diff --git a/user.js b/user.js index ccbb827..f64d4a4 100644 --- a/user.js +++ b/user.js @@ -131,7 +131,8 @@ user_pref("browser.region.update.enabled", false); // [[FF79+] /* 0204: set search region * [NOTE] May not be hidden if Firefox has changed your settings due to your region (0203) ***/ // user_pref("browser.search.region", "US"); // [HIDDEN PREF] -/* 0210: set preferred language for displaying web pages +/* 0210: set preferred language for displaying pages + * [SETTING] General>Language and Appearance>Language>Choose your preferred language... * [TEST] https://addons.mozilla.org/about ***/ user_pref("intl.accept_languages", "en-US, en"); /* 0211: use US English locale regardless of the system locale @@ -495,13 +496,14 @@ user_pref("security.tls.enable_0rtt_data", false); [1] https://scotthelme.co.uk/revocation-is-broken/ [2] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/ -/* 1211: control when to use OCSP fetching (to confirm current validity of certificates) +/* 1211: enforce OCSP fetching to confirm current validity of certificates * 0=disabled, 1=enabled (default), 2=enabled for EV certificates only * OCSP (non-stapled) leaks information about the sites you visit to the CA (cert authority) * It's a trade-off between security (checking) and privacy (leaking info to the CA) * [NOTE] This pref only controls OCSP fetching and does not affect OCSP stapling + * [SETTING] Privacy & Security>Security>Certificates>Query OCSP responder servers... * [1] https://en.wikipedia.org/wiki/Ocsp ***/ -user_pref("security.OCSP.enabled", 1); +user_pref("security.OCSP.enabled", 1); // [DEFAULT: true] /* 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail [SETUP-WEB] * When a CA cannot be reached to validate a cert, Firefox just continues the connection (=soft-fail) * Setting this pref to true tells Firefox to instead terminate the connection (=hard-fail) @@ -527,7 +529,7 @@ user_pref("security.pki.sha1_enforcement_level", 1); * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21686 ***/ user_pref("security.family_safety.mode", 0); /* 1223: enable strict pinning - * PKP (Public Key Pinning) 0=disabled 1=allow user MiTM (such as your antivirus), 2=strict + * PKP (Public Key Pinning) 0=disabled, 1=allow user MiTM (such as your antivirus), 2=strict * [SETUP-WEB] If you rely on an AV (antivirus) to protect your web browsing * by inspecting ALL your web traffic, then leave at current default=1 * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206 ***/ @@ -566,7 +568,7 @@ user_pref("dom.security.https_only_mode_send_http_background_request", false); * [2] https://bugzilla.mozilla.org/1353705 ***/ user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); /* 1271: control "Add Security Exception" dialog on SSL warnings - * 0=do neither 1=pre-populate url 2=pre-populate url + pre-fetch cert (default) + * 0=do neither, 1=pre-populate url, 2=pre-populate url + pre-fetch cert (default) * [1] https://github.com/pyllyukko/user.js/issues/210 ***/ user_pref("browser.ssl_override_behavior", 1); /* 1272: display advanced information on Insecure Connection warning pages @@ -1066,14 +1068,18 @@ user_pref("browser.display.use_system_colors", false); // [DEFAULT: false] * [1] https://bugzilla.mozilla.org/1381938 * [2] https://bugzilla.mozilla.org/1411425 ***/ user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true FF89+] -/* 4512: open links targeting new windows in a new tab instead +/* 4512: enforce links targeting new windows to open in a new tab instead + * 1=most recent window or tab, 2=new window, 3=new tab * Stops malicious window sizes and some screen resolution leaks. * You can still right-click a link and open in a new window + * [SETTING] General>Tabs>Open links in tabs instead of new windows * [TEST] https://arkenfox.github.io/TZP/tzp.html#screen * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881 ***/ -user_pref("browser.link.open_newwindow", 3); // 1=most recent window or tab 2=new window, 3=new tab +user_pref("browser.link.open_newwindow", 3); // [DEFAULT: 3] +/* 4513: set all open window methods to abide by "browser.link.open_newwindow" (4512) + * [1] https://searchfox.org/mozilla-central/source/dom/tests/browser/browser_test_new_window_from_content.js ***/ user_pref("browser.link.open_newwindow.restriction", 0); -/* 4513: disable WebGL (Web Graphics Library) +/* 4520: disable WebGL (Web Graphics Library) * [SETUP-WEB] If you need it then enable it. RFP still randomizes canvas for naive scripts ***/ user_pref("webgl.disabled", true);