diff --git a/user.js b/user.js index 38f0cd8..ce2e2f2 100644 --- a/user.js +++ b/user.js @@ -594,7 +594,7 @@ user_pref("browser.cache.disk_cache_ssl", false); * [NOTE] Not recommended unless you know what you're doing * [1] http://kb.mozillazine.org/Browser.sessionhistory.max_total_viewers ***/ // user_pref("browser.sessionhistory.max_total_viewers", 0); -/* 1006: disable permissions manager from writing to disk (requires restart) +/* 1006: disable permissions manager from writing to disk [RESTART] * [NOTE] This means any permission changes are session only * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=967812 ***/ // user_pref("permissions.memory_only", true); // (hidden pref) @@ -638,7 +638,7 @@ user_pref("browser.shell.shortcutFavicons", false); /* 1032: disable favicons in web notifications ***/ user_pref("alerts.showFavicons", false); -/*** 1100: MULTI-PROCESS (e10s) +/*** 1100: MULTI-PROCESS (e10s) [RESTART] We recommend you let Firefox handle this. Until e10s is enforced, if - all your legacy extensions have the 'multiprocessCompatible' flag as true, then FF = e10s - any legacy extensions have 'multiprocessCompatible' flag as false, then FF != e10s @@ -757,7 +757,7 @@ user_pref("security.OCSP.require", true); * 2=detect Family Safety mode and import the root * [1] https://trac.torproject.org/projects/tor/ticket/21686 ***/ user_pref("security.family_safety.mode", 0); -/* 1221: disable intermediate certificate caching (fingerprinting attack vector) +/* 1221: disable intermediate certificate caching (fingerprinting attack vector) [RESTART] * [NOTE] This may be better handled under FPI (ticket 1323644, part of Tor Uplift) * [WARNING] This affects login/cert/key dbs. The effect is all credentials are session-only. * Saved logins and passwords are not available. Reset the pref and restart to return them. @@ -865,7 +865,7 @@ user_pref("gfx.downloadable_fonts.woff2.enabled", false); /* 1406: disable CSS Font Loading API * [SETUP] Disabling fonts can uglify the web a fair bit. ***/ user_pref("layout.css.font-loading-api.enabled", false); -/* 1407: disable special underline handling for a few fonts which you will probably never use. +/* 1407: disable special underline handling for a few fonts which you will probably never use [RESTART] * Any of these fonts on your system can be enumerated for fingerprinting. Requires restart. * [1] http://kb.mozillazine.org/Font.blacklist.underline_offset ***/ user_pref("font.blacklist.underline_offset", ""); @@ -873,7 +873,7 @@ user_pref("font.blacklist.underline_offset", ""); * In the past it had security issues. Update: This continues to be the case, see [1] * [1] https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778 ***/ user_pref("gfx.font_rendering.graphite.enabled", false); -/* 1409: limit system font exposure to a whitelist (FF52+) [SETUP] +/* 1409: limit system font exposure to a whitelist (FF52+) [SETUP] [RESTART] * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed. * [NOTE] Creating your own probably highly-unique whitelist will raise your entropy. If * you block sites choosing fonts in 1401, this preference is irrelevant. In future, @@ -998,7 +998,7 @@ user_pref("media.gmp-widevinecdm.autoupdate", false); /* 1830: disable all DRM content (EME: Encryption Media Extension) [SETUP] * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/ user_pref("media.eme.enabled", false); // Options>Content>Play DRM Content -user_pref("browser.eme.ui.enabled", false); // hides "Play DRM Content" checkbox, restart required +user_pref("browser.eme.ui.enabled", false); // hides "Play DRM Content" checkbox [RESTART] /* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate" * This is the bundled codec used for video chat in WebRTC ***/ user_pref("media.gmp-gmpopenh264.enabled", false); // (hidden pref) @@ -1329,7 +1329,7 @@ user_pref("browser.uitour.url", ""); /* 2629: disable remote JAR files being opened, regardless of content type (FF42+) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1173171 ***/ user_pref("network.jar.block-remote-files", true); -/* 2630: prevent accessibility services from accessing your browser +/* 2630: prevent accessibility services from accessing your browser [RESTART] * [SETTING] Options>Privacy & Security>Permissions>Prevent accessibility services from accessing your browser * [1] https://support.mozilla.org/kb/accessibility-services ***/ user_pref("accessibility.force_disabled", 1);