- FF version tags are now square brackets (allows for [FF52-63] etc, as long as you parse for [FF. Any other references to FF versions if needed, use round brackets (e.g in descriptions, header sections etc)
- FF version tags, where possible, are now after each pref. This removes confusion, and allows for extra new prefs to be inserted under that number. The bulk of these were numbered items with a single pref. Where the version tag was in the pref description but we had multiple prefs, I left those mostly alone, because I cannot be sure they all adhere to the same version release. At some stage it would be nice to enforce ALL version tags to each pref (but that would be a lot of work!).
- Default tags are now all `[DEFAULT*]` and can contain extra info, eg [DEFAULT: true in FF61+]. This means we can ignore tagging things such as the Font information in 1402 etc. The purpose of these is to pick up where we enforce defaults, but we include the value, because of OS differences.
- Hidden tags are now all `[HIDDEN PREF]
- Got sidetracked on versions and defaults, but there are some other edits in here. Started to make sure numbered first lines are self contained and the wording doesn't overflow into the next line. Moved or removed a few comments from end of pref lines, i.e. `// text` where possible - e.g some setting info
- I also did this throughout the entire file (e.g deprecated also got tidied up a bit), even though this is for overdodactyl awesome project which would, when finished, stop at the beginning of the personal section
- Need eyeballs on this to double check I didn't do any typos.
Session Restore cannot be disabled in Normal mode, it is also used internally. FYI: PB Mode does not use Session Restore. The description is still not 100%, as it refers to what is restored, not what is kept in the recovery.jsonlz4 (at least for tabs)
flipped true in FF54: https://bugzilla.mozilla.org/show_bug.cgi?id=1026804 but unsure when the pref itself was introduced. note: other timing prefs were always in 2400's see 4602: [2411] disable resource/navigation timing / 4603: [2412] disable timing attacks
it has zero to do with privacy etc, and in fact most users will only ever encounter it once (and check the box) when they first go to about:config, so it's not even useful as an override or a new profile IMO. This removes one of three numbers that don't have a section
when argument `-l` is used, parse profiles.ini instead of just listing folders in the default profiles dir.
This allows to select profiles located outside of the default profiles directory and makes selection easier because it also shows the profile name (and selection is by number instead of having to copy-paste a path)
* Uses `perl` as a last resort if `curl` and `wget` are not available (fixes#537)
* Aborts and notifies user if none of the above are installed
* Better use of functions
* When version numbers are checked, the contents are immediately saved to a temp dir. This allows us to skip using wget/curl/perl a second time
* Improved messages for users
* Added various font colors for ease of use and aesthetics
TLS 1.0 and 1.1 are still secure. Sure, later versions are more secure, but 98% of the web is already upgraded - less than 2% of sites use < v1.2. So it's not very likely you would come across a site that requires it, but if you did, what's the point in breaking it. Mozilla and Chrome already have plans to deprecate TLS 1.0 & 1.1, and force that last 2% of sites.
TLS settings can be FP'ed without JS. By sticking with the defaults, I do not see any security issues, but an increase in potential anti-FPing. TBH, the chances of either (i.e being FP'ed with TLS as a entropy point, or being compromised due to TLS<1.2) are slim to non anyway.
Any arguments, please see @earthlng
