Commit Graph

994 Commits

Author SHA1 Message Date
earthlng
4074a37e1d 1201 + 1270 update (#859)
trim by a line, remove extra space, fixup on red, indicate it only applies if 1201 is false
2019-12-07 18:26:39 +00:00
Thorin-Oakenpants
97043b0ce1
71-beta 2019-12-06 12:19:21 +00:00
Thorin-Oakenpants
42ea484017
71 deprecated (#856) 2019-12-04 14:13:49 +13:00
Thorin-Oakenpants
3f6340b69c
OMG!! 2019-12-03 14:51:44 +00:00
earthlng
884e84a4cb about:config warning back to the top + active (#855) 2019-12-04 03:44:59 +13:00
Thorin-Oakenpants
560acfc94f
70 final 2019-12-03 07:31:47 +00:00
Thorin-Oakenpants
fb263f5624
favicons: 1031 better info, 1032 inactive #840 (#851) 2019-12-02 23:04:09 +13:00
Thorin-Oakenpants
19b392b83d
70-beta 2019-11-24 05:23:10 +00:00
Thorin-Oakenpants
2db76c95c3
1603: breaks icloud, closes #850 2019-11-23 16:19:09 +00:00
Thorin-Oakenpants
8f76d9439f
2002: add FF70 bugzilla link 2019-11-22 15:26:38 +00:00
earthlng
f0980b5cb8
2002: add proxy_only_if_behind_proxy 2019-11-22 15:19:37 +00:00
Thorin-Oakenpants
450c9a9e0f
simplify ciphers, closes #839 (#844)
* simplify ciphers

- let's not encourage (remove options 1, 2) changing your cipher suite FP
- remove "it's quite technical ..." (everything is technical to someone), trim to one line
- add test link so users can just see that it's FP'able
- reinforce not to fuck with the cipher suite in the cipher's sub-section
2019-11-23 03:23:08 +13:00
Thorin-Oakenpants
6acfdaccbd
RFP stuff 2019-11-20 04:48:15 +00:00
Thorin-Oakenpants
a0e0a2a6c9
2680 tweak #840 2019-11-19 16:26:14 +00:00
Thorin-Oakenpants
f67e729197
whatsNewPanel correct version 2019-11-19 06:39:08 +00:00
rusty-snake
19526b573c 2805 note, FPI change (#842) 2019-11-19 16:31:48 +13:00
Thorin-Oakenpants
b0221ec838
1576254 version fixup 2019-11-17 10:33:02 +00:00
Thorin-Oakenpants
a3611b7cf8
changes to prefs affecting extensions
also first word on pdfjs.disabled, to be consistent
2019-11-14 02:39:48 +00:00
Thorin-Oakenpants
0cfb2fb06d
1703: remove
default true since FF61, and ESR60 is now EOL
2019-11-09 23:23:34 +00:00
Thorin-Oakenpants
d5f297ed42
5000s: disable what's new 2019-11-08 18:06:35 +00:00
earthlng
c13dbdf40d 1201 update (#838)
https://wiki.mozilla.org/Security:Renegotiation describes

> **the new default behaviour** that was introduced in experimental mozilla-central nightly versions on 2010-02-08

where the last step is

> - should the server (or a MITM) request **renegotiation**, Mozilla will terminate the connection with an error message

and then after talking about breakage ...

> The above defaults may break some client/server environments where a Server is still using old software and requires renegotiation.

mentions workarounds to reduce said breakage:

> In order to give such environments a way to keep using Firefox (et.al.) to connect to their vulnerable server infrastructure, the following preferences are available:

specifically talking about the first 2 prefs listed there, one allowing to specify a list of hosts "where renegotiation may be performed" and the 2nd one "completely disables the new protection mechanisms".
But both those prefs were removed in FF38, meaning that since then it's no longer possible to disable the default behaviour that is "should the server (or a MITM) request **renegotiation**, Mozilla will terminate the connection with an error message".

But all of this is about the **re**-negotiation part and not negotiation. And nowhere does it say "insecure" renegotiation, which, as I read it, means that FF will terminate the connection for any kind of **renegotiation**, safe or unsafe.

1201 controls the negotiation part:

> This pref controls the behaviour during the initial negotiation between client and server.
> If set to true, a Mozilla client will reject all connection attempts to servers that are still using the old SSL/TLS protocol and which might be vulnerable to the attack.
> Setting this preference to “true” is the only way to guarantee full protection against the attack.

I think "servers that are still using the old SSL/TLS protocol" actually means servers that **only** support the old protocols.
Servers still supporting those old protocols in addition to some new protocol versions should not be affected by this pref because FF will be able to negotiate to use one of the newer protocol versions.

Ergo lets fix the title and remove the line about renegotiation support because I think that's irrelevant.


ps. the sslpulse link is nice and I'd like to keep it somewhere but it doesn't really fit in 1201 IMO so I moved it to 1202.
2019-11-09 05:42:21 +13:00
earthlng
6173104a9e re-add relevant deprecated items for ESR users (#837)
makes the prefsCleaner scripts useful again for users updating from ESR60 to ESR68
2019-11-09 05:30:03 +13:00
earthlng
895f8d01d5 FF70+: shield studies no longer tied to FHR (#836)
https://bugzilla.mozilla.org/1569330
2019-11-09 02:01:33 +13:00
Thorin-Oakenpants
65dfad5c76
2701: UI changes 2019-11-06 11:37:24 +00:00
Thorin-Oakenpants
16756646bb
remove DoH, closes #790 2019-10-31 09:49:12 +00:00
Thorin-Oakenpants
e4f80225d8
FF72: FPI & IPv6 2019-10-28 12:12:52 +00:00
Thorin-Oakenpants
539750d2f2
FF70 hidden/default changes 2019-10-27 04:41:27 +00:00
Thorin-Oakenpants
d91226ed55
tweakin' 2019-10-20 23:59:16 +00:00
Thorin-Oakenpants
301fcd059d
1003: capacity no longer hidden 2019-10-20 23:36:48 +00:00
Thorin-Oakenpants
1cc9a08a18
remove ESR60.x deprecated
These are archived in #123
2019-10-20 22:40:53 +00:00
Thorin-Oakenpants
5d1857ddd8
start 70 commits 2019-10-20 22:32:37 +00:00
Thorin-Oakenpants
226af6f679
69 final 2019-10-20 22:20:50 +00:00
Thorin-Oakenpants
5b82afd5bd
webgl.dxgl.enabled, closes #814 2019-10-15 09:27:44 +00:00
Thorin-Oakenpants
1b6239eab8
remove 0804, closes #808
if anyone can show me how this stops history leaks, then I'll put it back with a note saying it's been broken since FF61
2019-10-14 01:13:27 +00:00
Thorin-Oakenpants
624e50faac
replace ` with ' 2019-10-05 17:51:34 +00:00
Thorin-Oakenpants
a9e9392172
add some SB back, see #803 2019-10-05 17:47:25 +00:00
Thorin-Oakenpants
201210111e
char fix 2019-10-05 15:12:21 +00:00
Thorin-Oakenpants
dc4d9e4dae
revamp 0200s (#807), closes #0806
- split geo related vs language/locale related
- rip out intl.locale.requested
- rip out intl.regional_prefs.use_os_locales
- add intl.charset.fallback.override
2019-10-06 04:04:41 +13:00
Thorin-Oakenpants
e1b0eae740 goodbye http and other stuff (#801)
* goodbye http and other stuff

* dead link

* put back asmjs [1] ref

* 0805 test

* typo

* 1222 refs

* 1222 FF version

FYI: https://bugzilla.mozilla.org/show_bug.cgi?id=629558

* 2684: security delay ref

* ESR stuff

* ping ref

* 2684 ref

* 0606: give the standard it's correct name

https://html.spec.whatwg.org/multipage/links.html#hyperlink-auditing

* 0805 test instructions

* tweakin'
2019-09-21 16:20:10 +00:00
Thorin-Oakenpants
be0ccf6460
2300: service workers, closes #786 2019-09-17 12:43:50 +12:00
Thorin-Oakenpants
7c0a327b06
cache, closes #778 2019-09-16 15:25:30 +00:00
Thorin-Oakenpants
a35cba3914
2651: android UI breakage, closes #795 2019-09-12 16:22:09 +00:00
Thorin-Oakenpants
d503d96db0
0320+0321: redundant prefs, closes #793 2019-09-12 15:50:54 +00:00
Thorin-Oakenpants
7311cfdf84
remove 1002, closes #792 2019-09-09 21:43:50 +00:00
rusty-snake
3a9440aeea 0707: Add mode 5 (#789) 2019-09-08 11:38:37 +00:00
Thorin-Oakenpants
3210ab0ca8
370: pocket -> 5000s, closes #787 2019-09-07 07:22:32 +00:00
Thorin-Oakenpants
2c734612f6
ummm .. beta
OK, did that all back to front... alpha is when we're working on the diffs .. beta is when we finished it
2019-09-04 21:40:04 +00:00
Thorin-Oakenpants
a12dd83b1f
69-alpha, fixes #766 2019-09-04 21:36:50 +00:00
earthlng
44d9ceaf05 various tidyups 2019-09-04 01:40:33 +12:00
Thorin-Oakenpants
be9d9ac9ca
2701: tidyup 2019-09-03 03:34:16 +00:00