From 7351e561c429adbbb94f2130a77b0a153bff8d8f Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Thu, 15 Nov 2018 07:06:34 +0000
Subject: [PATCH] 1243: mixed OBJECT_SUBREQUESTS

---
 user.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/user.js b/user.js
index 282fea8..8415596 100644
--- a/user.js
+++ b/user.js
@@ -793,6 +793,9 @@ user_pref("security.cert_pinning.enforcement_level", 2);
 user_pref("security.mixed_content.block_active_content", true); // default: true
 /* 1241: disable insecure passive content (such as images) on https pages - mixed context ***/
 user_pref("security.mixed_content.block_display_content", true);
+/* 1243: block unencrypted requests from Flash on encrypted pages to mitigate MitM attacks (FF59+)
+ * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1190623 ***/
+user_pref("security.mixed_content.block_object_subrequest", true);
 
 /** CIPHERS [see the section 1200 intro] ***/
 /* 1260: disable or limit SHA-1