Commit Graph

1348 Commits

Author SHA1 Message Date
Thorin-Oakenpants
2db76c95c3
1603: breaks icloud, closes #850 2019-11-23 16:19:09 +00:00
Thorin-Oakenpants
b6fbf77dde
Create ghacks-clear-FF68inclusive-[RFP-alternatives].js 2019-11-23 03:04:14 +00:00
Thorin-Oakenpants
a4ba22e912
Delete ghacks-clear-FF60inclusive-[RFP-alternatives].js 2019-11-23 03:02:59 +00:00
Thorin-Oakenpants
163e18ce6d
Create ghacks-clear-FF68inclusive-[deprecated].js 2019-11-23 02:57:26 +00:00
Thorin-Oakenpants
a13027905e
Delete ghacks-clear-FF60inclusive-[deprecated].js 2019-11-23 02:56:30 +00:00
Thorin-Oakenpants
8f76d9439f
2002: add FF70 bugzilla link 2019-11-22 15:26:38 +00:00
earthlng
f0980b5cb8
2002: add proxy_only_if_behind_proxy 2019-11-22 15:19:37 +00:00
Thorin-Oakenpants
450c9a9e0f
simplify ciphers, closes #839 (#844)
* simplify ciphers

- let's not encourage (remove options 1, 2) changing your cipher suite FP
- remove "it's quite technical ..." (everything is technical to someone), trim to one line
- add test link so users can just see that it's FP'able
- reinforce not to fuck with the cipher suite in the cipher's sub-section
2019-11-23 03:23:08 +13:00
Thorin-Oakenpants
6acfdaccbd
RFP stuff 2019-11-20 04:48:15 +00:00
Thorin-Oakenpants
a0e0a2a6c9
2680 tweak #840 2019-11-19 16:26:14 +00:00
Thorin-Oakenpants
f67e729197
whatsNewPanel correct version 2019-11-19 06:39:08 +00:00
rusty-snake
19526b573c 2805 note, FPI change (#842) 2019-11-19 16:31:48 +13:00
Thorin-Oakenpants
b0221ec838
1576254 version fixup 2019-11-17 10:33:02 +00:00
Thorin-Oakenpants
a3611b7cf8
changes to prefs affecting extensions
also first word on pdfjs.disabled, to be consistent
2019-11-14 02:39:48 +00:00
earthlng
bff1e84afa
v1.6.0 2019-11-11 15:10:14 +00:00
Thorin-Oakenpants
1d31da40ec
missing comma
thanks @sebp  - 0d57cfc44a (commitcomment-35890867)
2019-11-11 13:00:01 +00:00
Thorin-Oakenpants
0d57cfc44a
about_newtab_segregation.enabled 2019-11-09 23:25:52 +00:00
Thorin-Oakenpants
0cfb2fb06d
1703: remove
default true since FF61, and ESR60 is now EOL
2019-11-09 23:23:34 +00:00
Thorin-Oakenpants
d5f297ed42
5000s: disable what's new 2019-11-08 18:06:35 +00:00
earthlng
c13dbdf40d 1201 update (#838)
https://wiki.mozilla.org/Security:Renegotiation describes

> **the new default behaviour** that was introduced in experimental mozilla-central nightly versions on 2010-02-08

where the last step is

> - should the server (or a MITM) request **renegotiation**, Mozilla will terminate the connection with an error message

and then after talking about breakage ...

> The above defaults may break some client/server environments where a Server is still using old software and requires renegotiation.

mentions workarounds to reduce said breakage:

> In order to give such environments a way to keep using Firefox (et.al.) to connect to their vulnerable server infrastructure, the following preferences are available:

specifically talking about the first 2 prefs listed there, one allowing to specify a list of hosts "where renegotiation may be performed" and the 2nd one "completely disables the new protection mechanisms".
But both those prefs were removed in FF38, meaning that since then it's no longer possible to disable the default behaviour that is "should the server (or a MITM) request **renegotiation**, Mozilla will terminate the connection with an error message".

But all of this is about the **re**-negotiation part and not negotiation. And nowhere does it say "insecure" renegotiation, which, as I read it, means that FF will terminate the connection for any kind of **renegotiation**, safe or unsafe.

1201 controls the negotiation part:

> This pref controls the behaviour during the initial negotiation between client and server.
> If set to true, a Mozilla client will reject all connection attempts to servers that are still using the old SSL/TLS protocol and which might be vulnerable to the attack.
> Setting this preference to “true” is the only way to guarantee full protection against the attack.

I think "servers that are still using the old SSL/TLS protocol" actually means servers that **only** support the old protocols.
Servers still supporting those old protocols in addition to some new protocol versions should not be affected by this pref because FF will be able to negotiate to use one of the newer protocol versions.

Ergo lets fix the title and remove the line about renegotiation support because I think that's irrelevant.


ps. the sslpulse link is nice and I'd like to keep it somewhere but it doesn't really fit in 1201 IMO so I moved it to 1202.
2019-11-09 05:42:21 +13:00
earthlng
6173104a9e re-add relevant deprecated items for ESR users (#837)
makes the prefsCleaner scripts useful again for users updating from ESR60 to ESR68
2019-11-09 05:30:03 +13:00
Thorin-Oakenpants
0c79b8b45b
Update README.md 2019-11-08 13:46:20 +00:00
earthlng
895f8d01d5 FF70+: shield studies no longer tied to FHR (#836)
https://bugzilla.mozilla.org/1569330
2019-11-09 02:01:33 +13:00
Thorin-Oakenpants
65dfad5c76
2701: UI changes 2019-11-06 11:37:24 +00:00
earthlng
fdaf22780f
Update README.md 2019-11-02 16:00:12 +00:00
Thorin-Oakenpants
16756646bb
remove DoH, closes #790 2019-10-31 09:49:12 +00:00
Thorin-Oakenpants
e4f80225d8
FF72: FPI & IPv6 2019-10-28 12:12:52 +00:00
Thorin-Oakenpants
67eec9c85c
pbmode insecure text/icon
see `1273`
- we already make **all** windows do this (which overrides the pb mode setting), and these were inactive
- in FF70+ the icon pref (for PB mode and all windows) is now default true
2019-10-27 04:50:59 +00:00
Thorin-Oakenpants
539750d2f2
FF70 hidden/default changes 2019-10-27 04:41:27 +00:00
Thorin-Oakenpants
d91226ed55
tweakin' 2019-10-20 23:59:16 +00:00
Thorin-Oakenpants
301fcd059d
1003: capacity no longer hidden 2019-10-20 23:36:48 +00:00
Thorin-Oakenpants
1cc9a08a18
remove ESR60.x deprecated
These are archived in #123
2019-10-20 22:40:53 +00:00
Thorin-Oakenpants
5d1857ddd8
start 70 commits 2019-10-20 22:32:37 +00:00
Thorin-Oakenpants
226af6f679
69 final 2019-10-20 22:20:50 +00:00
Thorin-Oakenpants
7f2c92f654
webgl.dxgl.enabled 2019-10-15 09:28:52 +00:00
Thorin-Oakenpants
5b82afd5bd
webgl.dxgl.enabled, closes #814 2019-10-15 09:27:44 +00:00
Thorin-Oakenpants
d7b1877a1f
browser.sessionhistory.max_entries see #808 2019-10-14 01:14:50 +00:00
Thorin-Oakenpants
1b6239eab8
remove 0804, closes #808
if anyone can show me how this stops history leaks, then I'll put it back with a note saying it's been broken since FF61
2019-10-14 01:13:27 +00:00
Thorin-Oakenpants
ad0187122d
some SB were reinstated, closes #806 2019-10-07 16:20:03 +00:00
Thorin-Oakenpants
624e50faac
replace ` with ' 2019-10-05 17:51:34 +00:00
Thorin-Oakenpants
a9e9392172
add some SB back, see #803 2019-10-05 17:47:25 +00:00
Thorin-Oakenpants
201210111e
char fix 2019-10-05 15:12:21 +00:00
Thorin-Oakenpants
53f8578749
see #807 2019-10-05 15:09:19 +00:00
Thorin-Oakenpants
dc4d9e4dae
revamp 0200s (#807), closes #0806
- split geo related vs language/locale related
- rip out intl.locale.requested
- rip out intl.regional_prefs.use_os_locales
- add intl.charset.fallback.override
2019-10-06 04:04:41 +13:00
Thorin-Oakenpants
e1b0eae740 goodbye http and other stuff (#801)
* goodbye http and other stuff

* dead link

* put back asmjs [1] ref

* 0805 test

* typo

* 1222 refs

* 1222 FF version

FYI: https://bugzilla.mozilla.org/show_bug.cgi?id=629558

* 2684: security delay ref

* ESR stuff

* ping ref

* 2684 ref

* 0606: give the standard it's correct name

https://html.spec.whatwg.org/multipage/links.html#hyperlink-auditing

* 0805 test instructions

* tweakin'
2019-09-21 16:20:10 +00:00
Thorin-Oakenpants
be0ccf6460
2300: service workers, closes #786 2019-09-17 12:43:50 +12:00
Thorin-Oakenpants
7c0a327b06
cache, closes #778 2019-09-16 15:25:30 +00:00
Thorin-Oakenpants
a35cba3914
2651: android UI breakage, closes #795 2019-09-12 16:22:09 +00:00
Thorin-Oakenpants
e16425310f
0320+0321: redundant prefs, #793 2019-09-12 15:52:46 +00:00
Thorin-Oakenpants
d503d96db0
0320+0321: redundant prefs, closes #793 2019-09-12 15:50:54 +00:00