/**************************************************************************** * user.js * * Adapted from... * * https://github.com/pyllyukko/user.js * * https://github.com/The-OP/Fox/tree/master/prefs * * https://github.com/ghacksuserjs/ghacks-user.js * ******************************************************************************/ /***************************************************************************** * Avoid hardware based fingerprintings * * Canvas/Font's/Plugins * ******************************************************************************/ // https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration // https://www.macromedia.com/support/documentation/en/flashplayer/help/help01.html // https://github.com/dillbyrne/random-agent-spoofer/issues/74 pref("gfx.direct2d.disabled", true); pref("layers.acceleration.disabled", true); pref("gfx.downloadable_fonts.fallback_delay", -1); pref("intl.charset.default", "windows-1252"); pref("privacy.use_utc_timezone", true); pref("privacy.suppressModifierKeyEvents", true); // Bug #17009: Suppress ALT and SHIFT events" pref("noscript.forbidFonts", true); pref("dom.maxHardwareConcurrency", 1); // Bug 21675: Spoof single-core cpu // Tor Browser Font config // https://gitweb.torproject.org/tor-browser.git/tree/browser/app/profile/000-tor-browser.js?h=tor-browser-52.1.0esr-7.0-2 pref("font.default.lo", "Noto Sans Lao"); pref("font.default.my", "Noto Sans Myanmar"); pref("font.default.x-western", "sans-serif"); pref("font.name-list.cursive.ar", "Noto Naskh Arabic, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.cursive.he", "Noto Sans Hebrew, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.cursive.x-cyrillic", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.cursive.x-unicode", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.cursive.x-western", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.fantasy.ar", "Noto Naskh Arabic, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.fantasy.el", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.fantasy.he", "Noto Sans Hebrew, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.fantasy.x-cyrillic", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.fantasy.x-unicode", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.fantasy.x-western", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.monospace.ar", "Noto Naskh Arabic, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.monospace.el", "Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.monospace.he", "Noto Sans Hebrew, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.monospace.ja", "Noto Sans JP Regular, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.monospace.ko", "Noto Sans KR Regular, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.monospace.th", "Noto Sans Thai, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.monospace.x-armn", "Noto Sans Armenian, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.monospace.x-beng", "Noto Sans Bengali, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.monospace.x-cyrillic", "Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.monospace.x-devanagari", "Noto Sans Devanagari, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.monospace.x-ethi", "Noto Sans Ethiopic, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.monospace.x-geor", "Noto Sans Georgian, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.monospace.x-gujr", "Noto Sans Gujarati, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.monospace.x-guru", "Noto Sans Gurmukhi, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.monospace.x-khmr", "Noto Sans Khmer, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.monospace.x-knda", "Noto Sans Kannada, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.monospace.x-mlym", "Noto Sans Malayalam, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.monospace.x-orya", "Noto Sans Oriya, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.monospace.x-sinh", "Noto Sans Sinhala, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.monospace.x-tamil", "Noto Sans Tamil, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.monospace.x-telu", "Noto Sans Telugu, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.monospace.x-tibt", "Noto Sans Tibetan, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.monospace.x-unicode", "Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.monospace.x-western", "Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.monospace.zh-CN", "Noto Sans SC Regular, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.monospace.zh-HK", "Noto Sans TC Regular, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.monospace.zh-TW", "Noto Sans TC Regular, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.sans-serif.ar", "Noto Naskh Arabic, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.sans-serif.el", "Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.sans-serif.he", "Noto Sans Hebrew, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.sans-serif.ja", "Noto Sans JP Regular, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.sans-serif.ko", "Noto Sans KR Regular, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.sans-serif.th", "Noto Sans Thai, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.sans-serif.x-armn", "Noto Sans Armenian, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.sans-serif.x-beng", "Noto Sans Bengali, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.sans-serif.x-cyrillic", "Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.sans-serif.x-devanagari", "Noto Sans Devanagari, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.sans-serif.x-ethi", "Noto Sans Ethiopic, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.sans-serif.x-geor", "Noto Sans Georgian, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.sans-serif.x-gujr", "Noto Sans Gujarati, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.sans-serif.x-guru", "Noto Sans Gurmukhi, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.sans-serif.x-khmr", "Noto Sans Khmer, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.sans-serif.x-knda", "Noto Sans Kannada, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.sans-serif.x-mlym", "Noto Sans Malayalam, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.sans-serif.x-orya", "Noto Sans Oriya, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.sans-serif.x-sinh", "Noto Sans Sinhala, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.sans-serif.x-tamil", "Noto Sans Tamil, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.sans-serif.x-telu", "Noto Sans Telugu, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.sans-serif.x-tibt", "Noto Sans Tibetan, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.sans-serif.x-unicode", "Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.sans-serif.x-western", "Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.sans-serif.zh-CN", "Noto Sans SC Regular, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.sans-serif.zh-HK", "Noto Sans TC Regular, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.sans-serif.zh-TW", "Noto Sans TC Regular, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.serif.ar", "Noto Naskh Arabic, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.serif.el", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.serif.he", "Tinos, Georgia, Noto Sans Hebrew, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.serif.ja", "Noto Sans JP Regular, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.serif.ko", "Noto Sans KR Regular, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.serif.th", "Noto Serif Thai, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.serif.x-armn", "Noto Serif Armenian, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.serif.x-beng", "Noto Sans Bengali, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.serif.x-cyrillic", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.serif.x-devanagari", "Noto Sans Devanagari, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.serif.x-ethi", "Noto Sans Ethiopic, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.serif.x-geor", "Noto Sans Georgian, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.serif.x-gujr", "Noto Sans Gujarati, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.serif.x-guru", "Noto Sans Gurmukhi, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.serif.x-khmr", "Noto Serif Khmer, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.serif.x-knda", "Noto Sans Kannada, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.serif.x-mlym", "Noto Sans Malayalam, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.serif.x-orya", "Noto Sans Oriya, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.serif.x-sinh", "Noto Sans Sinhala, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.serif.x-tamil", "Noto Sans Tamil, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.serif.x-telu", "Noto Sans Telugu, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.serif.x-tibt", "Noto Sans Tibetan, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.serif.x-unicode", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.serif.x-western", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.serif.zh-CN", "Noto Sans SC Regular, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.serif.zh-HK", "Noto Sans TC Regular, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name-list.serif.zh-TW", "Noto Sans TC Regular, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); pref("font.name.cursive.ar", "Noto Naskh Arabic"); pref("font.name.cursive.el", "Tinos, Georgia"); pref("font.name.cursive.he", "Noto Sans Hebrew"); pref("font.name.cursive.x-cyrillic", "Tinos, Georgia"); pref("font.name.cursive.x-unicode", "Tinos, Georgia"); pref("font.name.cursive.x-western", "Tinos, Georgia"); pref("font.name.fantasy.ar", "Noto Naskh Arabic"); pref("font.name.fantasy.el", "Tinos, Georgia"); pref("font.name.fantasy.he", "Noto Sans Hebrew"); pref("font.name.fantasy.x-cyrillic", "Tinos, Georgia"); pref("font.name.fantasy.x-unicode", "Tinos, Georgia"); pref("font.name.fantasy.x-western", "Tinos, Georgia"); pref("font.name.monospace.ar", "Noto Naskh Arabic"); pref("font.name.monospace.el", "Tinos, Georgia"); pref("font.name.monospace.he", "Noto Sans Hebrew"); pref("font.name.monospace.ja", "Noto Sans JP Regular"); pref("font.name.monospace.ko", "Noto Sans KR Regular"); pref("font.name.monospace.my", "Noto Sans Myanmar"); pref("font.name.monospace.th", "Noto Sans Thai"); pref("font.name.monospace.x-armn", "Noto Sans Armenian"); pref("font.name.monospace.x-beng", "Noto Sans Bengali"); pref("font.name.monospace.x-cyrillic", "Cousine, Courier, Courier New"); pref("font.name.monospace.x-devanagari", "Noto Sans Devanagari"); pref("font.name.monospace.x-ethi", "Noto Sans Ethiopic"); pref("font.name.monospace.x-geor", "Noto Sans Georgian"); pref("font.name.monospace.x-gujr", "Noto Sans Gujarati"); pref("font.name.monospace.x-guru", "Noto Sans Gurmukhi"); pref("font.name.monospace.x-khmr", "Noto Sans Khmer"); pref("font.name.monospace.x-knda", "Noto Sans Kannada"); pref("font.name.monospace.x-mlym", "Noto Sans Malayalam"); pref("font.name.monospace.x-orya", "Noto Sans Oriya"); pref("font.name.monospace.x-sinh", "Noto Sans Sinhala"); pref("font.name.monospace.x-tamil", "Noto Sans Tamil"); pref("font.name.monospace.x-telu", "Noto Sans Telugu"); pref("font.name.monospace.x-tibt", "Noto Sans Tibetan"); pref("font.name.monospace.x-unicode", "Cousine, Courier, Courier New"); pref("font.name.monospace.x-western", "Cousine, Courier, Courier New"); pref("font.name.monospace.zh-CN", "Noto Sans SC Regular"); pref("font.name.monospace.zh-HK", "Noto Sans TC Regular"); pref("font.name.monospace.zh-TW", "Noto Sans TC Regular"); pref("font.name.sans-serif.ar", "Noto Naskh Arabic"); pref("font.name.sans-serif.el", "Arimo, Arial, Verdana"); pref("font.name.sans-serif.he", "Noto Sans Hebrew"); pref("font.name.sans-serif.ja", "Noto Sans JP Regular"); pref("font.name.sans-serif.ko", "Noto Sans KR Regular"); pref("font.name.sans-serif.th", "Noto Sans Thai"); pref("font.name.sans-serif.x-armn", "Noto Sans Armenian"); pref("font.name.sans-serif.x-beng", "Noto Sans Bengali"); pref("font.name.sans-serif.x-cyrillic", "Arimo, Arial, Verdana"); pref("font.name.sans-serif.x-devanagari", "Noto Sans Devanagari"); pref("font.name.sans-serif.x-ethi", "Noto Sans Ethiopic"); pref("font.name.sans-serif.x-geor", "Noto Sans Georgian"); pref("font.name.sans-serif.x-gujr", "Noto Sans Gujarati"); pref("font.name.sans-serif.x-guru", "Noto Sans Gurmukhi"); pref("font.name.sans-serif.x-khmr", "Noto Sans Khmer"); pref("font.name.sans-serif.x-knda", "Noto Sans Kannada"); pref("font.name.sans-serif.x-mlym", "Noto Sans Malayalam"); pref("font.name.sans-serif.x-orya", "Noto Sans Oriya"); pref("font.name.sans-serif.x-sinh", "Noto Sans Sinhala"); pref("font.name.sans-serif.x-tamil", "Noto Sans Tamil"); pref("font.name.sans-serif.x-telu", "Noto Sans Telugu"); pref("font.name.sans-serif.x-tibt", "Noto Sans Tibetan"); pref("font.name.sans-serif.x-unicode", "Arimo, Arial, Verdana"); pref("font.name.sans-serif.x-western", "Arimo, Arial, Verdana"); pref("font.name.sans-serif.zh-CN", "Noto Sans SC Regular"); pref("font.name.sans-serif.zh-HK", "Noto Sans TC Regular"); pref("font.name.sans-serif.zh-TW", "Noto Sans TC Regular"); pref("font.name.sans.my", "Noto Sans Myanmar"); pref("font.name.serif.ar", "Noto Naskh Arabic"); pref("font.name.serif.el", "Tinos, Georgia"); pref("font.name.serif.he", "Noto Sans Hebrew"); pref("font.name.serif.ja", "Noto Sans JP Regular"); pref("font.name.serif.ko", "Noto Sans KR Regular"); pref("font.name.serif.my", "Noto Sans Myanmar"); pref("font.name.serif.th", "Noto Serif Thai"); pref("font.name.serif.x-armn", "Noto Serif Armenian"); pref("font.name.serif.x-beng", "Noto Sans Bengali"); pref("font.name.serif.x-cyrillic", "Tinos, Georgia"); pref("font.name.serif.x-devanagari", "Noto Sans Devanagari"); pref("font.name.serif.x-ethi", "Noto Sans Ethiopic"); pref("font.name.serif.x-geor", "Noto Sans Georgian"); pref("font.name.serif.x-gujr", "Noto Sans Gujarati"); pref("font.name.serif.x-guru", "Noto Sans Gurmukhi"); pref("font.name.serif.x-khmr", "Noto Serif Khmer"); pref("font.name.serif.x-knda", "Noto Sans Kannada"); pref("font.name.serif.x-mlym", "Noto Sans Malayalam"); pref("font.name.serif.x-orya", "Noto Sans Oriya"); pref("font.name.serif.x-sinh", "Noto Sans Sinhala"); pref("font.name.serif.x-tamil", "Noto Sans Tamil"); pref("font.name.serif.x-telu", "Noto Sans Telugu"); pref("font.name.serif.x-tibt", "Noto Sans Tibetan"); pref("font.name.serif.x-unicode", "Tinos, Georgia"); pref("font.name.serif.x-western", "Tinos, Georgia"); pref("font.name.serif.zh-CN", "Noto Sans SC Regular"); pref("font.name.serif.zh-HK", "Noto Sans TC Regular"); pref("font.name.serif.zh-TW", "Noto Sans TC Regular"); /****************************************************************************** * SECTION: HTML5 / APIs / DOM * ******************************************************************************/ // PREF: Disable Service Workers // https://developer.mozilla.org/en-US/docs/Web/API/Worker // https://developer.mozilla.org/en-US/docs/Web/API/ServiceWorker_API // https://wiki.mozilla.org/Firefox/Push_Notifications#Service_Workers // NOTICE: Disabling ServiceWorkers breaks functionality on some sites (Google Street View...) // Unknown security implications // CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287 (fixed) pref("dom.serviceWorkers.enabled", false); // PREF: Disable Web Workers // https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Using_web_workers // https://www.w3schools.com/html/html5_webworkers.asp pref("dom.workers.enabled", false); // Disable WebSockets // https://www.infoq.com/news/2012/03/websockets-security // http://mdn.beonex.com/en/WebSockets.html pref("network.websocket.max-connections", 0); // PREF: Disable web notifications // https://support.mozilla.org/t5/Firefox/I-can-t-find-Firefox-menu-I-m-trying-to-opt-out-of-Web-Push-and/m-p/1317495#M1006501 pref("dom.webnotifications.enabled", false); // Disable DOM Push API // https://developer.mozilla.org/en-US/docs/Web/API/Push_API // https://wiki.mozilla.org/Security/Reviews/Push_API // https://wiki.mozilla.org/Privacy/Reviews/Push_API // https://bugzilla.mozilla.org/show_bug.cgi?id=1038811 // https://bugzilla.mozilla.org/show_bug.cgi?id=1153499 pref("dom.push.enabled", false); // As a "defense in depth" measure, configure an empty push server URL (the pref("dom.push.serverURL", ""); pref("dom.push.userAgentID", ""); // https://hg.mozilla.org/releases/mozilla-beta/file/e549349b8d66/modules/libpref/init/all.js#l4237 pref("dom.push.connection.enabled", false); pref("dom.push.adaptive.enabled", false); pref("dom.push.udp.wakeupEnabled", false); // https://hg.mozilla.org/releases/mozilla-beta/file/00bcc10b3bdc/modules/libpref/init/all.js#l4445 // https://hg.mozilla.org/releases/mozilla-beta/file/00bcc10b3bdc/dom/push/PushRecord.jsm#l59 pref("dom.push.maxQuotaPerSubscription", 0); // https://wiki.mozilla.org/Security/Reviews/SimplePush pref("services.push.enabled", false); pref("services.push.serverURL", ""); // PREF: Disable DOM timing API // https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI // https://www.w3.org/TR/navigation-timing/#privacy pref("dom.enable_performance", false); // PREF: Make sure the User Timing API does not provide a new high resolution timestamp // https://trac.torproject.org/projects/tor/ticket/16336 // https://www.w3.org/TR/2013/REC-user-timing-20131212/#privacy-security // https://network23.org/inputisevil/2015/09/06/how-html5-apis-can-fingerprint-users/ pref("dom.performance.enable_user_timing_logging", false); pref("dom.enable_resource_timing", false); // Bug 13024 pref("dom.enable_user_timing", false); // Bug 16336 pref("dom.event.highrestimestamp.enabled", true); // Bug 17046: Don't leak system uptime in Events // PREF: Disable Web Audio API // https://bugzilla.mozilla.org/show_bug.cgi?id=1288359 pref("dom.webaudio.enabled", false); // Disable MDNS (Supposedly only for Android but is in Desktop version also) // https://hg.mozilla.org/releases/mozilla-beta/file/00bcc10b3bdc/dom/presentation/provider/MulticastDNSDeviceProvider.cpp#l18 pref("dom.presentation.discovery.enabled", false); // https://bugzilla.mozilla.org/show_bug.cgi?id=1278205 pref("dom.presentation.controller.enabled", false); pref("dom.presentation.receiver.enabled", false); pref("dom.presentation.tcp_server.debug", false); pref("dom.presentation.discoverable", false); pref("dom.presentation.discovery.legacy.enabled", false); // PREF: Disable Location-Aware Browsing (geolocation) // https://www.mozilla.org/en-US/firefox/geolocation/ pref("geo.enabled", false); // PREF: When geolocation is enabled, use Mozilla geolocation service instead of Google // https://bugzilla.mozilla.org/show_bug.cgi?id=689252 pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); // PREF: When geolocation is enabled, don't log geolocation requests to the console pref("geo.wifi.logging.enabled", false); // PREF: Disable raw TCP socket support (mozTCPSocket) // https://trac.torproject.org/projects/tor/ticket/18863 // https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/ // https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket pref("dom.mozTCPSocket.enabled", false); // PREF: Disable DOM storage (disabled) // http://kb.mozillazine.org/Dom.storage.enabled // https://html.spec.whatwg.org/multipage/webstorage.html // NOTICE-DISABLED: Disabling DOM storage is known to cause`TypeError: localStorage is null` errors //pref("dom.storage.enabled", false); // PREF: Disable leaking network/browser connection information via Javascript // Network Information API provides general information about the system's connection type (WiFi, cellular, etc.) // https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API // https://wicg.github.io/netinfo/#privacy-considerations // https://bugzilla.mozilla.org/show_bug.cgi?id=960426 pref("dom.netinfo.enabled", false); // fingerprinting due to differing OS implementations pref("dom.network.enabled", false); // PREF: Disable WebRTC entirely to prevent leaking internal IP addresses (Firefox < 42) // NOTICE: Disabling WebRTC breaks peer-to-peer file sharing tools (reep.io ...) pref("media.peerconnection.enabled", false); // PREF: Don't reveal your internal IP when WebRTC is enabled (Firefox >= 42) // https://wiki.mozilla.org/Media/WebRTC/Privacy // https://github.com/beefproject/beef/wiki/Module%3A-Get-Internal-IP-WebRTC pref("media.peerconnection.ice.default_address_only", true); // Firefox 42-51 pref("media.peerconnection.ice.no_host", true); // Firefox >= 52 // PREF: Disable WebRTC getUserMedia, screen sharing, audio capture, video capture // https://wiki.mozilla.org/Media/getUserMedia // https://blog.mozilla.org/futurereleases/2013/01/12/capture-local-camera-and-microphone-streams-with-getusermedia-now-enabled-in-firefox/ // https://developer.mozilla.org/en-US/docs/Web/API/Navigator pref("media.navigator.enabled", false); pref("media.navigator.video.enabled", false); pref("media.getusermedia.screensharing.enabled", false); pref("media.getusermedia.audiocapture.enabled", false); // https://hg.mozilla.org/releases/mozilla-beta/file/00bcc10b3bdc/dom/media/MediaManager.cpp#l1942 pref("media.getusermedia.noise_enabled", false); // Audio_data is deprecated in future releases, but still present // in FF24. This is a dangerous combination (spotted by iSec) pref("media.audio_data.enabled", false); // Don't autoplay WebM and other embedded media files // https://support.mozilla.org/en-US/questions/1073167 pref("media.autoplay.enabled", false); pref("noscript.forbidMedia", true); // Disable Device Change API (FF 52+) // https://developer.mozilla.org/en-US/docs/Web/Events/devicechange // https://bugzilla.mozilla.org/show_bug.cgi?id=1152383 // https://hg.mozilla.org/releases/mozilla-release/file/a67a1682be8f0327435aaa2f417154330eff0017/dom/webidl/MediaDevices.webidl#l15 pref("media.ondevicechange.enabled", false); // https://hg.mozilla.org/releases/mozilla-release/rev/5022a33fd3e9 pref("media.ondevicechange.fakeDeviceChangeEvent.enabled", false); // PREF: Disable battery API (Firefox < 52) // https://developer.mozilla.org/en-US/docs/Web/API/BatteryManager // https://bugzilla.mozilla.org/show_bug.cgi?id=1313580 pref("dom.battery.enabled", false); // PREF: Disable telephony API // https://wiki.mozilla.org/WebAPI/Security/WebTelephony pref("dom.telephony.enabled", false); // PREF: Disable "beacon" asynchronous HTTP transfers (used for analytics) // https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon pref("beacon.enabled", false); // PREF: Disable clipboard event detection (onCut/onCopy/onPaste) via Javascript // NOTICE: Disabling clipboard events breaks Ctrl+C/X/V copy/cut/paste functionaility in JS-based web applications (Google Docs...) // https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled pref("dom.event.clipboardevents.enabled", false); // PREF: Disable "copy to clipboard" functionality via Javascript (Firefox >= 41) // NOTICE: Disabling clipboard operations will break legitimate JS-based "copy to clipboard" functionality // https://hg.mozilla.org/mozilla-central/rev/2f9f8ea4b9c3 pref("dom.allow_cut_copy", false); // PREF: Disable speech recognition // https://dvcs.w3.org/hg/speech-api/raw-file/tip/speechapi.html // https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition // https://wiki.mozilla.org/HTML5_Speech_API pref("media.webspeech.recognition.enable", false); // PREF: Disable speech synthesis // https://developer.mozilla.org/en-US/docs/Web/API/SpeechSynthesis pref("media.webspeech.synth.enabled", false); // PREF: Disable sensor API // https://wiki.mozilla.org/Sensor_API pref("device.sensors.enabled", false); // Disable MMS pref("dom.mms.retrieval_mode", "never"); // PREF: Disable pinging URIs specified in HTML ping= attributes // http://kb.mozillazine.org/Browser.send_pings pref("browser.send_pings", false); // PREF: When browser pings are enabled, only allow pinging the same host as the origin page // http://kb.mozillazine.org/Browser.send_pings.require_same_host pref("browser.send_pings.require_same_host", true); // PREF: Disable IndexedDB (disabled) // https://developer.mozilla.org/en-US/docs/IndexedDB // https://en.wikipedia.org/wiki/Indexed_Database_API // https://wiki.mozilla.org/Security/Reviews/Firefox4/IndexedDB_Security_Review // http://forums.mozillazine.org/viewtopic.php?p=13842047 // https://github.com/pyllyukko/user.js/issues/8 // NOTICE-DISABLED: IndexedDB could be used for tracking purposes, but is required for some add-ons to work (notably uBlock), so is left enabled //pref("dom.indexedDB.enabled", false); // TODO: "Access Your Location" "Maintain Offline Storage" "Show Notifications" // PREF: Disable gamepad API to prevent USB device enumeration // https://www.w3.org/TR/gamepad/ // https://trac.torproject.org/projects/tor/ticket/13023 pref("dom.gamepad.enabled", false); pref("dom.gamepad.non_standard_events.enabled", false); pref("dom.gamepad.test.enabled", false); pref("dom.gamepad.extensions.enabled", false); // PREF: Disable virtual reality devices APIs // https://developer.mozilla.org/en-US/Firefox/Releases/36#Interfaces.2FAPIs.2FDOM // https://developer.mozilla.org/en-US/docs/Web/API/WebVR_API pref("dom.vr.enabled", false); pref("dom.vr.cardboard.enabled", false); pref("dom.vr.oculus.enabled", false); pref("dom.vr.oculus050.enabled", false); pref("dom.vr.poseprediction.enabled", false); pref("dom.vr.openvr.enabled", false); // https://hg.mozilla.org/releases/mozilla-release/file/970d0cf1c5d9/modules/libpref/init/all.js#l4778 pref("dom.vr.add-test-devices", 0); pref("dom.vr.osvr.enabled", false); // HTML5 privacy https://bugzilla.mozilla.org/show_bug.cgi?id=500328 pref("browser.history.allowPopState", false); pref("browser.history.allowPushState", false); pref("browser.history.allowReplaceState", false); // Idle Observation pref("dom.idle-observers-api.enabled", false); // PREF: Disable vibrator API pref("dom.vibrator.enabled", false); // PREF: Disable Archive API (Firefox < 54) // https://wiki.mozilla.org/WebAPI/ArchiveAPI // https://bugzilla.mozilla.org/show_bug.cgi?id=1342361 user_pref("dom.archivereader.enabled", false); // PREF: Disable webGL // https://en.wikipedia.org/wiki/WebGL // https://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/ pref("webgl.disabled", true); // PREF: When webGL is enabled, use the minimum capability mode pref("webgl.min_capability_mode", true); // PREF: When webGL is enabled, disable webGL extensions // https://developer.mozilla.org/en-US/docs/Web/API/WebGL_API#WebGL_debugging_and_testing pref("webgl.disable-extensions", true); // PREF: When webGL is enabled, force enabling it even when layer acceleration is not supported // https://trac.torproject.org/projects/tor/ticket/18603 pref("webgl.disable-fail-if-major-performance-caveat", true); // PREF: When webGL is enabled, do not expose information about the graphics driver // https://bugzilla.mozilla.org/show_bug.cgi?id=1171228 // https://developer.mozilla.org/en-US/docs/Web/API/WEBGL_debug_renderer_info pref("webgl.enable-debug-renderer-info", false); // somewhat related... pref("pdfjs.enableWebGL", false); /****************************************************************************** * SECTION: Misc * ******************************************************************************/ // Disable File and Directory Entries API (Imported from Edge/Chromium) // https://developer.mozilla.org/en-US/Firefox/Releases/50#Files_and_directories // https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API // https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API/Introduction // https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API/Firefox_support // https://bugzilla.mozilla.org/show_bug.cgi?id=1265767 pref("dom.webkitBlink.filesystem.enabled", false); // https://developer.mozilla.org/en-US/docs/Web/API/HTMLInputElement/webkitdirectory // https://bugzilla.mozilla.org/show_bug.cgi?id=1258489 // https://hg.mozilla.org/releases/mozilla-release/rev/133af19777be pref("dom.webkitBlink.dirPicker.enabled", false); // Directory Upload API, webkitdirectory // https://bugzilla.mozilla.org/show_bug.cgi?id=1188880 // https://bugzilla.mozilla.org/show_bug.cgi?id=907707 // https://wicg.github.io/directory-upload/proposal.html pref("dom.input.dirpicker", false); // Disable Pointer Lock API. // https://developer.mozilla.org/en-US/docs/Web/API/Pointer_Lock_API // https://bugzilla.mozilla.org/show_bug.cgi?id=1273351 pref("full-screen-api.pointer-lock.enabled", false); pref("pointer-lock-api.prefixed.enabled", false); // PREF: Disable face detection pref("camera.control.face_detection.enabled", false); pref("camera.control.autofocus_moving_callback.enabled", false); // PREF: Disable GeoIP lookup on your address to set default search engine region // https://trac.torproject.org/projects/tor/ticket/16254 // https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_geolocation-for-default-search-engine pref("browser.search.countryCode", "US"); pref("browser.search.region", "US"); pref("browser.search.geoip.url", ""); // PREF: Set Accept-Language HTTP header to en-US regardless of Firefox localization // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Language pref("intl.accept_languages", "en-us, en"); // PREF: Set Firefox locale to en-US // http://kb.mozillazine.org/General.useragent.locale pref("general.useragent.locale", "en-US"); // Disable website autorefresh, user can still proceed with warning pref("accessibility.blockautorefresh", true); pref("browser.meta_refresh_when_inactive.disabled", true); pref("noscript.forbidMetaRefresh", true); // NoScript ignores this preference? // PREF: Don't use OS values to determine locale, force using Firefox locale setting // http://kb.mozillazine.org/Intl.locale.matchOS pref("intl.locale.matchOS", false); // PREF: Don't use Mozilla-provided location-specific search engines pref("browser.search.geoSpecificDefaults", false); pref("browser.search.geoSpecificDefaults.url", ""); // PREF: Do not automatically send selection to clipboard on some Linux platforms (Disabled) // http://kb.mozillazine.org/Clipboard.autocopy //pref("clipboard.autocopy", false); // PREF: Prevent leaking application locale/date format using JavaScript // https://bugzilla.mozilla.org/show_bug.cgi?id=867501 // https://hg.mozilla.org/mozilla-central/rev/52d635f2b33d pref("javascript.use_us_english_locale", true); // PREF: Do not submit invalid URIs entered in the address bar to the default search engine // http://kb.mozillazine.org/Keyword.enabled pref("keyword.enabled", false); // PREF: Don't trim HTTP off of URLs in the address bar. // https://bugzilla.mozilla.org/show_bug.cgi?id=665580 pref("browser.urlbar.trimURLs", false); // PREF: Don't try to guess domain names when entering an invalid domain name in URL bar // http://www-archive.mozilla.org/docs/end-user/domain-guessing.html pref("browser.fixup.alternate.enabled", false); // Set TOR as default proxy pref("network.proxy.socks", "127.0.0.1"); pref("network.proxy.socks_port", 9050); // Proxy off by default, user can toggle it on. pref("network.proxy.type", 0); // Protect TOR ports pref("network.security.ports.banned", "9050,9051,9150,9151"); // Make sure proxy-autoconfig is off to prevent MiTM. // https://bugzilla.mozilla.org/show_bug.cgi?id=1255474 // https://hg.mozilla.org/releases/mozilla-release/rev/5139b0dd7acc pref("network.proxy.autoconfig_url.include_path", false); // PREF: When browser.fixup.alternate.enabled is enabled, strip password from 'user:password@...' URLs // https://github.com/pyllyukko/user.js/issues/290#issuecomment-303560851 pref("browser.fixup.hide_user_pass", true); // PREF: Send DNS request through SOCKS when SOCKS proxying is in use // https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers pref("network.proxy.socks_remote_dns", true); // For fingerprinting and local service vulns (#10419) pref("network.proxy.no_proxies_on", ""); // PREF: Don't monitor OS online/offline connection state // https://trac.torproject.org/projects/tor/ticket/18945 pref("network.manage-offline-status", false); // PREF: Enforce Mixed Active Content Blocking // https://support.mozilla.org/t5/Protect-your-privacy/Mixed-content-blocking-in-Firefox/ta-p/10990 // https://developer.mozilla.org/en-US/docs/Site_Compatibility_for_Firefox_23#Non-SSL_contents_on_SSL_pages_are_blocked_by_default // https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/ pref("security.mixed_content.block_active_content", true); // PREF: Enforce Mixed Passive Content blocking (a.k.a. Mixed Display Content) // NOTICE: Enabling Mixed Display Content blocking can prevent images/styles... from loading properly when connection to the website is only partially secured pref("security.mixed_content.block_display_content", true); // PREF: Disable JAR from opening Unsafe File Types // http://kb.mozillazine.org/Network.jar.open-unsafe-types // CIS Mozilla Firefox 24 ESR v1.0.0 - 3.7 pref("network.jar.open-unsafe-types", false); // CIS 2.7.4 Disable Scripting of Plugins by JavaScript // http://forums.mozillazine.org/viewtopic.php?f=7&t=153889 pref("security.xpconnect.plugin.unrestricted", false); // PREF: Set File URI Origin Policy // http://kb.mozillazine.org/Security.fileuri.strict_origin_policy // CIS Mozilla Firefox 24 ESR v1.0.0 - 3.8 pref("security.fileuri.strict_origin_policy", true); // PREF: Disable Displaying Javascript in History URLs // http://kb.mozillazine.org/Browser.urlbar.filter.javascript // CIS 2.3.6 pref("browser.urlbar.filter.javascript", true); // PREF: Disable asm.js // http://asmjs.org/ // https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/ // https://www.mozilla.org/en-US/security/advisories/mfsa2015-50/ // https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712 pref("javascript.options.asmjs", false); // https://hacks.mozilla.org/2016/03/a-webassembly-milestone/ pref("javascript.options.wasm", false); pref("javascript.options.wasm_baselinejit", false); // https://trac.torproject.org/projects/tor/ticket/9387#comment:43 pref("javascript.options.typeinference", false); pref("javascript.options.baselinejit.content", false); pref("javascript.options.ion.content", false); // https://www.torproject.org/projects/torbrowser/design pref("mathml.disabled", true); // PREF: Disable SVG in OpenType fonts // https://wiki.mozilla.org/SVGOpenTypeFonts // https://github.com/iSECPartners/publications/tree/master/reports/Tor%20Browser%20Bundle pref("gfx.font_rendering.opentype_svg.enabled", false); // PREF: Disable in-content SVG rendering (Firefox >= 53) // NOTICE: Disabling SVG support breaks many UI elements on many sites // https://bugzilla.mozilla.org/show_bug.cgi?id=1216893 // https://github.com/iSECPartners/publications/raw/master/reports/Tor%20Browser%20Bundle/Tor%20Browser%20Bundle%20-%20iSEC%20Deliverable%201.3.pdf#16 pref("svg.disabled", true); // PREF: Disable video stats to reduce fingerprinting threat // https://bugzilla.mozilla.org/show_bug.cgi?id=654550 // https://github.com/pyllyukko/user.js/issues/9#issuecomment-100468785 // https://github.com/pyllyukko/user.js/issues/9#issuecomment-148922065 pref("media.video_stats.enabled", false); // PREF: Don't reveal build ID // Value taken from Tor Browser // https://bugzilla.mozilla.org/show_bug.cgi?id=583181 pref("general.buildID.override", "20100101"); // PREF: Prevent font fingerprinting // https://browserleaks.com/fonts // https://github.com/pyllyukko/user.js/issues/120 pref("browser.display.use_document_fonts", 0); // PREF: Enable only whitelisted URL protocol handlers // http://kb.mozillazine.org/Network.protocol-handler.external-default // http://kb.mozillazine.org/Network.protocol-handler.warn-external-default // http://kb.mozillazine.org/Network.protocol-handler.expose.%28protocol%29 // https://news.ycombinator.com/item?id=13047883 // https://bugzilla.mozilla.org/show_bug.cgi?id=167475 // https://github.com/pyllyukko/user.js/pull/285#issuecomment-298124005 // NOTICE: Disabling nonessential protocols breaks all interaction with custom protocols such as mailto:, irc:, magnet: ... and breaks opening third-party mail/messaging/torrent/... clients when clicking on links with these protocols // TODO: Add externally-handled protocols from Windows 8.1 and Windows 10 (currently contains protocols only from Linux and Windows 7) that might pose a similar threat (see e.g. https://news.ycombinator.com/item?id=13044991) // TODO: Add externally-handled protocols from Mac OS X that might pose a similar threat (see e.g. https://news.ycombinator.com/item?id=13044991) // If you want to enable a protocol, set network.protocol-handler.expose.(protocol) to true and network.protocol-handler.external.(protocol) to: // * true, if the protocol should be handled by an external application // * false, if the protocol should be handled internally by Firefox user_pref("network.protocol-handler.warn-external-default", true); user_pref("network.protocol-handler.external.http", false); user_pref("network.protocol-handler.external.https", false); user_pref("network.protocol-handler.external.javascript", false); user_pref("network.protocol-handler.external.moz-extension", false); user_pref("network.protocol-handler.external.ftp", false); user_pref("network.protocol-handler.external.file", false); user_pref("network.protocol-handler.external.about", false); user_pref("network.protocol-handler.external.chrome", false); user_pref("network.protocol-handler.external.blob", false); user_pref("network.protocol-handler.external.data", false); user_pref("network.protocol-handler.expose-all", false); user_pref("network.protocol-handler.expose.http", true); user_pref("network.protocol-handler.expose.https", true); user_pref("network.protocol-handler.expose.javascript", true); user_pref("network.protocol-handler.expose.moz-extension", true); user_pref("network.protocol-handler.expose.ftp", true); user_pref("network.protocol-handler.expose.file", true); user_pref("network.protocol-handler.expose.about", true); user_pref("network.protocol-handler.expose.chrome", true); user_pref("network.protocol-handler.expose.blob", true); user_pref("network.protocol-handler.expose.data", true); /****************************************************************************** * SECTION: Extensions / plugins * ******************************************************************************/ // PREF: Ensure you have a security delay when installing add-ons (milliseconds) // http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox // http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ pref("security.dialog_enable_delay", 1000); // PREF: Require signatures (Disabled due to bundled extensions) // https://wiki.mozilla.org/Addons/Extension_Signing //pref("xpinstall.signatures.required", true); // PREF: Opt-out of add-on metadata updates // https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/ pref("extensions.getAddons.cache.enabled", false); // PREF: Opt-out of themes (Persona) updates // https://support.mozilla.org/t5/Firefox/how-do-I-prevent-autoamtic-updates-in-a-50-user-environment/td-p/144287 pref("lightweightThemes.update.enabled", false); // PREF: Disable Flash Player NPAPI plugin // http://kb.mozillazine.org/Flash_plugin pref("plugin.state.flash", 0); // PREF: Disable Java NPAPI plugin pref("plugin.state.java", 0); // PREF: Disable sending Flash Player crash reports pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); // PREF: When Flash crash reports are enabled, don't send the visited URL in the crash report pref("dom.ipc.plugins.reportCrashURL", false); // PREF: When Flash is enabled, download and use Mozilla SWF URIs blocklist // https://bugzilla.mozilla.org/show_bug.cgi?id=1237198 // https://github.com/mozilla-services/shavar-plugin-blocklist pref("browser.safebrowsing.blockedURIs.enabled", true); // PREF: Disable Shumway (Mozilla Flash renderer) // https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Shumway pref("shumway.disabled", true); // PREF: Disable Gnome Shell Integration NPAPI plugin pref("plugin.state.libgnome-shell-browser-plugin", 0); // PREF: Disable the bundled OpenH264 video codec (disabled) // http://forums.mozillazine.org/viewtopic.php?p=13845077&sid=28af2622e8bd8497b9113851676846b1#p13845077 pref("media.gmp-provider.enabled", false); // PREF: Enable plugins click-to-play // https://wiki.mozilla.org/Firefox/Click_To_Play // https://blog.mozilla.org/security/2012/10/11/click-to-play-plugins-blocklist-style/ pref("plugins.click_to_play", true); // PREF: Disable automatic updates of addons // https://blog.mozilla.org/addons/how-to-turn-off-add-on-updates/ pref("extensions.update.enabled", false); pref("extensions.update.autoUpdateDefault", false); // User can still update manually, but we disable background updates. pref("extensions.update.background.url", ""); // The system add-ons infrastructure that's used to ship Hello and Pocket in Firefox pref("extensions.systemAddon.update.url", ""); // Only install extensions to user profile // https://developer.mozilla.org/en-US/Add-ons/Installing_extensions // https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/ pref("extensions.enabledScopes", 1); // PREF: Disable add-on and certificate blocklists (OneCRL) from Mozilla // https://wiki.mozilla.org/Blocklisting // https://blocked.cdn.mozilla.net/ // http://kb.mozillazine.org/Extensions.blocklist.enabled // http://kb.mozillazine.org/Extensions.blocklist.url // https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ // Updated at interval defined in extensions.blocklist.interval (default: 86400) pref("extensions.blocklist.enabled", false); pref("extensions.blocklist.detailsURL", "about:blank"); pref("extensions.blocklist.itemURL", "about:blank"); pref("extensions.getAddons.get.url", "about:blank"); pref("extensions.getAddons.getWithPerformance.url", "about:blank"); pref("extensions.getAddons.recommended.url", "about:blank"); // If blocklist still downloads, we want it to be signed. pref("services.blocklist.signing.enforced", true); // Firefox 49: https://hg.mozilla.org/releases/mozilla-release/rev/c6c57d394549 // https://hg.mozilla.org/releases/mozilla-release/file/c6c57d394549/toolkit/mozapps/extensions/nsBlocklistService.js#l633 pref("services.blocklist.update_enabled", false); // https://hg.mozilla.org/releases/mozilla-release/file/c6c57d394549/services/common/blocklist-updater.js // Remove Kinto Blacklist URL // https://hg.mozilla.org/releases/mozilla-release/file/c1de04f39fa956cfce83f6065b0e709369215ed5/services/common/kinto-updater.js pref("services.settings.server", "data:application/json,{}"); pref("services.blocklist.changes.path", ""); // PREF: Decrease system information leakage to Mozilla blocklist update servers // https://trac.torproject.org/projects/tor/ticket/16931 pref("extensions.blocklist.url", "about:blank"); // Disable Freedom Violating DRM Feature // https://bugzilla.mozilla.org/show_bug.cgi?id=1144903#c8 pref("media.eme.apiVisible", false); pref("media.eme.enabled", false); pref("browser.eme.ui.enabled", false); pref("media.gmp-eme-adobe.enabled", false); // Google Widevine DRM // https://blog.mozilla.org/futurereleases/2016/04/08/mozilla-to-test-widevine-cdm-in-firefox-nightly/ // https://wiki.mozilla.org/QA/Widevine_CDM // https://bugzilla.mozilla.org/show_bug.cgi?id=1288580 pref("media.gmp-widevinecdm.visible", false); pref("media.gmp-widevinecdm.enabled", false); pref("media.gmp-widevinecdm.autoupdate", false); // Plugin Updater: Fingerprints the user, does not use HTTPS, Not used on GNU/Linux. Remove it. pref("pfs.datasource.url", "about:blank"); pref("pfs.filehint.url", "about:blank"); /****************************************************************************** * SECTION: Firefox (anti-)features / components * * ******************************************************************************/ // PREF: Disable WebIDE // https://trac.torproject.org/projects/tor/ticket/16222 // https://developer.mozilla.org/docs/Tools/WebIDE pref("devtools.webide.enabled", false); pref("devtools.webide.autoinstallADBHelper", false); pref("devtools.webide.autoinstallFxdtAdapters", false); // PREF: Disable remote debugging // https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop // https://developer.mozilla.org/en-US/docs/Tools/Tools_Toolbox#Advanced_settings pref("devtools.debugger.remote-enabled", false); // "to use developer tools in the context of the browser itself, and not only web content" pref("devtools.chrome.enabled", false); // https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop#Firefox_37_onwards pref("devtools.debugger.force-local", true); // The in-browser debugger for debugging chrome code is not coping with our // restrictive DNS look-up policy. We use "127.0.0.1" instead of "localhost" as // a workaround. See bug 16523 for more details. pref("devtools.debugger.chrome-debugging-host", "127.0.0.1"); pref("devtools.appmanager.enabled", false); pref("devtools.debugger.prompt-connection", true); pref("devtools.devices.url", "about:blank"); pref("devtools.gcli.imgurUploadURL", "about:blank"); pref("devtools.gcli.jquerySrc", "about:blank"); pref("devtools.gcli.lodashSrc", "about:blank"); pref("devtools.gcli.underscoreSrc", "about:blank"); // http://forum.top-hat-sec.com/index.php?topic=4951.5;wap2 pref("devtools.remote.wifi.scan", false); pref("devtools.remote.wifi.visible", false); pref("devtools.webide.adaptersAddonURL", "about:blank"); pref("devtools.webide.adbAddonURL", "about:blank"); pref("devtools.webide.addonsURL", "about:blank"); //https://trac.torproject.org/projects/tor/ticket/16222 pref("devtools.webide.enabled", false); pref("devtools.webide.simulatorAddonsURL", "about:blank"); pref("devtools.webide.templatesURL", "about:blank"); // https://hg.mozilla.org/releases/mozilla-release/rev/47ead489b52e pref("devtools.screenshot.audio.enabled", false); // PREF: Disable Mozilla telemetry/experiments // https://wiki.mozilla.org/Platform/Features/Telemetry // https://wiki.mozilla.org/Privacy/Reviews/Telemetry // https://wiki.mozilla.org/Telemetry // https://www.mozilla.org/en-US/legal/privacy/firefox.html#telemetry // https://support.mozilla.org/t5/Firefox-crashes/Mozilla-Crash-Reporter/ta-p/1715 // https://wiki.mozilla.org/Security/Reviews/Firefox6/ReviewNotes/telemetry // https://gecko.readthedocs.io/en/latest/browser/experiments/experiments/manifest.html // https://wiki.mozilla.org/Telemetry/Experiments pref("toolkit.telemetry.enabled", false); pref("toolkit.telemetry.unified", false); pref("experiments.supported", false); pref("experiments.enabled", false); pref("experiments.manifest.uri", ""); // PREF: Disallow Necko to do A/B testing // https://trac.torproject.org/projects/tor/ticket/13170 pref("network.allow-experiments", false); // PREF: Disable sending Firefox crash reports to Mozilla servers // https://wiki.mozilla.org/Breakpad // http://kb.mozillazine.org/Breakpad // https://dxr.mozilla.org/mozilla-central/source/toolkit/crashreporter // https://bugzilla.mozilla.org/show_bug.cgi?id=411490 // A list of submitted crash reports can be found at about:crashes pref("breakpad.reportURL", ""); // PREF: Disable sending reports of tab crashes to Mozilla (about:tabcrashed), don't nag user about unsent crash reports // https://hg.mozilla.org/mozilla-central/file/tip/browser/app/profile/firefox.js pref("browser.tabs.crashReporting.sendReport", false); pref("browser.crashReports.unsubmittedCheck.enabled", false); pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); // PREF: Disable FlyWeb (discovery of LAN/proximity IoT devices that expose a Web interface) // https://wiki.mozilla.org/FlyWeb // https://wiki.mozilla.org/FlyWeb/Security_scenarios // https://docs.google.com/document/d/1eqLb6cGjDL9XooSYEEo7mE-zKQ-o-AuDTcEyNhfBMBM/edit // http://www.ghacks.net/2016/07/26/firefox-flyweb pref("dom.flyweb.enabled", false); // PREF: Disable the UITour backend // https://trac.torproject.org/projects/tor/ticket/19047#comment:3 pref("browser.uitour.enabled", false); // PREF: Enable Firefox Tracking Protection // https://wiki.mozilla.org/Security/Tracking_protection // https://support.mozilla.org/en-US/kb/tracking-protection-firefox // https://support.mozilla.org/en-US/kb/tracking-protection-pbm // https://kontaxis.github.io/trackingprotectionfirefox/ // https://feeding.cloud.geek.nz/posts/how-tracking-protection-works-in-firefox/ pref("privacy.trackingprotection.enabled", true); pref("privacy.trackingprotection.pbmode.enabled", true); // PREF: Enable contextual identity Containers feature (Firefox >= 52) // NOTICE: Containers are not available in Private Browsing mode // https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers pref("privacy.userContext.enabled", true); // PREF: Enable hardening against various fingerprinting vectors (Tor Uplift project) // https://wiki.mozilla.org/Security/Tor_Uplift/Tracking pref("privacy.resistFingerprinting", true); // PREF: Disable the built-in PDF viewer // https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2743 // https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/ // https://www.mozilla.org/en-US/security/advisories/mfsa2015-69/ pref("pdfjs.disabled", true); // PREF: Disable collection/sending of the health report (healthreport.sqlite*) // https://support.mozilla.org/en-US/kb/firefox-health-report-understand-your-browser-perf // https://gecko.readthedocs.org/en/latest/toolkit/components/telemetry/telemetry/preferences.html pref("datareporting.healthreport.uploadEnabled", false); pref("datareporting.healthreport.service.enabled", false); pref("datareporting.policy.dataSubmissionEnabled", false); // PREF: Disable Heartbeat (Mozilla user rating telemetry) // https://wiki.mozilla.org/Advocacy/heartbeat // https://trac.torproject.org/projects/tor/ticket/19047 pref("browser.selfsupport.url", ""); // PREF: Disable Firefox Hello (disabled) (Firefox < 49) // https://wiki.mozilla.org/Loop // https://support.mozilla.org/t5/Chat-and-share/Support-for-Hello-discontinued-in-Firefox-49/ta-p/37946 // NOTICE: Firefox Hello requires setting `media.peerconnection.enabled` and `media.getusermedia.screensharing.enabled` to true, `security.OCSP.require` to false to work. //pref("loop.enabled", false); // PREF: Disable Firefox Hello metrics collection // https://groups.google.com/d/topic/mozilla.dev.platform/nyVkCx-_sFw/discussion pref("loop.logDomains", false); // PREF: Disable Auto Update / Balrog // NOTICE: Fully automatic updates are disabled and left to package management systems on Linux. Windows users may want to change this setting. // CIS 2.1.1 pref("app.update.auto", false); pref("app.update.checkInstallTime", false); pref("app.update.enabled", false); pref("app.update.staging.enabled", false); pref("app.update.url", "about:blank"); pref("media.gmp-manager.certs.1.commonName", ""); pref("media.gmp-manager.certs.2.commonName", ""); // PREF: Disable blocking reported web forgeries // Leaks information to Google // https://wiki.mozilla.org/Security/Safe_Browsing // http://kb.mozillazine.org/Safe_browsing // https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work // http://forums.mozillazine.org/viewtopic.php?f=39&t=2711237&p=12896849#p12896849 // CIS 2.3.4 pref("browser.safebrowsing.enabled", false); // Firefox < 50 pref("browser.safebrowsing.phishing.enabled", false); // firefox >= 50 // PREF: Disable blocking reported attack sites // Leaks information to Google // http://kb.mozillazine.org/Browser.safebrowsing.malware.enabled // CIS 2.3.5 pref("browser.safebrowsing.malware.enabled", false); // PREF: Disable querying Google Application Reputation database for downloaded binary files // https://www.mozilla.org/en-US/firefox/39.0/releasenotes/ // https://wiki.mozilla.org/Security/Application_Reputation pref("browser.safebrowsing.downloads.remote.enabled", false); pref("browser.safebrowsing.appRepURL", "about:blank"); pref("browser.safebrowsing.provider.mozilla.gethashURL", "about:blank"); pref("browser.safebrowsing.provider.mozilla.updateURL", "about:blank"); pref("browser.safebrowsing.downloads.remote.block_dangerous", false); pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); pref("browser.safebrowsing.downloads.remote.block_uncommon", false); pref("browser.safebrowsing.downloads.remote.url", ""); pref("browser.safebrowsing.provider.google.gethashURL", ""); pref("browser.safebrowsing.provider.google.updateURL", ""); pref("browser.safebrowsing.provider.google.lists", ""); // https://bugzilla.mozilla.org/show_bug.cgi?id=1025965 pref("browser.safebrowsing.provider.google4.lists", "about:blank"); pref("browser.safebrowsing.provider.google4.updateURL", "about:blank"); pref("browser.safebrowsing.provider.google4.gethashURL", "about:blank"); pref("browser.safebrowsing.provider.google4.reportURL", "about:blank"); pref("browser.safebrowsing.provider.mozilla.lists", "about:blank"); // Disable Microsoft Family Safety MiTM support (Windows 8.1) (FF50+) // https://bugzilla.mozilla.org/show_bug.cgi?id=1239166 // https://wiki.mozilla.org/SecurityEngineering/Untrusted_Certificates_in_Windows_Child_Mode // https://hg.mozilla.org/releases/mozilla-release/file/ddb37c386bb2ffa180117b4d30ca3b41a8af233c/security/manager/ssl/nsNSSComponent.cpp#l782 pref("security.family_safety.mode", 0); // https://bugzilla.mozilla.org/show_bug.cgi?id=1265113 // https://hg.mozilla.org/releases/mozilla-release/rev/d9659c22b3c5 // https://bugzilla.mozilla.org/show_bug.cgi?id=1298883 pref("security.enterprise_roots.enabled", false); // PREF: Disable Pocket // https://support.mozilla.org/en-US/kb/save-web-pages-later-pocket-firefox // https://github.com/pyllyukko/user.js/issues/143 pref("browser.pocket.enabled", false); pref("extensions.pocket.enabled", false); pref("extensions.pocket.api", "about:blank"); pref("browser.pocket.api", "about:blank"); pref("browser.pocket.enabledLocales", "about:blank"); pref("browser.pocket.oAuthConsumerKey", "about:blank"); pref("browser.pocket.site", "about:blank"); pref("browser.pocket.useLocaleList", false); pref("browser.toolbarbuttons.introduced.pocket-button", true); // Disable Web Compat Reporter pref("extensions.webcompat-reporter.enabled", false); pref("extensions.webcompat-reporter.newIssueEndpoint", ""); // Disable Social pref("social.directories", ""); pref("social.enabled", false); // remote-install allows any website to activate a provider, with extended UI pref("social.remote-install.enabled", false); pref("social.shareDirectory", ""); pref("social.toast-notifications.enabled", false); pref("social.whitelist", ""); // Disable Snippets pref("browser.snippets.enabled", false); pref("browser.snippets.geoUrl", "about:blank"); pref("browser.snippets.statsUrl", "about:blank"); pref("browser.snippets.syncPromo.enabled", false); pref("browser.snippets.updateUrl", "about:blank"); // Disable WAN IP leaks pref("captivedetect.canonicalURL", "about:blank"); pref("network.captive-portal-service.enabled", false); // Note: NoScript seems to ignore these and leak WAN anyway. pref("noscript.ABE.wanIpAsLocal", false); pref("noscript.ABE.wanIpCheckURL", "about:blank"); // Disable Default Protocol Handlers, always warn user instead pref("network.protocol-handler.external-default", false); pref("network.protocol-handler.external.mailto", false); pref("network.protocol-handler.external.news", false); pref("network.protocol-handler.external.nntp", false); pref("network.protocol-handler.external.snews", false); pref("network.protocol-handler.warn-external.mailto", true); pref("network.protocol-handler.warn-external.news", true); pref("network.protocol-handler.warn-external.nntp", true); pref("network.protocol-handler.warn-external.snews", true); // Disable Sync pref("services.sync.engine.addons", false); // Never sync prefs, addons, or tabs with other browsers pref("services.sync.engine.prefs", false); pref("services.sync.engine.tabs", false); pref("services.sync.prefs.sync.addons.ignoreUserEnabledChanges", false); pref("services.sync.prefs.sync.extensions.update.enabled", false); pref("services.sync.serverURL", "about:blank"); pref("services.sync.jpake.serverURL", "about:blank"); // Disable Failed Sync Logs since we killed sync. pref("services.sync.log.appender.file.logOnError", false); pref("services.sync.ui.hidden", true); // PREF: Disable SHIELD // https://support.mozilla.org/en-US/kb/shield // https://bugzilla.mozilla.org/show_bug.cgi?id=1370801 user_pref("extensions.shield-recipe-client.enabled", false); user_pref("app.shield.optoutstudies.enabled", false); /****************************************************************************** * SECTION: Automatic connections * ******************************************************************************/ // PREF: Disable prefetching of URLs // http://kb.mozillazine.org/Network.prefetch-next // https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#Is_there_a_preference_to_disable_link_prefetching.3F pref("network.prefetch-next", false); // PREF: Disable DNS prefetching // http://kb.mozillazine.org/Network.dns.disablePrefetch // https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching pref("network.dns.disablePrefetch", true); pref("network.dns.disablePrefetchFromHTTPS", true); // PREF: Disable the predictive service (Necko) // https://wiki.mozilla.org/Privacy/Reviews/Necko pref("network.predictor.enabled", false); // https://wiki.mozilla.org/Privacy/Reviews/Necko#Principle:_Real_Choice pref("network.seer.enabled", false); // PREF: Reject .onion hostnames before passing the to DNS // https://bugzilla.mozilla.org/show_bug.cgi?id=1228457 // RFC 7686 pref("network.dns.blockDotOnion", true); // PREF: Disable search suggestions in the search bar // http://kb.mozillazine.org/Browser.search.suggest.enabled pref("browser.search.suggest.enabled", false); // PREF: Disable "Show search suggestions in location bar results" pref("browser.urlbar.suggest.searches", false); // PREF: When using the location bar, don't suggest URLs from browsing history pref("browser.urlbar.suggest.history", false); // PREF: Disable SSDP // https://bugzilla.mozilla.org/show_bug.cgi?id=1111967 pref("browser.casting.enabled", false); // PREF: Disable automatic downloading of OpenH264 codec // https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_media-capabilities // http://andreasgal.com/2014/10/14/openh264-now-in-firefox/ pref("media.gmp-gmpopenh264.enabled", false); pref("media.peerconnection.video.h264_enabled", false); // Disable Gecko media plugins: https://wiki.mozilla.org/GeckoMediaPlugins pref("media.gmp-manager.url", ""); pref("media.gmp-manager.url.override", "data:text/plain"); pref("media.gmp.trial-create.enabled", false); // Since ESR52 it is not enough anymore to block pinging the GMP update/download // server. There is a local fallback that must be blocked now as well. See: // https://bugzilla.mozilla.org/show_bug.cgi?id=1267495. pref("media.gmp-manager.updateEnabled", false); // PREF: Disable speculative pre-connections // https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections // https://bugzilla.mozilla.org/show_bug.cgi?id=814169 pref("network.http.speculative-parallel-limit", 0); // PREF: Disable downloading homepage snippets/messages from Mozilla // https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_mozilla-content // https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service pref("browser.aboutHomeSnippets.updateUrl", ""); // PREF: Never check updates for search engines // https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_auto-update-checking pref("browser.search.update", false); //Disable Link to FireFox Marketplace, currently loaded with non-free "apps" pref("browser.apps.URL", ""); pref("browser.webapps.checkForUpdates", 0); pref("browser.webapps.updateCheckUrl", "about:blank"); pref("dom.mozApps.signed_apps_installable_from", ""); // Disable Favicon lookups (Leaks/fingerprints user bookmarks) // http://kb.mozillazine.org/Browser.chrome.favicons pref("browser.chrome.favicons", false); pref("browser.chrome.site_icons", false); pref("browser.shell.shortcutFavicons", false); /****************************************************************************** * SECTION: HTTP * ******************************************************************************/ // https://gitweb.torproject.org/tor-browser.git/tree/browser/app/profile/000-tor-browser.js?h=tor-browser-52.1.0esr-7.0-2 pref("network.http.pipelining", true); pref("network.http.pipelining.aggressive", true); pref("network.http.pipelining.maxrequests", 12); pref("network.http.pipelining.ssl", true); pref("network.http.proxy.pipelining", true); pref("security.ssl.enable_false_start", true); pref("network.http.keep-alive.timeout", 20); pref("network.http.connection-retry-timeout", 0); pref("network.http.max-persistent-connections-per-proxy", 256); pref("network.http.pipelining.reschedule-timeout", 15000); pref("network.http.pipelining.read-timeout", 60000); pref("network.http.pipelining.max-optimistic-requests", 3); pref("network.http.spdy.enabled", false); // Stores state and may have keepalive issues (both fixable) pref("network.http.spdy.enabled.v2", false); // Seems redundant, but just in case pref("network.http.spdy.enabled.v3", false); // Seems redundant, but just in case pref("network.http.spdy.enabled.v3-1", false); // Seems redundant, but just in case pref("privacy.firstparty.isolate", true); // Always enforce first party isolation pref("network.http.spdy.enabled.http2", false); // Temporarily disabled pending implementation review pref("network.http.spdy.enabled.http2draft", false); // Temporarily disabled pending implementation review // PREF: Disallow NTLMv1 // https://bugzilla.mozilla.org/show_bug.cgi?id=828183 pref("network.negotiate-auth.allow-insecure-ntlm-v1", false); // it is still allowed through HTTPS. uncomment the following to disable it completely. pref("network.negotiate-auth.allow-insecure-ntlm-v1-https", false); // PREF: Enable CSP 1.1 script-nonce directive support // https://bugzilla.mozilla.org/show_bug.cgi?id=855326 pref("security.csp.experimentalEnabled", true); // PREF: Enable Content Security Policy (CSP) // https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy // https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP pref("security.csp.enable", true); // PREF: Enable Subresource Integrity // https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity // https://wiki.mozilla.org/Security/Subresource_Integrity pref("security.sri.enable", true); // PREF: DNT HTTP header (disabled) // https://www.mozilla.org/en-US/firefox/dnt/ // https://en.wikipedia.org/wiki/Do_not_track_header // https://dnt-dashboard.mozilla.org // https://github.com/pyllyukko/user.js/issues/11 // http://www.howtogeek.com/126705/why-enabling-do-not-track-doesnt-stop-you-from-being-tracked/ // NOTICE: Do No Track must be enabled manually //pref("privacy.donottrackheader.enabled", true); // Disable HTTP Alternative Services header // https://trac.torproject.org/projects/tor/ticket/16673 pref("network.http.altsvc.enabled", false); pref("network.http.altsvc.oe", false); // PREF: Send a referer header with the target URI as the source // http://kb.mozillazine.org/Network.http.sendRefererHeader#0 // https://bugzilla.mozilla.org/show_bug.cgi?id=822869 // https://github.com/pyllyukko/user.js/issues/227 // NOTICE: Spoofing referers breaks functionality on websites relying on authentic referer headers // NOTICE: Spoofing referers breaks visualisation of 3rd-party sites on the Lightbeam addon // NOTICE: Spoofing referers disables CSRF protection on some login pages not implementing origin-header/cookie+token based CSRF protection // TODO: https://github.com/pyllyukko/user.js/issues/94, commented-out XOriginPolicy/XOriginTrimmingPolicy = 2 prefs pref("network.http.referer.spoofSource", true); // PREF: Don't send referer headers when following links across different domains (disabled) // https://github.com/pyllyukko/user.js/issues/227 // user_pref("network.http.referer.XOriginPolicy", 2); // https://bugzilla.mozilla.org/show_bug.cgi?id=1223838#c31 pref("network.http.enablePerElementReferrer", false); // PREF: Accept Only 1st Party Cookies // http://kb.mozillazine.org/Network.cookie.cookieBehavior#1 // NOTICE: Blocking 3rd-party cookies breaks a number of payment gateways // CIS 2.5.1 pref("network.cookie.cookieBehavior", 1); // PREF: Make sure that third-party cookies (if enabled) never persist beyond the session. // https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ // http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly // https://developer.mozilla.org/en-US/docs/Cookies_Preferences_in_Mozilla#network.cookie.thirdparty.sessionOnly pref("network.cookie.thirdparty.sessionOnly", true); // PREF: Spoof User-agent pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0"); pref("general.appname.override", "Netscape"); pref("general.appversion.override", "5.0 (Windows)"); pref("general.platform.override", "Win32"); pref("general.oscpu.override", "Windows NT 6.1"); pref("general.productSub.override", "20100101"); pref("general.buildID.override", "20100101"); pref("browser.startup.homepage_override.buildID", "20100101"); pref("general.useragent.vendor", ""); pref("general.useragent.vendorSub", ""); /******************************************************************************* * SECTION: Caching * ******************************************************************************/ // Prevents the Permissions manager from writing to disk (regardless of whether we are in PBM) // https://bugzilla.mozilla.org/show_bug.cgi?id=967812#c9 pref("permissions.memory_only", true); // Ensures the intermediate certificate store is memory only. // Note: Conflicts with old HTTP Basic Authentication // https://bugzilla.mozilla.org/show_bug.cgi?id=1216882#c0 pref("security.nocertdb", true); // PREF: Permanently enable private browsing mode (disabled) // https://support.mozilla.org/en-US/kb/Private-Browsing // https://wiki.mozilla.org/PrivateBrowsing // NOTICE: You can not view or inspect cookies when in private browsing: https://bugzilla.mozilla.org/show_bug.cgi?id=823941 // NOTICE: When Javascript is enabled, Websites can detect use of Private Browsing mode // NOTICE: Private browsing breaks Kerberos authentication // NOTICE: Disables "Containers" functionality (see below) //pref("browser.privatebrowsing.autostart", true); // PREF: Do not store POST data in saved sessions // http://kb.mozillazine.org/Browser.sessionstore.postdata // relates to CIS 2.5.7 pref("browser.sessionstore.postdata", 0); // PREF: Disable the Session Restore service // http://kb.mozillazine.org/Browser.sessionstore.enabled pref("browser.sessionstore.enabled", false); // PREF: Do not download URLs for the offline cache // http://kb.mozillazine.org/Browser.cache.offline.enable pref("browser.cache.offline.enable", false); // PREF: Clear history when Firefox closes // https://support.mozilla.org/en-US/kb/Clear%20Recent%20History#w_how-do-i-make-firefox-clear-my-history-automatically // NOTICE: Installing user.js will **remove your saved passwords** (https://github.com/pyllyukko/user.js/issues/27) // NOTICE: Clearing open windows on Firefox exit causes 2 windows to open when Firefox starts https://bugzilla.mozilla.org/show_bug.cgi?id=1334945 pref("privacy.sanitize.sanitizeOnShutdown", true); pref("privacy.clearOnShutdown.cache", true); pref("privacy.clearOnShutdown.cookies", true); pref("privacy.clearOnShutdown.downloads", true); pref("privacy.clearOnShutdown.formdata", true); pref("privacy.clearOnShutdown.history", true); pref("privacy.clearOnShutdown.offlineApps", true); //pref("privacy.clearOnShutdown.passwords", true); // Wipes all saved passwords. (Disabled) pref("privacy.clearOnShutdown.sessions", true); //pref("privacy.clearOnShutdown.openWindows", true); // Temporarily disabled https://bugzilla.mozilla.org/show_bug.cgi?id=1334945 pref("privacy.clearOnShutdown.siteSettings", true); // http://www.ghacks.net/2015/10/16/how-to-prevent-hsts-tracking-in-firefox/ // PREF: Set time range to "Everything" as default in "Clear Recent History" pref("privacy.sanitize.timeSpan", 0); // PREF: Clear everything but "Site Preferences" in "Clear Recent History" pref("privacy.cpd.offlineApps", true); pref("privacy.cpd.cache", true); pref("privacy.cpd.cookies", true); pref("privacy.cpd.downloads", true); pref("privacy.cpd.formdata", true); pref("privacy.cpd.history", true); pref("privacy.cpd.sessions", true); // Firefox will store small amounts (less than 50 MB) of data without asking for permission, unless this is set to false // https://support.mozilla.org/en-US/questions/1014708 pref("offline-apps.allow_by_default", false); // PREF: Don't remember browsing history pref("places.history.enabled", false); // PREF: Disable disk cache // http://kb.mozillazine.org/Browser.cache.disk.enable pref("browser.cache.disk.enable", false); // PREF: Disable memory cache (disabled) // http://kb.mozillazine.org/Browser.cache.memory.enable //pref("browser.cache.memory.enable", false); // PREF: Disable Caching of SSL Pages // CIS Version 1.2.0 October 21st, 2011 2.5.8 // http://kb.mozillazine.org/Browser.cache.disk_cache_ssl pref("browser.cache.disk_cache_ssl", false); // PREF: Disable download history // CIS Version 1.2.0 October 21st, 2011 2.5.5 pref("browser.download.manager.retention", 0); // PREF: Disable password manager // CIS Version 1.2.0 October 21st, 2011 2.5.2 pref("signon.rememberSignons", false); // PREF: Disable form autofill, don't save information entered in web page forms and the Search Bar pref("browser.formfill.enable", false); // PREF: Cookies expires at the end of the session (when the browser closes) // http://kb.mozillazine.org/Network.cookie.lifetimePolicy#2 pref("network.cookie.lifetimePolicy", 2); // PREF: Require manual intervention to autofill known username/passwords sign-in forms // http://kb.mozillazine.org/Signon.autofillForms // https://www.torproject.org/projects/torbrowser/design/#identifier-linkability pref("signon.autofillForms", false); // PREF: When username/password autofill is enabled, still disable it on non-HTTPS sites // https://hg.mozilla.org/integration/mozilla-inbound/rev/f0d146fe7317 pref("signon.autofillForms.http", false); // PREF: Show in-content login form warning UI for insecure login fields // https://hg.mozilla.org/integration/mozilla-inbound/rev/f0d146fe7317 pref("security.insecure_field_warning.contextual.enabled", true); // PREF: Disable the password manager for pages with autocomplete=off (disabled) // https://bugzilla.mozilla.org/show_bug.cgi?id=956906 // OWASP ASVS V9.1 // Does not prevent any kind of auto-completion (see browser.formfill.enable, signon.autofillForms) //pref("signon.storeWhenAutocompleteOff", false); // PREF: Delete Search and Form History // CIS Version 1.2.0 October 21st, 2011 2.5.6 pref("browser.formfill.expire_days", 0); // PREF: Clear SSL Form Session Data // http://kb.mozillazine.org/Browser.sessionstore.privacy_level#2 // Store extra session data for unencrypted (non-HTTPS) sites only. // CIS Version 1.2.0 October 21st, 2011 2.5.7 // NOTE: CIS says 1, we use 2 pref("browser.sessionstore.privacy_level", 2); // PREF: Delete temporary files on exit // https://bugzilla.mozilla.org/show_bug.cgi?id=238789 pref("browser.helperApps.deleteTempFileOnExit", true); // Disable the media cache, prevents HTML5 videos from being written to the OS temporary directory // https://www.torproject.org/projects/torbrowser/design/ pref("media.cache_size", 0); // PREF: Do not create screenshots of visited pages (relates to the "new tab page" feature) // https://support.mozilla.org/en-US/questions/973320 // https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/browser.pagethumbnails.capturing_disabled pref("browser.pagethumbnails.capturing_disabled", true); /******************************************************************************* * SECTION: UI related * *******************************************************************************/ pref("ui.use_standins_for_native_colors", true); // https://bugzilla.mozilla.org/232227 // PREF: Enable insecure password warnings (login forms in non-HTTPS pages) // https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please/ // https://bugzilla.mozilla.org/show_bug.cgi?id=1319119 // https://bugzilla.mozilla.org/show_bug.cgi?id=1217156 pref("security.insecure_password.ui.enabled", true); // Disable Slow Startup Notifications pref("browser.slowStartup.maxSamples", 0); pref("browser.slowStartup.notificationDisabled", true); pref("browser.slowStartup.samples", 0); // Display advanced information on Insecure Connection warning pages // [TEST] https://expired.badssl.com/ pref("browser.xul.error_pages.expert_bad_cert", true); // PREF: Disable right-click menu manipulation via JavaScript pref("dom.event.contextmenu.enabled", false); // Disable Recently Bookmarked Folder (Disabled) // https://bugzilla.mozilla.org/show_bug.cgi?id=1248268 // https://hg.mozilla.org/releases/mozilla-release/rev/f98e3add979e //pref("browser.bookmarks.showRecentlyBookmarked", false); // PREF: Disable "Are you sure you want to leave this page?" popups on page close // https://support.mozilla.org/en-US/questions/1043508 // Does not prevent JS leaks of the page close event. // https://developer.mozilla.org/en-US/docs/Web/Events/beforeunload pref("dom.disable_beforeunload", true); pref("dom.require_user_interaction_for_beforeunload", false); // Don't promote sync pref("browser.syncPromoViewsLeftMap", "{\"addons\":0,\"bookmarks\":0,\"passwords\":0}"); // PREF: Disable Downloading on Desktop // CIS 2.3.2 pref("browser.download.folderList", 2); // PREF: Always ask the user where to download // https://developer.mozilla.org/en/Download_Manager_preferences (obsolete) pref("browser.download.useDownloadDir", false); // PREF: Disable the "new tab page" feature and show a blank tab instead // https://wiki.mozilla.org/Privacy/Reviews/New_Tab // https://support.mozilla.org/en-US/kb/new-tab-page-show-hide-and-customize-top-sites#w_how-do-i-turn-the-new-tab-page-off pref("browser.newtabpage.enabled", false); pref("browser.newtab.url", "about:blank"); // PREF: Disable new tab tile ads & preload // http://www.thewindowsclub.com/disable-remove-ad-tiles-from-firefox // http://forums.mozillazine.org/viewtopic.php?p=13876331#p13876331 // https://wiki.mozilla.org/Tiles/Technical_Documentation#Ping // https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-source // https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-ping // TODO: deprecated? not in DXR, some dead links pref("browser.newtabpage.enhanced", false); pref("browser.newtab.preload", false); pref("browser.newtabpage.directory.ping", ""); pref("browser.newtabpage.directory.source", "data:text/plain,{}"); // PREF: Enable Auto Notification of Outdated Plugins (Firefox < 50) (Disabled on GNU/Linux) // https://wiki.mozilla.org/Firefox3.6/Plugin_Update_Awareness_Security_Review // CIS Version 1.2.0 October 21st, 2011 2.1.2 pref("plugins.update.notifyUser", false); // PREF: Enable Information Bar for Outdated Plugins // http://forums.mozillazine.org/viewtopic.php?f=8&t=2490287 // CIS Version 1.2.0 October 21st, 2011 2.1.3 pref("plugins.hide_infobar_for_outdated_plugin", false); // PREF: Force Punycode for Internationalized Domain Names // http://kb.mozillazine.org/Network.IDN_show_punycode // https://www.xudongz.com/blog/2017/idn-phishing/ // https://wiki.mozilla.org/IDN_Display_Algorithm // https://en.wikipedia.org/wiki/IDN_homograph_attack // https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ // CIS Mozilla Firefox 24 ESR v1.0.0 - 3.6 pref("network.IDN_show_punycode", true); // PREF: Disable inline autocomplete in URL bar // http://kb.mozillazine.org/Inline_autocomplete pref("browser.urlbar.autoFill", false); pref("browser.urlbar.autoFill.typed", false); // PREF: Don't suggest any URLs while typing at the address bar // https://www.labnol.org/software/browsers/prevent-firefox-showing-bookmarks-address-location-bar/3636/ // http://kb.mozillazine.org/Browser.urlbar.maxRichResults // "Setting the preference to 0 effectively disables the Location Bar dropdown entirely." pref("browser.urlbar.maxRichResults", 0); // PREF: Disable CSS :visited selectors // https://blog.mozilla.org/security/2010/03/31/plugging-the-css-history-leak/ // https://dbaron.org/mozilla/visited-privacy pref("layout.css.visited_links_enabled", false); // http://kb.mozillazine.org/Places.frecency.unvisited%28place_type%29Bonus // PREF: Disable URL bar autocomplete // http://kb.mozillazine.org/Disabling_autocomplete_-_Firefox#Firefox_3.5 pref("browser.urlbar.autocomplete.enabled", false); // PREF: Do not check if Firefox is the default browser pref("browser.shell.checkDefaultBrowser", false); // PREF: When password manager is enabled, lock the password storage periodically // CIS Version 1.2.0 October 21st, 2011 2.5.3 Disable Prompting for Credential Storage pref("security.ask_for_password", 2); // Bug 9881: Open popups in new tabs (to avoid fullscreen popups) // pref("browser.link.open_newwindow.restriction", 0); // PREF: Lock the password storage every 1 minutes (default: 30) pref("security.password_lifetime", 1); // PREF: Display a notification bar when websites offer data for offline use // http://kb.mozillazine.org/Browser.offline-apps.notify pref("browser.offline-apps.notify", true); /****************************************************************************** * SECTION: Cryptography * ******************************************************************************/ // PREF: Enable HSTS preload list (pre-set HSTS sites list provided by Mozilla) // https://blog.mozilla.org/security/2012/11/01/preloading-hsts/ // https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List // https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security pref("network.stricttransportsecurity.preloadlist", true); // Disable HSTS Priming, a beta feature rarely used that allows mixed content on HTTPS pages. // https://wicg.github.io/hsts-priming/ // https://bugzilla.mozilla.org/show_bug.cgi?id=1246540#c145 // https://hg.mozilla.org/releases/mozilla-release/rev/d7d42cef7968 pref("security.mixed_content.send_hsts_priming", false); pref("security.mixed_content.use_hsts", false); // PREF: Disable Online Certificate Status Protocol // https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol // https://www.imperialviolet.org/2014/04/19/revchecking.html // https://www.maikel.pro/blog/current-state-certificate-revocation-crls-ocsp/ // https://wiki.mozilla.org/CA:RevocationPlan // https://wiki.mozilla.org/CA:ImprovingRevocation // https://wiki.mozilla.org/CA:OCSP-HardFail // https://news.netcraft.com/archives/2014/04/24/certificate-revocation-why-browsers-remain-affected-by-heartbleed.html // https://news.netcraft.com/archives/2013/04/16/certificate-revocation-and-the-performance-of-ocsp.html // NOTICE: OCSP leaks your IP and domains you visit to the CA when OCSP Stapling is not available on visited host // NOTICE: OCSP is vulnerable to replay attacks when nonce is not configured on the OCSP responder // NOTICE: OCSP adds latency (performance) // NOTICE: Short-lived certificates are not checked for revocation (security.pki.cert_short_lifetime_in_days, default:10) // CIS Version 1.2.0 October 21st, 2011 2.2.4 pref("security.OCSP.enabled", 0); // PREF: Enable OCSP Stapling support // https://en.wikipedia.org/wiki/OCSP_stapling // https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ // https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx pref("security.ssl.enable_ocsp_stapling", true); // PREF: Enable OCSP Must-Staple support (Firefox >= 45) // https://blog.mozilla.org/security/2015/11/23/improving-revocation-ocsp-must-staple-and-short-lived-certificates/ // https://www.entrust.com/ocsp-must-staple/ // https://github.com/schomery/privacy-settings/issues/40 // NOTICE: Firefox falls back on plain OCSP when must-staple is not configured on the host certificate pref("security.ssl.enable_ocsp_must_staple", true); // PREF: Require a valid OCSP response for OCSP enabled certificates // https://groups.google.com/forum/#!topic/mozilla.dev.security/n1G-N2-HTVA // Disabling this will make OCSP bypassable by MitM attacks suppressing OCSP responses // NOTICE: `security.OCSP.require` will make the connection fail when the OCSP responder is unavailable // NOTICE: `security.OCSP.require` is known to break browsing on some [captive portals](https://en.wikipedia.org/wiki/Captive_portal) pref("security.OCSP.require", true); // PREF: Disable TLS Session Tickets // https://www.blackhat.com/us-13/briefings.html#NextGen // https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf // https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-WP.pdf // https://bugzilla.mozilla.org/show_bug.cgi?id=917049 // https://bugzilla.mozilla.org/show_bug.cgi?id=967977 pref("security.ssl.disable_session_identifiers", true); // https://www.torproject.org/projects/torbrowser/design/index.html.en pref("security.ssl.enable_false_start", true); pref("security.enable_tls_session_tickets", false); // PREF: Only allow TLS 1.[0-3] // http://kb.mozillazine.org/Security.tls.version.* // 1 = TLS 1.0 is the minimum required / maximum supported encryption protocol. (This is the current default for the maximum supported version.) // 2 = TLS 1.1 is the minimum required / maximum supported encryption protocol. pref("security.tls.version.min", 1); pref("security.tls.version.max", 4); // PREF: Disable insecure TLS version fallback // https://bugzilla.mozilla.org/show_bug.cgi?id=1084025 // https://github.com/pyllyukko/user.js/pull/206#issuecomment-280229645 pref("security.tls.version.fallback-limit", 3); // PREF: Enfore Public Key Pinning // https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning // https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning // "2. Strict. Pinning is always enforced." pref("security.cert_pinning.enforcement_level", 2); // PREF: Disallow SHA-1 // https://bugzilla.mozilla.org/show_bug.cgi?id=1302140 // https://hg.mozilla.org/releases/mozilla-release/rev/43c724bde81c#l3.34 // http://www.scmagazine.com/mozilla-pulls-back-on-rejecting-sha-1-certs-outright/article/463913/ // 0 = allow SHA-1; 1 = forbid SHA-1; 2 = allow SHA-1 only if notBefore < 2016-01-01 // https://shattered.io/ pref("security.pki.sha1_enforcement_level", 1); // PREF: Warn the user when server doesn't support RFC 5746 ("safe" renegotiation) // https://wiki.mozilla.org/Security:Renegotiation#security.ssl.treat_unsafe_negotiation_as_broken // https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555 pref("security.ssl.treat_unsafe_negotiation_as_broken", true); // PREF: Disallow connection to servers not supporting safe renegotiation (disabled) // https://wiki.mozilla.org/Security:Renegotiation#security.ssl.require_safe_negotiation // https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555 // TODO: `security.ssl.require_safe_negotiation` is more secure but makes browsing next to impossible (2012-2014-... - `ssl_error_unsafe_negotiation` errors), so is left disabled // pref("security.ssl.require_safe_negotiation", true); // PREF: Disable automatic reporting of TLS connection errors // https://support.mozilla.org/en-US/kb/certificate-pinning-reports // we could also disable security.ssl.errorReporting.enabled, but I think it's // good to leave the option to report potentially malicious sites if the user // chooses to do so. // you can test this at https://pinningtest.appspot.com/ pref("security.ssl.errorReporting.automatic", false); // PREF: Pre-populate the current URL but do not pre-fetch the certificate in the "Add Security Exception" dialog // http://kb.mozillazine.org/Browser.ssl_override_behavior // https://github.com/pyllyukko/user.js/issues/210 pref("browser.ssl_override_behavior", 1); /****************************************************************************** * SECTION: Cipher suites * * * * you can debug the SSL handshake with tshark: * * tshark -t ad -n -i wlan0 -T text -V -R ssl.handshake * ******************************************************************************/ // PREF: Disable null ciphers pref("security.ssl3.rsa_null_sha", false); pref("security.ssl3.rsa_null_md5", false); pref("security.ssl3.ecdhe_rsa_null_sha", false); pref("security.ssl3.ecdhe_ecdsa_null_sha", false); pref("security.ssl3.ecdh_rsa_null_sha", false); pref("security.ssl3.ecdh_ecdsa_null_sha", false); // PREF: Disable SEED cipher // https://en.wikipedia.org/wiki/SEED pref("security.ssl3.rsa_seed_sha", false); // PREF: Disable 40/56/128-bit ciphers // 40-bit ciphers pref("security.ssl3.rsa_rc4_40_md5", false); pref("security.ssl3.rsa_rc2_40_md5", false); // 56-bit ciphers pref("security.ssl3.rsa_1024_rc4_56_sha", false); // 128-bit ciphers pref("security.ssl3.rsa_camellia_128_sha", false); pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); pref("security.ssl3.ecdh_rsa_aes_128_sha", false); pref("security.ssl3.ecdh_ecdsa_aes_128_sha", false); pref("security.ssl3.dhe_rsa_camellia_128_sha", false); pref("security.ssl3.dhe_rsa_aes_128_sha", false); // PREF: Disable RC4 // https://developer.mozilla.org/en-US/Firefox/Releases/38#Security // https://bugzilla.mozilla.org/show_bug.cgi?id=1138882 // https://rc4.io/ // https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566 pref("security.ssl3.ecdh_ecdsa_rc4_128_sha", false); pref("security.ssl3.ecdh_rsa_rc4_128_sha", false); pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); pref("security.ssl3.rsa_rc4_128_md5", false); pref("security.ssl3.rsa_rc4_128_sha", false); pref("security.tls.unrestricted_rc4_fallback", false); // PREF: Disable 3DES (effective key size is < 128) // https://en.wikipedia.org/wiki/3des#Security // http://en.citizendium.org/wiki/Meet-in-the-middle_attack // http://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html pref("security.ssl3.dhe_dss_des_ede3_sha", false); pref("security.ssl3.dhe_rsa_des_ede3_sha", false); pref("security.ssl3.ecdh_ecdsa_des_ede3_sha", false); pref("security.ssl3.ecdh_rsa_des_ede3_sha", false); pref("security.ssl3.ecdhe_ecdsa_des_ede3_sha", false); pref("security.ssl3.ecdhe_rsa_des_ede3_sha", false); pref("security.ssl3.rsa_des_ede3_sha", false); pref("security.ssl3.rsa_fips_des_ede3_sha", false); // PREF: Disable ciphers with ECDH (non-ephemeral) pref("security.ssl3.ecdh_rsa_aes_256_sha", false); pref("security.ssl3.ecdh_ecdsa_aes_256_sha", false); // PREF: Disable 256 bits ciphers without PFS pref("security.ssl3.rsa_camellia_256_sha", false); // PREF: Enable ciphers with ECDHE and key size > 128bits pref("security.ssl3.ecdhe_rsa_aes_256_sha", true); // 0xc014 pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true); // 0xc00a // PREF: Enable GCM ciphers (TLSv1.2 only) // https://en.wikipedia.org/wiki/Galois/Counter_Mode pref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true); // 0xc02b pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true); // 0xc02f // PREF: Enable ChaCha20 and Poly1305 (Firefox >= 47) // https://www.mozilla.org/en-US/firefox/47.0/releasenotes/ // https://tools.ietf.org/html/rfc7905 // https://bugzilla.mozilla.org/show_bug.cgi?id=917571 // https://bugzilla.mozilla.org/show_bug.cgi?id=1247860 // https://cr.yp.to/chacha.html pref("security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256", true); pref("security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256", true); // PREF: Disable ciphers susceptible to the logjam attack // https://weakdh.org/ pref("security.ssl3.dhe_rsa_camellia_256_sha", false); pref("security.ssl3.dhe_rsa_aes_256_sha", false); // PREF: Disable ciphers with DSA (max 1024 bits) pref("security.ssl3.dhe_dss_aes_128_sha", false); pref("security.ssl3.dhe_dss_aes_256_sha", false); pref("security.ssl3.dhe_dss_camellia_128_sha", false); pref("security.ssl3.dhe_dss_camellia_256_sha", false); // PREF: Fallbacks due compatibility reasons pref("security.ssl3.rsa_aes_256_sha", true); // 0x35 pref("security.ssl3.rsa_aes_128_sha", true); // 0x2f