Commit Graph

1426 Commits

Author SHA1 Message Date
Thorin-Oakenpants
5d2c5de11c
fixup deprecated ESR-cycle version 2020-01-15 02:53:07 +00:00
Thorin-Oakenpants
e1022c2e72
72-beta 2020-01-14 17:38:22 +00:00
Thorin-Oakenpants
e431b324c8
FF72 deprecated 2020-01-08 02:53:25 +00:00
Thorin-Oakenpants
18ad40a5c6
systemUsesDarkTheme -> RFP Alts 2019-12-25 02:14:49 +00:00
rusty-snake
315de066ec typo (#870) 2019-12-24 11:49:19 +00:00
Thorin-Oakenpants
85273d0f19
0517: setting tag 2019-12-22 07:13:48 +00:00
Thorin-Oakenpants
ef293b57a7
5000s: add ui.systemUsesDarkTheme 2019-12-22 06:14:25 +00:00
Thorin-Oakenpants
79d316fd22
remove old deprecations 2019-12-19 16:37:19 +00:00
Thorin-Oakenpants
ed60588473
72-alpha start 2019-12-19 16:34:44 +00:00
Thorin-Oakenpants
07c128a190
71 final 2019-12-19 16:31:51 +00:00
Thorin-Oakenpants
5b1d56933b
middlemouse.paste, see #735 2019-12-19 16:21:21 +00:00
Thorin-Oakenpants
34cfcedc1b
2402+2403, finally closes #735 2019-12-19 16:19:39 +00:00
Thorin-Oakenpants
f9146fdf24
update setting tags, minor tweaks 2019-12-18 09:46:21 +00:00
Thorin-Oakenpants
a1cdbc8324
1408 graphite, closes #1408 and 2619 puncyode 2019-12-18 07:46:44 +00:00
earthlng
cd07641a9d 2701: make sure cookieBehavior is always honored (#866)
see #862
2019-12-18 05:02:25 +00:00
earthlng
9c02949e04
0000: config.xhtml in FF73+ (#865) 2019-12-17 15:00:34 +00:00
Thorin-Oakenpants
1ef62a1036
media.block-autoplay-until-in-foreground #840 2019-12-12 01:24:12 +00:00
Thorin-Oakenpants
5672bc8cc8
2032 removed, 4002 inactive, closes #840 2019-12-12 01:21:17 +00:00
Thorin-Oakenpants
df1732745d
0308: seach engine updates: better info #840 2019-12-10 22:07:23 +00:00
Thorin-Oakenpants
30daf8640c
FPI stuff 2019-12-09 20:18:42 +00:00
earthlng
4074a37e1d 1201 + 1270 update (#859)
trim by a line, remove extra space, fixup on red, indicate it only applies if 1201 is false
2019-12-07 18:26:39 +00:00
Thorin-Oakenpants
97043b0ce1
71-beta 2019-12-06 12:19:21 +00:00
Thorin-Oakenpants
42ea484017
71 deprecated (#856) 2019-12-04 14:13:49 +13:00
Thorin-Oakenpants
3f6340b69c
OMG!! 2019-12-03 14:51:44 +00:00
earthlng
884e84a4cb about:config warning back to the top + active (#855) 2019-12-04 03:44:59 +13:00
Thorin-Oakenpants
560acfc94f
70 final 2019-12-03 07:31:47 +00:00
Thorin-Oakenpants
fb263f5624
favicons: 1031 better info, 1032 inactive #840 (#851) 2019-12-02 23:04:09 +13:00
Thorin-Oakenpants
19b392b83d
70-beta 2019-11-24 05:23:10 +00:00
Thorin-Oakenpants
2db76c95c3
1603: breaks icloud, closes #850 2019-11-23 16:19:09 +00:00
Thorin-Oakenpants
b6fbf77dde
Create ghacks-clear-FF68inclusive-[RFP-alternatives].js 2019-11-23 03:04:14 +00:00
Thorin-Oakenpants
a4ba22e912
Delete ghacks-clear-FF60inclusive-[RFP-alternatives].js 2019-11-23 03:02:59 +00:00
Thorin-Oakenpants
163e18ce6d
Create ghacks-clear-FF68inclusive-[deprecated].js 2019-11-23 02:57:26 +00:00
Thorin-Oakenpants
a13027905e
Delete ghacks-clear-FF60inclusive-[deprecated].js 2019-11-23 02:56:30 +00:00
Thorin-Oakenpants
8f76d9439f
2002: add FF70 bugzilla link 2019-11-22 15:26:38 +00:00
earthlng
f0980b5cb8
2002: add proxy_only_if_behind_proxy 2019-11-22 15:19:37 +00:00
Thorin-Oakenpants
450c9a9e0f
simplify ciphers, closes #839 (#844)
* simplify ciphers

- let's not encourage (remove options 1, 2) changing your cipher suite FP
- remove "it's quite technical ..." (everything is technical to someone), trim to one line
- add test link so users can just see that it's FP'able
- reinforce not to fuck with the cipher suite in the cipher's sub-section
2019-11-23 03:23:08 +13:00
Thorin-Oakenpants
6acfdaccbd
RFP stuff 2019-11-20 04:48:15 +00:00
Thorin-Oakenpants
a0e0a2a6c9
2680 tweak #840 2019-11-19 16:26:14 +00:00
Thorin-Oakenpants
f67e729197
whatsNewPanel correct version 2019-11-19 06:39:08 +00:00
rusty-snake
19526b573c 2805 note, FPI change (#842) 2019-11-19 16:31:48 +13:00
Thorin-Oakenpants
b0221ec838
1576254 version fixup 2019-11-17 10:33:02 +00:00
Thorin-Oakenpants
a3611b7cf8
changes to prefs affecting extensions
also first word on pdfjs.disabled, to be consistent
2019-11-14 02:39:48 +00:00
earthlng
bff1e84afa
v1.6.0 2019-11-11 15:10:14 +00:00
Thorin-Oakenpants
1d31da40ec
missing comma
thanks @sebp  - 0d57cfc44a (commitcomment-35890867)
2019-11-11 13:00:01 +00:00
Thorin-Oakenpants
0d57cfc44a
about_newtab_segregation.enabled 2019-11-09 23:25:52 +00:00
Thorin-Oakenpants
0cfb2fb06d
1703: remove
default true since FF61, and ESR60 is now EOL
2019-11-09 23:23:34 +00:00
Thorin-Oakenpants
d5f297ed42
5000s: disable what's new 2019-11-08 18:06:35 +00:00
earthlng
c13dbdf40d 1201 update (#838)
https://wiki.mozilla.org/Security:Renegotiation describes

> **the new default behaviour** that was introduced in experimental mozilla-central nightly versions on 2010-02-08

where the last step is

> - should the server (or a MITM) request **renegotiation**, Mozilla will terminate the connection with an error message

and then after talking about breakage ...

> The above defaults may break some client/server environments where a Server is still using old software and requires renegotiation.

mentions workarounds to reduce said breakage:

> In order to give such environments a way to keep using Firefox (et.al.) to connect to their vulnerable server infrastructure, the following preferences are available:

specifically talking about the first 2 prefs listed there, one allowing to specify a list of hosts "where renegotiation may be performed" and the 2nd one "completely disables the new protection mechanisms".
But both those prefs were removed in FF38, meaning that since then it's no longer possible to disable the default behaviour that is "should the server (or a MITM) request **renegotiation**, Mozilla will terminate the connection with an error message".

But all of this is about the **re**-negotiation part and not negotiation. And nowhere does it say "insecure" renegotiation, which, as I read it, means that FF will terminate the connection for any kind of **renegotiation**, safe or unsafe.

1201 controls the negotiation part:

> This pref controls the behaviour during the initial negotiation between client and server.
> If set to true, a Mozilla client will reject all connection attempts to servers that are still using the old SSL/TLS protocol and which might be vulnerable to the attack.
> Setting this preference to “true” is the only way to guarantee full protection against the attack.

I think "servers that are still using the old SSL/TLS protocol" actually means servers that **only** support the old protocols.
Servers still supporting those old protocols in addition to some new protocol versions should not be affected by this pref because FF will be able to negotiate to use one of the newer protocol versions.

Ergo lets fix the title and remove the line about renegotiation support because I think that's irrelevant.


ps. the sslpulse link is nice and I'd like to keep it somewhere but it doesn't really fit in 1201 IMO so I moved it to 1202.
2019-11-09 05:42:21 +13:00
earthlng
6173104a9e re-add relevant deprecated items for ESR users (#837)
makes the prefsCleaner scripts useful again for users updating from ESR60 to ESR68
2019-11-09 05:30:03 +13:00
Thorin-Oakenpants
0c79b8b45b
Update README.md 2019-11-08 13:46:20 +00:00