.name.serif.x-beng", "Noto Sans Bengali"); -pref("font.name.serif.x-cyrillic", "Tinos, Georgia"); -pref("font.name.serif.x-devanagari", "Noto Sans Devanagari"); -pref("font.name.serif.x-ethi", "Noto Sans Ethiopic"); -pref("font.name.serif.x-geor", "Noto Sans Georgian"); -pref("font.name.serif.x-gujr", "Noto Sans Gujarati"); -pref("font.name.serif.x-guru", "Noto Sans Gurmukhi"); -pref("font.name.serif.x-khmr", "Noto Serif Khmer"); -pref("font.name.serif.x-knda", "Noto Sans Kannada"); -pref("font.name.serif.x-mlym", "Noto Sans Malayalam"); -pref("font.name.serif.x-orya", "Noto Sans Oriya"); -pref("font.name.serif.x-sinh", "Noto Sans Sinhala"); -pref("font.name.serif.x-tamil", "Noto Sans Tamil"); -pref("font.name.serif.x-telu", "Noto Sans Telugu"); -pref("font.name.serif.x-tibt", "Noto Sans Tibetan"); -pref("font.name.serif.x-unicode", "Tinos, Georgia"); -pref("font.name.serif.x-western", "Tinos, Georgia"); -pref("font.name.serif.zh-CN", "Noto Sans SC Regular"); -pref("font.name.serif.zh-HK", "Noto Sans TC Regular"); -pref("font.name.serif.zh-TW", "Noto Sans TC Regular"); - -/****************************************************************************** - * SECTION: HTML5 / APIs / DOM * - ******************************************************************************/ - -// PREF: Disable Service Workers -// https://developer.mozilla.org/en-US/docs/Web/API/Worker -// https://developer.mozilla.org/en-US/docs/Web/API/ServiceWorker_API -// https://wiki.mozilla.org/Firefox/Push_Notifications#Service_Workers -// NOTICE: Disabling ServiceWorkers breaks functionality on some sites (Google Street View...) -// Unknown security implications -// CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287 (fixed) -pref("dom.serviceWorkers.enabled", false); - -// PREF: Disable Web Workers -// https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Using_web_workers -// https://www.w3schools.com/html/html5_webworkers.asp -pref("dom.workers.enabled", false); - -// Disable WebSockets -// https://www.infoq.com/news/2012/03/websockets-security -// http://mdn.beonex.com/en/WebSockets.html -pref("network.websocket.max-connections", 0); - - -// PREF: Disable web notifications -// https://support.mozilla.org/t5/Firefox/I-can-t-find-Firefox-menu-I-m-trying-to-opt-out-of-Web-Push-and/m-p/1317495#M1006501 -pref("dom.webnotifications.enabled", false); - -// Disable DOM Push API -// https://developer.mozilla.org/en-US/docs/Web/API/Push_API -// https://wiki.mozilla.org/Security/Reviews/Push_API -// https://wiki.mozilla.org/Privacy/Reviews/Push_API -// https://bugzilla.mozilla.org/show_bug.cgi?id=1038811 -// https://bugzilla.mozilla.org/show_bug.cgi?id=1153499 -pref("dom.push.enabled", false); -// As a "defense in depth" measure, configure an empty push server URL (the -pref("dom.push.serverURL", ""); -pref("dom.push.userAgentID", ""); -// https://hg.mozilla.org/releases/mozilla-beta/file/e549349b8d66/modules/libpref/init/all.js#l4237 -pref("dom.push.connection.enabled", false); -pref("dom.push.adaptive.enabled", false); -pref("dom.push.udp.wakeupEnabled", false); -// https://hg.mozilla.org/releases/mozilla-beta/file/00bcc10b3bdc/modules/libpref/init/all.js#l4445 -// https://hg.mozilla.org/releases/mozilla-beta/file/00bcc10b3bdc/dom/push/PushRecord.jsm#l59 -pref("dom.push.maxQuotaPerSubscription", 0); -// https://wiki.mozilla.org/Security/Reviews/SimplePush -pref("services.push.enabled", false); -pref("services.push.serverURL", ""); - -// PREF: Disable DOM timing API -// https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI -// https://www.w3.org/TR/navigation-timing/#privacy -pref("dom.enable_performance", false); - -// PREF: Make sure the User Timing API does not provide a new high resolution timestamp -// https://trac.torproject.org/projects/tor/ticket/16336 -// https://www.w3.org/TR/2013/REC-user-timing-20131212/#privacy-security -// https://network23.org/inputisevil/2015/09/06/how-html5-apis-can-fingerprint-users/ -pref("dom.performance.enable_user_timing_logging", false); -pref("dom.enable_resource_timing", false); // Bug 13024 -pref("dom.enable_user_timing", false); // Bug 16336 -pref("dom.event.highrestimestamp.enabled", true); // Bug 17046: Don't leak system uptime in Events - -// PREF: Disable Web Audio API -// https://bugzilla.mozilla.org/show_bug.cgi?id=1288359 -pref("dom.webaudio.enabled", false); - -// Disable MDNS (Supposedly only for Android but is in Desktop version also) -// https://hg.mozilla.org/releases/mozilla-beta/file/00bcc10b3bdc/dom/presentation/provider/MulticastDNSDeviceProvider.cpp#l18 -pref("dom.presentation.discovery.enabled", false); -// https://bugzilla.mozilla.org/show_bug.cgi?id=1278205 -pref("dom.presentation.controller.enabled", false); -pref("dom.presentation.receiver.enabled", false); -pref("dom.presentation.tcp_server.debug", false); -pref("dom.presentation.discoverable", false); -pref("dom.presentation.discovery.legacy.enabled", false); - -// PREF: Disable Location-Aware Browsing (geolocation) -// https://www.mozilla.org/en-US/firefox/geolocation/ -pref("geo.enabled", false); - -// PREF: When geolocation is enabled, use Mozilla geolocation service instead of Google -// https://bugzilla.mozilla.org/show_bug.cgi?id=689252 -pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); - -// PREF: When geolocation is enabled, don't log geolocation requests to the console -pref("geo.wifi.logging.enabled", false); - -// PREF: Disable raw TCP socket support (mozTCPSocket) -// https://trac.torproject.org/projects/tor/ticket/18863 -// https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/ -// https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket -pref("dom.mozTCPSocket.enabled", false); - -// PREF: Disable DOM storage (disabled) -// http://kb.mozillazine.org/Dom.storage.enabled -// https://html.spec.whatwg.org/multipage/webstorage.html -// NOTICE-DISABLED: Disabling DOM storage is known to cause`TypeError: localStorage is null` errors -//pref("dom.storage.enabled", false); - -// PREF: Disable leaking network/browser connection information via Javascript -// Network Information API provides general information about the system's connection type (WiFi, cellular, etc.) -// https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API -// https://wicg.github.io/netinfo/#privacy-considerations -// https://bugzilla.mozilla.org/show_bug.cgi?id=960426 -pref("dom.netinfo.enabled", false); -// fingerprinting due to differing OS implementations -pref("dom.network.enabled", false); - -// PREF: Disable WebRTC entirely to prevent leaking internal IP addresses (Firefox < 42) -// NOTICE: Disabling WebRTC breaks peer-to-peer file sharing tools (reep.io ...) -pref("media.peerconnection.enabled", false); - -// PREF: Don't reveal your internal IP when WebRTC is enabled (Firefox >= 42) -// https://wiki.mozilla.org/Media/WebRTC/Privacy -// https://github.com/beefproject/beef/wiki/Module%3A-Get-Internal-IP-WebRTC -pref("media.peerconnection.ice.default_address_only", true); // Firefox 42-51 -pref("media.peerconnection.ice.no_host", true); // Firefox >= 52 - -// PREF: Disable WebRTC getUserMedia, screen sharing, audio capture, video capture -// https://wiki.mozilla.org/Media/getUserMedia -// https://blog.mozilla.org/futurereleases/2013/01/12/capture-local-camera-and-microphone-streams-with-getusermedia-now-enabled-in-firefox/ -// https://developer.mozilla.org/en-US/docs/Web/API/Navigator -pref("media.navigator.enabled", false); -pref("media.navigator.video.enabled", false); -pref("media.getusermedia.screensharing.enabled", false); -pref("media.getusermedia.audiocapture.enabled", false); -// https://hg.mozilla.org/releases/mozilla-beta/file/00bcc10b3bdc/dom/media/MediaManager.cpp#l1942 -pref("media.getusermedia.noise_enabled", false); - -// Audio_data is deprecated in future releases, but still present -// in FF24. This is a dangerous combination (spotted by iSec) -pref("media.audio_data.enabled", false); - -// Don't autoplay WebM and other embedded media files -// https://support.mozilla.org/en-US/questions/1073167 -pref("media.autoplay.enabled", false); -pref("noscript.forbidMedia", true); - -// Disable Device Change API (FF 52+) -// https://developer.mozilla.org/en-US/docs/Web/Events/devicechange -// https://bugzilla.mozilla.org/show_bug.cgi?id=1152383 -// https://hg.mozilla.org/releases/mozilla-release/file/a67a1682be8f0327435aaa2f417154330eff0017/dom/webidl/MediaDevices.webidl#l15 -pref("media.ondevicechange.enabled", false); -// https://hg.mozilla.org/releases/mozilla-release/rev/5022a33fd3e9 -pref("media.ondevicechange.fakeDeviceChangeEvent.enabled", false); - -// PREF: Disable battery API (Firefox < 52) -// https://developer.mozilla.org/en-US/docs/Web/API/BatteryManager -// https://bugzilla.mozilla.org/show_bug.cgi?id=1313580 -pref("dom.battery.enabled", false); - -// PREF: Disable telephony API -// https://wiki.mozilla.org/WebAPI/Security/WebTelephony -pref("dom.telephony.enabled", false); - -// PREF: Disable "beacon" asynchronous HTTP transfers (used for analytics) -// https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon -pref("beacon.enabled", false); - -// PREF: Disable clipboard event detection (onCut/onCopy/onPaste) via Javascript -// NOTICE: Disabling clipboard events breaks Ctrl+C/X/V copy/cut/paste functionaility in JS-based web applications (Google Docs...) -// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled -pref("dom.event.clipboardevents.enabled", false); - -// PREF: Disable "copy to clipboard" functionality via Javascript (Firefox >= 41) -// NOTICE: Disabling clipboard operations will break legitimate JS-based "copy to clipboard" functionality -// https://hg.mozilla.org/mozilla-central/rev/2f9f8ea4b9c3 -pref("dom.allow_cut_copy", false); - -// PREF: Disable speech recognition -// https://dvcs.w3.org/hg/speech-api/raw-file/tip/speechapi.html -// https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition -// https://wiki.mozilla.org/HTML5_Speech_API -pref("media.webspeech.recognition.enable", false); - -// PREF: Disable speech synthesis -// https://developer.mozilla.org/en-US/docs/Web/API/SpeechSynthesis -pref("media.webspeech.synth.enabled", false); - -// PREF: Disable sensor API -// https://wiki.mozilla.org/Sensor_API -pref("device.sensors.enabled", false); - -// Disable MMS -pref("dom.mms.retrieval_mode", "never"); - -// PREF: Disable pinging URIs specified in HTML ping= attributes -// http://kb.mozillazine.org/Browser.send_pings -pref("browser.send_pings", false); - -// PREF: When browser pings are enabled, only allow pinging the same host as the origin page -// http://kb.mozillazine.org/Browser.send_pings.require_same_host -pref("browser.send_pings.require_same_host", true); - -// PREF: Disable IndexedDB (disabled) -// https://developer.mozilla.org/en-US/docs/IndexedDB -// https://en.wikipedia.org/wiki/Indexed_Database_API -// https://wiki.mozilla.org/Security/Reviews/Firefox4/IndexedDB_Security_Review -// http://forums.mozillazine.org/viewtopic.php?p=13842047 -// https://github.com/pyllyukko/user.js/issues/8 -// NOTICE-DISABLED: IndexedDB could be used for tracking purposes, but is required for some add-ons to work (notably uBlock), so is left enabled -//pref("dom.indexedDB.enabled", false); - -// TODO: "Access Your Location" "Maintain Offline Storage" "Show Notifications" - -// PREF: Disable gamepad API to prevent USB device enumeration -// https://www.w3.org/TR/gamepad/ -// https://trac.torproject.org/projects/tor/ticket/13023 -pref("dom.gamepad.enabled", false); -pref("dom.gamepad.non_standard_events.enabled", false); -pref("dom.gamepad.test.enabled", false); -pref("dom.gamepad.extensions.enabled", false); - -// PREF: Disable virtual reality devices APIs -// https://developer.mozilla.org/en-US/Firefox/Releases/36#Interfaces.2FAPIs.2FDOM -// https://developer.mozilla.org/en-US/docs/Web/API/WebVR_API -pref("dom.vr.enabled", false); -pref("dom.vr.cardboard.enabled", false); -pref("dom.vr.oculus.enabled", false); -pref("dom.vr.oculus050.enabled", false); -pref("dom.vr.poseprediction.enabled", false); -pref("dom.vr.openvr.enabled", false); -// https://hg.mozilla.org/releases/mozilla-release/file/970d0cf1c5d9/modules/libpref/init/all.js#l4778 -pref("dom.vr.add-test-devices", 0); -pref("dom.vr.osvr.enabled", false); - -// HTML5 privacy https://bugzilla.mozilla.org/show_bug.cgi?id=500328 -pref("browser.history.allowPopState", false); -pref("browser.history.allowPushState", false); -pref("browser.history.allowReplaceState", false); -// Idle Observation -pref("dom.idle-observers-api.enabled", false); -// PREF: Disable vibrator API -pref("dom.vibrator.enabled", false); - -// PREF: Disable Archive API (Firefox < 54) -// https://wiki.mozilla.org/WebAPI/ArchiveAPI -// https://bugzilla.mozilla.org/show_bug.cgi?id=1342361 -user_pref("dom.archivereader.enabled", false); - -// PREF: Disable webGL -// https://en.wikipedia.org/wiki/WebGL -// https://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/ -pref("webgl.disabled", true); -// PREF: When webGL is enabled, use the minimum capability mode -pref("webgl.min_capability_mode", true); -// PREF: When webGL is enabled, disable webGL extensions -// https://developer.mozilla.org/en-US/docs/Web/API/WebGL_API#WebGL_debugging_and_testing -pref("webgl.disable-extensions", true); -// PREF: When webGL is enabled, force enabling it even when layer acceleration is not supported -// https://trac.torproject.org/projects/tor/ticket/18603 -pref("webgl.disable-fail-if-major-performance-caveat", true); -// PREF: When webGL is enabled, do not expose information about the graphics driver -// https://bugzilla.mozilla.org/show_bug.cgi?id=1171228 -// https://developer.mozilla.org/en-US/docs/Web/API/WEBGL_debug_renderer_info -pref("webgl.enable-debug-renderer-info", false); -// somewhat related... -pref("pdfjs.enableWebGL", false); - -/****************************************************************************** - * SECTION: Misc * - ******************************************************************************/ -// Disable File and Directory Entries API (Imported from Edge/Chromium) -// https://developer.mozilla.org/en-US/Firefox/Releases/50#Files_and_directories -// https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API -// https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API/Introduction -// https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API/Firefox_support -// https://bugzilla.mozilla.org/show_bug.cgi?id=1265767 -pref("dom.webkitBlink.filesystem.enabled", false); -// https://developer.mozilla.org/en-US/docs/Web/API/HTMLInputElement/webkitdirectory -// https://bugzilla.mozilla.org/show_bug.cgi?id=1258489 -// https://hg.mozilla.org/releases/mozilla-release/rev/133af19777be -pref("dom.webkitBlink.dirPicker.enabled", false); -// Directory Upload API, webkitdirectory -// https://bugzilla.mozilla.org/show_bug.cgi?id=1188880 -// https://bugzilla.mozilla.org/show_bug.cgi?id=907707 -// https://wicg.github.io/directory-upload/proposal.html -pref("dom.input.dirpicker", false); - -// Disable Pointer Lock API. -// https://developer.mozilla.org/en-US/docs/Web/API/Pointer_Lock_API -// https://bugzilla.mozilla.org/show_bug.cgi?id=1273351 -pref("full-screen-api.pointer-lock.enabled", false); -pref("pointer-lock-api.prefixed.enabled", false); - -// PREF: Disable face detection -pref("camera.control.face_detection.enabled", false); -pref("camera.control.autofocus_moving_callback.enabled", false); - - -// PREF: Disable GeoIP lookup on your address to set default search engine region -// https://trac.torproject.org/projects/tor/ticket/16254 -// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_geolocation-for-default-search-engine -pref("browser.search.countryCode", "US"); -pref("browser.search.region", "US"); -pref("browser.search.geoip.url", ""); - -// PREF: Set Accept-Language HTTP header to en-US regardless of Firefox localization -// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Language -pref("intl.accept_languages", "en-us, en"); - -// PREF: Set Firefox locale to en-US -// http://kb.mozillazine.org/General.useragent.locale -pref("general.useragent.locale", "en-US"); - - // Disable website autorefresh, user can still proceed with warning -pref("accessibility.blockautorefresh", true); -pref("browser.meta_refresh_when_inactive.disabled", true); -pref("noscript.forbidMetaRefresh", true); // NoScript ignores this preference? - -// PREF: Don't use OS values to determine locale, force using Firefox locale setting -// http://kb.mozillazine.org/Intl.locale.matchOS -pref("intl.locale.matchOS", false); - -// PREF: Don't use Mozilla-provided location-specific search engines -pref("browser.search.geoSpecificDefaults", false); -pref("browser.search.geoSpecificDefaults.url", ""); - -// PREF: Do not automatically send selection to clipboard on some Linux platforms (Disabled) -// http://kb.mozillazine.org/Clipboard.autocopy -//pref("clipboard.autocopy", false); - -// PREF: Prevent leaking application locale/date format using JavaScript -// https://bugzilla.mozilla.org/show_bug.cgi?id=867501 -// https://hg.mozilla.org/mozilla-central/rev/52d635f2b33d -pref("javascript.use_us_english_locale", true); - -// PREF: Do not submit invalid URIs entered in the address bar to the default search engine -// http://kb.mozillazine.org/Keyword.enabled -pref("keyword.enabled", false); - -// PREF: Don't trim HTTP off of URLs in the address bar. -// https://bugzilla.mozilla.org/show_bug.cgi?id=665580 -pref("browser.urlbar.trimURLs", false); - -// PREF: Don't try to guess domain names when entering an invalid domain name in URL bar -// http://www-archive.mozilla.org/docs/end-user/domain-guessing.html -pref("browser.fixup.alternate.enabled", false); - -// Set TOR as default proxy -pref("network.proxy.socks", "127.0.0.1"); -pref("network.proxy.socks_port", 9050); -// Proxy off by default, user can toggle it on. -pref("network.proxy.type", 0); -// Protect TOR ports -pref("network.security.ports.banned", "9050,9051,9150,9151"); - -// Make sure proxy-autoconfig is off to prevent MiTM. -// https://bugzilla.mozilla.org/show_bug.cgi?id=1255474 -// https://hg.mozilla.org/releases/mozilla-release/rev/5139b0dd7acc -pref("network.proxy.autoconfig_url.include_path", false); - -// PREF: When browser.fixup.alternate.enabled is enabled, strip password from 'user:password@...' URLs -// https://github.com/pyllyukko/user.js/issues/290#issuecomment-303560851 -pref("browser.fixup.hide_user_pass", true); - -// PREF: Send DNS request through SOCKS when SOCKS proxying is in use -// https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers -pref("network.proxy.socks_remote_dns", true); - -// For fingerprinting and local service vulns (#10419) -pref("network.proxy.no_proxies_on", ""); - -// PREF: Don't monitor OS online/offline connection state -// https://trac.torproject.org/projects/tor/ticket/18945 -pref("network.manage-offline-status", false); - -// PREF: Enforce Mixed Active Content Blocking -// https://support.mozilla.org/t5/Protect-your-privacy/Mixed-content-blocking-in-Firefox/ta-p/10990 -// https://developer.mozilla.org/en-US/docs/Site_Compatibility_for_Firefox_23#Non-SSL_contents_on_SSL_pages_are_blocked_by_default -// https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/ -pref("security.mixed_content.block_active_content", true); - -// PREF: Enforce Mixed Passive Content blocking (a.k.a. Mixed Display Content) -// NOTICE: Enabling Mixed Display Content blocking can prevent images/styles... from loading properly when connection to the website is only partially -secured -pref("security.mixed_content.block_display_content", true); - -// PREF: Disable JAR from opening Unsafe File Types -// http://kb.mozillazine.org/Network.jar.open-unsafe-types -// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.7 -pref("network.jar.open-unsafe-types", false); - -// CIS 2.7.4 Disable Scripting of Plugins by JavaScript -// http://forums.mozillazine.org/viewtopic.php?f=7&t=153889 -pref("security.xpconnect.plugin.unrestricted", false); - -// PREF: Set File URI Origin Policy -// http://kb.mozillazine.org/Security.fileuri.strict_origin_policy -// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.8 -pref("security.fileuri.strict_origin_policy", true); - -// PREF: Disable Displaying Javascript in History URLs -// http://kb.mozillazine.org/Browser.urlbar.filter.javascript -// CIS 2.3.6 -pref("browser.urlbar.filter.javascript", true); - -// PREF: Disable asm.js -// http://asmjs.org/ -// https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/ -// https://www.mozilla.org/en-US/security/advisories/mfsa2015-50/ -// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712 -pref("javascript.options.asmjs", false); -// https://hacks.mozilla.org/2016/03/a-webassembly-milestone/ -pref("javascript.options.wasm", false); -pref("javascript.options.wasm_baselinejit", false); -// https://trac.torproject.org/projects/tor/ticket/9387#comment:43 -pref("javascript.options.typeinference", false); -pref("javascript.options.baselinejit.content", false); -pref("javascript.options.ion.content", false); -// https://www.torproject.org/projects/torbrowser/design -pref("mathml.disabled", true); - -// PREF: Disable SVG in OpenType fonts -// https://wiki.mozilla.org/SVGOpenTypeFonts -// https://github.com/iSECPartners/publications/tree/master/reports/Tor%20Browser%20Bundle -pref("gfx.font_rendering.opentype_svg.enabled", false); - -// PREF: Disable in-content SVG rendering (Firefox >= 53) -// NOTICE: Disabling SVG support breaks many UI elements on many sites -// https://bugzilla.mozilla.org/show_bug.cgi?id=1216893 -// https://github.com/iSECPartners/publications/raw/master/reports/Tor%20Browser%20Bundle/Tor%20Browser%20Bundle%20-%20iSEC%20Deliverable%201.3.pdf#16 -pref("svg.disabled", true); - - -// PREF: Disable video stats to reduce fingerprinting threat -// https://bugzilla.mozilla.org/show_bug.cgi?id=654550 -// https://github.com/pyllyukko/user.js/issues/9#issuecomment-100468785 -// https://github.com/pyllyukko/user.js/issues/9#issuecomment-148922065 -pref("media.video_stats.enabled", false); - -// PREF: Don't reveal build ID -// Value taken from Tor Browser -// https://bugzilla.mozilla.org/show_bug.cgi?id=583181 -pref("general.buildID.override", "20100101"); - -// PREF: Prevent font fingerprinting -// https://browserleaks.com/fonts -// https://github.com/pyllyukko/user.js/issues/120 -pref("browser.display.use_document_fonts", 0); - -// PREF: Enable only whitelisted URL protocol handlers -// http://kb.mozillazine.org/Network.protocol-handler.external-default -// http://kb.mozillazine.org/Network.protocol-handler.warn-external-default -// http://kb.mozillazine.org/Network.protocol-handler.expose.%28protocol%29 -// https://news.ycombinator.com/item?id=13047883 -// https://bugzilla.mozilla.org/show_bug.cgi?id=167475 -// https://github.com/pyllyukko/user.js/pull/285#issuecomment-298124005 -// NOTICE: Disabling nonessential protocols breaks all interaction with custom protocols such as mailto:, irc:, magnet: ... and breaks opening -third-party mail/messaging/torrent/... clients when clicking on links with these protocols -// TODO: Add externally-handled protocols from Windows 8.1 and Windows 10 (currently contains protocols only from Linux and Windows 7) that might pose -a similar threat (see e.g. https://news.ycombinator.com/item?id=13044991) -// TODO: Add externally-handled protocols from Mac OS X that might pose a similar threat (see e.g. https://news.ycombinator.com/item?id=13044991) -// If you want to enable a protocol, set network.protocol-handler.expose.(protocol) to true and network.protocol-handler.external.(protocol) to: -// * true, if the protocol should be handled by an external application -// * false, if the protocol should be handled internally by Firefox -user_pref("network.protocol-handler.warn-external-default", true); -user_pref("network.protocol-handler.external.http", false); -user_pref("network.protocol-handler.external.https", false); -user_pref("network.protocol-handler.external.javascript", false); -user_pref("network.protocol-handler.external.moz-extension", false); -user_pref("network.protocol-handler.external.ftp", false); -user_pref("network.protocol-handler.external.file", false); -user_pref("network.protocol-handler.external.about", false); -user_pref("network.protocol-handler.external.chrome", false); -user_pref("network.protocol-handler.external.blob", false); -user_pref("network.protocol-handler.external.data", false); -user_pref("network.protocol-handler.expose-all", false); -user_pref("network.protocol-handler.expose.http", true); -user_pref("network.protocol-handler.expose.https", true); -user_pref("network.protocol-handler.expose.javascript", true); -user_pref("network.protocol-handler.expose.moz-extension", true); -user_pref("network.protocol-handler.expose.ftp", true); -user_pref("network.protocol-handler.expose.file", true); -user_pref("network.protocol-handler.expose.about", true); -user_pref("network.protocol-handler.expose.chrome", true); -user_pref("network.protocol-handler.expose.blob", true); -user_pref("network.protocol-handler.expose.data", true); - -/****************************************************************************** - * SECTION: Extensions / plugins * - ******************************************************************************/ - -// PREF: Ensure you have a security delay when installing add-ons (milliseconds) -// http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox -// http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ -pref("security.dialog_enable_delay", 1000); - -// PREF: Require signatures (Disabled due to bundled extensions) -// https://wiki.mozilla.org/Addons/Extension_Signing -//pref("xpinstall.signatures.required", true); - -// PREF: Opt-out of add-on metadata updates -// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/ -pref("extensions.getAddons.cache.enabled", false); - -// PREF: Opt-out of themes (Persona) updates -// https://support.mozilla.org/t5/Firefox/how-do-I-prevent-autoamtic-updates-in-a-50-user-environment/td-p/144287 -pref("lightweightThemes.update.enabled", false); - -// PREF: Disable Flash Player NPAPI plugin -// http://kb.mozillazine.org/Flash_plugin -pref("plugin.state.flash", 0); - -// PREF: Disable Java NPAPI plugin -pref("plugin.state.java", 0); - -// PREF: Disable sending Flash Player crash reports -pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); - -// PREF: When Flash crash reports are enabled, don't send the visited URL in the crash report -pref("dom.ipc.plugins.reportCrashURL", false); - -// PREF: When Flash is enabled, download and use Mozilla SWF URIs blocklist -// https://bugzilla.mozilla.org/show_bug.cgi?id=1237198 -// https://github.com/mozilla-services/shavar-plugin-blocklist -pref("browser.safebrowsing.blockedURIs.enabled", true); - -// PREF: Disable Shumway (Mozilla Flash renderer) -// https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Shumway -pref("shumway.disabled", true); - -// PREF: Disable Gnome Shell Integration NPAPI plugin -pref("plugin.state.libgnome-shell-browser-plugin", 0); - -// PREF: Disable the bundled OpenH264 video codec (disabled) -// http://forums.mozillazine.org/viewtopic.php?p=13845077&sid=28af2622e8bd8497b9113851676846b1#p13845077 -pref("media.gmp-provider.enabled", false); - -// PREF: Enable plugins click-to-play -// https://wiki.mozilla.org/Firefox/Click_To_Play -// https://blog.mozilla.org/security/2012/10/11/click-to-play-plugins-blocklist-style/ -pref("plugins.click_to_play", true); - -// PREF: Disable automatic updates of addons -// https://blog.mozilla.org/addons/how-to-turn-off-add-on-updates/ -pref("extensions.update.enabled", false); -pref("extensions.update.autoUpdateDefault", false); -// User can still update manually, but we disable background updates. -pref("extensions.update.background.url", ""); - -// The system add-ons infrastructure that's used to ship Hello and Pocket in Firefox -pref("extensions.systemAddon.update.url", ""); - -// Only install extensions to user profile -// https://developer.mozilla.org/en-US/Add-ons/Installing_extensions -// https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/ -pref("extensions.enabledScopes", 1); - -// PREF: Disable add-on and certificate blocklists (OneCRL) from Mozilla -// https://wiki.mozilla.org/Blocklisting -// https://blocked.cdn.mozilla.net/ -// http://kb.mozillazine.org/Extensions.blocklist.enabled -// http://kb.mozillazine.org/Extensions.blocklist.url -// https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ -// Updated at interval defined in extensions.blocklist.interval (default: 86400) -pref("extensions.blocklist.enabled", false); -pref("extensions.blocklist.detailsURL", "about:blank"); -pref("extensions.blocklist.itemURL", "about:blank"); -pref("extensions.getAddons.get.url", "about:blank"); -pref("extensions.getAddons.getWithPerformance.url", "about:blank"); -pref("extensions.getAddons.recommended.url", "about:blank"); -// If blocklist still downloads, we want it to be signed. -pref("services.blocklist.signing.enforced", true); -// Firefox 49: https://hg.mozilla.org/releases/mozilla-release/rev/c6c57d394549 -// https://hg.mozilla.org/releases/mozilla-release/file/c6c57d394549/toolkit/mozapps/extensions/nsBlocklistService.js#l633 -pref("services.blocklist.update_enabled", false); -// https://hg.mozilla.org/releases/mozilla-release/file/c6c57d394549/services/common/blocklist-updater.js -// Remove Kinto Blacklist URL -// https://hg.mozilla.org/releases/mozilla-release/file/c1de04f39fa956cfce83f6065b0e709369215ed5/services/common/kinto-updater.js -pref("services.settings.server", "data:application/json,{}"); -pref("services.blocklist.changes.path", ""); - -// PREF: Decrease system information leakage to Mozilla blocklist update servers -// https://trac.torproject.org/projects/tor/ticket/16931 -pref("extensions.blocklist.url", "about:blank"); - -// Disable Freedom Violating DRM Feature -// https://bugzilla.mozilla.org/show_bug.cgi?id=1144903#c8 -pref("media.eme.apiVisible", false); -pref("media.eme.enabled", false); -pref("browser.eme.ui.enabled", false); -pref("media.gmp-eme-adobe.enabled", false); - -// Google Widevine DRM -// https://blog.mozilla.org/futurereleases/2016/04/08/mozilla-to-test-widevine-cdm-in-firefox-nightly/ -// https://wiki.mozilla.org/QA/Widevine_CDM -// https://bugzilla.mozilla.org/show_bug.cgi?id=1288580 -pref("media.gmp-widevinecdm.visible", false); -pref("media.gmp-widevinecdm.enabled", false); -pref("media.gmp-widevinecdm.autoupdate", false); - -// Plugin Updater: Fingerprints the user, does not use HTTPS, Not used on GNU/Linux. Remove it. -pref("pfs.datasource.url", "about:blank"); -pref("pfs.filehint.url", "about:blank"); - -/****************************************************************************** - * SECTION: Firefox (anti-)features / components * * - ******************************************************************************/ - -// PREF: Disable WebIDE -// https://trac.torproject.org/projects/tor/ticket/16222 -// https://developer.mozilla.org/docs/Tools/WebIDE -pref("devtools.webide.enabled", false); -pref("devtools.webide.autoinstallADBHelper", false); -pref("devtools.webide.autoinstallFxdtAdapters", false); - -// PREF: Disable remote debugging -// https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop -// https://developer.mozilla.org/en-US/docs/Tools/Tools_Toolbox#Advanced_settings -pref("devtools.debugger.remote-enabled", false); -// "to use developer tools in the context of the browser itself, and not only web content" -pref("devtools.chrome.enabled", false); -// https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop#Firefox_37_onwards -pref("devtools.debugger.force-local", true); -// The in-browser debugger for debugging chrome code is not coping with our -// restrictive DNS look-up policy. We use "127.0.0.1" instead of "localhost" as -// a workaround. See bug 16523 for more details. -pref("devtools.debugger.chrome-debugging-host", "127.0.0.1"); -pref("devtools.appmanager.enabled", false); -pref("devtools.debugger.prompt-connection", true); -pref("devtools.devices.url", "about:blank"); -pref("devtools.gcli.imgurUploadURL", "about:blank"); -pref("devtools.gcli.jquerySrc", "about:blank"); -pref("devtools.gcli.lodashSrc", "about:blank"); -pref("devtools.gcli.underscoreSrc", "about:blank"); -// http://forum.top-hat-sec.com/index.php?topic=4951.5;wap2 -pref("devtools.remote.wifi.scan", false); -pref("devtools.remote.wifi.visible", false); -pref("devtools.webide.adaptersAddonURL", "about:blank"); -pref("devtools.webide.adbAddonURL", "about:blank"); -pref("devtools.webide.addonsURL", "about:blank"); -//https://trac.torproject.org/projects/tor/ticket/16222 -pref("devtools.webide.enabled", false); -pref("devtools.webide.simulatorAddonsURL", "about:blank"); -pref("devtools.webide.templatesURL", "about:blank"); -// https://hg.mozilla.org/releases/mozilla-release/rev/47ead489b52e -pref("devtools.screenshot.audio.enabled", false); - -// PREF: Disable Mozilla telemetry/experiments -// https://wiki.mozilla.org/Platform/Features/Telemetry -// https://wiki.mozilla.org/Privacy/Reviews/Telemetry -// https://wiki.mozilla.org/Telemetry -// https://www.mozilla.org/en-US/legal/privacy/firefox.html#telemetry -// https://support.mozilla.org/t5/Firefox-crashes/Mozilla-Crash-Reporter/ta-p/1715 -// https://wiki.mozilla.org/Security/Reviews/Firefox6/ReviewNotes/telemetry -// https://gecko.readthedocs.io/en/latest/browser/experiments/experiments/manifest.html -// https://wiki.mozilla.org/Telemetry/Experiments -pref("toolkit.telemetry.enabled", false); -pref("toolkit.telemetry.unified", false); -pref("experiments.supported", false); -pref("experiments.enabled", false); -pref("experiments.manifest.uri", ""); - -// PREF: Disallow Necko to do A/B testing -// https://trac.torproject.org/projects/tor/ticket/13170 -pref("network.allow-experiments", false); - -// PREF: Disable sending Firefox crash reports to Mozilla servers -// https://wiki.mozilla.org/Breakpad -// http://kb.mozillazine.org/Breakpad -// https://dxr.mozilla.org/mozilla-central/source/toolkit/crashreporter -// https://bugzilla.mozilla.org/show_bug.cgi?id=411490 -// A list of submitted crash reports can be found at about:crashes -pref("breakpad.reportURL", ""); - -// PREF: Disable sending reports of tab crashes to Mozilla (about:tabcrashed), don't nag user about unsent crash reports -// https://hg.mozilla.org/mozilla-central/file/tip/browser/app/profile/firefox.js -pref("browser.tabs.crashReporting.sendReport", false); -pref("browser.crashReports.unsubmittedCheck.enabled", false); -pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); - -// PREF: Disable FlyWeb (discovery of LAN/proximity IoT devices that expose a Web interface) -// https://wiki.mozilla.org/FlyWeb -// https://wiki.mozilla.org/FlyWeb/Security_scenarios -// https://docs.google.com/document/d/1eqLb6cGjDL9XooSYEEo7mE-zKQ-o-AuDTcEyNhfBMBM/edit -// http://www.ghacks.net/2016/07/26/firefox-flyweb -pref("dom.flyweb.enabled", false); - -// PREF: Disable the UITour backend -// https://trac.torproject.org/projects/tor/ticket/19047#comment:3 -pref("browser.uitour.enabled", false); - -// PREF: Enable Firefox Tracking Protection -// https://wiki.mozilla.org/Security/Tracking_protection -// https://support.mozilla.org/en-US/kb/tracking-protection-firefox -// https://support.mozilla.org/en-US/kb/tracking-protection-pbm -// https://kontaxis.github.io/trackingprotectionfirefox/ -// https://feeding.cloud.geek.nz/posts/how-tracking-protection-works-in-firefox/ -pref("privacy.trackingprotection.enabled", true); -pref("privacy.trackingprotection.pbmode.enabled", true); - -// PREF: Enable contextual identity Containers feature (Firefox >= 52) -// NOTICE: Containers are not available in Private Browsing mode -// https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers -pref("privacy.userContext.enabled", true); - -// PREF: Enable hardening against various fingerprinting vectors (Tor Uplift project) -// https://wiki.mozilla.org/Security/Tor_Uplift/Tracking -pref("privacy.resistFingerprinting", true); - -// PREF: Disable the built-in PDF viewer -// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2743 -// https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/ -// https://www.mozilla.org/en-US/security/advisories/mfsa2015-69/ -pref("pdfjs.disabled", true); - -// PREF: Disable collection/sending of the health report (healthreport.sqlite*) -// https://support.mozilla.org/en-US/kb/firefox-health-report-understand-your-browser-perf -// https://gecko.readthedocs.org/en/latest/toolkit/components/telemetry/telemetry/preferences.html -pref("datareporting.healthreport.uploadEnabled", false); -pref("datareporting.healthreport.service.enabled", false); -pref("datareporting.policy.dataSubmissionEnabled", false); - -// PREF: Disable Heartbeat (Mozilla user rating telemetry) -// https://wiki.mozilla.org/Advocacy/heartbeat -// https://trac.torproject.org/projects/tor/ticket/19047 -pref("browser.selfsupport.url", ""); - -// PREF: Disable Firefox Hello (disabled) (Firefox < 49) -// https://wiki.mozilla.org/Loop -// https://support.mozilla.org/t5/Chat-and-share/Support-for-Hello-discontinued-in-Firefox-49/ta-p/37946 -// NOTICE: Firefox Hello requires setting `media.peerconnection.enabled` and `media.getusermedia.screensharing.enabled` to true, -`security.OCSP.require` to false to work. -//pref("loop.enabled", false); - -// PREF: Disable Firefox Hello metrics collection -// https://groups.google.com/d/topic/mozilla.dev.platform/nyVkCx-_sFw/discussion -pref("loop.logDomains", false); - -// PREF: Disable Auto Update / Balrog -// NOTICE: Fully automatic updates are disabled and left to package management systems on Linux. Windows users may want to change this setting. -// CIS 2.1.1 -pref("app.update.auto", false); -pref("app.update.checkInstallTime", false); -pref("app.update.enabled", false); -pref("app.update.staging.enabled", false); -pref("app.update.url", "about:blank"); -pref("media.gmp-manager.certs.1.commonName", ""); -pref("media.gmp-manager.certs.2.commonName", ""); - -// PREF: Disable blocking reported web forgeries -// Leaks information to Google -// https://wiki.mozilla.org/Security/Safe_Browsing -// http://kb.mozillazine.org/Safe_browsing -// https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work -// http://forums.mozillazine.org/viewtopic.php?f=39&t=2711237&p=12896849#p12896849 -// CIS 2.3.4 -pref("browser.safebrowsing.enabled", false); // Firefox < 50 -pref("browser.safebrowsing.phishing.enabled", false); // firefox >= 50 - -// PREF: Disable blocking reported attack sites -// Leaks information to Google -// http://kb.mozillazine.org/Browser.safebrowsing.malware.enabled -// CIS 2.3.5 -pref("browser.safebrowsing.malware.enabled", false); - -// PREF: Disable querying Google Application Reputation database for downloaded binary files -// https://www.mozilla.org/en-US/firefox/39.0/releasenotes/ -// https://wiki.mozilla.org/Security/Application_Reputation -pref("browser.safebrowsing.downloads.remote.enabled", false); -pref("browser.safebrowsing.appRepURL", "about:blank"); -pref("browser.safebrowsing.provider.mozilla.gethashURL", "about:blank"); -pref("browser.safebrowsing.provider.mozilla.updateURL", "about:blank"); -pref("browser.safebrowsing.downloads.remote.block_dangerous", false); -pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); -pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); -pref("browser.safebrowsing.downloads.remote.block_uncommon", false); -pref("browser.safebrowsing.downloads.remote.url", ""); -pref("browser.safebrowsing.provider.google.gethashURL", ""); -pref("browser.safebrowsing.provider.google.updateURL", ""); -pref("browser.safebrowsing.provider.google.lists", ""); - -// https://bugzilla.mozilla.org/show_bug.cgi?id=1025965 -pref("browser.safebrowsing.provider.google4.lists", "about:blank"); -pref("browser.safebrowsing.provider.google4.updateURL", "about:blank"); -pref("browser.safebrowsing.provider.google4.gethashURL", "about:blank"); -pref("browser.safebrowsing.provider.google4.reportURL", "about:blank"); -pref("browser.safebrowsing.provider.mozilla.lists", "about:blank"); - -// Disable Microsoft Family Safety MiTM support (Windows 8.1) (FF50+) -// https://bugzilla.mozilla.org/show_bug.cgi?id=1239166 -// https://wiki.mozilla.org/SecurityEngineering/Untrusted_Certificates_in_Windows_Child_Mode -// https://hg.mozilla.org/releases/mozilla-release/file/ddb37c386bb2ffa180117b4d30ca3b41a8af233c/security/manager/ssl/nsNSSComponent.cpp#l782 -pref("security.family_safety.mode", 0); -// https://bugzilla.mozilla.org/show_bug.cgi?id=1265113 -// https://hg.mozilla.org/releases/mozilla-release/rev/d9659c22b3c5 -// https://bugzilla.mozilla.org/show_bug.cgi?id=1298883 -pref("security.enterprise_roots.enabled", false); - -// PREF: Disable Pocket -// https://support.mozilla.org/en-US/kb/save-web-pages-later-pocket-firefox -// https://github.com/pyllyukko/user.js/issues/143 -pref("browser.pocket.enabled", false); -pref("extensions.pocket.enabled", false); -pref("extensions.pocket.api", "about:blank"); -pref("browser.pocket.api", "about:blank"); -pref("browser.pocket.enabledLocales", "about:blank"); -pref("browser.pocket.oAuthConsumerKey", "about:blank"); -pref("browser.pocket.site", "about:blank"); -pref("browser.pocket.useLocaleList", false); -pref("browser.toolbarbuttons.introduced.pocket-button", true); - -// Disable Web Compat Reporter -pref("extensions.webcompat-reporter.enabled", false); -pref("extensions.webcompat-reporter.newIssueEndpoint", ""); - -// Disable Social -pref("social.directories", ""); -pref("social.enabled", false); -// remote-install allows any website to activate a provider, with extended UI -pref("social.remote-install.enabled", false); -pref("social.shareDirectory", ""); -pref("social.toast-notifications.enabled", false); -pref("social.whitelist", ""); - -// Disable Snippets -pref("browser.snippets.enabled", false); -pref("browser.snippets.geoUrl", "about:blank"); -pref("browser.snippets.statsUrl", "about:blank"); -pref("browser.snippets.syncPromo.enabled", false); -pref("browser.snippets.updateUrl", "about:blank"); - -// Disable WAN IP leaks -pref("captivedetect.canonicalURL", "about:blank"); -pref("network.captive-portal-service.enabled", false); -// Note: NoScript seems to ignore these and leak WAN anyway. -pref("noscript.ABE.wanIpAsLocal", false); -pref("noscript.ABE.wanIpCheckURL", "about:blank"); - -// Disable Default Protocol Handlers, always warn user instead -pref("network.protocol-handler.external-default", false); -pref("network.protocol-handler.external.mailto", false); -pref("network.protocol-handler.external.news", false); -pref("network.protocol-handler.external.nntp", false); -pref("network.protocol-handler.external.snews", false); -pref("network.protocol-handler.warn-external.mailto", true); -pref("network.protocol-handler.warn-external.news", true); -pref("network.protocol-handler.warn-external.nntp", true); -pref("network.protocol-handler.warn-external.snews", true); - -// Disable Sync -pref("services.sync.engine.addons", false); -// Never sync prefs, addons, or tabs with other browsers -pref("services.sync.engine.prefs", false); -pref("services.sync.engine.tabs", false); -pref("services.sync.prefs.sync.addons.ignoreUserEnabledChanges", false); -pref("services.sync.prefs.sync.extensions.update.enabled", false); -pref("services.sync.serverURL", "about:blank"); -pref("services.sync.jpake.serverURL", "about:blank"); -// Disable Failed Sync Logs since we killed sync. -pref("services.sync.log.appender.file.logOnError", false); -pref("services.sync.ui.hidden", true); - -// PREF: Disable SHIELD -// https://support.mozilla.org/en-US/kb/shield -// https://bugzilla.mozilla.org/show_bug.cgi?id=1370801 -user_pref("extensions.shield-recipe-client.enabled", false); -user_pref("app.shield.optoutstudies.enabled", false); - -/****************************************************************************** - * SECTION: Automatic connections * - ******************************************************************************/ - -// PREF: Disable prefetching of URLs -// http://kb.mozillazine.org/Network.prefetch-next -// https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#Is_there_a_preference_to_disable_link_prefetching.3F -pref("network.prefetch-next", false); - -// PREF: Disable DNS prefetching -// http://kb.mozillazine.org/Network.dns.disablePrefetch -// https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching -pref("network.dns.disablePrefetch", true); -pref("network.dns.disablePrefetchFromHTTPS", true); - -// PREF: Disable the predictive service (Necko) -// https://wiki.mozilla.org/Privacy/Reviews/Necko -pref("network.predictor.enabled", false); -// https://wiki.mozilla.org/Privacy/Reviews/Necko#Principle:_Real_Choice -pref("network.seer.enabled", false); - -// PREF: Reject .onion hostnames before passing the to DNS -// https://bugzilla.mozilla.org/show_bug.cgi?id=1228457 -// RFC 7686 -pref("network.dns.blockDotOnion", true); - -// PREF: Disable search suggestions in the search bar -// http://kb.mozillazine.org/Browser.search.suggest.enabled -pref("browser.search.suggest.enabled", false); - -// PREF: Disable "Show search suggestions in location bar results" -pref("browser.urlbar.suggest.searches", false); -// PREF: When using the location bar, don't suggest URLs from browsing history -pref("browser.urlbar.suggest.history", false); - -// PREF: Disable SSDP -// https://bugzilla.mozilla.org/show_bug.cgi?id=1111967 -pref("browser.casting.enabled", false); - -// PREF: Disable automatic downloading of OpenH264 codec -// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_media-capabilities -// http://andreasgal.com/2014/10/14/openh264-now-in-firefox/ -pref("media.gmp-gmpopenh264.enabled", false); -pref("media.peerconnection.video.h264_enabled", false); -// Disable Gecko media plugins: https://wiki.mozilla.org/GeckoMediaPlugins -pref("media.gmp-manager.url", ""); -pref("media.gmp-manager.url.override", "data:text/plain"); -pref("media.gmp.trial-create.enabled", false); -// Since ESR52 it is not enough anymore to block pinging the GMP update/download -// server. There is a local fallback that must be blocked now as well. See: -// https://bugzilla.mozilla.org/show_bug.cgi?id=1267495. -pref("media.gmp-manager.updateEnabled", false); - -// PREF: Disable speculative pre-connections -// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections -// https://bugzilla.mozilla.org/show_bug.cgi?id=814169 -pref("network.http.speculative-parallel-limit", 0); - -// PREF: Disable downloading homepage snippets/messages from Mozilla -// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_mozilla-content -// https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service -pref("browser.aboutHomeSnippets.updateUrl", ""); - -// PREF: Never check updates for search engines -// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_auto-update-checking -pref("browser.search.update", false); - -//Disable Link to FireFox Marketplace, currently loaded with non-free "apps" -pref("browser.apps.URL", ""); -pref("browser.webapps.checkForUpdates", 0); -pref("browser.webapps.updateCheckUrl", "about:blank"); -pref("dom.mozApps.signed_apps_installable_from", ""); - -// Disable Favicon lookups (Leaks/fingerprints user bookmarks) -// http://kb.mozillazine.org/Browser.chrome.favicons -pref("browser.chrome.favicons", false); -pref("browser.chrome.site_icons", false); -pref("browser.shell.shortcutFavicons", false); - -/****************************************************************************** - * SECTION: HTTP * - ******************************************************************************/ -// https://gitweb.torproject.org/tor-browser.git/tree/browser/app/profile/000-tor-browser.js?h=tor-browser-52.1.0esr-7.0-2 -pref("network.http.pipelining", true); -pref("network.http.pipelining.aggressive", true); -pref("network.http.pipelining.maxrequests", 12); -pref("network.http.pipelining.ssl", true); -pref("network.http.proxy.pipelining", true); -pref("security.ssl.enable_false_start", true); -pref("network.http.keep-alive.timeout", 20); -pref("network.http.connection-retry-timeout", 0); -pref("network.http.max-persistent-connections-per-proxy", 256); -pref("network.http.pipelining.reschedule-timeout", 15000); -pref("network.http.pipelining.read-timeout", 60000); -pref("network.http.pipelining.max-optimistic-requests", 3); -pref("network.http.spdy.enabled", false); // Stores state and may have keepalive issues (both fixable) -pref("network.http.spdy.enabled.v2", false); // Seems redundant, but just in case -pref("network.http.spdy.enabled.v3", false); // Seems redundant, but just in case -pref("network.http.spdy.enabled.v3-1", false); // Seems redundant, but just in case -pref("privacy.firstparty.isolate", true); // Always enforce first party isolation -pref("network.http.spdy.enabled.http2", false); // Temporarily disabled pending implementation review -pref("network.http.spdy.enabled.http2draft", false); // Temporarily disabled pending implementation review - -// PREF: Disallow NTLMv1 -// https://bugzilla.mozilla.org/show_bug.cgi?id=828183 -pref("network.negotiate-auth.allow-insecure-ntlm-v1", false); -// it is still allowed through HTTPS. uncomment the following to disable it completely. -pref("network.negotiate-auth.allow-insecure-ntlm-v1-https", false); - -// PREF: Enable CSP 1.1 script-nonce directive support -// https://bugzilla.mozilla.org/show_bug.cgi?id=855326 -pref("security.csp.experimentalEnabled", true); - -// PREF: Enable Content Security Policy (CSP) -// https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy -// https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP -pref("security.csp.enable", true); - -// PREF: Enable Subresource Integrity -// https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity -// https://wiki.mozilla.org/Security/Subresource_Integrity -pref("security.sri.enable", true); - -// PREF: DNT HTTP header (disabled) -// https://www.mozilla.org/en-US/firefox/dnt/ -// https://en.wikipedia.org/wiki/Do_not_track_header -// https://dnt-dashboard.mozilla.org -// https://github.com/pyllyukko/user.js/issues/11 -// http://www.howtogeek.com/126705/why-enabling-do-not-track-doesnt-stop-you-from-being-tracked/ -// NOTICE: Do No Track must be enabled manually -//pref("privacy.donottrackheader.enabled", true); - -// Disable HTTP Alternative Services header -// https://trac.torproject.org/projects/tor/ticket/16673 -pref("network.http.altsvc.enabled", false); -pref("network.http.altsvc.oe", false); - -// PREF: Send a referer header with the target URI as the source -// http://kb.mozillazine.org/Network.http.sendRefererHeader#0 -// https://bugzilla.mozilla.org/show_bug.cgi?id=822869 -// https://github.com/pyllyukko/user.js/issues/227 -// NOTICE: Spoofing referers breaks functionality on websites relying on authentic referer headers -// NOTICE: Spoofing referers breaks visualisation of 3rd-party sites on the Lightbeam addon -// NOTICE: Spoofing referers disables CSRF protection on some login pages not implementing origin-header/cookie+token based CSRF protection -// TODO: https://github.com/pyllyukko/user.js/issues/94, commented-out XOriginPolicy/XOriginTrimmingPolicy = 2 prefs -pref("network.http.referer.spoofSource", true); - -// PREF: Don't send referer headers when following links across different domains (disabled) -// https://github.com/pyllyukko/user.js/issues/227 -// user_pref("network.http.referer.XOriginPolicy", 2); -// https://bugzilla.mozilla.org/show_bug.cgi?id=1223838#c31 -pref("network.http.enablePerElementReferrer", false); - -// PREF: Accept Only 1st Party Cookies -// http://kb.mozillazine.org/Network.cookie.cookieBehavior#1 -// NOTICE: Blocking 3rd-party cookies breaks a number of payment gateways -// CIS 2.5.1 -pref("network.cookie.cookieBehavior", 1); - -// PREF: Make sure that third-party cookies (if enabled) never persist beyond the session. -// https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ -// http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly -// https://developer.mozilla.org/en-US/docs/Cookies_Preferences_in_Mozilla#network.cookie.thirdparty.sessionOnly -pref("network.cookie.thirdparty.sessionOnly", true); - -// PREF: Spoof User-agent -pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0"); -pref("general.appname.override", "Netscape"); -pref("general.appversion.override", "5.0 (Windows)"); -pref("general.platform.override", "Win32"); -pref("general.oscpu.override", "Windows NT 6.1"); -pref("general.productSub.override", "20100101"); -pref("general.buildID.override", "20100101"); -pref("browser.startup.homepage_override.buildID", "20100101"); -pref("general.useragent.vendor", ""); -pref("general.useragent.vendorSub", ""); - -/******************************************************************************* - * SECTION: Caching * - ******************************************************************************/ - - // Prevents the Permissions manager from writing to disk (regardless of whether we are in PBM) - // https://bugzilla.mozilla.org/show_bug.cgi?id=967812#c9 - pref("permissions.memory_only", true); - - // Ensures the intermediate certificate store is memory only. - // Note: Conflicts with old HTTP Basic Authentication - // https://bugzilla.mozilla.org/show_bug.cgi?id=1216882#c0 - pref("security.nocertdb", true); - -// PREF: Permanently enable private browsing mode (disabled) -// https://support.mozilla.org/en-US/kb/Private-Browsing -// https://wiki.mozilla.org/PrivateBrowsing -// NOTICE: You can not view or inspect cookies when in private browsing: https://bugzilla.mozilla.org/show_bug.cgi?id=823941 -// NOTICE: When Javascript is enabled, Websites can detect use of Private Browsing mode -// NOTICE: Private browsing breaks Kerberos authentication -// NOTICE: Disables "Containers" functionality (see below) -//pref("browser.privatebrowsing.autostart", true); - -// PREF: Do not store POST data in saved sessions -// http://kb.mozillazine.org/Browser.sessionstore.postdata -// relates to CIS 2.5.7 -pref("browser.sessionstore.postdata", 0); - -// PREF: Disable the Session Restore service -// http://kb.mozillazine.org/Browser.sessionstore.enabled -pref("browser.sessionstore.enabled", false); - -// PREF: Do not download URLs for the offline cache -// http://kb.mozillazine.org/Browser.cache.offline.enable -pref("browser.cache.offline.enable", false); - -// PREF: Clear history when Firefox closes -// https://support.mozilla.org/en-US/kb/Clear%20Recent%20History#w_how-do-i-make-firefox-clear-my-history-automatically -// NOTICE: Installing user.js will **remove your saved passwords** (https://github.com/pyllyukko/user.js/issues/27) -// NOTICE: Clearing open windows on Firefox exit causes 2 windows to open when Firefox starts https://bugzilla.mozilla.org/show_bug.cgi?id=1334945 -pref("privacy.sanitize.sanitizeOnShutdown", true); -pref("privacy.clearOnShutdown.cache", true); -pref("privacy.clearOnShutdown.cookies", true); -pref("privacy.clearOnShutdown.downloads", true); -pref("privacy.clearOnShutdown.formdata", true); -pref("privacy.clearOnShutdown.history", true); -pref("privacy.clearOnShutdown.offlineApps", true); -//pref("privacy.clearOnShutdown.passwords", true); // Wipes all saved passwords. (Disabled) -pref("privacy.clearOnShutdown.sessions", true); -//pref("privacy.clearOnShutdown.openWindows", true); // Temporarily disabled https://bugzilla.mozilla.org/show_bug.cgi?id=1334945 -pref("privacy.clearOnShutdown.siteSettings", true); // http://www.ghacks.net/2015/10/16/how-to-prevent-hsts-tracking-in-firefox/ - -// PREF: Set time range to "Everything" as default in "Clear Recent History" -pref("privacy.sanitize.timeSpan", 0); - -// PREF: Clear everything but "Site Preferences" in "Clear Recent History" -pref("privacy.cpd.offlineApps", true); -pref("privacy.cpd.cache", true); -pref("privacy.cpd.cookies", true); -pref("privacy.cpd.downloads", true); -pref("privacy.cpd.formdata", true); -pref("privacy.cpd.history", true); -pref("privacy.cpd.sessions", true); - -// Firefox will store small amounts (less than 50 MB) of data without asking for permission, unless this is set to false -// https://support.mozilla.org/en-US/questions/1014708 -pref("offline-apps.allow_by_default", false); - -// PREF: Don't remember browsing history -pref("places.history.enabled", false); - -// PREF: Disable disk cache -// http://kb.mozillazine.org/Browser.cache.disk.enable -pref("browser.cache.disk.enable", false); - -// PREF: Disable memory cache (disabled) -// http://kb.mozillazine.org/Browser.cache.memory.enable -//pref("browser.cache.memory.enable", false); - -// PREF: Disable Caching of SSL Pages -// CIS Version 1.2.0 October 21st, 2011 2.5.8 -// http://kb.mozillazine.org/Browser.cache.disk_cache_ssl -pref("browser.cache.disk_cache_ssl", false); - -// PREF: Disable download history -// CIS Version 1.2.0 October 21st, 2011 2.5.5 -pref("browser.download.manager.retention", 0); - -// PREF: Disable password manager -// CIS Version 1.2.0 October 21st, 2011 2.5.2 -pref("signon.rememberSignons", false); - -// PREF: Disable form autofill, don't save information entered in web page forms and the Search Bar -pref("browser.formfill.enable", false); - -// PREF: Cookies expires at the end of the session (when the browser closes) -// http://kb.mozillazine.org/Network.cookie.lifetimePolicy#2 -pref("network.cookie.lifetimePolicy", 2); - -// PREF: Require manual intervention to autofill known username/passwords sign-in forms -// http://kb.mozillazine.org/Signon.autofillForms -// https://www.torproject.org/projects/torbrowser/design/#identifier-linkability -pref("signon.autofillForms", false); - -// PREF: When username/password autofill is enabled, still disable it on non-HTTPS sites -// https://hg.mozilla.org/integration/mozilla-inbound/rev/f0d146fe7317 -pref("signon.autofillForms.http", false); - -// PREF: Show in-content login form warning UI for insecure login fields -// https://hg.mozilla.org/integration/mozilla-inbound/rev/f0d146fe7317 -pref("security.insecure_field_warning.contextual.enabled", true); - -// PREF: Disable the password manager for pages with autocomplete=off (disabled) -// https://bugzilla.mozilla.org/show_bug.cgi?id=956906 -// OWASP ASVS V9.1 -// Does not prevent any kind of auto-completion (see browser.formfill.enable, signon.autofillForms) -//pref("signon.storeWhenAutocompleteOff", false); - -// PREF: Delete Search and Form History -// CIS Version 1.2.0 October 21st, 2011 2.5.6 -pref("browser.formfill.expire_days", 0); - -// PREF: Clear SSL Form Session Data -// http://kb.mozillazine.org/Browser.sessionstore.privacy_level#2 -// Store extra session data for unencrypted (non-HTTPS) sites only. -// CIS Version 1.2.0 October 21st, 2011 2.5.7 -// NOTE: CIS says 1, we use 2 -pref("browser.sessionstore.privacy_level", 2); - -// PREF: Delete temporary files on exit -// https://bugzilla.mozilla.org/show_bug.cgi?id=238789 -pref("browser.helperApps.deleteTempFileOnExit", true); - -// Disable the media cache, prevents HTML5 videos from being written to the OS temporary directory -// https://www.torproject.org/projects/torbrowser/design/ -pref("media.cache_size", 0); - -// PREF: Do not create screenshots of visited pages (relates to the "new tab page" feature) -// https://support.mozilla.org/en-US/questions/973320 -// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/browser.pagethumbnails.capturing_disabled -pref("browser.pagethumbnails.capturing_disabled", true); - -/******************************************************************************* - * SECTION: UI related * - *******************************************************************************/ - -pref("ui.use_standins_for_native_colors", true); // https://bugzilla.mozilla.org/232227 - -// PREF: Enable insecure password warnings (login forms in non-HTTPS pages) -// https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please/ -// https://bugzilla.mozilla.org/show_bug.cgi?id=1319119 -// https://bugzilla.mozilla.org/show_bug.cgi?id=1217156 -pref("security.insecure_password.ui.enabled", true); - -// Disable Slow Startup Notifications -pref("browser.slowStartup.maxSamples", 0); -pref("browser.slowStartup.notificationDisabled", true); -pref("browser.slowStartup.samples", 0); - -// Display advanced information on Insecure Connection warning pages -// [TEST] https://expired.badssl.com/ -pref("browser.xul.error_pages.expert_bad_cert", true); - -// PREF: Disable right-click menu manipulation via JavaScript -pref("dom.event.contextmenu.enabled", false); - -// Disable Recently Bookmarked Folder (Disabled) -// https://bugzilla.mozilla.org/show_bug.cgi?id=1248268 -// https://hg.mozilla.org/releases/mozilla-release/rev/f98e3add979e -//pref("browser.bookmarks.showRecentlyBookmarked", false); - -// PREF: Disable "Are you sure you want to leave this page?" popups on page close -// https://support.mozilla.org/en-US/questions/1043508 -// Does not prevent JS leaks of the page close event. -// https://developer.mozilla.org/en-US/docs/Web/Events/beforeunload -pref("dom.disable_beforeunload", true); -pref("dom.require_user_interaction_for_beforeunload", false); -// Don't promote sync -pref("browser.syncPromoViewsLeftMap", "{\"addons\":0,\"bookmarks\":0,\"passwords\":0}"); - -// PREF: Disable Downloading on Desktop -// CIS 2.3.2 -pref("browser.download.folderList", 2); - -// PREF: Always ask the user where to download -// https://developer.mozilla.org/en/Download_Manager_preferences (obsolete) -pref("browser.download.useDownloadDir", false); - -// PREF: Disable the "new tab page" feature and show a blank tab instead -// https://wiki.mozilla.org/Privacy/Reviews/New_Tab -// https://support.mozilla.org/en-US/kb/new-tab-page-show-hide-and-customize-top-sites#w_how-do-i-turn-the-new-tab-page-off -pref("browser.newtabpage.enabled", false); -pref("browser.newtab.url", "about:blank"); - -// PREF: Disable new tab tile ads & preload -// http://www.thewindowsclub.com/disable-remove-ad-tiles-from-firefox -// http://forums.mozillazine.org/viewtopic.php?p=13876331#p13876331 -// https://wiki.mozilla.org/Tiles/Technical_Documentation#Ping -// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-source -// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-ping -// TODO: deprecated? not in DXR, some dead links -pref("browser.newtabpage.enhanced", false); -pref("browser.newtab.preload", false); -pref("browser.newtabpage.directory.ping", ""); -pref("browser.newtabpage.directory.source", "data:text/plain,{}"); - -// PREF: Enable Auto Notification of Outdated Plugins (Firefox < 50) (Disabled on GNU/Linux) -// https://wiki.mozilla.org/Firefox3.6/Plugin_Update_Awareness_Security_Review -// CIS Version 1.2.0 October 21st, 2011 2.1.2 -pref("plugins.update.notifyUser", false); - -// PREF: Enable Information Bar for Outdated Plugins -// http://forums.mozillazine.org/viewtopic.php?f=8&t=2490287 -// CIS Version 1.2.0 October 21st, 2011 2.1.3 -pref("plugins.hide_infobar_for_outdated_plugin", false); - -// PREF: Force Punycode for Internationalized Domain Names -// http://kb.mozillazine.org/Network.IDN_show_punycode -// https://www.xudongz.com/blog/2017/idn-phishing/ -// https://wiki.mozilla.org/IDN_Display_Algorithm -// https://en.wikipedia.org/wiki/IDN_homograph_attack -// https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ -// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.6 -pref("network.IDN_show_punycode", true); - -// PREF: Disable inline autocomplete in URL bar -// http://kb.mozillazine.org/Inline_autocomplete -pref("browser.urlbar.autoFill", false); -pref("browser.urlbar.autoFill.typed", false); - -// PREF: Don't suggest any URLs while typing at the address bar -// https://www.labnol.org/software/browsers/prevent-firefox-showing-bookmarks-address-location-bar/3636/ -// http://kb.mozillazine.org/Browser.urlbar.maxRichResults -// "Setting the preference to 0 effectively disables the Location Bar dropdown entirely." -pref("browser.urlbar.maxRichResults", 0); - -// PREF: Disable CSS :visited selectors -// https://blog.mozilla.org/security/2010/03/31/plugging-the-css-history-leak/ -// https://dbaron.org/mozilla/visited-privacy -pref("layout.css.visited_links_enabled", false); - -// http://kb.mozillazine.org/Places.frecency.unvisited%28place_type%29Bonus - -// PREF: Disable URL bar autocomplete -// http://kb.mozillazine.org/Disabling_autocomplete_-_Firefox#Firefox_3.5 -pref("browser.urlbar.autocomplete.enabled", false); - -// PREF: Do not check if Firefox is the default browser -pref("browser.shell.checkDefaultBrowser", false); - -// PREF: When password manager is enabled, lock the password storage periodically -// CIS Version 1.2.0 October 21st, 2011 2.5.3 Disable Prompting for Credential Storage -pref("security.ask_for_password", 2); - -// Bug 9881: Open popups in new tabs (to avoid fullscreen popups) -// pref("browser.link.open_newwindow.restriction", 0); - -// PREF: Lock the password storage every 1 minutes (default: 30) -pref("security.password_lifetime", 1); - -// PREF: Display a notification bar when websites offer data for offline use -// http://kb.mozillazine.org/Browser.offline-apps.notify -pref("browser.offline-apps.notify", true); - -/****************************************************************************** - * SECTION: Cryptography * - ******************************************************************************/ - -// PREF: Enable HSTS preload list (pre-set HSTS sites list provided by Mozilla) -// https://blog.mozilla.org/security/2012/11/01/preloading-hsts/ -// https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List -// https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security -pref("network.stricttransportsecurity.preloadlist", true); - -// Disable HSTS Priming, a beta feature rarely used that allows mixed content on HTTPS pages. -// https://wicg.github.io/hsts-priming/ -// https://bugzilla.mozilla.org/show_bug.cgi?id=1246540#c145 -// https://hg.mozilla.org/releases/mozilla-release/rev/d7d42cef7968 -pref("security.mixed_content.send_hsts_priming", false); -pref("security.mixed_content.use_hsts", false); - -// PREF: Disable Online Certificate Status Protocol -// https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol -// https://www.imperialviolet.org/2014/04/19/revchecking.html -// https://www.maikel.pro/blog/current-state-certificate-revocation-crls-ocsp/ -// https://wiki.mozilla.org/CA:RevocationPlan -// https://wiki.mozilla.org/CA:ImprovingRevocation -// https://wiki.mozilla.org/CA:OCSP-HardFail -// https://news.netcraft.com/archives/2014/04/24/certificate-revocation-why-browsers-remain-affected-by-heartbleed.html -// https://news.netcraft.com/archives/2013/04/16/certificate-revocation-and-the-performance-of-ocsp.html -// NOTICE: OCSP leaks your IP and domains you visit to the CA when OCSP Stapling is not available on visited host -// NOTICE: OCSP is vulnerable to replay attacks when nonce is not configured on the OCSP responder -// NOTICE: OCSP adds latency (performance) -// NOTICE: Short-lived certificates are not checked for revocation (security.pki.cert_short_lifetime_in_days, default:10) -// CIS Version 1.2.0 October 21st, 2011 2.2.4 -pref("security.OCSP.enabled", 0); - -// PREF: Enable OCSP Stapling support -// https://en.wikipedia.org/wiki/OCSP_stapling -// https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ -// https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx -pref("security.ssl.enable_ocsp_stapling", true); - -// PREF: Enable OCSP Must-Staple support (Firefox >= 45) -// https://blog.mozilla.org/security/2015/11/23/improving-revocation-ocsp-must-staple-and-short-lived-certificates/ -// https://www.entrust.com/ocsp-must-staple/ -// https://github.com/schomery/privacy-settings/issues/40 -// NOTICE: Firefox falls back on plain OCSP when must-staple is not configured on the host certificate -pref("security.ssl.enable_ocsp_must_staple", true); - -// PREF: Require a valid OCSP response for OCSP enabled certificates -// https://groups.google.com/forum/#!topic/mozilla.dev.security/n1G-N2-HTVA -// Disabling this will make OCSP bypassable by MitM attacks suppressing OCSP responses -// NOTICE: `security.OCSP.require` will make the connection fail when the OCSP responder is unavailable -// NOTICE: `security.OCSP.require` is known to break browsing on some [captive portals](https://en.wikipedia.org/wiki/Captive_portal) -pref("security.OCSP.require", true); - -// PREF: Disable TLS Session Tickets -// https://www.blackhat.com/us-13/briefings.html#NextGen -// https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf -// https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-WP.pdf -// https://bugzilla.mozilla.org/show_bug.cgi?id=917049 -// https://bugzilla.mozilla.org/show_bug.cgi?id=967977 -pref("security.ssl.disable_session_identifiers", true); -// https://www.torproject.org/projects/torbrowser/design/index.html.en -pref("security.ssl.enable_false_start", true); -pref("security.enable_tls_session_tickets", false); - -// PREF: Only allow TLS 1.[0-3] -// http://kb.mozillazine.org/Security.tls.version.* -// 1 = TLS 1.0 is the minimum required / maximum supported encryption protocol. (This is the current default for the maximum supported version.) -// 2 = TLS 1.1 is the minimum required / maximum supported encryption protocol. -pref("security.tls.version.min", 1); -pref("security.tls.version.max", 4); - -// PREF: Disable insecure TLS version fallback -// https://bugzilla.mozilla.org/show_bug.cgi?id=1084025 -// https://github.com/pyllyukko/user.js/pull/206#issuecomment-280229645 -pref("security.tls.version.fallback-limit", 3); - -// PREF: Enfore Public Key Pinning -// https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning -// https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning -// "2. Strict. Pinning is always enforced." -pref("security.cert_pinning.enforcement_level", 2); - -// PREF: Disallow SHA-1 -// https://bugzilla.mozilla.org/show_bug.cgi?id=1302140 -// https://hg.mozilla.org/releases/mozilla-release/rev/43c724bde81c#l3.34 -// http://www.scmagazine.com/mozilla-pulls-back-on-rejecting-sha-1-certs-outright/article/463913/ -// 0 = allow SHA-1; 1 = forbid SHA-1; 2 = allow SHA-1 only if notBefore < 2016-01-01 -// https://shattered.io/ -pref("security.pki.sha1_enforcement_level", 1); - -// PREF: Warn the user when server doesn't support RFC 5746 ("safe" renegotiation) -// https://wiki.mozilla.org/Security:Renegotiation#security.ssl.treat_unsafe_negotiation_as_broken -// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555 -pref("security.ssl.treat_unsafe_negotiation_as_broken", true); - -// PREF: Disallow connection to servers not supporting safe renegotiation (disabled) -// https://wiki.mozilla.org/Security:Renegotiation#security.ssl.require_safe_negotiation -// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555 -// TODO: `security.ssl.require_safe_negotiation` is more secure but makes browsing next to impossible (2012-2014-... - `ssl_error_unsafe_negotiation` errors), so is left disabled -// pref("security.ssl.require_safe_negotiation", true); - -// PREF: Disable automatic reporting of TLS connection errors -// https://support.mozilla.org/en-US/kb/certificate-pinning-reports -// we could also disable security.ssl.errorReporting.enabled, but I think it's -// good to leave the option to report potentially malicious sites if the user -// chooses to do so. -// you can test this at https://pinningtest.appspot.com/ -pref("security.ssl.errorReporting.automatic", false); - -// PREF: Pre-populate the current URL but do not pre-fetch the certificate in the "Add Security Exception" dialog -// http://kb.mozillazine.org/Browser.ssl_override_behavior -// https://github.com/pyllyukko/user.js/issues/210 -pref("browser.ssl_override_behavior", 1); - -/****************************************************************************** - * SECTION: Cipher suites * - * * - * you can debug the SSL handshake with tshark: * - * tshark -t ad -n -i wlan0 -T text -V -R ssl.handshake * - ******************************************************************************/ - -// PREF: Disable null ciphers -pref("security.ssl3.rsa_null_sha", false); -pref("security.ssl3.rsa_null_md5", false); -pref("security.ssl3.ecdhe_rsa_null_sha", false); -pref("security.ssl3.ecdhe_ecdsa_null_sha", false); -pref("security.ssl3.ecdh_rsa_null_sha", false); -pref("security.ssl3.ecdh_ecdsa_null_sha", false); - -// PREF: Disable SEED cipher -// https://en.wikipedia.org/wiki/SEED -pref("security.ssl3.rsa_seed_sha", false); - -// PREF: Disable 40/56/128-bit ciphers -// 40-bit ciphers -pref("security.ssl3.rsa_rc4_40_md5", false); -pref("security.ssl3.rsa_rc2_40_md5", false); -// 56-bit ciphers -pref("security.ssl3.rsa_1024_rc4_56_sha", false); -// 128-bit ciphers -pref("security.ssl3.rsa_camellia_128_sha", false); -pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); -pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); -pref("security.ssl3.ecdh_rsa_aes_128_sha", false); -pref("security.ssl3.ecdh_ecdsa_aes_128_sha", false); -pref("security.ssl3.dhe_rsa_camellia_128_sha", false); -pref("security.ssl3.dhe_rsa_aes_128_sha", false); - -// PREF: Disable RC4 -// https://developer.mozilla.org/en-US/Firefox/Releases/38#Security -// https://bugzilla.mozilla.org/show_bug.cgi?id=1138882 -// https://rc4.io/ -// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566 -pref("security.ssl3.ecdh_ecdsa_rc4_128_sha", false); -pref("security.ssl3.ecdh_rsa_rc4_128_sha", false); -pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); -pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); -pref("security.ssl3.rsa_rc4_128_md5", false); -pref("security.ssl3.rsa_rc4_128_sha", false); -pref("security.tls.unrestricted_rc4_fallback", false); - -// PREF: Disable 3DES (effective key size is < 128) -// https://en.wikipedia.org/wiki/3des#Security -// http://en.citizendium.org/wiki/Meet-in-the-middle_attack -// http://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html -pref("security.ssl3.dhe_dss_des_ede3_sha", false); -pref("security.ssl3.dhe_rsa_des_ede3_sha", false); -pref("security.ssl3.ecdh_ecdsa_des_ede3_sha", false); -pref("security.ssl3.ecdh_rsa_des_ede3_sha", false); -pref("security.ssl3.ecdhe_ecdsa_des_ede3_sha", false); -pref("security.ssl3.ecdhe_rsa_des_ede3_sha", false); -pref("security.ssl3.rsa_des_ede3_sha", false); -pref("security.ssl3.rsa_fips_des_ede3_sha", false); - -// PREF: Disable ciphers with ECDH (non-ephemeral) -pref("security.ssl3.ecdh_rsa_aes_256_sha", false); -pref("security.ssl3.ecdh_ecdsa_aes_256_sha", false); - -// PREF: Disable 256 bits ciphers without PFS -pref("security.ssl3.rsa_camellia_256_sha", false); - -// PREF: Enable ciphers with ECDHE and key size > 128bits -pref("security.ssl3.ecdhe_rsa_aes_256_sha", true); // 0xc014 -pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true); // 0xc00a - -// PREF: Enable GCM ciphers (TLSv1.2 only) -// https://en.wikipedia.org/wiki/Galois/Counter_Mode -pref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true); // 0xc02b -pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true); // 0xc02f - -// PREF: Enable ChaCha20 and Poly1305 (Firefox >= 47) -// https://www.mozilla.org/en-US/firefox/47.0/releasenotes/ -// https://tools.ietf.org/html/rfc7905 -// https://bugzilla.mozilla.org/show_bug.cgi?id=917571 -// https://bugzilla.mozilla.org/show_bug.cgi?id=1247860 -// https://cr.yp.to/chacha.html -pref("security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256", true); -pref("security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256", true); - -// PREF: Disable ciphers susceptible to the logjam attack -// https://weakdh.org/ -pref("security.ssl3.dhe_rsa_camellia_256_sha", false); -pref("security.ssl3.dhe_rsa_aes_256_sha", false); - -// PREF: Disable ciphers with DSA (max 1024 bits) -pref("security.ssl3.dhe_dss_aes_128_sha", false); -pref("security.ssl3.dhe_dss_aes_256_sha", false); -pref("security.ssl3.dhe_dss_camellia_128_sha", false); -pref("security.ssl3.dhe_dss_camellia_256_sha", false); - -// PREF: Fallbacks due compatibility reasons -pref("security.ssl3.rsa_aes_256_sha", true); // 0x35 -pref("security.ssl3.rsa_aes_128_sha", true); // 0x2f diff --git a/nonprism/iceweasel-hardened-preferences/iceweasel-hardened.prefs b/nonprism/iceweasel-hardened-preferences/iceweasel-hardened.prefs new file mode 100644 index 000000000..399cfda50 --- /dev/null +++ b/nonprism/iceweasel-hardened-preferences/iceweasel-hardened.prefs @@ -0,0 +1,1986 @@ +/**************************************************************************** + * user.js * + * Adapted from... * + * https://github.com/pyllyukko/user.js * + * https://github.com/The-OP/Fox/tree/master/prefs * + * https://github.com/ghacksuserjs/ghacks-user.js * + ******************************************************************************/ + + /***************************************************************************** + * Avoid hardware based fingerprintings * + * Canvas/Font's/Plugins * + ******************************************************************************/ +// https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration +// https://www.macromedia.com/support/documentation/en/flashplayer/help/help01.html +// https://github.com/dillbyrne/random-agent-spoofer/issues/74 +pref("gfx.direct2d.disabled", true); +pref("layers.acceleration.disabled", true); +pref("gfx.downloadable_fonts.fallback_delay", -1); +pref("intl.charset.default", "windows-1252"); +pref("privacy.use_utc_timezone", true); +pref("privacy.suppressModifierKeyEvents", true); // Bug #17009: Suppress ALT and SHIFT events" +pref("noscript.forbidFonts", true); +pref("dom.maxHardwareConcurrency", 1); // Bug 21675: Spoof single-core cpu + +// Tor Browser Font config +// https://gitweb.torproject.org/tor-browser.git/tree/browser/app/profile/000-tor-browser.js?h=tor-browser-52.1.0esr-7.0-2 +pref("font.default.lo", "Noto Sans Lao"); +pref("font.default.my", "Noto Sans Myanmar"); +pref("font.default.x-western", "sans-serif"); +pref("font.name-list.cursive.ar", "Noto Naskh Arabic, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.cursive.he", "Noto Sans Hebrew, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.cursive.x-cyrillic", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.cursive.x-unicode", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.cursive.x-western", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.fantasy.ar", "Noto Naskh Arabic, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.fantasy.el", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.fantasy.he", "Noto Sans Hebrew, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.fantasy.x-cyrillic", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.fantasy.x-unicode", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.fantasy.x-western", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.ar", "Noto Naskh Arabic, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto +Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.monospace.el", "Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto +Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans +Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto +Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto +Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.he", "Noto Sans Hebrew, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto +Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.monospace.ja", "Noto Sans JP Regular, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, +Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.monospace.ko", "Noto Sans KR Regular, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, +Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.monospace.th", "Noto Sans Thai, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto +Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.monospace.x-armn", "Noto Sans Armenian, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, +Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.monospace.x-beng", "Noto Sans Bengali, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, +Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.monospace.x-cyrillic", "Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans +Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, +Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans +Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans +Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.x-devanagari", "Noto Sans Devanagari, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans +Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, +Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans +Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans +Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, +Noto Serif Thai"); +pref("font.name-list.monospace.x-ethi", "Noto Sans Ethiopic, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, +Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.monospace.x-geor", "Noto Sans Georgian, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, +Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.monospace.x-gujr", "Noto Sans Gujarati, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, +Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.monospace.x-guru", "Noto Sans Gurmukhi, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, +Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.monospace.x-khmr", "Noto Sans Khmer, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, +Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.monospace.x-knda", "Noto Sans Kannada, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, +Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.monospace.x-mlym", "Noto Sans Malayalam, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, +Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.monospace.x-orya", "Noto Sans Oriya, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, +Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.monospace.x-sinh", "Noto Sans Sinhala, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, +Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.monospace.x-tamil", "Noto Sans Tamil, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, +Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.monospace.x-telu", "Noto Sans Telugu, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, +Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.monospace.x-tibt", "Noto Sans Tibetan, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, +Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.monospace.x-unicode", "Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans +Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, +Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans +Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans +Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.x-western", "Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans +Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, +Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans +Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans +Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.zh-CN", "Noto Sans SC Regular, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, +Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.monospace.zh-HK", "Noto Sans TC Regular, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, +Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.monospace.zh-TW", "Noto Sans TC Regular, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, +Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.sans-serif.ar", "Noto Naskh Arabic, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans +Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, +Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans +Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans +Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.el", "Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans +JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, +Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, +Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, +Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.he", "Noto Sans Hebrew, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans +Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, +Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans +Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans +Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.ja", "Noto Sans JP Regular, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans +Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, +Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans +Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans +Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.ko", "Noto Sans KR Regular, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans +Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, +Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans +Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans +Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.th", "Noto Sans Thai, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans +Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, +Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans +Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans +Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.x-armn", "Noto Sans Armenian, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto +Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.sans-serif.x-beng", "Noto Sans Bengali, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto +Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.sans-serif.x-cyrillic", "Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, +Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans +Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto +Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto +Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.x-devanagari", "Noto Sans Devanagari, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, +Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.sans-serif.x-ethi", "Noto Sans Ethiopic, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto +Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.sans-serif.x-geor", "Noto Sans Georgian, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto +Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.sans-serif.x-gujr", "Noto Sans Gujarati, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto +Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.sans-serif.x-guru", "Noto Sans Gurmukhi, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto +Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.sans-serif.x-khmr", "Noto Sans Khmer, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans +Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, +Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans +Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans +Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.x-knda", "Noto Sans Kannada, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto +Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.sans-serif.x-mlym", "Noto Sans Malayalam, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto +Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.sans-serif.x-orya", "Noto Sans Oriya, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans +Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, +Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans +Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans +Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.x-sinh", "Noto Sans Sinhala, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto +Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.sans-serif.x-tamil", "Noto Sans Tamil, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans +Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, +Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans +Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans +Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.x-telu", "Noto Sans Telugu, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans +Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, +Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans +Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans +Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.x-tibt", "Noto Sans Tibetan, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto +Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.sans-serif.x-unicode", "Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto +Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans +Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto +Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto +Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.x-western", "Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto +Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans +Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto +Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto +Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.zh-CN", "Noto Sans SC Regular, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto +Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.sans-serif.zh-HK", "Noto Sans TC Regular, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto +Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.sans-serif.zh-TW", "Noto Sans TC Regular, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto +Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans +Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, +Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto +Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.serif.ar", "Noto Naskh Arabic, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.el", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.he", "Tinos, Georgia, Noto Sans Hebrew, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.ja", "Noto Sans JP Regular, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.ko", "Noto Sans KR Regular, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.th", "Noto Serif Thai, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-armn", "Noto Serif Armenian, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-beng", "Noto Sans Bengali, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-cyrillic", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-devanagari", "Noto Sans Devanagari, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif +Thai"); +pref("font.name-list.serif.x-ethi", "Noto Sans Ethiopic, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-geor", "Noto Sans Georgian, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-gujr", "Noto Sans Gujarati, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-guru", "Noto Sans Gurmukhi, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-khmr", "Noto Serif Khmer, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-knda", "Noto Sans Kannada, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-mlym", "Noto Sans Malayalam, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-orya", "Noto Sans Oriya, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-sinh", "Noto Sans Sinhala, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-tamil", "Noto Sans Tamil, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-telu", "Noto Sans Telugu, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-tibt", "Noto Sans Tibetan, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-unicode", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-western", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.zh-CN", "Noto Sans SC Regular, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.zh-HK", "Noto Sans TC Regular, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.zh-TW", "Noto Sans TC Regular, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name.cursive.ar", "Noto Naskh Arabic"); +pref("font.name.cursive.el", "Tinos, Georgia"); +pref("font.name.cursive.he", "Noto Sans Hebrew"); +pref("font.name.cursive.x-cyrillic", "Tinos, Georgia"); +pref("font.name.cursive.x-unicode", "Tinos, Georgia"); +pref("font.name.cursive.x-western", "Tinos, Georgia"); +pref("font.name.fantasy.ar", "Noto Naskh Arabic"); +pref("font.name.fantasy.el", "Tinos, Georgia"); +pref("font.name.fantasy.he", "Noto Sans Hebrew"); +pref("font.name.fantasy.x-cyrillic", "Tinos, Georgia"); +pref("font.name.fantasy.x-unicode", "Tinos, Georgia"); +pref("font.name.fantasy.x-western", "Tinos, Georgia"); +pref("font.name.monospace.ar", "Noto Naskh Arabic"); +pref("font.name.monospace.el", "Tinos, Georgia"); +pref("font.name.monospace.he", "Noto Sans Hebrew"); +pref("font.name.monospace.ja", "Noto Sans JP Regular"); +pref("font.name.monospace.ko", "Noto Sans KR Regular"); +pref("font.name.monospace.my", "Noto Sans Myanmar"); +pref("font.name.monospace.th", "Noto Sans Thai"); +pref("font.name.monospace.x-armn", "Noto Sans Armenian"); +pref("font.name.monospace.x-beng", "Noto Sans Bengali"); +pref("font.name.monospace.x-cyrillic", "Cousine, Courier, Courier New"); +pref("font.name.monospace.x-devanagari", "Noto Sans Devanagari"); +pref("font.name.monospace.x-ethi", "Noto Sans Ethiopic"); +pref("font.name.monospace.x-geor", "Noto Sans Georgian"); +pref("font.name.monospace.x-gujr", "Noto Sans Gujarati"); +pref("font.name.monospace.x-guru", "Noto Sans Gurmukhi"); +pref("font.name.monospace.x-khmr", "Noto Sans Khmer"); +pref("font.name.monospace.x-knda", "Noto Sans Kannada"); +pref("font.name.monospace.x-mlym", "Noto Sans Malayalam"); +pref("font.name.monospace.x-orya", "Noto Sans Oriya"); +pref("font.name.monospace.x-sinh", "Noto Sans Sinhala"); +pref("font.name.monospace.x-tamil", "Noto Sans Tamil"); +pref("font.name.monospace.x-telu", "Noto Sans Telugu"); +pref("font.name.monospace.x-tibt", "Noto Sans Tibetan"); +pref("font.name.monospace.x-unicode", "Cousine, Courier, Courier New"); +pref("font.name.monospace.x-western", "Cousine, Courier, Courier New"); +pref("font.name.monospace.zh-CN", "Noto Sans SC Regular"); +pref("font.name.monospace.zh-HK", "Noto Sans TC Regular"); +pref("font.name.monospace.zh-TW", "Noto Sans TC Regular"); +pref("font.name.sans-serif.ar", "Noto Naskh Arabic"); +pref("font.name.sans-serif.el", "Arimo, Arial, Verdana"); +pref("font.name.sans-serif.he", "Noto Sans Hebrew"); +pref("font.name.sans-serif.ja", "Noto Sans JP Regular"); +pref("font.name.sans-serif.ko", "Noto Sans KR Regular"); +pref("font.name.sans-serif.th", "Noto Sans Thai"); +pref("font.name.sans-serif.x-armn", "Noto Sans Armenian"); +pref("font.name.sans-serif.x-beng", "Noto Sans Bengali"); +pref("font.name.sans-serif.x-cyrillic", "Arimo, Arial, Verdana"); +pref("font.name.sans-serif.x-devanagari", "Noto Sans Devanagari"); +pref("font.name.sans-serif.x-ethi", "Noto Sans Ethiopic"); +pref("font.name.sans-serif.x-geor", "Noto Sans Georgian"); +pref("font.name.sans-serif.x-gujr", "Noto Sans Gujarati"); +pref("font.name.sans-serif.x-guru", "Noto Sans Gurmukhi"); +pref("font.name.sans-serif.x-khmr", "Noto Sans Khmer"); +pref("font.name.sans-serif.x-knda", "Noto Sans Kannada"); +pref("font.name.sans-serif.x-mlym", "Noto Sans Malayalam"); +pref("font.name.sans-serif.x-orya", "Noto Sans Oriya"); +pref("font.name.sans-serif.x-sinh", "Noto Sans Sinhala"); +pref("font.name.sans-serif.x-tamil", "Noto Sans Tamil"); +pref("font.name.sans-serif.x-telu", "Noto Sans Telugu"); +pref("font.name.sans-serif.x-tibt", "Noto Sans Tibetan"); +pref("font.name.sans-serif.x-unicode", "Arimo, Arial, Verdana"); +pref("font.name.sans-serif.x-western", "Arimo, Arial, Verdana"); +pref("font.name.sans-serif.zh-CN", "Noto Sans SC Regular"); +pref("font.name.sans-serif.zh-HK", "Noto Sans TC Regular"); +pref("font.name.sans-serif.zh-TW", "Noto Sans TC Regular"); +pref("font.name.sans.my", "Noto Sans Myanmar"); +pref("font.name.serif.ar", "Noto Naskh Arabic"); +pref("font.name.serif.el", "Tinos, Georgia"); +pref("font.name.serif.he", "Noto Sans Hebrew"); +pref("font.name.serif.ja", "Noto Sans JP Regular"); +pref("font.name.serif.ko", "Noto Sans KR Regular"); +pref("font.name.serif.my", "Noto Sans Myanmar"); +pref("font.name.serif.th", "Noto Serif Thai"); +pref("font.name.serif.x-armn", "Noto Serif Armenian"); +pref("font.name.serif.x-beng", "Noto Sans Bengali"); +pref("font.name.serif.x-cyrillic", "Tinos, Georgia"); +pref("font.name.serif.x-devanagari", "Noto Sans Devanagari"); +pref("font.name.serif.x-ethi", "Noto Sans Ethiopic"); +pref("font.name.serif.x-geor", "Noto Sans Georgian"); +pref("font.name.serif.x-gujr", "Noto Sans Gujarati"); +pref("font.name.serif.x-guru", "Noto Sans Gurmukhi"); +pref("font.name.serif.x-khmr", "Noto Serif Khmer"); +pref("font.name.serif.x-knda", "Noto Sans Kannada"); +pref("font.name.serif.x-mlym", "Noto Sans Malayalam"); +pref("font.name.serif.x-orya", "Noto Sans Oriya"); +pref("font.name.serif.x-sinh", "Noto Sans Sinhala"); +pref("font.name.serif.x-tamil", "Noto Sans Tamil"); +pref("font.name.serif.x-telu", "Noto Sans Telugu"); +pref("font.name.serif.x-tibt", "Noto Sans Tibetan"); +pref("font.name.serif.x-unicode", "Tinos, Georgia"); +pref("font.name.serif.x-western", "Tinos, Georgia"); +pref("font.name.serif.zh-CN", "Noto Sans SC Regular"); +pref("font.name.serif.zh-HK", "Noto Sans TC Regular"); +pref("font.name.serif.zh-TW", "Noto Sans TC Regular"); + +/****************************************************************************** + * SECTION: HTML5 / APIs / DOM * + ******************************************************************************/ + +// PREF: Disable Service Workers +// https://developer.mozilla.org/en-US/docs/Web/API/Worker +// https://developer.mozilla.org/en-US/docs/Web/API/ServiceWorker_API +// https://wiki.mozilla.org/Firefox/Push_Notifications#Service_Workers +// NOTICE: Disabling ServiceWorkers breaks functionality on some sites (Google Street View...) +// Unknown security implications +// CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287 (fixed) +pref("dom.serviceWorkers.enabled", false); + +// PREF: Disable Web Workers +// https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Using_web_workers +// https://www.w3schools.com/html/html5_webworkers.asp +pref("dom.workers.enabled", false); + +// Disable WebSockets +// https://www.infoq.com/news/2012/03/websockets-security +// http://mdn.beonex.com/en/WebSockets.html +pref("network.websocket.max-connections", 0); + + +// PREF: Disable web notifications +// https://support.mozilla.org/t5/Firefox/I-can-t-find-Firefox-menu-I-m-trying-to-opt-out-of-Web-Push-and/m-p/1317495#M1006501 +pref("dom.webnotifications.enabled", false); + +// Disable DOM Push API +// https://developer.mozilla.org/en-US/docs/Web/API/Push_API +// https://wiki.mozilla.org/Security/Reviews/Push_API +// https://wiki.mozilla.org/Privacy/Reviews/Push_API +// https://bugzilla.mozilla.org/show_bug.cgi?id=1038811 +// https://bugzilla.mozilla.org/show_bug.cgi?id=1153499 +pref("dom.push.enabled", false); +// As a "defense in depth" measure, configure an empty push server URL (the +pref("dom.push.serverURL", ""); +pref("dom.push.userAgentID", ""); +// https://hg.mozilla.org/releases/mozilla-beta/file/e549349b8d66/modules/libpref/init/all.js#l4237 +pref("dom.push.connection.enabled", false); +pref("dom.push.adaptive.enabled", false); +pref("dom.push.udp.wakeupEnabled", false); +// https://hg.mozilla.org/releases/mozilla-beta/file/00bcc10b3bdc/modules/libpref/init/all.js#l4445 +// https://hg.mozilla.org/releases/mozilla-beta/file/00bcc10b3bdc/dom/push/PushRecord.jsm#l59 +pref("dom.push.maxQuotaPerSubscription", 0); +// https://wiki.mozilla.org/Security/Reviews/SimplePush +pref("services.push.enabled", false); +pref("services.push.serverURL", ""); + +// PREF: Disable DOM timing API +// https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI +// https://www.w3.org/TR/navigation-timing/#privacy +pref("dom.enable_performance", false); + +// PREF: Make sure the User Timing API does not provide a new high resolution timestamp +// https://trac.torproject.org/projects/tor/ticket/16336 +// https://www.w3.org/TR/2013/REC-user-timing-20131212/#privacy-security +// https://network23.org/inputisevil/2015/09/06/how-html5-apis-can-fingerprint-users/ +pref("dom.performance.enable_user_timing_logging", false); +pref("dom.enable_resource_timing", false); // Bug 13024 +pref("dom.enable_user_timing", false); // Bug 16336 +pref("dom.event.highrestimestamp.enabled", true); // Bug 17046: Don't leak system uptime in Events + +// PREF: Disable Web Audio API +// https://bugzilla.mozilla.org/show_bug.cgi?id=1288359 +pref("dom.webaudio.enabled", false); + +// Disable MDNS (Supposedly only for Android but is in Desktop version also) +// https://hg.mozilla.org/releases/mozilla-beta/file/00bcc10b3bdc/dom/presentation/provider/MulticastDNSDeviceProvider.cpp#l18 +pref("dom.presentation.discovery.enabled", false); +// https://bugzilla.mozilla.org/show_bug.cgi?id=1278205 +pref("dom.presentation.controller.enabled", false); +pref("dom.presentation.receiver.enabled", false); +pref("dom.presentation.tcp_server.debug", false); +pref("dom.presentation.discoverable", false); +pref("dom.presentation.discovery.legacy.enabled", false); + +// PREF: Disable Location-Aware Browsing (geolocation) +// https://www.mozilla.org/en-US/firefox/geolocation/ +pref("geo.enabled", false); + +// PREF: When geolocation is enabled, use Mozilla geolocation service instead of Google +// https://bugzilla.mozilla.org/show_bug.cgi?id=689252 +pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); + +// PREF: When geolocation is enabled, don't log geolocation requests to the console +pref("geo.wifi.logging.enabled", false); + +// PREF: Disable raw TCP socket support (mozTCPSocket) +// https://trac.torproject.org/projects/tor/ticket/18863 +// https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/ +// https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket +pref("dom.mozTCPSocket.enabled", false); + +// PREF: Disable DOM storage (disabled) +// http://kb.mozillazine.org/Dom.storage.enabled +// https://html.spec.whatwg.org/multipage/webstorage.html +// NOTICE-DISABLED: Disabling DOM storage is known to cause`TypeError: localStorage is null` errors +//pref("dom.storage.enabled", false); + +// PREF: Disable leaking network/browser connection information via Javascript +// Network Information API provides general information about the system's connection type (WiFi, cellular, etc.) +// https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API +// https://wicg.github.io/netinfo/#privacy-considerations +// https://bugzilla.mozilla.org/show_bug.cgi?id=960426 +pref("dom.netinfo.enabled", false); +// fingerprinting due to differing OS implementations +pref("dom.network.enabled", false); + +// PREF: Disable WebRTC entirely to prevent leaking internal IP addresses (Firefox < 42) +// NOTICE: Disabling WebRTC breaks peer-to-peer file sharing tools (reep.io ...) +pref("media.peerconnection.enabled", false); + +// PREF: Don't reveal your internal IP when WebRTC is enabled (Firefox >= 42) +// https://wiki.mozilla.org/Media/WebRTC/Privacy +// https://github.com/beefproject/beef/wiki/Module%3A-Get-Internal-IP-WebRTC +pref("media.peerconnection.ice.default_address_only", true); // Firefox 42-51 +pref("media.peerconnection.ice.no_host", true); // Firefox >= 52 + +// PREF: Disable WebRTC getUserMedia, screen sharing, audio capture, video capture +// https://wiki.mozilla.org/Media/getUserMedia +// https://blog.mozilla.org/futurereleases/2013/01/12/capture-local-camera-and-microphone-streams-with-getusermedia-now-enabled-in-firefox/ +// https://developer.mozilla.org/en-US/docs/Web/API/Navigator +pref("media.navigator.enabled", false); +pref("media.navigator.video.enabled", false); +pref("media.getusermedia.screensharing.enabled", false); +pref("media.getusermedia.audiocapture.enabled", false); +// https://hg.mozilla.org/releases/mozilla-beta/file/00bcc10b3bdc/dom/media/MediaManager.cpp#l1942 +pref("media.getusermedia.noise_enabled", false); + +// Audio_data is deprecated in future releases, but still present +// in FF24. This is a dangerous combination (spotted by iSec) +pref("media.audio_data.enabled", false); + +// Don't autoplay WebM and other embedded media files +// https://support.mozilla.org/en-US/questions/1073167 +pref("media.autoplay.enabled", false); +pref("noscript.forbidMedia", true); + +// Disable Device Change API (FF 52+) +// https://developer.mozilla.org/en-US/docs/Web/Events/devicechange +// https://bugzilla.mozilla.org/show_bug.cgi?id=1152383 +// https://hg.mozilla.org/releases/mozilla-release/file/a67a1682be8f0327435aaa2f417154330eff0017/dom/webidl/MediaDevices.webidl#l15 +pref("media.ondevicechange.enabled", false); +// https://hg.mozilla.org/releases/mozilla-release/rev/5022a33fd3e9 +pref("media.ondevicechange.fakeDeviceChangeEvent.enabled", false); + +// PREF: Disable battery API (Firefox < 52) +// https://developer.mozilla.org/en-US/docs/Web/API/BatteryManager +// https://bugzilla.mozilla.org/show_bug.cgi?id=1313580 +pref("dom.battery.enabled", false); + +// PREF: Disable telephony API +// https://wiki.mozilla.org/WebAPI/Security/WebTelephony +pref("dom.telephony.enabled", false); + +// PREF: Disable "beacon" asynchronous HTTP transfers (used for analytics) +// https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon +pref("beacon.enabled", false); + +// PREF: Disable clipboard event detection (onCut/onCopy/onPaste) via Javascript +// NOTICE: Disabling clipboard events breaks Ctrl+C/X/V copy/cut/paste functionaility in JS-based web applications (Google Docs...) +// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled +pref("dom.event.clipboardevents.enabled", false); + +// PREF: Disable "copy to clipboard" functionality via Javascript (Firefox >= 41) +// NOTICE: Disabling clipboard operations will break legitimate JS-based "copy to clipboard" functionality +// https://hg.mozilla.org/mozilla-central/rev/2f9f8ea4b9c3 +pref("dom.allow_cut_copy", false); + +// PREF: Disable speech recognition +// https://dvcs.w3.org/hg/speech-api/raw-file/tip/speechapi.html +// https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition +// https://wiki.mozilla.org/HTML5_Speech_API +pref("media.webspeech.recognition.enable", false); + +// PREF: Disable speech synthesis +// https://developer.mozilla.org/en-US/docs/Web/API/SpeechSynthesis +pref("media.webspeech.synth.enabled", false); + +// PREF: Disable sensor API +// https://wiki.mozilla.org/Sensor_API +pref("device.sensors.enabled", false); + +// Disable MMS +pref("dom.mms.retrieval_mode", "never"); + +// PREF: Disable pinging URIs specified in HTML ping= attributes +// http://kb.mozillazine.org/Browser.send_pings +pref("browser.send_pings", false); + +// PREF: When browser pings are enabled, only allow pinging the same host as the origin page +// http://kb.mozillazine.org/Browser.send_pings.require_same_host +pref("browser.send_pings.require_same_host", true); + +// PREF: Disable IndexedDB (disabled) +// https://developer.mozilla.org/en-US/docs/IndexedDB +// https://en.wikipedia.org/wiki/Indexed_Database_API +// https://wiki.mozilla.org/Security/Reviews/Firefox4/IndexedDB_Security_Review +// http://forums.mozillazine.org/viewtopic.php?p=13842047 +// https://github.com/pyllyukko/user.js/issues/8 +// NOTICE-DISABLED: IndexedDB could be used for tracking purposes, but is required for some add-ons to work (notably uBlock), so is left enabled +//pref("dom.indexedDB.enabled", false); + +// TODO: "Access Your Location" "Maintain Offline Storage" "Show Notifications" + +// PREF: Disable gamepad API to prevent USB device enumeration +// https://www.w3.org/TR/gamepad/ +// https://trac.torproject.org/projects/tor/ticket/13023 +pref("dom.gamepad.enabled", false); +pref("dom.gamepad.non_standard_events.enabled", false); +pref("dom.gamepad.test.enabled", false); +pref("dom.gamepad.extensions.enabled", false); + +// PREF: Disable virtual reality devices APIs +// https://developer.mozilla.org/en-US/Firefox/Releases/36#Interfaces.2FAPIs.2FDOM +// https://developer.mozilla.org/en-US/docs/Web/API/WebVR_API +pref("dom.vr.enabled", false); +pref("dom.vr.cardboard.enabled", false); +pref("dom.vr.oculus.enabled", false); +pref("dom.vr.oculus050.enabled", false); +pref("dom.vr.poseprediction.enabled", false); +pref("dom.vr.openvr.enabled", false); +// https://hg.mozilla.org/releases/mozilla-release/file/970d0cf1c5d9/modules/libpref/init/all.js#l4778 +pref("dom.vr.add-test-devices", 0); +pref("dom.vr.osvr.enabled", false); + +// HTML5 privacy https://bugzilla.mozilla.org/show_bug.cgi?id=500328 +pref("browser.history.allowPopState", false); +pref("browser.history.allowPushState", false); +pref("browser.history.allowReplaceState", false); +// Idle Observation +pref("dom.idle-observers-api.enabled", false); +// PREF: Disable vibrator API +pref("dom.vibrator.enabled", false); + +// PREF: Disable Archive API (Firefox < 54) +// https://wiki.mozilla.org/WebAPI/ArchiveAPI +// https://bugzilla.mozilla.org/show_bug.cgi?id=1342361 +user_pref("dom.archivereader.enabled", false); + +// PREF: Disable webGL +// https://en.wikipedia.org/wiki/WebGL +// https://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/ +pref("webgl.disabled", true); +// PREF: When webGL is enabled, use the minimum capability mode +pref("webgl.min_capability_mode", true); +// PREF: When webGL is enabled, disable webGL extensions +// https://developer.mozilla.org/en-US/docs/Web/API/WebGL_API#WebGL_debugging_and_testing +pref("webgl.disable-extensions", true); +// PREF: When webGL is enabled, force enabling it even when layer acceleration is not supported +// https://trac.torproject.org/projects/tor/ticket/18603 +pref("webgl.disable-fail-if-major-performance-caveat", true); +// PREF: When webGL is enabled, do not expose information about the graphics driver +// https://bugzilla.mozilla.org/show_bug.cgi?id=1171228 +// https://developer.mozilla.org/en-US/docs/Web/API/WEBGL_debug_renderer_info +pref("webgl.enable-debug-renderer-info", false); +// somewhat related... +pref("pdfjs.enableWebGL", false); + +/****************************************************************************** + * SECTION: Misc * + ******************************************************************************/ +// Disable File and Directory Entries API (Imported from Edge/Chromium) +// https://developer.mozilla.org/en-US/Firefox/Releases/50#Files_and_directories +// https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API +// https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API/Introduction +// https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API/Firefox_support +// https://bugzilla.mozilla.org/show_bug.cgi?id=1265767 +pref("dom.webkitBlink.filesystem.enabled", false); +// https://developer.mozilla.org/en-US/docs/Web/API/HTMLInputElement/webkitdirectory +// https://bugzilla.mozilla.org/show_bug.cgi?id=1258489 +// https://hg.mozilla.org/releases/mozilla-release/rev/133af19777be +pref("dom.webkitBlink.dirPicker.enabled", false); +// Directory Upload API, webkitdirectory +// https://bugzilla.mozilla.org/show_bug.cgi?id=1188880 +// https://bugzilla.mozilla.org/show_bug.cgi?id=907707 +// https://wicg.github.io/directory-upload/proposal.html +pref("dom.input.dirpicker", false); + +// Disable Pointer Lock API. +// https://developer.mozilla.org/en-US/docs/Web/API/Pointer_Lock_API +// https://bugzilla.mozilla.org/show_bug.cgi?id=1273351 +pref("full-screen-api.pointer-lock.enabled", false); +pref("pointer-lock-api.prefixed.enabled", false); + +// PREF: Disable face detection +pref("camera.control.face_detection.enabled", false); +pref("camera.control.autofocus_moving_callback.enabled", false); + + +// PREF: Disable GeoIP lookup on your address to set default search engine region +// https://trac.torproject.org/projects/tor/ticket/16254 +// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_geolocation-for-default-search-engine +pref("browser.search.countryCode", "US"); +pref("browser.search.region", "US"); +pref("browser.search.geoip.url", ""); + +// PREF: Set Accept-Language HTTP header to en-US regardless of Firefox localization +// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Language +pref("intl.accept_languages", "en-us, en"); + +// PREF: Set Firefox locale to en-US +// http://kb.mozillazine.org/General.useragent.locale +pref("general.useragent.locale", "en-US"); + + // Disable website autorefresh, user can still proceed with warning +pref("accessibility.blockautorefresh", true); +pref("browser.meta_refresh_when_inactive.disabled", true); +pref("noscript.forbidMetaRefresh", true); // NoScript ignores this preference? + +// PREF: Don't use OS values to determine locale, force using Firefox locale setting +// http://kb.mozillazine.org/Intl.locale.matchOS +pref("intl.locale.matchOS", false); + +// PREF: Don't use Mozilla-provided location-specific search engines +pref("browser.search.geoSpecificDefaults", false); +pref("browser.search.geoSpecificDefaults.url", ""); + +// PREF: Do not automatically send selection to clipboard on some Linux platforms (Disabled) +// http://kb.mozillazine.org/Clipboard.autocopy +//pref("clipboard.autocopy", false); + +// PREF: Prevent leaking application locale/date format using JavaScript +// https://bugzilla.mozilla.org/show_bug.cgi?id=867501 +// https://hg.mozilla.org/mozilla-central/rev/52d635f2b33d +pref("javascript.use_us_english_locale", true); + +// PREF: Do not submit invalid URIs entered in the address bar to the default search engine +// http://kb.mozillazine.org/Keyword.enabled +pref("keyword.enabled", false); + +// PREF: Don't trim HTTP off of URLs in the address bar. +// https://bugzilla.mozilla.org/show_bug.cgi?id=665580 +pref("browser.urlbar.trimURLs", false); + +// PREF: Don't try to guess domain names when entering an invalid domain name in URL bar +// http://www-archive.mozilla.org/docs/end-user/domain-guessing.html +pref("browser.fixup.alternate.enabled", false); + +// Set TOR as default proxy +pref("network.proxy.socks", "127.0.0.1"); +pref("network.proxy.socks_port", 9050); +// Proxy off by default, user can toggle it on. +pref("network.proxy.type", 0); +// Protect TOR ports +pref("network.security.ports.banned", "9050,9051,9150,9151"); + +// Make sure proxy-autoconfig is off to prevent MiTM. +// https://bugzilla.mozilla.org/show_bug.cgi?id=1255474 +// https://hg.mozilla.org/releases/mozilla-release/rev/5139b0dd7acc +pref("network.proxy.autoconfig_url.include_path", false); + +// PREF: When browser.fixup.alternate.enabled is enabled, strip password from 'user:password@...' URLs +// https://github.com/pyllyukko/user.js/issues/290#issuecomment-303560851 +pref("browser.fixup.hide_user_pass", true); + +// PREF: Send DNS request through SOCKS when SOCKS proxying is in use +// https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers +pref("network.proxy.socks_remote_dns", true); + +// For fingerprinting and local service vulns (#10419) +pref("network.proxy.no_proxies_on", ""); + +// PREF: Don't monitor OS online/offline connection state +// https://trac.torproject.org/projects/tor/ticket/18945 +pref("network.manage-offline-status", false); + +// PREF: Enforce Mixed Active Content Blocking +// https://support.mozilla.org/t5/Protect-your-privacy/Mixed-content-blocking-in-Firefox/ta-p/10990 +// https://developer.mozilla.org/en-US/docs/Site_Compatibility_for_Firefox_23#Non-SSL_contents_on_SSL_pages_are_blocked_by_default +// https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/ +pref("security.mixed_content.block_active_content", true); + +// PREF: Enforce Mixed Passive Content blocking (a.k.a. Mixed Display Content) +// NOTICE: Enabling Mixed Display Content blocking can prevent images/styles... from loading properly when connection to the website is only partially +secured +pref("security.mixed_content.block_display_content", true); + +// PREF: Disable JAR from opening Unsafe File Types +// http://kb.mozillazine.org/Network.jar.open-unsafe-types +// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.7 +pref("network.jar.open-unsafe-types", false); + +// CIS 2.7.4 Disable Scripting of Plugins by JavaScript +// http://forums.mozillazine.org/viewtopic.php?f=7&t=153889 +pref("security.xpconnect.plugin.unrestricted", false); + +// PREF: Set File URI Origin Policy +// http://kb.mozillazine.org/Security.fileuri.strict_origin_policy +// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.8 +pref("security.fileuri.strict_origin_policy", true); + +// PREF: Disable Displaying Javascript in History URLs +// http://kb.mozillazine.org/Browser.urlbar.filter.javascript +// CIS 2.3.6 +pref("browser.urlbar.filter.javascript", true); + +// PREF: Disable asm.js +// http://asmjs.org/ +// https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/ +// https://www.mozilla.org/en-US/security/advisories/mfsa2015-50/ +// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712 +pref("javascript.options.asmjs", false); +// https://hacks.mozilla.org/2016/03/a-webassembly-milestone/ +pref("javascript.options.wasm", false); +pref("javascript.options.wasm_baselinejit", false); +// https://trac.torproject.org/projects/tor/ticket/9387#comment:43 +pref("javascript.options.typeinference", false); +pref("javascript.options.baselinejit.content", false); +pref("javascript.options.ion.content", false); +// https://www.torproject.org/projects/torbrowser/design +pref("mathml.disabled", true); + +// PREF: Disable SVG in OpenType fonts +// https://wiki.mozilla.org/SVGOpenTypeFonts +// https://github.com/iSECPartners/publications/tree/master/reports/Tor%20Browser%20Bundle +pref("gfx.font_rendering.opentype_svg.enabled", false); + +// PREF: Disable in-content SVG rendering (Firefox >= 53) +// NOTICE: Disabling SVG support breaks many UI elements on many sites +// https://bugzilla.mozilla.org/show_bug.cgi?id=1216893 +// https://github.com/iSECPartners/publications/raw/master/reports/Tor%20Browser%20Bundle/Tor%20Browser%20Bundle%20-%20iSEC%20Deliverable%201.3.pdf#16 +pref("svg.disabled", true); + + +// PREF: Disable video stats to reduce fingerprinting threat +// https://bugzilla.mozilla.org/show_bug.cgi?id=654550 +// https://github.com/pyllyukko/user.js/issues/9#issuecomment-100468785 +// https://github.com/pyllyukko/user.js/issues/9#issuecomment-148922065 +pref("media.video_stats.enabled", false); + +// PREF: Don't reveal build ID +// Value taken from Tor Browser +// https://bugzilla.mozilla.org/show_bug.cgi?id=583181 +pref("general.buildID.override", "20100101"); + +// PREF: Prevent font fingerprinting +// https://browserleaks.com/fonts +// https://github.com/pyllyukko/user.js/issues/120 +pref("browser.display.use_document_fonts", 0); + +// PREF: Enable only whitelisted URL protocol handlers +// http://kb.mozillazine.org/Network.protocol-handler.external-default +// http://kb.mozillazine.org/Network.protocol-handler.warn-external-default +// http://kb.mozillazine.org/Network.protocol-handler.expose.%28protocol%29 +// https://news.ycombinator.com/item?id=13047883 +// https://bugzilla.mozilla.org/show_bug.cgi?id=167475 +// https://github.com/pyllyukko/user.js/pull/285#issuecomment-298124005 +// NOTICE: Disabling nonessential protocols breaks all interaction with custom protocols such as mailto:, irc:, magnet: ... and breaks opening +third-party mail/messaging/torrent/... clients when clicking on links with these protocols +// TODO: Add externally-handled protocols from Windows 8.1 and Windows 10 (currently contains protocols only from Linux and Windows 7) that might pose +a similar threat (see e.g. https://news.ycombinator.com/item?id=13044991) +// TODO: Add externally-handled protocols from Mac OS X that might pose a similar threat (see e.g. https://news.ycombinator.com/item?id=13044991) +// If you want to enable a protocol, set network.protocol-handler.expose.(protocol) to true and network.protocol-handler.external.(protocol) to: +// * true, if the protocol should be handled by an external application +// * false, if the protocol should be handled internally by Firefox +user_pref("network.protocol-handler.warn-external-default", true); +user_pref("network.protocol-handler.external.http", false); +user_pref("network.protocol-handler.external.https", false); +user_pref("network.protocol-handler.external.javascript", false); +user_pref("network.protocol-handler.external.moz-extension", false); +user_pref("network.protocol-handler.external.ftp", false); +user_pref("network.protocol-handler.external.file", false); +user_pref("network.protocol-handler.external.about", false); +user_pref("network.protocol-handler.external.chrome", false); +user_pref("network.protocol-handler.external.blob", false); +user_pref("network.protocol-handler.external.data", false); +user_pref("network.protocol-handler.expose-all", false); +user_pref("network.protocol-handler.expose.http", true); +user_pref("network.protocol-handler.expose.https", true); +user_pref("network.protocol-handler.expose.javascript", true); +user_pref("network.protocol-handler.expose.moz-extension", true); +user_pref("network.protocol-handler.expose.ftp", true); +user_pref("network.protocol-handler.expose.file", true); +user_pref("network.protocol-handler.expose.about", true); +user_pref("network.protocol-handler.expose.chrome", true); +user_pref("network.protocol-handler.expose.blob", true); +user_pref("network.protocol-handler.expose.data", true); + +/****************************************************************************** + * SECTION: Extensions / plugins * + ******************************************************************************/ + +// PREF: Ensure you have a security delay when installing add-ons (milliseconds) +// http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox +// http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ +pref("security.dialog_enable_delay", 1000); + +// PREF: Require signatures (Disabled due to bundled extensions) +// https://wiki.mozilla.org/Addons/Extension_Signing +//pref("xpinstall.signatures.required", true); + +// PREF: Opt-out of add-on metadata updates +// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/ +pref("extensions.getAddons.cache.enabled", false); + +// PREF: Opt-out of themes (Persona) updates +// https://support.mozilla.org/t5/Firefox/how-do-I-prevent-autoamtic-updates-in-a-50-user-environment/td-p/144287 +pref("lightweightThemes.update.enabled", false); + +// PREF: Disable Flash Player NPAPI plugin +// http://kb.mozillazine.org/Flash_plugin +pref("plugin.state.flash", 0); + +// PREF: Disable Java NPAPI plugin +pref("plugin.state.java", 0); + +// PREF: Disable sending Flash Player crash reports +pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); + +// PREF: When Flash crash reports are enabled, don't send the visited URL in the crash report +pref("dom.ipc.plugins.reportCrashURL", false); + +// PREF: When Flash is enabled, download and use Mozilla SWF URIs blocklist +// https://bugzilla.mozilla.org/show_bug.cgi?id=1237198 +// https://github.com/mozilla-services/shavar-plugin-blocklist +pref("browser.safebrowsing.blockedURIs.enabled", true); + +// PREF: Disable Shumway (Mozilla Flash renderer) +// https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Shumway +pref("shumway.disabled", true); + +// PREF: Disable Gnome Shell Integration NPAPI plugin +pref("plugin.state.libgnome-shell-browser-plugin", 0); + +// PREF: Disable the bundled OpenH264 video codec (disabled) +// http://forums.mozillazine.org/viewtopic.php?p=13845077&sid=28af2622e8bd8497b9113851676846b1#p13845077 +pref("media.gmp-provider.enabled", false); + +// PREF: Enable plugins click-to-play +// https://wiki.mozilla.org/Firefox/Click_To_Play +// https://blog.mozilla.org/security/2012/10/11/click-to-play-plugins-blocklist-style/ +pref("plugins.click_to_play", true); + +// PREF: Disable automatic updates of addons +// https://blog.mozilla.org/addons/how-to-turn-off-add-on-updates/ +pref("extensions.update.enabled", false); +pref("extensions.update.autoUpdateDefault", false); +// User can still update manually, but we disable background updates. +pref("extensions.update.background.url", ""); + +// The system add-ons infrastructure that's used to ship Hello and Pocket in Firefox +pref("extensions.systemAddon.update.url", ""); + +// Only install extensions to user profile +// https://developer.mozilla.org/en-US/Add-ons/Installing_extensions +// https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/ +pref("extensions.enabledScopes", 1); + +// PREF: Disable add-on and certificate blocklists (OneCRL) from Mozilla +// https://wiki.mozilla.org/Blocklisting +// https://blocked.cdn.mozilla.net/ +// http://kb.mozillazine.org/Extensions.blocklist.enabled +// http://kb.mozillazine.org/Extensions.blocklist.url +// https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ +// Updated at interval defined in extensions.blocklist.interval (default: 86400) +pref("extensions.blocklist.enabled", false); +pref("extensions.blocklist.detailsURL", "about:blank"); +pref("extensions.blocklist.itemURL", "about:blank"); +pref("extensions.getAddons.get.url", "about:blank"); +pref("extensions.getAddons.getWithPerformance.url", "about:blank"); +pref("extensions.getAddons.recommended.url", "about:blank"); +// If blocklist still downloads, we want it to be signed. +pref("services.blocklist.signing.enforced", true); +// Firefox 49: https://hg.mozilla.org/releases/mozilla-release/rev/c6c57d394549 +// https://hg.mozilla.org/releases/mozilla-release/file/c6c57d394549/toolkit/mozapps/extensions/nsBlocklistService.js#l633 +pref("services.blocklist.update_enabled", false); +// https://hg.mozilla.org/releases/mozilla-release/file/c6c57d394549/services/common/blocklist-updater.js +// Remove Kinto Blacklist URL +// https://hg.mozilla.org/releases/mozilla-release/file/c1de04f39fa956cfce83f6065b0e709369215ed5/services/common/kinto-updater.js +pref("services.settings.server", "data:application/json,{}"); +pref("services.blocklist.changes.path", ""); + +// PREF: Decrease system information leakage to Mozilla blocklist update servers +// https://trac.torproject.org/projects/tor/ticket/16931 +pref("extensions.blocklist.url", "about:blank"); + +// Disable Freedom Violating DRM Feature +// https://bugzilla.mozilla.org/show_bug.cgi?id=1144903#c8 +pref("media.eme.apiVisible", false); +pref("media.eme.enabled", false); +pref("browser.eme.ui.enabled", false); +pref("media.gmp-eme-adobe.enabled", false); + +// Google Widevine DRM +// https://blog.mozilla.org/futurereleases/2016/04/08/mozilla-to-test-widevine-cdm-in-firefox-nightly/ +// https://wiki.mozilla.org/QA/Widevine_CDM +// https://bugzilla.mozilla.org/show_bug.cgi?id=1288580 +pref("media.gmp-widevinecdm.visible", false); +pref("media.gmp-widevinecdm.enabled", false); +pref("media.gmp-widevinecdm.autoupdate", false); + +// Plugin Updater: Fingerprints the user, does not use HTTPS, Not used on GNU/Linux. Remove it. +pref("pfs.datasource.url", "about:blank"); +pref("pfs.filehint.url", "about:blank"); + +/****************************************************************************** + * SECTION: Firefox (anti-)features / components * * + ******************************************************************************/ + +// PREF: Disable WebIDE +// https://trac.torproject.org/projects/tor/ticket/16222 +// https://developer.mozilla.org/docs/Tools/WebIDE +pref("devtools.webide.enabled", false); +pref("devtools.webide.autoinstallADBHelper", false); +pref("devtools.webide.autoinstallFxdtAdapters", false); + +// PREF: Disable remote debugging +// https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop +// https://developer.mozilla.org/en-US/docs/Tools/Tools_Toolbox#Advanced_settings +pref("devtools.debugger.remote-enabled", false); +// "to use developer tools in the context of the browser itself, and not only web content" +pref("devtools.chrome.enabled", false); +// https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop#Firefox_37_onwards +pref("devtools.debugger.force-local", true); +// The in-browser debugger for debugging chrome code is not coping with our +// restrictive DNS look-up policy. We use "127.0.0.1" instead of "localhost" as +// a workaround. See bug 16523 for more details. +pref("devtools.debugger.chrome-debugging-host", "127.0.0.1"); +pref("devtools.appmanager.enabled", false); +pref("devtools.debugger.prompt-connection", true); +pref("devtools.devices.url", "about:blank"); +pref("devtools.gcli.imgurUploadURL", "about:blank"); +pref("devtools.gcli.jquerySrc", "about:blank"); +pref("devtools.gcli.lodashSrc", "about:blank"); +pref("devtools.gcli.underscoreSrc", "about:blank"); +// http://forum.top-hat-sec.com/index.php?topic=4951.5;wap2 +pref("devtools.remote.wifi.scan", false); +pref("devtools.remote.wifi.visible", false); +pref("devtools.webide.adaptersAddonURL", "about:blank"); +pref("devtools.webide.adbAddonURL", "about:blank"); +pref("devtools.webide.addonsURL", "about:blank"); +//https://trac.torproject.org/projects/tor/ticket/16222 +pref("devtools.webide.enabled", false); +pref("devtools.webide.simulatorAddonsURL", "about:blank"); +pref("devtools.webide.templatesURL", "about:blank"); +// https://hg.mozilla.org/releases/mozilla-release/rev/47ead489b52e +pref("devtools.screenshot.audio.enabled", false); + +// PREF: Disable Mozilla telemetry/experiments +// https://wiki.mozilla.org/Platform/Features/Telemetry +// https://wiki.mozilla.org/Privacy/Reviews/Telemetry +// https://wiki.mozilla.org/Telemetry +// https://www.mozilla.org/en-US/legal/privacy/firefox.html#telemetry +// https://support.mozilla.org/t5/Firefox-crashes/Mozilla-Crash-Reporter/ta-p/1715 +// https://wiki.mozilla.org/Security/Reviews/Firefox6/ReviewNotes/telemetry +// https://gecko.readthedocs.io/en/latest/browser/experiments/experiments/manifest.html +// https://wiki.mozilla.org/Telemetry/Experiments +pref("toolkit.telemetry.enabled", false); +pref("toolkit.telemetry.unified", false); +pref("experiments.supported", false); +pref("experiments.enabled", false); +pref("experiments.manifest.uri", ""); + +// PREF: Disallow Necko to do A/B testing +// https://trac.torproject.org/projects/tor/ticket/13170 +pref("network.allow-experiments", false); + +// PREF: Disable sending Firefox crash reports to Mozilla servers +// https://wiki.mozilla.org/Breakpad +// http://kb.mozillazine.org/Breakpad +// https://dxr.mozilla.org/mozilla-central/source/toolkit/crashreporter +// https://bugzilla.mozilla.org/show_bug.cgi?id=411490 +// A list of submitted crash reports can be found at about:crashes +pref("breakpad.reportURL", ""); + +// PREF: Disable sending reports of tab crashes to Mozilla (about:tabcrashed), don't nag user about unsent crash reports +// https://hg.mozilla.org/mozilla-central/file/tip/browser/app/profile/firefox.js +pref("browser.tabs.crashReporting.sendReport", false); +pref("browser.crashReports.unsubmittedCheck.enabled", false); +pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); + +// PREF: Disable FlyWeb (discovery of LAN/proximity IoT devices that expose a Web interface) +// https://wiki.mozilla.org/FlyWeb +// https://wiki.mozilla.org/FlyWeb/Security_scenarios +// https://docs.google.com/document/d/1eqLb6cGjDL9XooSYEEo7mE-zKQ-o-AuDTcEyNhfBMBM/edit +// http://www.ghacks.net/2016/07/26/firefox-flyweb +pref("dom.flyweb.enabled", false); + +// PREF: Disable the UITour backend +// https://trac.torproject.org/projects/tor/ticket/19047#comment:3 +pref("browser.uitour.enabled", false); + +// PREF: Enable Firefox Tracking Protection +// https://wiki.mozilla.org/Security/Tracking_protection +// https://support.mozilla.org/en-US/kb/tracking-protection-firefox +// https://support.mozilla.org/en-US/kb/tracking-protection-pbm +// https://kontaxis.github.io/trackingprotectionfirefox/ +// https://feeding.cloud.geek.nz/posts/how-tracking-protection-works-in-firefox/ +pref("privacy.trackingprotection.enabled", true); +pref("privacy.trackingprotection.pbmode.enabled", true); + +// PREF: Enable contextual identity Containers feature (Firefox >= 52) +// NOTICE: Containers are not available in Private Browsing mode +// https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers +pref("privacy.userContext.enabled", true); + +// PREF: Enable hardening against various fingerprinting vectors (Tor Uplift project) +// https://wiki.mozilla.org/Security/Tor_Uplift/Tracking +pref("privacy.resistFingerprinting", true); + +// PREF: Disable the built-in PDF viewer +// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2743 +// https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/ +// https://www.mozilla.org/en-US/security/advisories/mfsa2015-69/ +pref("pdfjs.disabled", true); + +// PREF: Disable collection/sending of the health report (healthreport.sqlite*) +// https://support.mozilla.org/en-US/kb/firefox-health-report-understand-your-browser-perf +// https://gecko.readthedocs.org/en/latest/toolkit/components/telemetry/telemetry/preferences.html +pref("datareporting.healthreport.uploadEnabled", false); +pref("datareporting.healthreport.service.enabled", false); +pref("datareporting.policy.dataSubmissionEnabled", false); + +// PREF: Disable Heartbeat (Mozilla user rating telemetry) +// https://wiki.mozilla.org/Advocacy/heartbeat +// https://trac.torproject.org/projects/tor/ticket/19047 +pref("browser.selfsupport.url", ""); + +// PREF: Disable Firefox Hello (disabled) (Firefox < 49) +// https://wiki.mozilla.org/Loop +// https://support.mozilla.org/t5/Chat-and-share/Support-for-Hello-discontinued-in-Firefox-49/ta-p/37946 +// NOTICE: Firefox Hello requires setting `media.peerconnection.enabled` and `media.getusermedia.screensharing.enabled` to true, +`security.OCSP.require` to false to work. +//pref("loop.enabled", false); + +// PREF: Disable Firefox Hello metrics collection +// https://groups.google.com/d/topic/mozilla.dev.platform/nyVkCx-_sFw/discussion +pref("loop.logDomains", false); + +// PREF: Disable Auto Update / Balrog +// NOTICE: Fully automatic updates are disabled and left to package management systems on Linux. Windows users may want to change this setting. +// CIS 2.1.1 +pref("app.update.auto", false); +pref("app.update.checkInstallTime", false); +pref("app.update.enabled", false); +pref("app.update.staging.enabled", false); +pref("app.update.url", "about:blank"); +pref("media.gmp-manager.certs.1.commonName", ""); +pref("media.gmp-manager.certs.2.commonName", ""); + +// PREF: Disable blocking reported web forgeries +// Leaks information to Google +// https://wiki.mozilla.org/Security/Safe_Browsing +// http://kb.mozillazine.org/Safe_browsing +// https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work +// http://forums.mozillazine.org/viewtopic.php?f=39&t=2711237&p=12896849#p12896849 +// CIS 2.3.4 +pref("browser.safebrowsing.enabled", false); // Firefox < 50 +pref("browser.safebrowsing.phishing.enabled", false); // firefox >= 50 + +// PREF: Disable blocking reported attack sites +// Leaks information to Google +// http://kb.mozillazine.org/Browser.safebrowsing.malware.enabled +// CIS 2.3.5 +pref("browser.safebrowsing.malware.enabled", false); + +// PREF: Disable querying Google Application Reputation database for downloaded binary files +// https://www.mozilla.org/en-US/firefox/39.0/releasenotes/ +// https://wiki.mozilla.org/Security/Application_Reputation +pref("browser.safebrowsing.downloads.remote.enabled", false); +pref("browser.safebrowsing.appRepURL", "about:blank"); +pref("browser.safebrowsing.provider.mozilla.gethashURL", "about:blank"); +pref("browser.safebrowsing.provider.mozilla.updateURL", "about:blank"); +pref("browser.safebrowsing.downloads.remote.block_dangerous", false); +pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); +pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); +pref("browser.safebrowsing.downloads.remote.block_uncommon", false); +pref("browser.safebrowsing.downloads.remote.url", ""); +pref("browser.safebrowsing.provider.google.gethashURL", ""); +pref("browser.safebrowsing.provider.google.updateURL", ""); +pref("browser.safebrowsing.provider.google.lists", ""); + +// https://bugzilla.mozilla.org/show_bug.cgi?id=1025965 +pref("browser.safebrowsing.provider.google4.lists", "about:blank"); +pref("browser.safebrowsing.provider.google4.updateURL", "about:blank"); +pref("browser.safebrowsing.provider.google4.gethashURL", "about:blank"); +pref("browser.safebrowsing.provider.google4.reportURL", "about:blank"); +pref("browser.safebrowsing.provider.mozilla.lists", "about:blank"); + +// Disable Microsoft Family Safety MiTM support (Windows 8.1) (FF50+) +// https://bugzilla.mozilla.org/show_bug.cgi?id=1239166 +// https://wiki.mozilla.org/SecurityEngineering/Untrusted_Certificates_in_Windows_Child_Mode +// https://hg.mozilla.org/releases/mozilla-release/file/ddb37c386bb2ffa180117b4d30ca3b41a8af233c/security/manager/ssl/nsNSSComponent.cpp#l782 +pref("security.family_safety.mode", 0); +// https://bugzilla.mozilla.org/show_bug.cgi?id=1265113 +// https://hg.mozilla.org/releases/mozilla-release/rev/d9659c22b3c5 +// https://bugzilla.mozilla.org/show_bug.cgi?id=1298883 +pref("security.enterprise_roots.enabled", false); + +// PREF: Disable Pocket +// https://support.mozilla.org/en-US/kb/save-web-pages-later-pocket-firefox +// https://github.com/pyllyukko/user.js/issues/143 +pref("browser.pocket.enabled", false); +pref("extensions.pocket.enabled", false); +pref("extensions.pocket.api", "about:blank"); +pref("browser.pocket.api", "about:blank"); +pref("browser.pocket.enabledLocales", "about:blank"); +pref("browser.pocket.oAuthConsumerKey", "about:blank"); +pref("browser.pocket.site", "about:blank"); +pref("browser.pocket.useLocaleList", false); +pref("browser.toolbarbuttons.introduced.pocket-button", true); + +// Disable Web Compat Reporter +pref("extensions.webcompat-reporter.enabled", false); +pref("extensions.webcompat-reporter.newIssueEndpoint", ""); + +// Disable Social +pref("social.directories", ""); +pref("social.enabled", false); +// remote-install allows any website to activate a provider, with extended UI +pref("social.remote-install.enabled", false); +pref("social.shareDirectory", ""); +pref("social.toast-notifications.enabled", false); +pref("social.whitelist", ""); + +// Disable Snippets +pref("browser.snippets.enabled", false); +pref("browser.snippets.geoUrl", "about:blank"); +pref("browser.snippets.statsUrl", "about:blank"); +pref("browser.snippets.syncPromo.enabled", false); +pref("browser.snippets.updateUrl", "about:blank"); + +// Disable WAN IP leaks +pref("captivedetect.canonicalURL", "about:blank"); +pref("network.captive-portal-service.enabled", false); +// Note: NoScript seems to ignore these and leak WAN anyway. +pref("noscript.ABE.wanIpAsLocal", false); +pref("noscript.ABE.wanIpCheckURL", "about:blank"); + +// Disable Default Protocol Handlers, always warn user instead +pref("network.protocol-handler.external-default", false); +pref("network.protocol-handler.external.mailto", false); +pref("network.protocol-handler.external.news", false); +pref("network.protocol-handler.external.nntp", false); +pref("network.protocol-handler.external.snews", false); +pref("network.protocol-handler.warn-external.mailto", true); +pref("network.protocol-handler.warn-external.news", true); +pref("network.protocol-handler.warn-external.nntp", true); +pref("network.protocol-handler.warn-external.snews", true); + +// Disable Sync +pref("services.sync.engine.addons", false); +// Never sync prefs, addons, or tabs with other browsers +pref("services.sync.engine.prefs", false); +pref("services.sync.engine.tabs", false); +pref("services.sync.prefs.sync.addons.ignoreUserEnabledChanges", false); +pref("services.sync.prefs.sync.extensions.update.enabled", false); +pref("services.sync.serverURL", "about:blank"); +pref("services.sync.jpake.serverURL", "about:blank"); +// Disable Failed Sync Logs since we killed sync. +pref("services.sync.log.appender.file.logOnError", false); +pref("services.sync.ui.hidden", true); + +// PREF: Disable SHIELD +// https://support.mozilla.org/en-US/kb/shield +// https://bugzilla.mozilla.org/show_bug.cgi?id=1370801 +user_pref("extensions.shield-recipe-client.enabled", false); +user_pref("app.shield.optoutstudies.enabled", false); + +/****************************************************************************** + * SECTION: Automatic connections * + ******************************************************************************/ + +// PREF: Disable prefetching of URLs +// http://kb.mozillazine.org/Network.prefetch-next +// https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#Is_there_a_preference_to_disable_link_prefetching.3F +pref("network.prefetch-next", false); + +// PREF: Disable DNS prefetching +// http://kb.mozillazine.org/Network.dns.disablePrefetch +// https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching +pref("network.dns.disablePrefetch", true); +pref("network.dns.disablePrefetchFromHTTPS", true); + +// PREF: Disable the predictive service (Necko) +// https://wiki.mozilla.org/Privacy/Reviews/Necko +pref("network.predictor.enabled", false); +// https://wiki.mozilla.org/Privacy/Reviews/Necko#Principle:_Real_Choice +pref("network.seer.enabled", false); + +// PREF: Reject .onion hostnames before passing the to DNS +// https://bugzilla.mozilla.org/show_bug.cgi?id=1228457 +// RFC 7686 +pref("network.dns.blockDotOnion", true); + +// PREF: Disable search suggestions in the search bar +// http://kb.mozillazine.org/Browser.search.suggest.enabled +pref("browser.search.suggest.enabled", false); + +// PREF: Disable "Show search suggestions in location bar results" +pref("browser.urlbar.suggest.searches", false); +// PREF: When using the location bar, don't suggest URLs from browsing history +pref("browser.urlbar.suggest.history", false); + +// PREF: Disable SSDP +// https://bugzilla.mozilla.org/show_bug.cgi?id=1111967 +pref("browser.casting.enabled", false); + +// PREF: Disable automatic downloading of OpenH264 codec +// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_media-capabilities +// http://andreasgal.com/2014/10/14/openh264-now-in-firefox/ +pref("media.gmp-gmpopenh264.enabled", false); +pref("media.peerconnection.video.h264_enabled", false); +// Disable Gecko media plugins: https://wiki.mozilla.org/GeckoMediaPlugins +pref("media.gmp-manager.url", ""); +pref("media.gmp-manager.url.override", "data:text/plain"); +pref("media.gmp.trial-create.enabled", false); +// Since ESR52 it is not enough anymore to block pinging the GMP update/download +// server. There is a local fallback that must be blocked now as well. See: +// https://bugzilla.mozilla.org/show_bug.cgi?id=1267495. +pref("media.gmp-manager.updateEnabled", false); + +// PREF: Disable speculative pre-connections +// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections +// https://bugzilla.mozilla.org/show_bug.cgi?id=814169 +pref("network.http.speculative-parallel-limit", 0); + +// PREF: Disable downloading homepage snippets/messages from Mozilla +// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_mozilla-content +// https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service +pref("browser.aboutHomeSnippets.updateUrl", ""); + +// PREF: Never check updates for search engines +// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_auto-update-checking +pref("browser.search.update", false); + +//Disable Link to FireFox Marketplace, currently loaded with non-free "apps" +pref("browser.apps.URL", ""); +pref("browser.webapps.checkForUpdates", 0); +pref("browser.webapps.updateCheckUrl", "about:blank"); +pref("dom.mozApps.signed_apps_installable_from", ""); + +// Disable Favicon lookups (Leaks/fingerprints user bookmarks) +// http://kb.mozillazine.org/Browser.chrome.favicons +pref("browser.chrome.favicons", false); +pref("browser.chrome.site_icons", false); +pref("browser.shell.shortcutFavicons", false); + +/****************************************************************************** + * SECTION: HTTP * + ******************************************************************************/ +// https://gitweb.torproject.org/tor-browser.git/tree/browser/app/profile/000-tor-browser.js?h=tor-browser-52.1.0esr-7.0-2 +pref("network.http.pipelining", true); +pref("network.http.pipelining.aggressive", true); +pref("network.http.pipelining.maxrequests", 12); +pref("network.http.pipelining.ssl", true); +pref("network.http.proxy.pipelining", true); +pref("security.ssl.enable_false_start", true); +pref("network.http.keep-alive.timeout", 20); +pref("network.http.connection-retry-timeout", 0); +pref("network.http.max-persistent-connections-per-proxy", 256); +pref("network.http.pipelining.reschedule-timeout", 15000); +pref("network.http.pipelining.read-timeout", 60000); +pref("network.http.pipelining.max-optimistic-requests", 3); +pref("network.http.spdy.enabled", false); // Stores state and may have keepalive issues (both fixable) +pref("network.http.spdy.enabled.v2", false); // Seems redundant, but just in case +pref("network.http.spdy.enabled.v3", false); // Seems redundant, but just in case +pref("network.http.spdy.enabled.v3-1", false); // Seems redundant, but just in case +pref("privacy.firstparty.isolate", true); // Always enforce first party isolation +pref("network.http.spdy.enabled.http2", false); // Temporarily disabled pending implementation review +pref("network.http.spdy.enabled.http2draft", false); // Temporarily disabled pending implementation review + +// PREF: Disallow NTLMv1 +// https://bugzilla.mozilla.org/show_bug.cgi?id=828183 +pref("network.negotiate-auth.allow-insecure-ntlm-v1", false); +// it is still allowed through HTTPS. uncomment the following to disable it completely. +pref("network.negotiate-auth.allow-insecure-ntlm-v1-https", false); + +// PREF: Enable CSP 1.1 script-nonce directive support +// https://bugzilla.mozilla.org/show_bug.cgi?id=855326 +pref("security.csp.experimentalEnabled", true); + +// PREF: Enable Content Security Policy (CSP) +// https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy +// https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP +pref("security.csp.enable", true); + +// PREF: Enable Subresource Integrity +// https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity +// https://wiki.mozilla.org/Security/Subresource_Integrity +pref("security.sri.enable", true); + +// PREF: DNT HTTP header (disabled) +// https://www.mozilla.org/en-US/firefox/dnt/ +// https://en.wikipedia.org/wiki/Do_not_track_header +// https://dnt-dashboard.mozilla.org +// https://github.com/pyllyukko/user.js/issues/11 +// http://www.howtogeek.com/126705/why-enabling-do-not-track-doesnt-stop-you-from-being-tracked/ +// NOTICE: Do No Track must be enabled manually +//pref("privacy.donottrackheader.enabled", true); + +// Disable HTTP Alternative Services header +// https://trac.torproject.org/projects/tor/ticket/16673 +pref("network.http.altsvc.enabled", false); +pref("network.http.altsvc.oe", false); + +// PREF: Send a referer header with the target URI as the source +// http://kb.mozillazine.org/Network.http.sendRefererHeader#0 +// https://bugzilla.mozilla.org/show_bug.cgi?id=822869 +// https://github.com/pyllyukko/user.js/issues/227 +// NOTICE: Spoofing referers breaks functionality on websites relying on authentic referer headers +// NOTICE: Spoofing referers breaks visualisation of 3rd-party sites on the Lightbeam addon +// NOTICE: Spoofing referers disables CSRF protection on some login pages not implementing origin-header/cookie+token based CSRF protection +// TODO: https://github.com/pyllyukko/user.js/issues/94, commented-out XOriginPolicy/XOriginTrimmingPolicy = 2 prefs +pref("network.http.referer.spoofSource", true); + +// PREF: Don't send referer headers when following links across different domains (disabled) +// https://github.com/pyllyukko/user.js/issues/227 +// user_pref("network.http.referer.XOriginPolicy", 2); +// https://bugzilla.mozilla.org/show_bug.cgi?id=1223838#c31 +pref("network.http.enablePerElementReferrer", false); + +// PREF: Accept Only 1st Party Cookies +// http://kb.mozillazine.org/Network.cookie.cookieBehavior#1 +// NOTICE: Blocking 3rd-party cookies breaks a number of payment gateways +// CIS 2.5.1 +pref("network.cookie.cookieBehavior", 1); + +// PREF: Make sure that third-party cookies (if enabled) never persist beyond the session. +// https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ +// http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly +// https://developer.mozilla.org/en-US/docs/Cookies_Preferences_in_Mozilla#network.cookie.thirdparty.sessionOnly +pref("network.cookie.thirdparty.sessionOnly", true); + +// PREF: Spoof User-agent +pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0"); +pref("general.appname.override", "Netscape"); +pref("general.appversion.override", "5.0 (Windows)"); +pref("general.platform.override", "Win32"); +pref("general.oscpu.override", "Windows NT 6.1"); +pref("general.productSub.override", "20100101"); +pref("general.buildID.override", "20100101"); +pref("browser.startup.homepage_override.buildID", "20100101"); +pref("general.useragent.vendor", ""); +pref("general.useragent.vendorSub", ""); + +/******************************************************************************* + * SECTION: Caching * + ******************************************************************************/ + + // Prevents the Permissions manager from writing to disk (regardless of whether we are in PBM) + // https://bugzilla.mozilla.org/show_bug.cgi?id=967812#c9 + pref("permissions.memory_only", true); + + // Ensures the intermediate certificate store is memory only. + // Note: Conflicts with old HTTP Basic Authentication + // https://bugzilla.mozilla.org/show_bug.cgi?id=1216882#c0 + pref("security.nocertdb", true); + +// PREF: Permanently enable private browsing mode (disabled) +// https://support.mozilla.org/en-US/kb/Private-Browsing +// https://wiki.mozilla.org/PrivateBrowsing +// NOTICE: You can not view or inspect cookies when in private browsing: https://bugzilla.mozilla.org/show_bug.cgi?id=823941 +// NOTICE: When Javascript is enabled, Websites can detect use of Private Browsing mode +// NOTICE: Private browsing breaks Kerberos authentication +// NOTICE: Disables "Containers" functionality (see below) +//pref("browser.privatebrowsing.autostart", true); + +// PREF: Do not store POST data in saved sessions +// http://kb.mozillazine.org/Browser.sessionstore.postdata +// relates to CIS 2.5.7 +pref("browser.sessionstore.postdata", 0); + +// PREF: Disable the Session Restore service +// http://kb.mozillazine.org/Browser.sessionstore.enabled +pref("browser.sessionstore.enabled", false); + +// PREF: Do not download URLs for the offline cache +// http://kb.mozillazine.org/Browser.cache.offline.enable +pref("browser.cache.offline.enable", false); + +// PREF: Clear history when Firefox closes +// https://support.mozilla.org/en-US/kb/Clear%20Recent%20History#w_how-do-i-make-firefox-clear-my-history-automatically +// NOTICE: Installing user.js will **remove your saved passwords** (https://github.com/pyllyukko/user.js/issues/27) +// NOTICE: Clearing open windows on Firefox exit causes 2 windows to open when Firefox starts https://bugzilla.mozilla.org/show_bug.cgi?id=1334945 +pref("privacy.sanitize.sanitizeOnShutdown", true); +pref("privacy.clearOnShutdown.cache", true); +pref("privacy.clearOnShutdown.cookies", true); +pref("privacy.clearOnShutdown.downloads", true); +pref("privacy.clearOnShutdown.formdata", true); +pref("privacy.clearOnShutdown.history", true); +pref("privacy.clearOnShutdown.offlineApps", true); +//pref("privacy.clearOnShutdown.passwords", true); // Wipes all saved passwords. (Disabled) +pref("privacy.clearOnShutdown.sessions", true); +//pref("privacy.clearOnShutdown.openWindows", true); // Temporarily disabled https://bugzilla.mozilla.org/show_bug.cgi?id=1334945 +pref("privacy.clearOnShutdown.siteSettings", true); // http://www.ghacks.net/2015/10/16/how-to-prevent-hsts-tracking-in-firefox/ + +// PREF: Set time range to "Everything" as default in "Clear Recent History" +pref("privacy.sanitize.timeSpan", 0); + +// PREF: Clear everything but "Site Preferences" in "Clear Recent History" +pref("privacy.cpd.offlineApps", true); +pref("privacy.cpd.cache", true); +pref("privacy.cpd.cookies", true); +pref("privacy.cpd.downloads", true); +pref("privacy.cpd.formdata", true); +pref("privacy.cpd.history", true); +pref("privacy.cpd.sessions", true); + +// Firefox will store small amounts (less than 50 MB) of data without asking for permission, unless this is set to false +// https://support.mozilla.org/en-US/questions/1014708 +pref("offline-apps.allow_by_default", false); + +// PREF: Don't remember browsing history +pref("places.history.enabled", false); + +// PREF: Disable disk cache +// http://kb.mozillazine.org/Browser.cache.disk.enable +pref("browser.cache.disk.enable", false); + +// PREF: Disable memory cache (disabled) +// http://kb.mozillazine.org/Browser.cache.memory.enable +//pref("browser.cache.memory.enable", false); + +// PREF: Disable Caching of SSL Pages +// CIS Version 1.2.0 October 21st, 2011 2.5.8 +// http://kb.mozillazine.org/Browser.cache.disk_cache_ssl +pref("browser.cache.disk_cache_ssl", false); + +// PREF: Disable download history +// CIS Version 1.2.0 October 21st, 2011 2.5.5 +pref("browser.download.manager.retention", 0); + +// PREF: Disable password manager +// CIS Version 1.2.0 October 21st, 2011 2.5.2 +pref("signon.rememberSignons", false); + +// PREF: Disable form autofill, don't save information entered in web page forms and the Search Bar +pref("browser.formfill.enable", false); + +// PREF: Cookies expires at the end of the session (when the browser closes) +// http://kb.mozillazine.org/Network.cookie.lifetimePolicy#2 +pref("network.cookie.lifetimePolicy", 2); + +// PREF: Require manual intervention to autofill known username/passwords sign-in forms +// http://kb.mozillazine.org/Signon.autofillForms +// https://www.torproject.org/projects/torbrowser/design/#identifier-linkability +pref("signon.autofillForms", false); + +// PREF: When username/password autofill is enabled, still disable it on non-HTTPS sites +// https://hg.mozilla.org/integration/mozilla-inbound/rev/f0d146fe7317 +pref("signon.autofillForms.http", false); + +// PREF: Show in-content login form warning UI for insecure login fields +// https://hg.mozilla.org/integration/mozilla-inbound/rev/f0d146fe7317 +pref("security.insecure_field_warning.contextual.enabled", true); + +// PREF: Disable the password manager for pages with autocomplete=off (disabled) +// https://bugzilla.mozilla.org/show_bug.cgi?id=956906 +// OWASP ASVS V9.1 +// Does not prevent any kind of auto-completion (see browser.formfill.enable, signon.autofillForms) +//pref("signon.storeWhenAutocompleteOff", false); + +// PREF: Delete Search and Form History +// CIS Version 1.2.0 October 21st, 2011 2.5.6 +pref("browser.formfill.expire_days", 0); + +// PREF: Clear SSL Form Session Data +// http://kb.mozillazine.org/Browser.sessionstore.privacy_level#2 +// Store extra session data for unencrypted (non-HTTPS) sites only. +// CIS Version 1.2.0 October 21st, 2011 2.5.7 +// NOTE: CIS says 1, we use 2 +pref("browser.sessionstore.privacy_level", 2); + +// PREF: Delete temporary files on exit +// https://bugzilla.mozilla.org/show_bug.cgi?id=238789 +pref("browser.helperApps.deleteTempFileOnExit", true); + +// Disable the media cache, prevents HTML5 videos from being written to the OS temporary directory +// https://www.torproject.org/projects/torbrowser/design/ +pref("media.cache_size", 0); + +// PREF: Do not create screenshots of visited pages (relates to the "new tab page" feature) +// https://support.mozilla.org/en-US/questions/973320 +// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/browser.pagethumbnails.capturing_disabled +pref("browser.pagethumbnails.capturing_disabled", true); + +/******************************************************************************* + * SECTION: UI related * + *******************************************************************************/ + +pref("ui.use_standins_for_native_colors", true); // https://bugzilla.mozilla.org/232227 + +// PREF: Enable insecure password warnings (login forms in non-HTTPS pages) +// https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please/ +// https://bugzilla.mozilla.org/show_bug.cgi?id=1319119 +// https://bugzilla.mozilla.org/show_bug.cgi?id=1217156 +pref("security.insecure_password.ui.enabled", true); + +// Disable Slow Startup Notifications +pref("browser.slowStartup.maxSamples", 0); +pref("browser.slowStartup.notificationDisabled", true); +pref("browser.slowStartup.samples", 0); + +// Display advanced information on Insecure Connection warning pages +// [TEST] https://expired.badssl.com/ +pref("browser.xul.error_pages.expert_bad_cert", true); + +// PREF: Disable right-click menu manipulation via JavaScript +pref("dom.event.contextmenu.enabled", false); + +// Disable Recently Bookmarked Folder (Disabled) +// https://bugzilla.mozilla.org/show_bug.cgi?id=1248268 +// https://hg.mozilla.org/releases/mozilla-release/rev/f98e3add979e +//pref("browser.bookmarks.showRecentlyBookmarked", false); + +// PREF: Disable "Are you sure you want to leave this page?" popups on page close +// https://support.mozilla.org/en-US/questions/1043508 +// Does not prevent JS leaks of the page close event. +// https://developer.mozilla.org/en-US/docs/Web/Events/beforeunload +pref("dom.disable_beforeunload", true); +pref("dom.require_user_interaction_for_beforeunload", false); +// Don't promote sync +pref("browser.syncPromoViewsLeftMap", "{\"addons\":0,\"bookmarks\":0,\"passwords\":0}"); + +// PREF: Disable Downloading on Desktop +// CIS 2.3.2 +pref("browser.download.folderList", 2); + +// PREF: Always ask the user where to download +// https://developer.mozilla.org/en/Download_Manager_preferences (obsolete) +pref("browser.download.useDownloadDir", false); + +// PREF: Disable the "new tab page" feature and show a blank tab instead +// https://wiki.mozilla.org/Privacy/Reviews/New_Tab +// https://support.mozilla.org/en-US/kb/new-tab-page-show-hide-and-customize-top-sites#w_how-do-i-turn-the-new-tab-page-off +pref("browser.newtabpage.enabled", false); +pref("browser.newtab.url", "about:blank"); + +// PREF: Disable new tab tile ads & preload +// http://www.thewindowsclub.com/disable-remove-ad-tiles-from-firefox +// http://forums.mozillazine.org/viewtopic.php?p=13876331#p13876331 +// https://wiki.mozilla.org/Tiles/Technical_Documentation#Ping +// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-source +// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-ping +// TODO: deprecated? not in DXR, some dead links +pref("browser.newtabpage.enhanced", false); +pref("browser.newtab.preload", false); +pref("browser.newtabpage.directory.ping", ""); +pref("browser.newtabpage.directory.source", "data:text/plain,{}"); + +// PREF: Enable Auto Notification of Outdated Plugins (Firefox < 50) (Disabled on GNU/Linux) +// https://wiki.mozilla.org/Firefox3.6/Plugin_Update_Awareness_Security_Review +// CIS Version 1.2.0 October 21st, 2011 2.1.2 +pref("plugins.update.notifyUser", false); + +// PREF: Enable Information Bar for Outdated Plugins +// http://forums.mozillazine.org/viewtopic.php?f=8&t=2490287 +// CIS Version 1.2.0 October 21st, 2011 2.1.3 +pref("plugins.hide_infobar_for_outdated_plugin", false); + +// PREF: Force Punycode for Internationalized Domain Names +// http://kb.mozillazine.org/Network.IDN_show_punycode +// https://www.xudongz.com/blog/2017/idn-phishing/ +// https://wiki.mozilla.org/IDN_Display_Algorithm +// https://en.wikipedia.org/wiki/IDN_homograph_attack +// https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ +// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.6 +pref("network.IDN_show_punycode", true); + +// PREF: Disable inline autocomplete in URL bar +// http://kb.mozillazine.org/Inline_autocomplete +pref("browser.urlbar.autoFill", false); +pref("browser.urlbar.autoFill.typed", false); + +// PREF: Don't suggest any URLs while typing at the address bar +// https://www.labnol.org/software/browsers/prevent-firefox-showing-bookmarks-address-location-bar/3636/ +// http://kb.mozillazine.org/Browser.urlbar.maxRichResults +// "Setting the preference to 0 effectively disables the Location Bar dropdown entirely." +pref("browser.urlbar.maxRichResults", 0); + +// PREF: Disable CSS :visited selectors +// https://blog.mozilla.org/security/2010/03/31/plugging-the-css-history-leak/ +// https://dbaron.org/mozilla/visited-privacy +pref("layout.css.visited_links_enabled", false); + +// http://kb.mozillazine.org/Places.frecency.unvisited%28place_type%29Bonus + +// PREF: Disable URL bar autocomplete +// http://kb.mozillazine.org/Disabling_autocomplete_-_Firefox#Firefox_3.5 +pref("browser.urlbar.autocomplete.enabled", false); + +// PREF: Do not check if Firefox is the default browser +pref("browser.shell.checkDefaultBrowser", false); + +// PREF: When password manager is enabled, lock the password storage periodically +// CIS Version 1.2.0 October 21st, 2011 2.5.3 Disable Prompting for Credential Storage +pref("security.ask_for_password", 2); + +// Bug 9881: Open popups in new tabs (to avoid fullscreen popups) +// pref("browser.link.open_newwindow.restriction", 0); + +// PREF: Lock the password storage every 1 minutes (default: 30) +pref("security.password_lifetime", 1); + +// PREF: Display a notification bar when websites offer data for offline use +// http://kb.mozillazine.org/Browser.offline-apps.notify +pref("browser.offline-apps.notify", true); + +/****************************************************************************** + * SECTION: Cryptography * + ******************************************************************************/ + +// PREF: Enable HSTS preload list (pre-set HSTS sites list provided by Mozilla) +// https://blog.mozilla.org/security/2012/11/01/preloading-hsts/ +// https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List +// https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security +pref("network.stricttransportsecurity.preloadlist", true); + +// Disable HSTS Priming, a beta feature rarely used that allows mixed content on HTTPS pages. +// https://wicg.github.io/hsts-priming/ +// https://bugzilla.mozilla.org/show_bug.cgi?id=1246540#c145 +// https://hg.mozilla.org/releases/mozilla-release/rev/d7d42cef7968 +pref("security.mixed_content.send_hsts_priming", false); +pref("security.mixed_content.use_hsts", false); + +// PREF: Disable Online Certificate Status Protocol +// https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol +// https://www.imperialviolet.org/2014/04/19/revchecking.html +// https://www.maikel.pro/blog/current-state-certificate-revocation-crls-ocsp/ +// https://wiki.mozilla.org/CA:RevocationPlan +// https://wiki.mozilla.org/CA:ImprovingRevocation +// https://wiki.mozilla.org/CA:OCSP-HardFail +// https://news.netcraft.com/archives/2014/04/24/certificate-revocation-why-browsers-remain-affected-by-heartbleed.html +// https://news.netcraft.com/archives/2013/04/16/certificate-revocation-and-the-performance-of-ocsp.html +// NOTICE: OCSP leaks your IP and domains you visit to the CA when OCSP Stapling is not available on visited host +// NOTICE: OCSP is vulnerable to replay attacks when nonce is not configured on the OCSP responder +// NOTICE: OCSP adds latency (performance) +// NOTICE: Short-lived certificates are not checked for revocation (security.pki.cert_short_lifetime_in_days, default:10) +// CIS Version 1.2.0 October 21st, 2011 2.2.4 +pref("security.OCSP.enabled", 0); + +// PREF: Enable OCSP Stapling support +// https://en.wikipedia.org/wiki/OCSP_stapling +// https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ +// https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx +pref("security.ssl.enable_ocsp_stapling", true); + +// PREF: Enable OCSP Must-Staple support (Firefox >= 45) +// https://blog.mozilla.org/security/2015/11/23/improving-revocation-ocsp-must-staple-and-short-lived-certificates/ +// https://www.entrust.com/ocsp-must-staple/ +// https://github.com/schomery/privacy-settings/issues/40 +// NOTICE: Firefox falls back on plain OCSP when must-staple is not configured on the host certificate +pref("security.ssl.enable_ocsp_must_staple", true); + +// PREF: Require a valid OCSP response for OCSP enabled certificates +// https://groups.google.com/forum/#!topic/mozilla.dev.security/n1G-N2-HTVA +// Disabling this will make OCSP bypassable by MitM attacks suppressing OCSP responses +// NOTICE: `security.OCSP.require` will make the connection fail when the OCSP responder is unavailable +// NOTICE: `security.OCSP.require` is known to break browsing on some [captive portals](https://en.wikipedia.org/wiki/Captive_portal) +pref("security.OCSP.require", true); + +// PREF: Disable TLS Session Tickets +// https://www.blackhat.com/us-13/briefings.html#NextGen +// https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf +// https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-WP.pdf +// https://bugzilla.mozilla.org/show_bug.cgi?id=917049 +// https://bugzilla.mozilla.org/show_bug.cgi?id=967977 +pref("security.ssl.disable_session_identifiers", true); +// https://www.torproject.org/projects/torbrowser/design/index.html.en +pref("security.ssl.enable_false_start", true); +pref("security.enable_tls_session_tickets", false); + +// PREF: Only allow TLS 1.[0-3] +// http://kb.mozillazine.org/Security.tls.version.* +// 1 = TLS 1.0 is the minimum required / maximum supported encryption protocol. (This is the current default for the maximum supported version.) +// 2 = TLS 1.1 is the minimum required / maximum supported encryption protocol. +pref("security.tls.version.min", 1); +pref("security.tls.version.max", 4); + +// PREF: Disable insecure TLS version fallback +// https://bugzilla.mozilla.org/show_bug.cgi?id=1084025 +// https://github.com/pyllyukko/user.js/pull/206#issuecomment-280229645 +pref("security.tls.version.fallback-limit", 3); + +// PREF: Enfore Public Key Pinning +// https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning +// https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning +// "2. Strict. Pinning is always enforced." +pref("security.cert_pinning.enforcement_level", 2); + +// PREF: Disallow SHA-1 +// https://bugzilla.mozilla.org/show_bug.cgi?id=1302140 +// https://hg.mozilla.org/releases/mozilla-release/rev/43c724bde81c#l3.34 +// http://www.scmagazine.com/mozilla-pulls-back-on-rejecting-sha-1-certs-outright/article/463913/ +// 0 = allow SHA-1; 1 = forbid SHA-1; 2 = allow SHA-1 only if notBefore < 2016-01-01 +// https://shattered.io/ +pref("security.pki.sha1_enforcement_level", 1); + +// PREF: Warn the user when server doesn't support RFC 5746 ("safe" renegotiation) +// https://wiki.mozilla.org/Security:Renegotiation#security.ssl.treat_unsafe_negotiation_as_broken +// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555 +pref("security.ssl.treat_unsafe_negotiation_as_broken", true); + +// PREF: Disallow connection to servers not supporting safe renegotiation (disabled) +// https://wiki.mozilla.org/Security:Renegotiation#security.ssl.require_safe_negotiation +// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555 +// TODO: `security.ssl.require_safe_negotiation` is more secure but makes browsing next to impossible (2012-2014-... - `ssl_error_unsafe_negotiation` errors), so is left disabled +// pref("security.ssl.require_safe_negotiation", true); + +// PREF: Disable automatic reporting of TLS connection errors +// https://support.mozilla.org/en-US/kb/certificate-pinning-reports +// we could also disable security.ssl.errorReporting.enabled, but I think it's +// good to leave the option to report potentially malicious sites if the user +// chooses to do so. +// you can test this at https://pinningtest.appspot.com/ +pref("security.ssl.errorReporting.automatic", false); + +// PREF: Pre-populate the current URL but do not pre-fetch the certificate in the "Add Security Exception" dialog +// http://kb.mozillazine.org/Browser.ssl_override_behavior +// https://github.com/pyllyukko/user.js/issues/210 +pref("browser.ssl_override_behavior", 1); + +/****************************************************************************** + * SECTION: Cipher suites * + * * + * you can debug the SSL handshake with tshark: * + * tshark -t ad -n -i wlan0 -T text -V -R ssl.handshake * + ******************************************************************************/ + +// PREF: Disable null ciphers +pref("security.ssl3.rsa_null_sha", false); +pref("security.ssl3.rsa_null_md5", false); +pref("security.ssl3.ecdhe_rsa_null_sha", false); +pref("security.ssl3.ecdhe_ecdsa_null_sha", false); +pref("security.ssl3.ecdh_rsa_null_sha", false); +pref("security.ssl3.ecdh_ecdsa_null_sha", false); + +// PREF: Disable SEED cipher +// https://en.wikipedia.org/wiki/SEED +pref("security.ssl3.rsa_seed_sha", false); + +// PREF: Disable 40/56/128-bit ciphers +// 40-bit ciphers +pref("security.ssl3.rsa_rc4_40_md5", false); +pref("security.ssl3.rsa_rc2_40_md5", false); +// 56-bit ciphers +pref("security.ssl3.rsa_1024_rc4_56_sha", false); +// 128-bit ciphers +pref("security.ssl3.rsa_camellia_128_sha", false); +pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); +pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); +pref("security.ssl3.ecdh_rsa_aes_128_sha", false); +pref("security.ssl3.ecdh_ecdsa_aes_128_sha", false); +pref("security.ssl3.dhe_rsa_camellia_128_sha", false); +pref("security.ssl3.dhe_rsa_aes_128_sha", false); + +// PREF: Disable RC4 +// https://developer.mozilla.org/en-US/Firefox/Releases/38#Security +// https://bugzilla.mozilla.org/show_bug.cgi?id=1138882 +// https://rc4.io/ +// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566 +pref("security.ssl3.ecdh_ecdsa_rc4_128_sha", false); +pref("security.ssl3.ecdh_rsa_rc4_128_sha", false); +pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); +pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); +pref("security.ssl3.rsa_rc4_128_md5", false); +pref("security.ssl3.rsa_rc4_128_sha", false); +pref("security.tls.unrestricted_rc4_fallback", false); + +// PREF: Disable 3DES (effective key size is < 128) +// https://en.wikipedia.org/wiki/3des#Security +// http://en.citizendium.org/wiki/Meet-in-the-middle_attack +// http://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html +pref("security.ssl3.dhe_dss_des_ede3_sha", false); +pref("security.ssl3.dhe_rsa_des_ede3_sha", false); +pref("security.ssl3.ecdh_ecdsa_des_ede3_sha", false); +pref("security.ssl3.ecdh_rsa_des_ede3_sha", false); +pref("security.ssl3.ecdhe_ecdsa_des_ede3_sha", false); +pref("security.ssl3.ecdhe_rsa_des_ede3_sha", false); +pref("security.ssl3.rsa_des_ede3_sha", false); +pref("security.ssl3.rsa_fips_des_ede3_sha", false); + +// PREF: Disable ciphers with ECDH (non-ephemeral) +pref("security.ssl3.ecdh_rsa_aes_256_sha", false); +pref("security.ssl3.ecdh_ecdsa_aes_256_sha", false); + +// PREF: Disable 256 bits ciphers without PFS +pref("security.ssl3.rsa_camellia_256_sha", false); + +// PREF: Enable ciphers with ECDHE and key size > 128bits +pref("security.ssl3.ecdhe_rsa_aes_256_sha", true); // 0xc014 +pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true); // 0xc00a + +// PREF: Enable GCM ciphers (TLSv1.2 only) +// https://en.wikipedia.org/wiki/Galois/Counter_Mode +pref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true); // 0xc02b +pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true); // 0xc02f + +// PREF: Enable ChaCha20 and Poly1305 (Firefox >= 47) +// https://www.mozilla.org/en-US/firefox/47.0/releasenotes/ +// https://tools.ietf.org/html/rfc7905 +// https://bugzilla.mozilla.org/show_bug.cgi?id=917571 +// https://bugzilla.mozilla.org/show_bug.cgi?id=1247860 +// https://cr.yp.to/chacha.html +pref("security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256", true); +pref("security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256", true); + +// PREF: Disable ciphers susceptible to the logjam attack +// https://weakdh.org/ +pref("security.ssl3.dhe_rsa_camellia_256_sha", false); +pref("security.ssl3.dhe_rsa_aes_256_sha", false); + +// PREF: Disable ciphers with DSA (max 1024 bits) +pref("security.ssl3.dhe_dss_aes_128_sha", false); +pref("security.ssl3.dhe_dss_aes_256_sha", false); +pref("security.ssl3.dhe_dss_camellia_128_sha", false); +pref("security.ssl3.dhe_dss_camellia_256_sha", false); + +// PREF: Fallbacks due compatibility reasons +pref("security.ssl3.rsa_aes_256_sha", true); // 0x35 +pref("security.ssl3.rsa_aes_128_sha", true); // 0x2f diff --git a/nonprism/iceweasel-hardened-preferences/iceweasel-hardened.sh b/nonprism/iceweasel-hardened-preferences/iceweasel-hardened.sh index d25cf1c55..6222861c7 100755 --- a/nonprism/iceweasel-hardened-preferences/iceweasel-hardened.sh +++ b/nonprism/iceweasel-hardened-preferences/iceweasel-hardened.sh @@ -7,7 +7,7 @@ echo "Closing any other instances of Iceweasel to avoid crashes..." pkill -x iceweasel wait echo "Copying Hardened Prefs..." -cp /usr/lib/iceweasel/browser/defaults/preferences/iceweasel-branding.js /usr/lib/iceweasel/browser/defaults/preferences/firefox-branding.js +cp /usr/lib/iceweasel/browser/defaults/preferences/iceweasel-hardened.prefs /usr/lib/iceweasel/browser/defaults/preferences/firefox-branding.js wait echo "Waking the Iceweasel..." -- cgit v1.2.2