summaryrefslogtreecommitdiff
path: root/nonprism/iceweasel-hardened-preferences
diff options
context:
space:
mode:
authorGaming4JC <g4jc@openmailbox.org>2017-05-08 22:20:06 -0400
committerGaming4JC <g4jc@openmailbox.org>2017-05-08 22:20:06 -0400
commit28b4e69d02cd3ed216d598902c4c7f9ad634da59 (patch)
tree58ac8acff25b471f3f6feb579aee29be8ee25ac8 /nonprism/iceweasel-hardened-preferences
parent225946f2ea9b0e9932db93c94f7c03c9d1cb8128 (diff)
downloadabslibre-28b4e69d02cd3ed216d598902c4c7f9ad634da59.tar.gz
abslibre-28b4e69d02cd3ed216d598902c4c7f9ad634da59.tar.bz2
abslibre-28b4e69d02cd3ed216d598902c4c7f9ad634da59.zip
update iceweasel-hardened-prefs
Diffstat (limited to 'nonprism/iceweasel-hardened-preferences')
-rw-r--r--nonprism/iceweasel-hardened-preferences/PKGBUILD8
-rw-r--r--nonprism/iceweasel-hardened-preferences/iceweasel-branding.js1393
2 files changed, 908 insertions, 493 deletions
diff --git a/nonprism/iceweasel-hardened-preferences/PKGBUILD b/nonprism/iceweasel-hardened-preferences/PKGBUILD
index 17954f5a0..e5c3883f6 100644
--- a/nonprism/iceweasel-hardened-preferences/PKGBUILD
+++ b/nonprism/iceweasel-hardened-preferences/PKGBUILD
@@ -2,8 +2,8 @@
# Contributor: André Silva <emulatorman@parabola.nu>
pkgname=iceweasel-hardened-preferences
-pkgver=0.7
-pkgrel=2
+pkgver=0.8
+pkgrel=1
pkgdesc="Hardened preferences script which runs Iceweasel to protect from a variety of privacy, security, and fingerprinting attacks."
arch=(any)
license=(MPL)
@@ -21,11 +21,11 @@ source=('firefox-branding.js'
'iceweasel-hardened.install')
sha512sums=('cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e'
'd542452fa1d619d22e9c9b6e4af58d7310abdc5c81d871a1abbddb0087c53913c8a244af2b7be416a2c439383afc2480c439078ebde0ccac518300d9027b4800'
- 'bfaa9287eb7fc27198fe9885755520b92db1f4db998a056170d6cc35bf0965198df4ff68e7500d62bf1f7778bf33dea7da70cda1975d38058ff9e73058490cef'
+ '0e94131a7d8f536131a492965612e24bd414673a7d029cfa5e973b881f5321649e31b07635c31168edd151ac4192b1e29751f43f1e24beaf867603e12a6ebef4'
'e9baa13d50195ff5be507093c45c00bb06a77c9e633ac183ec2fd74eebb11bfc07bde334fe4455b763e8700cde146ae223578ebd8d13066739220502b6eebff6')
whirlpoolsums=('19fa61d75522a4669b44e39c1d2e1726c530232130d407f89afee0964997f7a73e83be698b288febcf88e3e03c4f0757ea8964e59b63d93708b138cc42a66eb3'
'f7cb38e58f644ddeae9f931c290ae1d96e54d0a8937171f2ebad498b65b87f2115cbd0a0f2a55e12dceba7a387e70fd2432678010a87975f8322c9c27b41efd2'
- '575d312dd027ec2958c0098e9617a14edc312231d8c2f56d9b77620f4cd0109947f02ac3f38ea2f746c1a24a97d2683c3fa7d571abfb85fc1fa21d366fec2137'
+ '2bf292142f87bb6e31bebadd79294362f04b7aa53b151393df5c9ae2e87b6f78e17042df1e87a1143a22b39739a60425dc60751260d84c9e764c22774a64ab6e'
'44b57bbbf8f00ffee11afc84f5ea3daedc39e59da3ee91e337c1eaad24c014caf5680eb250e25a3e046db9caaf6829c3b667693de9f040d8864be34b96300bb9')
package() {
diff --git a/nonprism/iceweasel-hardened-preferences/iceweasel-branding.js b/nonprism/iceweasel-hardened-preferences/iceweasel-branding.js
index 470ecd168..f22d25921 100644
--- a/nonprism/iceweasel-hardened-preferences/iceweasel-branding.js
+++ b/nonprism/iceweasel-hardened-preferences/iceweasel-branding.js
@@ -1,8 +1,9 @@
-/******************************************************************************
- * user.js *
- * Adapted from... *
- * https://github.com/pyllyukko/user.js *
- * https://github.com/The-OP/Fox/tree/master/prefs *
+/****************************************************************************
+ * user.js *
+ * Adapted from... *
+ * https://github.com/pyllyukko/user.js *
+ * https://github.com/The-OP/Fox/tree/master/prefs *
+ * https://github.com/ghacksuserjs/ghacks-user.js *
******************************************************************************/
/*****************************************************************************
@@ -16,44 +17,233 @@ pref("gfx.direct2d.disabled", true);
pref("layers.acceleration.disabled", true);
pref("gfx.downloadable_fonts.fallback_delay", -1);
pref("intl.charset.default", "windows-1252");
-pref("intl.locale.matchOS", false);
-// Set locale to en-US (if you are using localized version of FF)
-pref("intl.accept_languages", "en-US, en");
-pref("javascript.use_us_english_locale", true);
+pref("privacy.use_utc_timezone", true);
+pref("privacy.suppressModifierKeyEvents", true); // Bug #17009: Suppress ALT and SHIFT events"
pref("noscript.forbidFonts", true);
-// Favicons cause fingerprinting by downloading your entire bookmarks toolbar on start-up.
-pref("browser.chrome.favicons", false);
-pref("browser.chrome.site_icons", false);
-pref("browser.shell.shortcutFavicons", false);
+pref("dom.maxHardwareConcurrency", 1); // Bug 21675: Spoof single-core cpu
+
+// Tor Browser Font config
+// https://gitweb.torproject.org/tor-browser.git/tree/browser/app/profile/000-tor-browser.js?h=tor-browser-52.1.0esr-7.0-2
+pref("font.default.lo", "Noto Sans Lao");
+pref("font.default.my", "Noto Sans Myanmar");
+pref("font.default.x-western", "sans-serif");
+pref("font.name-list.cursive.ar", "Noto Naskh Arabic, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.cursive.he", "Noto Sans Hebrew, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.cursive.x-cyrillic", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.cursive.x-unicode", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.cursive.x-western", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.fantasy.ar", "Noto Naskh Arabic, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.fantasy.el", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.fantasy.he", "Noto Sans Hebrew, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.fantasy.x-cyrillic", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.fantasy.x-unicode", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.fantasy.x-western", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.monospace.ar", "Noto Naskh Arabic, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.monospace.el", "Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.monospace.he", "Noto Sans Hebrew, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.monospace.ja", "Noto Sans JP Regular, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.monospace.ko", "Noto Sans KR Regular, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.monospace.th", "Noto Sans Thai, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.monospace.x-armn", "Noto Sans Armenian, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.monospace.x-beng", "Noto Sans Bengali, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.monospace.x-cyrillic", "Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.monospace.x-devanagari", "Noto Sans Devanagari, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.monospace.x-ethi", "Noto Sans Ethiopic, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.monospace.x-geor", "Noto Sans Georgian, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.monospace.x-gujr", "Noto Sans Gujarati, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.monospace.x-guru", "Noto Sans Gurmukhi, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.monospace.x-khmr", "Noto Sans Khmer, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.monospace.x-knda", "Noto Sans Kannada, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.monospace.x-mlym", "Noto Sans Malayalam, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.monospace.x-orya", "Noto Sans Oriya, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.monospace.x-sinh", "Noto Sans Sinhala, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.monospace.x-tamil", "Noto Sans Tamil, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.monospace.x-telu", "Noto Sans Telugu, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.monospace.x-tibt", "Noto Sans Tibetan, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.monospace.x-unicode", "Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.monospace.x-western", "Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.monospace.zh-CN", "Noto Sans SC Regular, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.monospace.zh-HK", "Noto Sans TC Regular, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.monospace.zh-TW", "Noto Sans TC Regular, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.sans-serif.ar", "Noto Naskh Arabic, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.sans-serif.el", "Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.sans-serif.he", "Noto Sans Hebrew, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.sans-serif.ja", "Noto Sans JP Regular, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.sans-serif.ko", "Noto Sans KR Regular, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.sans-serif.th", "Noto Sans Thai, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.sans-serif.x-armn", "Noto Sans Armenian, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.sans-serif.x-beng", "Noto Sans Bengali, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.sans-serif.x-cyrillic", "Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.sans-serif.x-devanagari", "Noto Sans Devanagari, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.sans-serif.x-ethi", "Noto Sans Ethiopic, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.sans-serif.x-geor", "Noto Sans Georgian, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.sans-serif.x-gujr", "Noto Sans Gujarati, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.sans-serif.x-guru", "Noto Sans Gurmukhi, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.sans-serif.x-khmr", "Noto Sans Khmer, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.sans-serif.x-knda", "Noto Sans Kannada, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.sans-serif.x-mlym", "Noto Sans Malayalam, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.sans-serif.x-orya", "Noto Sans Oriya, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.sans-serif.x-sinh", "Noto Sans Sinhala, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.sans-serif.x-tamil", "Noto Sans Tamil, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.sans-serif.x-telu", "Noto Sans Telugu, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.sans-serif.x-tibt", "Noto Sans Tibetan, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.sans-serif.x-unicode", "Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.sans-serif.x-western", "Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.sans-serif.zh-CN", "Noto Sans SC Regular, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.sans-serif.zh-HK", "Noto Sans TC Regular, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.sans-serif.zh-TW", "Noto Sans TC Regular, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.serif.ar", "Noto Naskh Arabic, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.serif.el", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.serif.he", "Tinos, Georgia, Noto Sans Hebrew, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.serif.ja", "Noto Sans JP Regular, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.serif.ko", "Noto Sans KR Regular, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.serif.th", "Noto Serif Thai, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.serif.x-armn", "Noto Serif Armenian, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.serif.x-beng", "Noto Sans Bengali, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.serif.x-cyrillic", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.serif.x-devanagari", "Noto Sans Devanagari, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.serif.x-ethi", "Noto Sans Ethiopic, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.serif.x-geor", "Noto Sans Georgian, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.serif.x-gujr", "Noto Sans Gujarati, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.serif.x-guru", "Noto Sans Gurmukhi, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.serif.x-khmr", "Noto Serif Khmer, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.serif.x-knda", "Noto Sans Kannada, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.serif.x-mlym", "Noto Sans Malayalam, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.serif.x-orya", "Noto Sans Oriya, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.serif.x-sinh", "Noto Sans Sinhala, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.serif.x-tamil", "Noto Sans Tamil, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.serif.x-telu", "Noto Sans Telugu, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.serif.x-tibt", "Noto Sans Tibetan, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.serif.x-unicode", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.serif.x-western", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.serif.zh-CN", "Noto Sans SC Regular, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.serif.zh-HK", "Noto Sans TC Regular, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name-list.serif.zh-TW", "Noto Sans TC Regular, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai");
+pref("font.name.cursive.ar", "Noto Naskh Arabic");
+pref("font.name.cursive.el", "Tinos, Georgia");
+pref("font.name.cursive.he", "Noto Sans Hebrew");
+pref("font.name.cursive.x-cyrillic", "Tinos, Georgia");
+pref("font.name.cursive.x-unicode", "Tinos, Georgia");
+pref("font.name.cursive.x-western", "Tinos, Georgia");
+pref("font.name.fantasy.ar", "Noto Naskh Arabic");
+pref("font.name.fantasy.el", "Tinos, Georgia");
+pref("font.name.fantasy.he", "Noto Sans Hebrew");
+pref("font.name.fantasy.x-cyrillic", "Tinos, Georgia");
+pref("font.name.fantasy.x-unicode", "Tinos, Georgia");
+pref("font.name.fantasy.x-western", "Tinos, Georgia");
+pref("font.name.monospace.ar", "Noto Naskh Arabic");
+pref("font.name.monospace.el", "Tinos, Georgia");
+pref("font.name.monospace.he", "Noto Sans Hebrew");
+pref("font.name.monospace.ja", "Noto Sans JP Regular");
+pref("font.name.monospace.ko", "Noto Sans KR Regular");
+pref("font.name.monospace.my", "Noto Sans Myanmar");
+pref("font.name.monospace.th", "Noto Sans Thai");
+pref("font.name.monospace.x-armn", "Noto Sans Armenian");
+pref("font.name.monospace.x-beng", "Noto Sans Bengali");
+pref("font.name.monospace.x-cyrillic", "Cousine, Courier, Courier New");
+pref("font.name.monospace.x-devanagari", "Noto Sans Devanagari");
+pref("font.name.monospace.x-ethi", "Noto Sans Ethiopic");
+pref("font.name.monospace.x-geor", "Noto Sans Georgian");
+pref("font.name.monospace.x-gujr", "Noto Sans Gujarati");
+pref("font.name.monospace.x-guru", "Noto Sans Gurmukhi");
+pref("font.name.monospace.x-khmr", "Noto Sans Khmer");
+pref("font.name.monospace.x-knda", "Noto Sans Kannada");
+pref("font.name.monospace.x-mlym", "Noto Sans Malayalam");
+pref("font.name.monospace.x-orya", "Noto Sans Oriya");
+pref("font.name.monospace.x-sinh", "Noto Sans Sinhala");
+pref("font.name.monospace.x-tamil", "Noto Sans Tamil");
+pref("font.name.monospace.x-telu", "Noto Sans Telugu");
+pref("font.name.monospace.x-tibt", "Noto Sans Tibetan");
+pref("font.name.monospace.x-unicode", "Cousine, Courier, Courier New");
+pref("font.name.monospace.x-western", "Cousine, Courier, Courier New");
+pref("font.name.monospace.zh-CN", "Noto Sans SC Regular");
+pref("font.name.monospace.zh-HK", "Noto Sans TC Regular");
+pref("font.name.monospace.zh-TW", "Noto Sans TC Regular");
+pref("font.name.sans-serif.ar", "Noto Naskh Arabic");
+pref("font.name.sans-serif.el", "Arimo, Arial, Verdana");
+pref("font.name.sans-serif.he", "Noto Sans Hebrew");
+pref("font.name.sans-serif.ja", "Noto Sans JP Regular");
+pref("font.name.sans-serif.ko", "Noto Sans KR Regular");
+pref("font.name.sans-serif.th", "Noto Sans Thai");
+pref("font.name.sans-serif.x-armn", "Noto Sans Armenian");
+pref("font.name.sans-serif.x-beng", "Noto Sans Bengali");
+pref("font.name.sans-serif.x-cyrillic", "Arimo, Arial, Verdana");
+pref("font.name.sans-serif.x-devanagari", "Noto Sans Devanagari");
+pref("font.name.sans-serif.x-ethi", "Noto Sans Ethiopic");
+pref("font.name.sans-serif.x-geor", "Noto Sans Georgian");
+pref("font.name.sans-serif.x-gujr", "Noto Sans Gujarati");
+pref("font.name.sans-serif.x-guru", "Noto Sans Gurmukhi");
+pref("font.name.sans-serif.x-khmr", "Noto Sans Khmer");
+pref("font.name.sans-serif.x-knda", "Noto Sans Kannada");
+pref("font.name.sans-serif.x-mlym", "Noto Sans Malayalam");
+pref("font.name.sans-serif.x-orya", "Noto Sans Oriya");
+pref("font.name.sans-serif.x-sinh", "Noto Sans Sinhala");
+pref("font.name.sans-serif.x-tamil", "Noto Sans Tamil");
+pref("font.name.sans-serif.x-telu", "Noto Sans Telugu");
+pref("font.name.sans-serif.x-tibt", "Noto Sans Tibetan");
+pref("font.name.sans-serif.x-unicode", "Arimo, Arial, Verdana");
+pref("font.name.sans-serif.x-western", "Arimo, Arial, Verdana");
+pref("font.name.sans-serif.zh-CN", "Noto Sans SC Regular");
+pref("font.name.sans-serif.zh-HK", "Noto Sans TC Regular");
+pref("font.name.sans-serif.zh-TW", "Noto Sans TC Regular");
+pref("font.name.sans.my", "Noto Sans Myanmar");
+pref("font.name.serif.ar", "Noto Naskh Arabic");
+pref("font.name.serif.el", "Tinos, Georgia");
+pref("font.name.serif.he", "Noto Sans Hebrew");
+pref("font.name.serif.ja", "Noto Sans JP Regular");
+pref("font.name.serif.ko", "Noto Sans KR Regular");
+pref("font.name.serif.my", "Noto Sans Myanmar");
+pref("font.name.serif.th", "Noto Serif Thai");
+pref("font.name.serif.x-armn", "Noto Serif Armenian");
+pref("font.name.serif.x-beng", "Noto Sans Bengali");
+pref("font.name.serif.x-cyrillic", "Tinos, Georgia");
+pref("font.name.serif.x-devanagari", "Noto Sans Devanagari");
+pref("font.name.serif.x-ethi", "Noto Sans Ethiopic");
+pref("font.name.serif.x-geor", "Noto Sans Georgian");
+pref("font.name.serif.x-gujr", "Noto Sans Gujarati");
+pref("font.name.serif.x-guru", "Noto Sans Gurmukhi");
+pref("font.name.serif.x-khmr", "Noto Serif Khmer");
+pref("font.name.serif.x-knda", "Noto Sans Kannada");
+pref("font.name.serif.x-mlym", "Noto Sans Malayalam");
+pref("font.name.serif.x-orya", "Noto Sans Oriya");
+pref("font.name.serif.x-sinh", "Noto Sans Sinhala");
+pref("font.name.serif.x-tamil", "Noto Sans Tamil");
+pref("font.name.serif.x-telu", "Noto Sans Telugu");
+pref("font.name.serif.x-tibt", "Noto Sans Tibetan");
+pref("font.name.serif.x-unicode", "Tinos, Georgia");
+pref("font.name.serif.x-western", "Tinos, Georgia");
+pref("font.name.serif.zh-CN", "Noto Sans SC Regular");
+pref("font.name.serif.zh-HK", "Noto Sans TC Regular");
+pref("font.name.serif.zh-TW", "Noto Sans TC Regular");
/******************************************************************************
- * HTML5 / APIs / DOM *
- * *
+ * SECTION: HTML5 / APIs / DOM *
******************************************************************************/
-// disable Location-Aware Browsing
-// http://www.mozilla.org/en-US/firefox/geolocation/
-pref("geo.enabled", false);
-
-// Disable dom.mozTCPSocket.enabled (raw TCP socket support)
-// https://trac.torproject.org/projects/tor/ticket/18863
-// https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/
-// https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket
-pref("dom.mozTCPSocket.enabled", false);
-
-// Disable DOM Shared Workers
-// See https://bugs.torproject.org/15562
-pref("dom.workers.sharedWorkers.enabled", false);
+// PREF: Disable Service Workers
// https://developer.mozilla.org/en-US/docs/Web/API/Worker
// https://developer.mozilla.org/en-US/docs/Web/API/ServiceWorker_API
// https://wiki.mozilla.org/Firefox/Push_Notifications#Service_Workers
+// NOTICE: Disabling ServiceWorkers breaks functionality on some sites (Google Street View...)
+// Unknown security implications
+// CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287 (fixed)
pref("dom.serviceWorkers.enabled", false);
+// PREF: Disable Web Workers
+// https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Using_web_workers
+// https://www.w3schools.com/html/html5_webworkers.asp
+pref("dom.workers.enabled", false);
+
// Disable WebSockets
// https://www.infoq.com/news/2012/03/websockets-security
// http://mdn.beonex.com/en/WebSockets.html
pref("network.websocket.max-connections", 0);
+
+// PREF: Disable web notifications
+// https://support.mozilla.org/t5/Firefox/I-can-t-find-Firefox-menu-I-m-trying-to-opt-out-of-Web-Push-and/m-p/1317495#M1006501
+pref("dom.webnotifications.enabled", false);
+
// Disable DOM Push API
// https://developer.mozilla.org/en-US/docs/Web/API/Push_API
// https://wiki.mozilla.org/Security/Reviews/Push_API
@@ -61,6 +251,7 @@ pref("network.websocket.max-connections", 0);
// https://bugzilla.mozilla.org/show_bug.cgi?id=1038811
// https://bugzilla.mozilla.org/show_bug.cgi?id=1153499
pref("dom.push.enabled", false);
+// As a "defense in depth" measure, configure an empty push server URL (the
pref("dom.push.serverURL", "");
pref("dom.push.userAgentID", "");
// https://hg.mozilla.org/releases/mozilla-beta/file/e549349b8d66/modules/libpref/init/all.js#l4237
@@ -74,17 +265,23 @@ pref("dom.push.maxQuotaPerSubscription", 0);
pref("services.push.enabled", false);
pref("services.push.serverURL", "");
-// Make sure DOM "beforeunload" is off, caches user pages in bfcache and tries to stop user from closing page.
-// https://developer.mozilla.org/en-US/docs/Web/Events/beforeunload
-pref("dom.disable_beforeunload", true);
-pref("dom.require_user_interaction_for_beforeunload", false);
+// PREF: Disable DOM timing API
+// https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI
+// https://www.w3.org/TR/navigation-timing/#privacy
+pref("dom.enable_performance", false);
-// Disable Kinto Cloud
-// Note: Pref may change name in future release
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1266235#c2
-// https://hg.mozilla.org/releases/mozilla-release/file/c1de04f39fa956cfce83f6065b0e709369215ed5/services/common/kinto-updater.js
-pref("services.kinto.base", "data:application/json,{}");
-pref("services.kinto.changes.path", "");
+// PREF: Make sure the User Timing API does not provide a new high resolution timestamp
+// https://trac.torproject.org/projects/tor/ticket/16336
+// https://www.w3.org/TR/2013/REC-user-timing-20131212/#privacy-security
+// https://network23.org/inputisevil/2015/09/06/how-html5-apis-can-fingerprint-users/
+pref("dom.performance.enable_user_timing_logging", false);
+pref("dom.enable_resource_timing", false); // Bug 13024
+pref("dom.enable_user_timing", false); // Bug 16336
+pref("dom.event.highrestimestamp.enabled", true); // Bug 17046: Don't leak system uptime in Events
+
+// PREF: Disable Web Audio API
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1288359
+pref("dom.webaudio.enabled", false);
// Disable MDNS (Supposedly only for Android but is in Desktop version also)
// https://hg.mozilla.org/releases/mozilla-beta/file/00bcc10b3bdc/dom/presentation/provider/MulticastDNSDeviceProvider.cpp#l18
@@ -96,15 +293,30 @@ pref("dom.presentation.tcp_server.debug", false);
pref("dom.presentation.discoverable", false);
pref("dom.presentation.discovery.legacy.enabled", false);
+// PREF: Disable Location-Aware Browsing (geolocation)
+// https://www.mozilla.org/en-US/firefox/geolocation/
+pref("geo.enabled", false);
+
+// PREF: When geolocation is enabled, use Mozilla geolocation service instead of Google
+// https://bugzilla.mozilla.org/show_bug.cgi?id=689252
+pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%");
+
+// PREF: When geolocation is enabled, don't log geolocation requests to the console
+pref("geo.wifi.logging.enabled", false);
+
+// PREF: Disable raw TCP socket support (mozTCPSocket)
+// https://trac.torproject.org/projects/tor/ticket/18863
+// https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/
+// https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket
+pref("dom.mozTCPSocket.enabled", false);
+
+// PREF: Disable DOM storage (disabled)
// http://kb.mozillazine.org/Dom.storage.enabled
-// http://dev.w3.org/html5/webstorage/#dom-localstorage
-// you can also see this with Panopticlick's "DOM localStorage"
-pref("dom.storage.enabled", false);
-// https://developer.mozilla.org/en-US/docs/Web/API/Storage_API
-// https://storage.spec.whatwg.org/
-pref("dom.storageManager.enabled", false);
-
-// Whether JS can get information about the network/browser connection
+// https://html.spec.whatwg.org/multipage/webstorage.html
+// NOTICE: Disabling DOM storage is known to cause`TypeError: localStorage is null` errors
+//pref("dom.storage.enabled", false);
+
+// PREF: Disable leaking network/browser connection information via Javascript
// Network Information API provides general information about the system's connection type (WiFi, cellular, etc.)
// https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API
// https://wicg.github.io/netinfo/#privacy-considerations
@@ -113,14 +325,26 @@ pref("dom.netinfo.enabled", false);
// fingerprinting due to differing OS implementations
pref("dom.network.enabled", false);
-// Disable Web Audio API
-// https://bugzil.la/1288359
-pref("dom.webaudio.enabled", false);
+// PREF: Disable WebRTC entirely to prevent leaking internal IP addresses (Firefox < 42)
+// NOTICE: Disabling WebRTC breaks peer-to-peer file sharing tools (reep.io ...)
+pref("media.peerconnection.enabled", false);
-// Audio Recording API (Currently only used by WebRTC)
+// PREF: Don't reveal your internal IP when WebRTC is enabled (Firefox >= 42)
+// https://wiki.mozilla.org/Media/WebRTC/Privacy
+// https://github.com/beefproject/beef/wiki/Module%3A-Get-Internal-IP-WebRTC
+pref("media.peerconnection.ice.default_address_only", true); // Firefox 42-51
+pref("media.peerconnection.ice.no_host", true); // Firefox >= 52
+
+// PREF: Disable WebRTC getUserMedia, screen sharing, audio capture, video capture
+// https://wiki.mozilla.org/Media/getUserMedia
+// https://blog.mozilla.org/futurereleases/2013/01/12/capture-local-camera-and-microphone-streams-with-getusermedia-now-enabled-in-firefox/
+// https://developer.mozilla.org/en-US/docs/Web/API/Navigator
+pref("media.navigator.enabled", false);
+pref("media.navigator.video.enabled", false);
+pref("media.getusermedia.screensharing.enabled", false);
+pref("media.getusermedia.audiocapture.enabled", false);
// https://hg.mozilla.org/releases/mozilla-beta/file/00bcc10b3bdc/dom/media/MediaManager.cpp#l1942
pref("media.getusermedia.noise_enabled", false);
-pref("media.getusermedia.audiocapture.enabled", false);
// Audio_data is deprecated in future releases, but still present
// in FF24. This is a dangerous combination (spotted by iSec)
@@ -139,90 +363,85 @@ pref("media.ondevicechange.enabled", false);
// https://hg.mozilla.org/releases/mozilla-release/rev/5022a33fd3e9
pref("media.ondevicechange.fakeDeviceChangeEvent.enabled", false);
-// Don't reveal your internal IP
-// Check the settings with: http://net.ipcalf.com/
-// https://wiki.mozilla.org/Media/WebRTC/Privacy
-pref("media.peerconnection.ice.default_address_only", true); // Firefox < 51
-pref("media.peerconnection.ice.no_host", true); // Firefox >= 51
-pref("media.peerconnection.ice.relay_only", true);
-// Disable WebRTC entirely
-pref("media.peerconnection.enabled", false);
-
-// getUserMedia
-// https://wiki.mozilla.org/Media/getUserMedia
-pref("media.getusermedia.screensharing.allowed_domains", "");
-pref("media.getusermedia.screensharing.enabled", false);
-// https://developer.mozilla.org/en-US/docs/Web/API/Navigator
-pref("media.navigator.enabled", false);
+// PREF: Disable battery API (Firefox < 52)
// https://developer.mozilla.org/en-US/docs/Web/API/BatteryManager
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1313580
pref("dom.battery.enabled", false);
+
+// PREF: Disable telephony API
// https://wiki.mozilla.org/WebAPI/Security/WebTelephony
pref("dom.telephony.enabled", false);
+
+// PREF: Disable "beacon" asynchronous HTTP transfers (used for analytics)
// https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon
pref("beacon.enabled", false);
+
+// PREF: Disable clipboard event detection (onCut/onCopy/onPaste) via Javascript
+// NOTICE: Disabling clipboard events breaks Ctrl+C/X/V copy/cut/paste functionaility in JS-based web applications (Google Docs...)
// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled
pref("dom.event.clipboardevents.enabled", false);
-// https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI
-pref("dom.enable_performance", false);
-// https://wiki.mozilla.org/B2G/QA/WebAPI_Test_Plan/Vibration#API
-pref("dom.vibrator.enabled", false);
-// Speech recognition
+// PREF: Disable "copy to clipboard" functionality via Javascript (Firefox >= 41)
+// NOTICE: Disabling clipboard operations will break legitimate JS-based "copy to clipboard" functionality
+// https://hg.mozilla.org/mozilla-central/rev/2f9f8ea4b9c3
+pref("dom.allow_cut_copy", false);
+
+// PREF: Disable speech recognition
// https://dvcs.w3.org/hg/speech-api/raw-file/tip/speechapi.html
+// https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition
// https://wiki.mozilla.org/HTML5_Speech_API
pref("media.webspeech.recognition.enable", false);
-pref("media.webspeech.synth.enabled", false);
-// Disable getUserMedia screen sharing
-// https://mozilla.github.io/webrtc-landing/gum_test.html
-pref("media.getusermedia.screensharing.enabled", false);
+// PREF: Disable speech synthesis
+// https://developer.mozilla.org/en-US/docs/Web/API/SpeechSynthesis
+pref("media.webspeech.synth.enabled", false);
-// Disable sensor API
+// PREF: Disable sensor API
// https://wiki.mozilla.org/Sensor_API
pref("device.sensors.enabled", false);
// Disable MMS
pref("dom.mms.retrieval_mode", "never");
+// PREF: Disable pinging URIs specified in HTML <a> ping= attributes
// http://kb.mozillazine.org/Browser.send_pings
pref("browser.send_pings", false);
-// this shouldn't have any effect, since we block pings altogether, but we'll set it anyway.
+
+// PREF: When browser pings are enabled, only allow pinging the same host as the origin page
// http://kb.mozillazine.org/Browser.send_pings.require_same_host
pref("browser.send_pings.require_same_host", true);
+// PREF: Disable IndexedDB (disabled)
// https://developer.mozilla.org/en-US/docs/IndexedDB
+// https://en.wikipedia.org/wiki/Indexed_Database_API
// https://wiki.mozilla.org/Security/Reviews/Firefox4/IndexedDB_Security_Review
-// TODO: find out why html5test still reports this as available
-// Note: Disabled, Can be enable if it breaks plugins/sites which require it. Privacy Risk.
-// see: http://forums.mozillazine.org/viewtopic.php?p=13842047#p13842047
-pref("dom.indexedDB.enabled", false);
+// http://forums.mozillazine.org/viewtopic.php?p=13842047
+// https://github.com/pyllyukko/user.js/issues/8
+// NOTICE: IndexedDB could be used for tracking purposes, but is required for some add-ons to work (notably uBlock), so is left enabled
+//pref("dom.indexedDB.enabled", true);
// TODO: "Access Your Location" "Maintain Offline Storage" "Show Notifications"
-// Disable gamepad input
-// http://www.w3.org/TR/gamepad/
+// PREF: Disable gamepad API to prevent USB device enumeration
+// https://www.w3.org/TR/gamepad/
+// https://trac.torproject.org/projects/tor/ticket/13023
pref("dom.gamepad.enabled", false);
-pref("dom.gamepad.non_standard_events.enabled", false);
-pref("dom.gamepad.test.enabled", false);
-pref("dom.gamepad.extensions.enabled", false);
+pref("dom.gamepad.non_standard_events.enabled", false);
+pref("dom.gamepad.test.enabled", false);
+pref("dom.gamepad.extensions.enabled", false);
-// Disable virtual reality devices
+// PREF: Disable virtual reality devices APIs
// https://developer.mozilla.org/en-US/Firefox/Releases/36#Interfaces.2FAPIs.2FDOM
+// https://developer.mozilla.org/en-US/docs/Web/API/WebVR_API
pref("dom.vr.enabled", false);
pref("dom.vr.cardboard.enabled", false);
pref("dom.vr.oculus.enabled", false);
pref("dom.vr.oculus050.enabled", false);
-pref("dom.vr.poseprediction.enabled", false);
+pref("dom.vr.poseprediction.enabled", false);
pref("dom.vr.openvr.enabled", false);
// https://hg.mozilla.org/releases/mozilla-release/file/970d0cf1c5d9/modules/libpref/init/all.js#l4778
pref("dom.vr.add-test-devices", 0);
-pref("dom.vr.osvr.enabled", false);
-
-// disable notifications
-pref("dom.webnotifications.enabled", false);
-// https://developer.mozilla.org/en-US/docs/Web/API/Notification/requireInteraction
-// https://bugzilla.mozilla.org/show_bug.cgi?id=862395
-pref("dom.webnotifications.requireinteraction.enabled", false);
+pref("dom.vr.osvr.enabled", false);
// HTML5 privacy https://bugzilla.mozilla.org/show_bug.cgi?id=500328
pref("browser.history.allowPopState", false);
@@ -231,28 +450,32 @@ pref("browser.history.allowReplaceState", false);
// Idle Observation
pref("dom.idle-observers-api.enabled", false);
-// Prevent Timing Attacks
-// https://network23.org/inputisevil/2015/09/06/how-html5-apis-can-fingerprint-users/
-pref("dom.performance.enable_user_timing_logging", false);
-pref("dom.enable_resource_timing", false); // Bug 13024
-pref("dom.enable_user_timing", false); // Bug 16336
-pref("dom.event.highrestimestamp.enabled", true); // Bug 17046: Don't leak system uptime in Events
-// disable webGL
-// http://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/
+// PREF: Disable vibrator API
+pref("dom.vibrator.enabled", false);
+
+// PREF: Disable webGL
+// https://en.wikipedia.org/wiki/WebGL
+// https://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/
pref("webgl.disabled", true);
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1171228
-// https://developer.mozilla.org/en-US/docs/Web/API/WEBGL_debug_renderer_info
-pref("webgl.enable-debug-renderer-info", false);
-pref("webgl.disable-extensions", false);
+// PREF: When webGL is enabled, use the minimum capability mode
pref("webgl.min_capability_mode", true);
-pref("webgl.disable-wgl", true);
-pref("webgl.enable-webgl2", false);
+// PREF: When webGL is enabled, disable webGL extensions
+// https://developer.mozilla.org/en-US/docs/Web/API/WebGL_API#WebGL_debugging_and_testing
+pref("webgl.disable-extensions", true);
+// PREF: When webGL is enabled, force enabling it even when layer acceleration is not supported
// https://trac.torproject.org/projects/tor/ticket/18603
pref("webgl.disable-fail-if-major-performance-caveat", true);
+// PREF: When webGL is enabled, do not expose information about the graphics driver
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1171228
+// https://developer.mozilla.org/en-US/docs/Web/API/WEBGL_debug_renderer_info
+pref("webgl.enable-debug-renderer-info", false);
// somewhat related...
pref("pdfjs.enableWebGL", false);
+/******************************************************************************
+ * SECTION: Misc *
+ ******************************************************************************/
// Disable File and Directory Entries API (Imported from Edge/Chromium)
// https://developer.mozilla.org/en-US/Firefox/Releases/50#Files_and_directories
// https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API
@@ -264,58 +487,69 @@ pref("dom.webkitBlink.filesystem.enabled", false);
// https://bugzilla.mozilla.org/show_bug.cgi?id=1258489
// https://hg.mozilla.org/releases/mozilla-release/rev/133af19777be
pref("dom.webkitBlink.dirPicker.enabled", false);
-
// Directory Upload API, webkitdirectory
// https://bugzilla.mozilla.org/show_bug.cgi?id=1188880
// https://bugzilla.mozilla.org/show_bug.cgi?id=907707
// https://wicg.github.io/directory-upload/proposal.html
pref("dom.input.dirpicker", false);
-// Disable FlyWeb
-// http://www.ghacks.net/2016/07/26/firefox-flyweb/
-// https://www.reddit.com/r/firefox/comments/4uwd1n/flyweb_we_dont_need_no_stinking_iot_apps/
-// https://hg.mozilla.org/releases/mozilla-release/rev/576019c74103
-// https://hg.mozilla.org/releases/mozilla-release/file/8dc18bf5abac/browser/extensions/flyweb/bootstrap.js#l36
-pref("dom.flyweb.enabled", false);
-
-
// Disable Pointer Lock API.
// https://developer.mozilla.org/en-US/docs/Web/API/Pointer_Lock_API
// https://bugzilla.mozilla.org/show_bug.cgi?id=1273351
- pref("full-screen-api.pointer-lock.enabled", false);
+pref("full-screen-api.pointer-lock.enabled", false);
pref("pointer-lock-api.prefixed.enabled", false);
-/******************************************************************************
- * Misc *
- * *
- ******************************************************************************/
-
+// PREF: Disable face detection
+pref("camera.control.face_detection.enabled", false);
+pref("camera.control.autofocus_moving_callback.enabled", false);
+
+
+// PREF: Disable GeoIP lookup on your address to set default search engine region
+// https://trac.torproject.org/projects/tor/ticket/16254
+// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_geolocation-for-default-search-engine
+pref("browser.search.countryCode", "US");
+pref("browser.search.region", "US");
+pref("browser.search.geoip.url", "");
+
+// PREF: Set Accept-Language HTTP header to en-US regardless of Firefox localization
+// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Language
+pref("intl.accept_languages", "en-us, en");
+
+// PREF: Set Firefox locale to en-US
+// http://kb.mozillazine.org/General.useragent.locale
+pref("general.useragent.locale", "en-US");
+
// Disable website autorefresh, user can still proceed with warning
pref("accessibility.blockautorefresh", true);
pref("browser.meta_refresh_when_inactive.disabled", true);
pref("noscript.forbidMetaRefresh", true); // NoScript ignores this preference?
+// PREF: Don't use OS values to determine locale, force using Firefox locale setting
+// http://kb.mozillazine.org/Intl.locale.matchOS
+pref("intl.locale.matchOS", false);
-// Disable face detection by default
-pref("camera.control.face_detection.enabled", false);
-pref("camera.control.autofocus_moving_callback.enabled", false);
-
-// Default search engine
-//pref("browser.search.defaultenginename", "DuckDuckGo");
+// PREF: Don't use Mozilla-provided location-specific search engines
+_pref("browser.search.geoSpecificDefaults", false);
+pref("browser.search.geoSpecificDefaults.url", "");
+// PREF: Do not automatically send selection to clipboard on some Linux platforms (Disabled)
// http://kb.mozillazine.org/Clipboard.autocopy
//pref("clipboard.autocopy", false);
-// Display an error message indicating the entered information is not a valid
-// URL instead of asking from google.
-// http://kb.mozillazine.org/Keyword.enabled#Caveats
+// PREF: Prevent leaking application locale/date format using JavaScript
+// https://bugzilla.mozilla.org/show_bug.cgi?id=867501
+// https://hg.mozilla.org/mozilla-central/rev/52d635f2b33d
+pref("javascript.use_us_english_locale", true);
+
+// PREF: Do not submit invalid URIs entered in the address bar to the default search engine
+// http://kb.mozillazine.org/Keyword.enabled
pref("keyword.enabled", false);
-// Don't trim HTTP off of URLs in the address bar.
+// PREF: Don't trim HTTP off of URLs in the address bar.
// https://bugzilla.mozilla.org/show_bug.cgi?id=665580
pref("browser.urlbar.trimURLs", false);
-// Don't try to guess where i'm trying to go!!! e.g.: "http://foo" -> "http://(prefix)foo(suffix)"
+// PREF: Don't try to guess domain names when entering an invalid domain name in URL bar
// http://www-archive.mozilla.org/docs/end-user/domain-guessing.html
pref("browser.fixup.alternate.enabled", false);
@@ -332,44 +566,50 @@ pref("network.security.ports.banned", "9050,9051,9150,9151");
// https://hg.mozilla.org/releases/mozilla-release/rev/5139b0dd7acc
pref("network.proxy.autoconfig_url.include_path", false);
+// PREF: When browser.fixup.alternate.enabled is enabled, do not fix URLs containing 'user:password' data
+pref("browser.fixup.hide_user_pass", true);
+
+// PREF: Send DNS request through SOCKS when SOCKS proxying is in use
// https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers
pref("network.proxy.socks_remote_dns", true);
// For fingerprinting and local service vulns (#10419)
pref("network.proxy.no_proxies_on", "");
-// We not want to monitoring the connection state of users
+// PREF: Don't monitor OS online/offline connection state
// https://trac.torproject.org/projects/tor/ticket/18945
-pref("network.manage-offline-status", false);
+pref("network.manage-offline-status", false);
-// Mixed content stuff
+// PREF: Enforce Mixed Active Content Blocking
+// https://support.mozilla.org/t5/Protect-your-privacy/Mixed-content-blocking-in-Firefox/ta-p/10990
// https://developer.mozilla.org/en-US/docs/Site_Compatibility_for_Firefox_23#Non-SSL_contents_on_SSL_pages_are_blocked_by_default
// https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/
pref("security.mixed_content.block_active_content", true);
-// Mixed Passive Content (a.k.a. Mixed Display Content).
-pref("security.mixed_content.block_display_content", true);
-// https://secure.wikimedia.org/wikibooks/en/wiki/Grsecurity/Application-specific_Settings#Firefox_.28or_Iceweasel_in_Debian.29
-pref("javascript.options.methodjit.chrome", false);
-pref("javascript.options.methodjit.content", false);
+// PREF: Enforce Mixed Passive Content blocking (a.k.a. Mixed Display Content)
+// NOTICE: Enabling Mixed Display Content blocking can prevent images/styles... from loading properly when connection to the website is only partially secured
+pref("security.mixed_content.block_display_content", true);
-// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.7 Disable JAR from opening Unsafe File Types
+// PREF: Disable JAR from opening Unsafe File Types
// http://kb.mozillazine.org/Network.jar.open-unsafe-types
+// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.7
pref("network.jar.open-unsafe-types", false);
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1173171
-pref("network.jar.block-remote-files", true);
// CIS 2.7.4 Disable Scripting of Plugins by JavaScript
+// http://forums.mozillazine.org/viewtopic.php?f=7&t=153889
pref("security.xpconnect.plugin.unrestricted", false);
-// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.8 Set File URI Origin Policy
+// PREF: Set File URI Origin Policy
// http://kb.mozillazine.org/Security.fileuri.strict_origin_policy
+// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.8
pref("security.fileuri.strict_origin_policy", true);
-// CIS 2.3.6 Disable Displaying Javascript in History URLs
+// PREF: Disable Displaying Javascript in History URLs
// http://kb.mozillazine.org/Browser.urlbar.filter.javascript
+// CIS 2.3.6
pref("browser.urlbar.filter.javascript", true);
+// PREF: Disable asm.js
// http://asmjs.org/
// https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/
// https://www.mozilla.org/en-US/security/advisories/mfsa2015-50/
@@ -385,138 +625,172 @@ pref("javascript.options.ion.content", false);
// https://www.torproject.org/projects/torbrowser/design
pref("mathml.disabled", true);
+// PREF: Disable SVG in OpenType fonts
// https://wiki.mozilla.org/SVGOpenTypeFonts
-// the iSEC Partners Report recommends to disable this
+// https://github.com/iSECPartners/publications/tree/master/reports/Tor%20Browser%20Bundle
pref("gfx.font_rendering.opentype_svg.enabled", false);
-// Disable SVG
-// Note: May only work in TBB due to upstream not implementing?
-// https://trac.torproject.org/projects/tor/ticket/18770
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1173199#c9
-pref("svg.in-content.enabled", false);
+// PREF: Disable in-content SVG rendering (Firefox >= 53)
+// NOTICE: Disabling SVG support breaks many UI elements on many sites
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1216893
+// https://github.com/iSECPartners/publications/raw/master/reports/Tor%20Browser%20Bundle/Tor%20Browser%20Bundle%20-%20iSEC%20Deliverable%201.3.pdf#16
+pref("svg.disabled", true);
+
-// https://bugzil.la/654550
+// PREF: Disable video stats to reduce fingerprinting threat
+// https://bugzilla.mozilla.org/show_bug.cgi?id=654550
// https://github.com/pyllyukko/user.js/issues/9#issuecomment-100468785
// https://github.com/pyllyukko/user.js/issues/9#issuecomment-148922065
pref("media.video_stats.enabled", false);
-// Don't reveal build ID
+// PREF: Don't reveal build ID
// Value taken from Tor Browser
-// https://bugzil.la/583181
+// https://bugzilla.mozilla.org/show_bug.cgi?id=583181
pref("general.buildID.override", "20100101");
-// Prevent font fingerprinting
-// http://www.browserleaks.com/fonts
+// PREF: Prevent font fingerprinting
+// https://browserleaks.com/fonts
// https://github.com/pyllyukko/user.js/issues/120
pref("browser.display.use_document_fonts", 0);
-// Prefer sans-serif
-pref("font.default.x-western", "sans-serif");
-
-
/******************************************************************************
- * extensions / plugins *
- * *
+ * SECTION: Extensions / plugins *
******************************************************************************/
-// Require signatures
-pref("xpinstall.signatures.required", true);
+// PREF: Ensure you have a security delay when installing add-ons (milliseconds)
+// http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox
+// http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/
+pref("security.dialog_enable_delay", 1000);
-// Opt-out of add-on metadata updates
+// PREF: Require signatures (Disabled due to bundled extensions)
+// https://wiki.mozilla.org/Addons/Extension_Signing
+//pref("xpinstall.signatures.required", true);
+
+// PREF: Opt-out of add-on metadata updates
// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
pref("extensions.getAddons.cache.enabled", false);
-// Flash plugin state - never activate
+// PREF: Opt-out of themes (Persona) updates
+// https://support.mozilla.org/t5/Firefox/how-do-I-prevent-autoamtic-updates-in-a-50-user-environment/td-p/144287
+pref("lightweightThemes.update.enabled", false);
+
+// PREF: Flash Player plugin state - never activate
+// http://kb.mozillazine.org/Flash_plugin
pref("plugin.state.flash", 0);
-pref("plugins.notifyMissingFlash", false);
-// Java plugin state - never activate
+// PREF: Java plugin state - never activate
pref("plugin.state.java", 0);
-// disable Gnome Shell Integration
+// PREF: Disable sending Flash Player crash reports
+pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
+
+// PREF: When Flash crash reports are enabled, don't send the visited URL in the crash report
+pref("dom.ipc.plugins.reportCrashURL", false);
+
+// PREF: When Flash is enabled, download and use Mozilla SWF URIs blocklist
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1237198
+// https://github.com/mozilla-services/shavar-plugin-blocklist
+pref("browser.safebrowsing.blockedURIs.enabled", true);
+
+// PREF: Disable Gnome Shell Integration
pref("plugin.state.libgnome-shell-browser-plugin", 0);
-// disable the bundled OpenH264 video codec
+// PREF: Disable the bundled OpenH264 video codec (disabled)
// http://forums.mozillazine.org/viewtopic.php?p=13845077&sid=28af2622e8bd8497b9113851676846b1#p13845077
pref("media.gmp-provider.enabled", false);
+// PREF: Enable plugins click-to-play
// https://wiki.mozilla.org/Firefox/Click_To_Play
// https://blog.mozilla.org/security/2012/10/11/click-to-play-plugins-blocklist-style/
pref("plugins.click_to_play", true);
-// Updates addons automatically
-// Disabled due to Fingerprinting, you can update addons manually.
+// PREF: Disable automatic updates of addons
// https://blog.mozilla.org/addons/how-to-turn-off-add-on-updates/
pref("extensions.update.enabled", false);
pref("extensions.update.autoUpdateDefault", false);
// User can still update manually, but we disable background updates.
pref("extensions.update.background.url", "");
+
// The system add-ons infrastructure that's used to ship Hello and Pocket in Firefox
pref("extensions.systemAddon.update.url", "");
-// We can update our themes manually, may fingerprint the user.
-pref("lightweightThemes.update.enabled", false);
// Only install extensions to user profile
// https://developer.mozilla.org/en-US/Add-ons/Installing_extensions
// https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/
pref("extensions.enabledScopes", 1);
+// PREF: Enable add-on and certificate blocklists (OneCRL) from Mozilla
+// https://wiki.mozilla.org/Blocklisting
+// https://blocked.cdn.mozilla.net/
// http://kb.mozillazine.org/Extensions.blocklist.enabled
+// http://kb.mozillazine.org/Extensions.blocklist.url
+// https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/
+// Updated at interval defined in extensions.blocklist.interval (default: 86400)
pref("extensions.blocklist.enabled", false);
pref("extensions.blocklist.detailsURL", "about:blank");
pref("extensions.blocklist.itemURL", "about:blank");
-pref("extensions.blocklist.url", "about:blank");
pref("extensions.getAddons.get.url", "about:blank");
pref("extensions.getAddons.getWithPerformance.url", "about:blank");
pref("extensions.getAddons.recommended.url", "about:blank");
-pref("services.settings.server", "");
// If blocklist still downloads, we want it to be signed.
pref("services.blocklist.signing.enforced", true);
// Firefox 49: https://hg.mozilla.org/releases/mozilla-release/rev/c6c57d394549
// https://hg.mozilla.org/releases/mozilla-release/file/c6c57d394549/toolkit/mozapps/extensions/nsBlocklistService.js#l633
pref("services.blocklist.update_enabled", false);
// https://hg.mozilla.org/releases/mozilla-release/file/c6c57d394549/services/common/blocklist-updater.js
-pref("services.settings.server", "data:application/json,{\"data\":[]}");
+// Remove Kinto Blacklist URL
+// https://hg.mozilla.org/releases/mozilla-release/file/c1de04f39fa956cfce83f6065b0e709369215ed5/services/common/kinto-updater.js
+pref("services.settings.server", "data:application/json,{}");
pref("services.blocklist.changes.path", "");
+// PREF: Decrease system information leakage to Mozilla blocklist update servers
+// https://trac.torproject.org/projects/tor/ticket/16931
+pref("extensions.blocklist.url", "about:blank");
+
// Disable Freedom Violating DRM Feature
// https://bugzilla.mozilla.org/show_bug.cgi?id=1144903#c8
pref("media.eme.apiVisible", false);
pref("media.eme.enabled", false);
-pref("browser.eme.ui.enabled", false);
-pref("media.gmp-eme-adobe.enabled", false);
+pref("browser.eme.ui.enabled", false);
+pref("media.gmp-eme-adobe.enabled", false);
// Google Widevine DRM
// https://blog.mozilla.org/futurereleases/2016/04/08/mozilla-to-test-widevine-cdm-in-firefox-nightly/
// https://wiki.mozilla.org/QA/Widevine_CDM
// https://bugzilla.mozilla.org/show_bug.cgi?id=1288580
-pref("media.gmp-widevinecdm.visible", false);
-pref("media.gmp-widevinecdm.enabled", false);
-pref("media.gmp-widevinecdm.autoupdate", false);
+pref("media.gmp-widevinecdm.visible", false);
+pref("media.gmp-widevinecdm.enabled", false);
+pref("media.gmp-widevinecdm.autoupdate", false);
-// Fingerprints the user, does not use HTTPS. Remove it.
+// Plugin Updater: Fingerprints the user, does not use HTTPS, Not used on GNU/Linux. Remove it.
pref("pfs.datasource.url", "about:blank");
pref("pfs.filehint.url", "about:blank");
/******************************************************************************
- * firefox features / components *
- * *
+ * SECTION: Firefox (anti-)features / components * *
******************************************************************************/
-// WebIDE
+// PREF: Disable WebIDE
// https://trac.torproject.org/projects/tor/ticket/16222
+// https://developer.mozilla.org/docs/Tools/WebIDE
pref("devtools.webide.enabled", false);
pref("devtools.webide.autoinstallADBHelper", false);
pref("devtools.webide.autoinstallFxdtAdapters", false);
-// disable remote debugging
-// https://developer.mozilla.org/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop#Enable_remote_debugging
+// PREF: Disable remote debugging
+// https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop
// https://developer.mozilla.org/en-US/docs/Tools/Tools_Toolbox#Advanced_settings
pref("devtools.debugger.remote-enabled", false);
// "to use developer tools in the context of the browser itself, and not only web content"
-pref("devtools.chrome.enabled", false);
+pref("devtools.chrome.enabled", false);
// https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop#Firefox_37_onwards
-pref("devtools.debugger.force-local", true);
+pref("devtools.debugger.force-local", true);
+// The in-browser debugger for debugging chrome code is not coping with our
+// restrictive DNS look-up policy. We use "127.0.0.1" instead of "localhost" as
+// a workaround. See bug 16523 for more details.
+pref("devtools.debugger.chrome-debugging-host", "127.0.0.1");
+pref("devtools.appmanager.enabled", false);
+pref("devtools.debugger.prompt-connection", true);
pref("devtools.devices.url", "about:blank");
pref("devtools.gcli.imgurUploadURL", "about:blank");
pref("devtools.gcli.jquerySrc", "about:blank");
@@ -532,144 +806,150 @@ pref("devtools.webide.addonsURL", "about:blank");
pref("devtools.webide.enabled", false);
pref("devtools.webide.simulatorAddonsURL", "about:blank");
pref("devtools.webide.templatesURL", "about:blank");
+// https://hg.mozilla.org/releases/mozilla-release/rev/47ead489b52e
+pref("devtools.screenshot.audio.enabled", false);
+// PREF: Disable Mozilla telemetry/experiments
// https://wiki.mozilla.org/Platform/Features/Telemetry
+// https://wiki.mozilla.org/Privacy/Reviews/Telemetry
+// https://wiki.mozilla.org/Telemetry
// https://www.mozilla.org/en-US/legal/privacy/firefox.html#telemetry
+// https://support.mozilla.org/t5/Firefox-crashes/Mozilla-Crash-Reporter/ta-p/1715
// https://wiki.mozilla.org/Security/Reviews/Firefox6/ReviewNotes/telemetry
+// https://gecko.readthedocs.io/en/latest/browser/experiments/experiments/manifest.html
+// https://wiki.mozilla.org/Telemetry/Experiments
pref("toolkit.telemetry.enabled", false);
-// https://gecko.readthedocs.org/en/latest/toolkit/components/telemetry/telemetry/preferences.html
pref("toolkit.telemetry.unified", false);
-pref("toolkit.telemetry.server", "about:blank");
-pref("toolkit.telemetry.archive.enabled", false);
-// https://wiki.mozilla.org/Telemetry/Experiments
-pref("experiments.supported", false);
-pref("experiments.enabled", false);
-pref("experiments.manifest.uri", false);
-// https://trac.torproject.org/projects/tor/ticket/13170
-pref("network.allow-experiments", false);
+pref("experiments.supported", false);
+pref("experiments.enabled", false);
+pref("experiments.manifest.uri", "");
-// Disable the UITour backend so there is no chance that a remote page
-// can use it to confuse Tor Browser users.
+// PREF: Disallow Necko to do A/B testing
+// https://trac.torproject.org/projects/tor/ticket/13170
+pref("network.allow-experiments", false);
+
+// PREF: Disable sending Firefox crash reports to Mozilla servers
+// https://wiki.mozilla.org/Breakpad
+// http://kb.mozillazine.org/Breakpad
+// https://dxr.mozilla.org/mozilla-central/source/toolkit/crashreporter
+// https://bugzilla.mozilla.org/show_bug.cgi?id=411490
+// A list of submitted crash reports can be found at about:crashes
+pref("breakpad.reportURL", "");
+
+// PREF: Disable sending reports of tab crashes to Mozilla (about:tabcrashed), don't nag user about unsent crash reports
+// https://hg.mozilla.org/mozilla-central/file/tip/browser/app/profile/firefox.js
+pref("browser.tabs.crashReporting.sendReport", false);
+pref("browser.crashReports.unsubmittedCheck.enabled", false);
+pref("browser.crashReports.unsubmittedCheck.autoSubmit", false);
+
+// PREF: Disable FlyWeb (discovery of LAN/proximity IoT devices that expose a Web interface)
+// https://wiki.mozilla.org/FlyWeb
+// https://wiki.mozilla.org/FlyWeb/Security_scenarios
+// https://docs.google.com/document/d/1eqLb6cGjDL9XooSYEEo7mE-zKQ-o-AuDTcEyNhfBMBM/edit
+// http://www.ghacks.net/2016/07/26/firefox-flyweb
+pref("dom.flyweb.enabled", false);
+
+// PREF: Disable the UITour backend
+// https://trac.torproject.org/projects/tor/ticket/19047#comment:3
pref("browser.uitour.enabled", false);
+// PREF: Enable Firefox Tracking Protection
// https://wiki.mozilla.org/Security/Tracking_protection
// https://support.mozilla.org/en-US/kb/tracking-protection-firefox
-pref("privacy.trackingprotection.enabled", true);
// https://support.mozilla.org/en-US/kb/tracking-protection-pbm
+// https://kontaxis.github.io/trackingprotectionfirefox/
+// https://feeding.cloud.geek.nz/posts/how-tracking-protection-works-in-firefox/
+pref("privacy.trackingprotection.enabled", true);
pref("privacy.trackingprotection.pbmode.enabled", true);
-// Third Party Isolation Enabled Always
-// https://github.com/arthuredelstein/tor-browser/commit/b8da7721a9df4af1b595eb046e94280fe8e32d31
-pref("privacy.thirdparty.isolate", 2);
+// PREF: Enable contextual identity Containers feature (Firefox >= 52)
+// NOTICE: Containers are not available in Private Browsing mode
+// https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers
+pref("privacy.userContext.enabled", true);
-// Resist fingerprinting via window.screen and CSS media queries and other techniques
-// https://bugzil.la/418986
-// https://bugzil.la/1281949
-// https://bugzil.la/1281963
+// PREF: Enable hardening against various fingerprinting vectors (Tor Uplift project)
+// https://wiki.mozilla.org/Security/Tor_Uplift/Tracking
pref("privacy.resistFingerprinting", true);
-// Disable the built-in PDF viewer (CVE-2015-2743)
+// PREF: Disable the built-in PDF viewer
// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2743
+// https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/
+// https://www.mozilla.org/en-US/security/advisories/mfsa2015-69/
pref("pdfjs.disabled", true);
-// Disable sending of the health report
+// PREF: Disable collection/sending of the health report (healthreport.sqlite*)
// https://support.mozilla.org/en-US/kb/firefox-health-report-understand-your-browser-perf
+// https://gecko.readthedocs.org/en/latest/toolkit/components/telemetry/telemetry/preferences.html
pref("datareporting.healthreport.uploadEnabled", false);
-// disable collection of the data (the healthreport.sqlite* files)
pref("datareporting.healthreport.service.enabled", false);
-// https://gecko.readthedocs.org/en/latest/toolkit/components/telemetry/telemetry/preferences.html
pref("datareporting.policy.dataSubmissionEnabled", false);
-pref("datareporting.healthreport.about.reportUrl", "about:blank");
-pref("datareporting.healthreport.documentServerURI", "about:blank");
-pref("datareporting.policy.firstRunTime", 0);
-pref("datareporting.policy.firstRunURL", "");
-
-// Disable new tab tile ads & preload
-// http://www.thewindowsclub.com/disable-remove-ad-tiles-from-firefox
-// http://forums.mozillazine.org/viewtopic.php?p=13876331#p13876331
-pref("browser.newtabpage.enhanced", false);
-pref("browser.newtab.preload", false);
-pref("browser.newtabpage.introShown", true);
-// https://wiki.mozilla.org/Tiles/Technical_Documentation#Ping
-// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-ping
-pref("browser.newtabpage.directory.ping", "");
-// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-source
-pref("browser.newtabpage.directory.source", "data:text/plain,{}");
-// disable heartbeat
+// PREF: Disable Heartbeat (Mozilla user rating telemetry)
// https://wiki.mozilla.org/Advocacy/heartbeat
+// https://trac.torproject.org/projects/tor/ticket/19047
pref("browser.selfsupport.url", "");
-// Disable firefox hello
+// PREF: Disable Firefox Hello (disabled) (Firefox < 49)
// https://wiki.mozilla.org/Loop
+// https://support.mozilla.org/t5/Chat-and-share/Support-for-Hello-discontinued-in-Firefox-49/ta-p/37946
+// NOTICE: Firefox Hello requires setting `media.peerconnection.enabled` and `media.getusermedia.screensharing.enabled` to true, `security.OCSP.require` to false to work.
//pref("loop.enabled", false);
+
+// PREF: Disable Firefox Hello metrics collection
// https://groups.google.com/d/topic/mozilla.dev.platform/nyVkCx-_sFw/discussion
pref("loop.logDomains", false);
-// Disable Crash Reporter (Massive browser fingerprinting)
-pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
-pref("browser.tabs.crashReporting.sendReport", false);
-pref("breakpad.reportURL", "about:blank");
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1287178
-// https://hg.mozilla.org/releases/mozilla-release/file/a67a1682be8f0327435aaa2f417154330eff0017/browser/modules/ContentCrashHandlers.jsm#l383
-pref("browser.crashReports.unsubmittedCheck.enabled", false);
-// https://hg.mozilla.org/releases/mozilla-release/rev/c94848691f8a
-pref("browser.crashReports.unsubmittedCheck.autoSubmit", false);
-// https://hg.mozilla.org/releases/mozilla-release/file/a67a1682be8f0327435aaa2f417154330eff0017/browser/modules/ContentCrashHandlers.jsm#l511
-pref("browser.crashReports.unsubmittedCheck.chancesUntilSuppress", 0);
-
-// Disable Slow Startup Notifications
-pref("browser.slowStartup.maxSamples", 0);
-pref("browser.slowStartup.notificationDisabled", true);
-pref("browser.slowStartup.samples", 0);
-
-// CIS 2.1.1 Disable Auto Update / Balrog
-pref("app.update.auto", false);
+// PREF: Disable Auto Update / Balrog
+// NOTICE: Fully automatic updates are disabled and left to package management systems on Linux. Windows users may want to change this setting.
+// CIS 2.1.1
+pref("app.update.auto", false);
pref("app.update.checkInstallTime", false);
-pref("app.update.enabled", false);
-pref("app.update.staging.enabled", false);
+pref("app.update.enabled", false);
+pref("app.update.staging.enabled", false);
pref("app.update.url", "about:blank");
-pref("media.gmp-manager.certs.1.commonName", "");
-pref("media.gmp-manager.certs.2.commonName", "");
+pref("media.gmp-manager.certs.1.commonName", "");
+pref("media.gmp-manager.certs.2.commonName", "");
-// CIS 2.3.4 Block Reported Web Forgeries
-// http://kb.mozillazine.org/Browser.safebrowsing.enabled
+// PREF: Disable blocking reported web forgeries
+// Leaks information to Google
+// https://wiki.mozilla.org/Security/Safe_Browsing
// http://kb.mozillazine.org/Safe_browsing
// https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work
// http://forums.mozillazine.org/viewtopic.php?f=39&t=2711237&p=12896849#p12896849
-pref("browser.safebrowsing.enabled", false);
+// CIS 2.3.4
+pref("browser.safebrowsing.enabled", false); // Firefox < 50
+pref("browser.safebrowsing.phishing.enabled", false); // firefox >= 50
-// CIS 2.3.5 Block Reported Attack Sites
+// PREF: Disable blocking reported attack sites
+// Leaks information to Google
// http://kb.mozillazine.org/Browser.safebrowsing.malware.enabled
+// CIS 2.3.5
pref("browser.safebrowsing.malware.enabled", false);
-// Disable safe browsing remote lookups for downloaded files.
-// This leaks information to google.
+// PREF: Disable querying Google Application Reputation database for downloaded binary files
// https://www.mozilla.org/en-US/firefox/39.0/releasenotes/
// https://wiki.mozilla.org/Security/Application_Reputation
-pref("browser.safebrowsing.downloads.remote.enabled", false);
-pref("browser.safebrowsing.appRepURL", "about:blank");
+pref("browser.safebrowsing.downloads.remote.enabled", false);
+pref("browser.safebrowsing.appRepURL", "about:blank");
pref("browser.safebrowsing.provider.mozilla.gethashURL", "about:blank");
pref("browser.safebrowsing.provider.mozilla.updateURL", "about:blank");
pref("browser.safebrowsing.downloads.remote.block_dangerous", false);
pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false);
pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
-pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
-pref("browser.safebrowsing.downloads.remote.enabled", false);
+pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
pref("browser.safebrowsing.downloads.remote.url", "");
-pref("browser.safebrowsing.provider.google.gethashURL", "");
-pref("browser.safebrowsing.provider.google.updateURL", "");
+pref("browser.safebrowsing.provider.google.gethashURL", "");
+pref("browser.safebrowsing.provider.google.updateURL", "");
pref("browser.safebrowsing.provider.google.lists", "");
// https://bugzilla.mozilla.org/show_bug.cgi?id=1025965
-pref("browser.safebrowsing.phishing.enabled", false);
pref("browser.safebrowsing.provider.google4.lists", "about:blank");
pref("browser.safebrowsing.provider.google4.updateURL", "about:blank");
pref("browser.safebrowsing.provider.google4.gethashURL", "about:blank");
pref("browser.safebrowsing.provider.google4.reportURL", "about:blank");
pref("browser.safebrowsing.provider.mozilla.lists", "about:blank");
-// Disable Microsoft Family Safety MiTM support
+// Disable Microsoft Family Safety MiTM support (Windows 8.1) (FF50+)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1239166
// https://wiki.mozilla.org/SecurityEngineering/Untrusted_Certificates_in_Windows_Child_Mode
// https://hg.mozilla.org/releases/mozilla-release/file/ddb37c386bb2ffa180117b4d30ca3b41a8af233c/security/manager/ssl/nsNSSComponent.cpp#l782
@@ -679,20 +959,23 @@ pref("security.family_safety.mode", 0);
// https://bugzilla.mozilla.org/show_bug.cgi?id=1298883
pref("security.enterprise_roots.enabled", false);
-// Disable pocket
+// PREF: Disable Pocket
// https://support.mozilla.org/en-US/kb/save-web-pages-later-pocket-firefox
-pref("browser.pocket.enabled", false);
// https://github.com/pyllyukko/user.js/issues/143
-pref("extensions.pocket.enabled", false);
+pref("browser.pocket.enabled", false);
+pref("extensions.pocket.enabled", false);
pref("extensions.pocket.api", "about:blank");
-pref("extensions.pocket.enabled", false);
pref("browser.pocket.api", "about:blank");
-pref("browser.pocket.enabledLocales", "about:blank");
-pref("browser.pocket.oAuthConsumerKey", "about:blank");
+pref("browser.pocket.enabledLocales", "about:blank");
+pref("browser.pocket.oAuthConsumerKey", "about:blank");
pref("browser.pocket.site", "about:blank");
pref("browser.pocket.useLocaleList", false);
pref("browser.toolbarbuttons.introduced.pocket-button", true);
+// Disable Web Compat Reporter
+pref("extensions.webcompat-reporter.enabled", false);
+pref("extensions.webcompat-reporter.newIssueEndpoint", "");
+
// Disable Social
pref("social.directories", "");
pref("social.enabled", false);
@@ -703,11 +986,11 @@ pref("social.toast-notifications.enabled", false);
pref("social.whitelist", "");
// Disable Snippets
-pref("browser.snippets.enabled", false);
+pref("browser.snippets.enabled", false);
pref("browser.snippets.geoUrl", "about:blank");
-pref("browser.snippets.statsUrl", "about:blank");
-pref("browser.snippets.syncPromo.enabled", false);
-pref("browser.snippets.updateUrl", "about:blank");
+pref("browser.snippets.statsUrl", "about:blank");
+pref("browser.snippets.syncPromo.enabled", false);
+pref("browser.snippets.updateUrl", "about:blank");
// Disable WAN IP leaks
pref("captivedetect.canonicalURL", "about:blank");
@@ -738,81 +1021,70 @@ pref("services.sync.serverURL", "about:blank");
pref("services.sync.jpake.serverURL", "about:blank");
// Disable Failed Sync Logs since we killed sync.
pref("services.sync.log.appender.file.logOnError", false);
+pref("services.sync.ui.hidden", true);
/******************************************************************************
- * automatic connections *
- * *
+ * SECTION: Automatic connections *
******************************************************************************/
-// Disable link prefetching
+// PREF: Disable prefetching of <link rel="next"> URLs
// http://kb.mozillazine.org/Network.prefetch-next
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#Is_there_a_preference_to_disable_link_prefetching.3F
pref("network.prefetch-next", false);
-// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_geolocation-for-default-search-engine+
-// GeoIP-based search
-// https://trac.torproject.org/projects/tor/ticket/16254
-pref("browser.search.countryCode", "US");
-pref("browser.search.region", "US");
-pref("browser.search.geoip.url", "");
-pref("browser.search.geoSpecificDefaults.url", "about:blank");
-pref("browser.search.geoSpecificDefaults", false);
-
+// PREF: Disable DNS prefetching
// http://kb.mozillazine.org/Network.dns.disablePrefetch
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching
pref("network.dns.disablePrefetch", true);
pref("network.dns.disablePrefetchFromHTTPS", true);
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1228457
-pref("network.dns.blockDotOnion", true);
-
+// PREF: Disable the predictive service (Necko)
// https://wiki.mozilla.org/Privacy/Reviews/Necko
pref("network.predictor.enabled", false);
// https://wiki.mozilla.org/Privacy/Reviews/Necko#Principle:_Real_Choice
pref("network.seer.enabled", false);
+// PREF: Reject .onion hostnames before passing the to DNS
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1228457
+// RFC 7686
+pref("network.dns.blockDotOnion", true);
+
+// PREF: Disable search suggestions in the search bar
// http://kb.mozillazine.org/Browser.search.suggest.enabled
pref("browser.search.suggest.enabled", false);
-// Disable "Show search suggestions in location bar results"
+
+// PREF: Disable "Show search suggestions in location bar results"
pref("browser.urlbar.suggest.searches", false);
-// Disable SSDP
-// https://bugzil.la/1111967
+// PREF: Disable SSDP
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1111967
pref("browser.casting.enabled", false);
+// PREF: Disable automatic downloading of OpenH264 codec
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_media-capabilities
// http://andreasgal.com/2014/10/14/openh264-now-in-firefox/
pref("media.gmp-gmpopenh264.enabled", false);
-pref("media.peerconnection.video.h264_enabled", false);
+pref("media.peerconnection.video.h264_enabled", false);
// Disable Gecko media plugins: https://wiki.mozilla.org/GeckoMediaPlugins
pref("media.gmp-manager.url", "");
-pref("media.gmp-manager.url.override", "data:text/plain");
-pref("media.gmp.trial-create.enabled", false);
-
+pref("media.gmp-manager.url.override", "data:text/plain");
+pref("media.gmp.trial-create.enabled", false);
+// Since ESR52 it is not enough anymore to block pinging the GMP update/download
+// server. There is a local fallback that must be blocked now as well. See:
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1267495.
+pref("media.gmp-manager.updateEnabled", false);
+
+// PREF: Disable speculative pre-connections
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections
-// https://bugzil.la/814169
+// https://bugzilla.mozilla.org/show_bug.cgi?id=814169
pref("network.http.speculative-parallel-limit", 0);
-// https://github.com/arthuredelstein/tor-browser/blob/tbb-esr31.1.1/browser/app/profile/000-tor-browser.js
-pref("network.http.pipelining", true);
-pref("network.http.pipelining.aggressive", true);
-pref("network.http.pipelining.maxrequests", 12);
-pref("network.http.pipelining.ssl", true);
-pref("network.http.proxy.pipelining", true);
-pref("security.ssl.enable_false_start", true);
-pref("network.http.keep-alive.timeout", 20);
-pref("network.http.connection-retry-timeout", 0);
-pref("network.http.max-persistent-connections-per-proxy", 256);
-pref("network.http.pipelining.reschedule-timeout", 15000);
-pref("network.http.pipelining.read-timeout", 60000);
-pref("network.http.pipelining.max-optimistic-requests", 3);
-pref("network.http.spdy.enabled", false); // Stores state and may have keepalive issues (both fixable)
-pref("network.http.spdy.enabled.v2", false); // Seems redundant, but just in case
-pref("network.http.spdy.enabled.v3", false); // Seems redundant, but just in case
-
+// PREF: Disable downloading homepage snippets/messages from Mozilla
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_mozilla-content
+// https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service
pref("browser.aboutHomeSnippets.updateUrl", "");
+// PREF: Never check updates for search engines
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_auto-update-checking
pref("browser.search.update", false);
@@ -822,42 +1094,62 @@ pref("browser.webapps.checkForUpdates", 0);
pref("browser.webapps.updateCheckUrl", "about:blank");
pref("dom.mozApps.signed_apps_installable_from", "");
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1223838#c31
-pref("network.http.enablePerElementReferrer", false);
-
-// Disable Favicon lookups
+// Disable Favicon lookups (Leaks/fingerprints user bookmarks)
// http://kb.mozillazine.org/Browser.chrome.favicons
-// pref("browser.chrome.favicons", false);
-// pref("browser.chrome.site_icons", false);
+pref("browser.chrome.favicons", false);
+pref("browser.chrome.site_icons", false);
+pref("browser.shell.shortcutFavicons", false);
/******************************************************************************
- * HTTP *
- * *
+ * SECTION: HTTP *
******************************************************************************/
+// https://gitweb.torproject.org/tor-browser.git/tree/browser/app/profile/000-tor-browser.js?h=tor-browser-52.1.0esr-7.0-2
+pref("network.http.pipelining", true);
+pref("network.http.pipelining.aggressive", true);
+pref("network.http.pipelining.maxrequests", 12);
+pref("network.http.pipelining.ssl", true);
+pref("network.http.proxy.pipelining", true);
+pref("security.ssl.enable_false_start", true);
+pref("network.http.keep-alive.timeout", 20);
+pref("network.http.connection-retry-timeout", 0);
+pref("network.http.max-persistent-connections-per-proxy", 256);
+pref("network.http.pipelining.reschedule-timeout", 15000);
+pref("network.http.pipelining.read-timeout", 60000);
+pref("network.http.pipelining.max-optimistic-requests", 3);
+pref("network.http.spdy.enabled", false); // Stores state and may have keepalive issues (both fixable)
+pref("network.http.spdy.enabled.v2", false); // Seems redundant, but just in case
+pref("network.http.spdy.enabled.v3", false); // Seems redundant, but just in case
+pref("network.http.spdy.enabled.v3-1", false); // Seems redundant, but just in case
+pref("privacy.firstparty.isolate", true); // Always enforce first party isolation
+pref("network.http.spdy.enabled.http2", false); // Temporarily disabled pending implementation review
+pref("network.http.spdy.enabled.http2draft", false); // Temporarily disabled pending implementation review
-// Disallow NTLMv1
+// PREF: Disallow NTLMv1
// https://bugzilla.mozilla.org/show_bug.cgi?id=828183
pref("network.negotiate-auth.allow-insecure-ntlm-v1", false);
-// it is still allowed through HTTPS. uncomment the following to disable it completely.
-//pref("network.negotiate-auth.allow-insecure-ntlm-v1-https", false);
+pref("network.negotiate-auth.allow-insecure-ntlm-v1-https", false);
+// PREF: Enable CSP 1.1 script-nonce directive support
// https://bugzilla.mozilla.org/show_bug.cgi?id=855326
pref("security.csp.experimentalEnabled", true);
-// CSP https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy
+// PREF: Enable Content Security Policy (CSP)
+// https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy
+// https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
pref("security.csp.enable", true);
-// Subresource integrity
+// PREF: Enable Subresource Integrity
// https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
// https://wiki.mozilla.org/Security/Subresource_Integrity
pref("security.sri.enable", true);
-// DNT HTTP header
-// http://dnt.mozilla.org/
+// PREF: DNT HTTP header (disabled)
+// https://www.mozilla.org/en-US/firefox/dnt/
// https://en.wikipedia.org/wiki/Do_not_track_header
// https://dnt-dashboard.mozilla.org
// https://github.com/pyllyukko/user.js/issues/11
// http://www.howtogeek.com/126705/why-enabling-do-not-track-doesnt-stop-you-from-being-tracked/
+// NOTICE: Do No Track must be enabled manually
//pref("privacy.donottrackheader.enabled", true);
// Disable HTTP Alternative Services header
@@ -865,28 +1157,48 @@ pref("security.sri.enable", true);
pref("network.http.altsvc.enabled", false);
pref("network.http.altsvc.oe", false);
+// PREF: Send a referer header with the target URI as the source
// http://kb.mozillazine.org/Network.http.sendRefererHeader#0
// https://bugzilla.mozilla.org/show_bug.cgi?id=822869
-// Send a referer header with the target URI as the source
-//pref("network.http.sendRefererHeader", 1);
+// https://github.com/pyllyukko/user.js/issues/227
+// NOTICE: Spoofing referers breaks functionality on websites relying on authentic referer headers
+// NOTICE: Spoofing referers breaks visualisation of 3rd-party sites on the Lightbeam addon
+// NOTICE: Spoofing referers disables CSRF protection on some login pages not implementing origin-header/cookie+token based CSRF protection
+// TODO: https://github.com/pyllyukko/user.js/issues/94, commented-out XOriginPolicy/XOriginTrimmingPolicy = 2 prefs
pref("network.http.referer.spoofSource", true);
-// CIS 2.5.1 Accept Only 1st Party Cookies
+// PREF: Don't send referer headers when following links across different domains (disabled)
+// https://github.com/pyllyukko/user.js/issues/227
+// user_pref("network.http.referer.XOriginPolicy", 2);
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1223838#c31
+pref("network.http.enablePerElementReferrer", false);
+
+// PREF: Accept Only 1st Party Cookies
// http://kb.mozillazine.org/Network.cookie.cookieBehavior#1
-// This breaks a number of payment gateways so you may need to comment it out.
+// NOTICE: Blocking 3rd-party cookies breaks a number of payment gateways
+// CIS 2.5.1
pref("network.cookie.cookieBehavior", 1);
-// Make sure that third-party cookies (if enabled) never persist beyond the session.
+
+// PREF: Make sure that third-party cookies (if enabled) never persist beyond the session.
// https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/
// http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly
// https://developer.mozilla.org/en-US/docs/Cookies_Preferences_in_Mozilla#network.cookie.thirdparty.sessionOnly
pref("network.cookie.thirdparty.sessionOnly", true);
-// user-agent
-//pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0");
-
-/******************************************************************************
- * Caching *
- * *
+// PREF: Spoof User-agent
+pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0");
+pref("general.appname.override", "Netscape");
+pref("general.appversion.override", "5.0 (Windows)");
+pref("general.platform.override", "Win32");
+pref("general.oscpu.override", "Windows NT 6.1");
+pref("general.productSub.override", "20100101");
+pref("general.buildID.override", "20100101");
+pref("browser.startup.homepage_override.buildID", "20100101");
+pref("general.useragent.vendor", "");
+pref("general.useragent.vendorSub", "");
+
+/*******************************************************************************
+ * SECTION: Caching *
******************************************************************************/
// Prevents the Permissions manager from writing to disk (regardless of whether we are in PBM)
@@ -898,182 +1210,261 @@ pref("network.cookie.thirdparty.sessionOnly", true);
// https://bugzilla.mozilla.org/show_bug.cgi?id=1216882#c0
pref("security.nocertdb", true);
+// PREF: Permanently enable private browsing mode (disabled)
+// https://support.mozilla.org/en-US/kb/Private-Browsing
+// https://wiki.mozilla.org/PrivateBrowsing
+// NOTICE: You can not view or inspect cookies when in private browsing: https://bugzilla.mozilla.org/show_bug.cgi?id=823941
+// NOTICE: When Javascript is enabled, Websites can detect use of Private Browsing mode
+// NOTICE: Private browsing breaks Kerberos authentication
+// NOTICE: Disables "Containers" functionality (see below)
+//pref("browser.privatebrowsing.autostart", true);
+
+// PREF: Do not store POST data in saved sessions
// http://kb.mozillazine.org/Browser.sessionstore.postdata
-// NOTE: relates to CIS 2.5.7
+// relates to CIS 2.5.7
pref("browser.sessionstore.postdata", 0);
+
+// PREF: Disable the Session Restore service
// http://kb.mozillazine.org/Browser.sessionstore.enabled
pref("browser.sessionstore.enabled", false);
+// PREF: Do not download URLs for the offline cache
// http://kb.mozillazine.org/Browser.cache.offline.enable
pref("browser.cache.offline.enable", false);
-// Always use private browsing
-// https://support.mozilla.org/en-US/kb/Private-Browsing
-// https://wiki.mozilla.org/PrivateBrowsing
-// pref("browser.privatebrowsing.autostart", true);
-
-// Clear history when Firefox closes
+// PREF: Clear history when Firefox closes
// https://support.mozilla.org/en-US/kb/Clear%20Recent%20History#w_how-do-i-make-firefox-clear-my-history-automatically
+// NOTICE: Installing user.js will **remove your saved passwords** (https://github.com/pyllyukko/user.js/issues/27)
+// NOTICE: Clearing open windows on Firefox exit causes 2 windows to open when Firefox starts https://bugzilla.mozilla.org/show_bug.cgi?id=1334945
pref("privacy.sanitize.sanitizeOnShutdown", true);
pref("privacy.clearOnShutdown.cache", true);
pref("privacy.clearOnShutdown.cookies", true);
-pref("privacy.clearOnShutdown.downloads", true);
-pref("privacy.clearOnShutdown.formdata", true);
+pref("privacy.clearOnShutdown.downloads", true);
+pref("privacy.clearOnShutdown.formdata", true);
pref("privacy.clearOnShutdown.history", true);
pref("privacy.clearOnShutdown.offlineApps", true);
-//pref("privacy.clearOnShutdown.passwords", true); // Wipes all saved passwords, best to let the user decide.
-pref("privacy.clearOnShutdown.sessions", true);
+//pref("privacy.clearOnShutdown.passwords", true); // Wipes all saved passwords. (Disabled)
+pref("privacy.clearOnShutdown.sessions", true);
+pref("privacy.clearOnShutdown.openWindows", true);
pref("privacy.clearOnShutdown.siteSettings", true); // http://www.ghacks.net/2015/10/16/how-to-prevent-hsts-tracking-in-firefox/
+// PREF: Set time range to "Everything" as default in "Clear Recent History"
+pref("privacy.sanitize.timeSpan", 0);
+
+// PREF: Clear everything but "Site Preferences" in "Clear Recent History"
+pref("privacy.cpd.offlineApps", true);
+pref("privacy.cpd.cache", true);
+pref("privacy.cpd.cookies", true);
+pref("privacy.cpd.downloads", true);
+pref("privacy.cpd.formdata", true);
+pref("privacy.cpd.history", true);
+pref("privacy.cpd.sessions", true);
+
// Firefox will store small amounts (less than 50 MB) of data without asking for permission, unless this is set to false
// https://support.mozilla.org/en-US/questions/1014708
pref("offline-apps.allow_by_default", false);
-// don't remember browsing history
+// PREF: Don't remember browsing history
pref("places.history.enabled", false);
-// The cookie expires at the end of the session (when the browser closes).
-// http://kb.mozillazine.org/Network.cookie.lifetimePolicy#2
-pref("network.cookie.lifetimePolicy", 2);
-
+// PREF: Disable disk cache
// http://kb.mozillazine.org/Browser.cache.disk.enable
pref("browser.cache.disk.enable", false);
+// PREF: Disable memory cache (disabled)
// http://kb.mozillazine.org/Browser.cache.memory.enable
//pref("browser.cache.memory.enable", false);
-// CIS Version 1.2.0 October 21st, 2011 2.5.8 Disable Caching of SSL Pages
+// PREF: Disable Caching of SSL Pages
+// CIS Version 1.2.0 October 21st, 2011 2.5.8
// http://kb.mozillazine.org/Browser.cache.disk_cache_ssl
pref("browser.cache.disk_cache_ssl", false);
-// CIS Version 1.2.0 October 21st, 2011 2.5.2 Disallow Credential Storage
-pref("signon.rememberSignons", false);
-
-// CIS Version 1.2.0 October 21st, 2011 2.5.5 Delete Download History
-// Zero (0) is an indication that no download history is retained for the current profile.
+// PREF: Disable download history
+// CIS Version 1.2.0 October 21st, 2011 2.5.5
pref("browser.download.manager.retention", 0);
-// CIS Version 1.2.0 October 21st, 2011 2.5.6 Delete Search and Form History
+// PREF: Disable password manager
+// CIS Version 1.2.0 October 21st, 2011 2.5.2
+pref("signon.rememberSignons", false);
+
+// PREF: Disable form autofill, don't save information entered in web page forms and the Search Bar
pref("browser.formfill.enable", false);
+
+// PREF: Cookies expires at the end of the session (when the browser closes)
+// http://kb.mozillazine.org/Network.cookie.lifetimePolicy#2
+pref("network.cookie.lifetimePolicy", 2);
+
+// PREF: Require manual intervention to autofill known username/passwords sign-in forms
+// http://kb.mozillazine.org/Signon.autofillForms
+// https://www.torproject.org/projects/torbrowser/design/#identifier-linkability
+pref("signon.autofillForms", false);
+
+// PREF: When username/password autofill is enabled, still disable it on non-HTTPS sites
+// https://hg.mozilla.org/integration/mozilla-inbound/rev/f0d146fe7317
+pref("signon.autofillForms.http", false);
+
+// PREF: Show in-content login form warning UI for insecure login fields
+// https://hg.mozilla.org/integration/mozilla-inbound/rev/f0d146fe7317
+pref("security.insecure_field_warning.contextual.enabled", true);
+
+// PREF: Disable the password manager for pages with autocomplete=off
+// https://bugzilla.mozilla.org/show_bug.cgi?id=956906
+// OWASP ASVS V9.1
+// Does not prevent any kind of auto-completion (see browser.formfill.enable, signon.autofillForms)
+//pref("signon.storeWhenAutocompleteOff", false);
+
+// PREF: Delete Search and Form History
+// CIS Version 1.2.0 October 21st, 2011 2.5.6
pref("browser.formfill.expire_days", 0);
-// CIS Version 1.2.0 October 21st, 2011 2.5.7 Clear SSL Form Session Data
+// PREF: Clear SSL Form Session Data
// http://kb.mozillazine.org/Browser.sessionstore.privacy_level#2
// Store extra session data for unencrypted (non-HTTPS) sites only.
+// CIS Version 1.2.0 October 21st, 2011 2.5.7
// NOTE: CIS says 1, we use 2
pref("browser.sessionstore.privacy_level", 2);
-// https://bugzil.la/238789#c19
+// PREF: Delete temporary files on exit
+// https://bugzilla.mozilla.org/show_bug.cgi?id=238789
pref("browser.helperApps.deleteTempFileOnExit", true);
// Disable the media cache, prvents HTML5 videos from being written to the OS temporary directory
// https://www.torproject.org/projects/torbrowser/design/
pref("media.cache_size", 0);
+// PREF: Do not create screenshots of visited pages (relates to the "new tab page" feature)
// https://support.mozilla.org/en-US/questions/973320
// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/browser.pagethumbnails.capturing_disabled
pref("browser.pagethumbnails.capturing_disabled", true);
-/******************************************************************************
- * UI related *
- * *
- ******************************************************************************/
+/*******************************************************************************
+ * SECTION: UI related *
+ *******************************************************************************/
+
+pref("ui.use_standins_for_native_colors", true); // https://bugzilla.mozilla.org/232227
-// Webpages will not be able to affect the right-click menu
-//pref("dom.event.contextmenu.enabled", false);
+// PREF: Enable insecure password warnings (login forms in non-HTTPS pages)
+// https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please/
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1319119
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1217156
+pref("security.insecure_password.ui.enabled", true);
-// Disable Recently Bookmarked Folder
+// Disable Slow Startup Notifications
+pref("browser.slowStartup.maxSamples", 0);
+pref("browser.slowStartup.notificationDisabled", true);
+pref("browser.slowStartup.samples", 0);
+
+// Display advanced information on Insecure Connection warning pages
+// [TEST] https://expired.badssl.com/
+pref("browser.xul.error_pages.expert_bad_cert", true);
+
+// PREF: Disable right-click menu manipulation via JavaScript
+pref("dom.event.contextmenu.enabled", false);
+
+// Disable Recently Bookmarked Folder (Disabled)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1248268
// https://hg.mozilla.org/releases/mozilla-release/rev/f98e3add979e
//pref("browser.bookmarks.showRecentlyBookmarked", false);
+// PREF: Disable "Are you sure you want to leave this page?" popups on page close
+// https://support.mozilla.org/en-US/questions/1043508
+// Does not prevent JS leaks of the page close event.
+// https://developer.mozilla.org/en-US/docs/Web/Events/beforeunload
+pref("dom.disable_beforeunload", true);
+pref("dom.require_user_interaction_for_beforeunload", false);
// Don't promote sync
pref("browser.syncPromoViewsLeftMap", "{\"addons\":0,\"bookmarks\":0,\"passwords\":0}");
-// CIS 2.3.2 Disable Downloading on Desktop
+// PREF: Disable Downloading on Desktop
+// CIS 2.3.2
pref("browser.download.folderList", 2);
-// always ask the user where to download
-// https://developer.mozilla.org/en/Download_Manager_preferences
+// PREF: Always ask the user where to download
+// https://developer.mozilla.org/en/Download_Manager_preferences (obsolete)
pref("browser.download.useDownloadDir", false);
+// PREF: Disable the "new tab page" feature and show a blank tab instead
// https://wiki.mozilla.org/Privacy/Reviews/New_Tab
-pref("browser.newtabpage.enabled", false);
// https://support.mozilla.org/en-US/kb/new-tab-page-show-hide-and-customize-top-sites#w_how-do-i-turn-the-new-tab-page-off
+pref("browser.newtabpage.enabled", false);
pref("browser.newtab.url", "about:blank");
-// CIS Version 1.2.0 October 21st, 2011 2.1.2 Enable Auto Notification of Outdated Plugins
+// PREF: Disable new tab tile ads & preload
+// http://www.thewindowsclub.com/disable-remove-ad-tiles-from-firefox
+// http://forums.mozillazine.org/viewtopic.php?p=13876331#p13876331
+// https://wiki.mozilla.org/Tiles/Technical_Documentation#Ping
+// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-source
+// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-ping
+// TODO: deprecated? not in DXR, some dead links
+pref("browser.newtabpage.enhanced", false);
+pref("browser.newtab.preload", false);
+pref("browser.newtabpage.directory.ping", "");
+pref("browser.newtabpage.directory.source", "data:text/plain,{}");
+
+// PREF: Enable Auto Notification of Outdated Plugins (Disabled on GNU/Linux)
// https://wiki.mozilla.org/Firefox3.6/Plugin_Update_Awareness_Security_Review
-// Note: Disabled, we get plugin updates from repository.
-//pref("plugins.update.notifyUser", true);
+// CIS Version 1.2.0 October 21st, 2011 2.1.2
+pref("plugins.update.notifyUser", false);
-// CIS Version 1.2.0 October 21st, 2011 2.1.3 Enable Information Bar for Outdated Plugins
+// PREF: Enable Information Bar for Outdated Plugins
+// http://forums.mozillazine.org/viewtopic.php?f=8&t=2490287
+// CIS Version 1.2.0 October 21st, 2011 2.1.3
pref("plugins.hide_infobar_for_outdated_plugin", false);
-// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.6 Enable IDN Show Punycode
+// PREF: Force Punycode for Internationalized Domain Names
// http://kb.mozillazine.org/Network.IDN_show_punycode
+// https://www.xudongz.com/blog/2017/idn-phishing/
+// https://wiki.mozilla.org/IDN_Display_Algorithm
+// https://en.wikipedia.org/wiki/IDN_homograph_attack
+// https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/
+// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.6
pref("network.IDN_show_punycode", true);
-// http://kb.mozillazine.org/About:config_entries#Browser
+// PREF: Disable inline autocomplete in URL bar
// http://kb.mozillazine.org/Inline_autocomplete
pref("browser.urlbar.autoFill", false);
pref("browser.urlbar.autoFill.typed", false);
-// http://www.labnol.org/software/browsers/prevent-firefox-showing-bookmarks-address-location-bar/3636/
+// PREF: Don't suggest any URLs while typing at the address bar
+// https://www.labnol.org/software/browsers/prevent-firefox-showing-bookmarks-address-location-bar/3636/
// http://kb.mozillazine.org/Browser.urlbar.maxRichResults
// "Setting the preference to 0 effectively disables the Location Bar dropdown entirely."
pref("browser.urlbar.maxRichResults", 0);
+// PREF: Disable CSS :visited selectors
// https://blog.mozilla.org/security/2010/03/31/plugging-the-css-history-leak/
-// http://dbaron.org/mozilla/visited-privacy
+// https://dbaron.org/mozilla/visited-privacy
pref("layout.css.visited_links_enabled", false);
// http://kb.mozillazine.org/Places.frecency.unvisited%28place_type%29Bonus
+// PREF: Disable URL bar autocomplete
// http://kb.mozillazine.org/Disabling_autocomplete_-_Firefox#Firefox_3.5
pref("browser.urlbar.autocomplete.enabled", false);
-// Require manual intervention to autofill known username/passwords sign-in forms
-// http://kb.mozillazine.org/Signon.autofillForms
-// https://www.torproject.org/projects/torbrowser/design/#identifier-linkability
-pref("signon.autofillForms", false);
-
-// Disable the password manager for pages with autocomplete=off
-// Does not prevent any kind of auto-completion (see browser.formfill.enable, signon.autofillForms)
-// OWASP ASVS V9.1, https://bugzilla.mozilla.org/show_bug.cgi?id=956906
-pref("signon.storeWhenAutocompleteOff", false);
-
-// do not check if firefox is the default browser
+// PREF: Do not check if Firefox is the default browser
pref("browser.shell.checkDefaultBrowser", false);
+// PREF: When password manager is enabled, lock the password storage periodically
// CIS Version 1.2.0 October 21st, 2011 2.5.3 Disable Prompting for Credential Storage
-pref("security.ask_for_password", 0);
-// When security.ask_for_password is 2 (every n minutes), lock password storage every 5 minutes (default is 30)
- pref("security.password_lifetime", 5);
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1166947
-pref("signon.formlessCapture.enabled", false);
+pref("security.ask_for_password", 2);
// Bug 9881: Open popups in new tabs (to avoid fullscreen popups)
pref("browser.link.open_newwindow.restriction", 0);
-// Enable Insecure login field contextual warning
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1217162
-pref("security.insecure_field_warning.contextual.enabled", true);
-
-// Enable insecure password warnings (login forms in non-HTTPS pages)
-// https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please/
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1319119
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1217156
-pref("security.insecure_password.ui.enabled", true);
+// PREF: Lock the password storage every 1 minutes (default: 30)
+pref("security.password_lifetime", 1);
/******************************************************************************
- * TLS / HTTPS / OCSP related stuff *
- * *
+ * SECTION: Cryptography *
******************************************************************************/
+// PREF: Enable HSTS preload list (pre-set HSTS sites list provided by Mozilla)
// https://blog.mozilla.org/security/2012/11/01/preloading-hsts/
// https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List
-pref("network.stricttransportsecurity.preloadlist", false);
+// https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
+pref("network.stricttransportsecurity.preloadlist", true);
// Disable HSTS Priming, a beta feature rarely used that allows mixed content on HTTPS pages.
// https://wicg.github.io/hsts-priming/
@@ -1082,125 +1473,151 @@ pref("network.stricttransportsecurity.preloadlist", false);
pref("security.mixed_content.send_hsts_priming", false);
pref("security.mixed_content.use_hsts", false);
-
-// CIS Version 1.2.0 October 21st, 2011 2.2.4 Enable Online Certificate Status Protocol
-// https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol#Privacy_concerns
-pref("security.OCSP.enabled", 0);
-pref("security.OCSP.require", false);
-
+// PREF: Enable Online Certificate Status Protocol
+// https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
+// https://www.imperialviolet.org/2014/04/19/revchecking.html
+// https://www.maikel.pro/blog/current-state-certificate-revocation-crls-ocsp/
+// https://wiki.mozilla.org/CA:RevocationPlan
+// https://wiki.mozilla.org/CA:ImprovingRevocation
+// https://wiki.mozilla.org/CA:OCSP-HardFail
+// https://news.netcraft.com/archives/2014/04/24/certificate-revocation-why-browsers-remain-affected-by-heartbleed.html
+// https://news.netcraft.com/archives/2013/04/16/certificate-revocation-and-the-performance-of-ocsp.html
+// NOTICE: OCSP leaks your IP and domains you visit to the CA when OCSP Stapling is not available on visited host
+// NOTICE: OCSP is vulnerable to replay attacks when nonce is not configured on the OCSP responder
+// NOTICE: OCSP adds latency (performance)
+// NOTICE: Short-lived certificates are not checked for revocation (security.pki.cert_short_lifetime_in_days, default:10)
+// CIS Version 1.2.0 October 21st, 2011 2.2.4
+pref("security.OCSP.enabled", 1);
+
+// PREF: Enable OCSP Stapling support
+// https://en.wikipedia.org/wiki/OCSP_stapling
// https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
+// https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
pref("security.ssl.enable_ocsp_stapling", true);
-// require certificate revocation check through OCSP protocol.
-// NOTICE: this leaks information about the sites you visit to the CA.
+// PREF: Enable OCSP Must-Staple support (45+)
+// https://blog.mozilla.org/security/2015/11/23/improving-revocation-ocsp-must-staple-and-short-lived-certificates/
+// https://www.entrust.com/ocsp-must-staple/
+// https://github.com/schomery/privacy-settings/issues/40
+// NOTICE: Firefox falls back on plain OCSP when must-staple is not configured on the host certificate
+pref("security.ssl.enable_ocsp_must_staple", true);
+
+// PREF: Require a valid OCSP response for OCSP enabled certificates
+// https://groups.google.com/forum/#!topic/mozilla.dev.security/n1G-N2-HTVA
+// Disabling this will make OCSP bypassable by MitM attacks suppressing OCSP responses
+// NOTICE: `security.OCSP.require` will make the connection fail when the OCSP responder is unavailable
+// NOTICE: `security.OCSP.require` is known to break browsing on some [captive portals](https://en.wikipedia.org/wiki/Captive_portal)
pref("security.OCSP.require", true);
-// Disable TLS Session Tickets
+// PREF: Disable TLS Session Tickets
// https://www.blackhat.com/us-13/briefings.html#NextGen
// https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf
// https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-WP.pdf
-// https://bugzil.la/917049
-// https://bugzil.la/967977
+// https://bugzilla.mozilla.org/show_bug.cgi?id=917049
+// https://bugzilla.mozilla.org/show_bug.cgi?id=967977
pref("security.ssl.disable_session_identifiers", true);
// https://www.torproject.org/projects/torbrowser/design/index.html.en
pref("security.ssl.enable_false_start", true);
pref("security.enable_tls_session_tickets", false);
-// TLS 1.[0-3]
-// http://kb.mozillazine.org/Security.tls.version.max
+// PREF: Only allow TLS 1.[0-3]
+// http://kb.mozillazine.org/Security.tls.version.*
// 1 = TLS 1.0 is the minimum required / maximum supported encryption protocol. (This is the current default for the maximum supported version.)
// 2 = TLS 1.1 is the minimum required / maximum supported encryption protocol.
pref("security.tls.version.min", 1);
pref("security.tls.version.max", 4);
-// TLS version fallback
+// PREF: Disable insecure TLS version fallback
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1084025
+// https://github.com/pyllyukko/user.js/pull/206#issuecomment-280229645
pref("security.tls.version.fallback-limit", 3);
-// pinning
-// https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning#How_to_use_pinning
+// PREF: Enfore Public Key Pinning
+// https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning
+// https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning
// "2. Strict. Pinning is always enforced."
-pref("security.cert_pinning.enforcement_level", 2);
+pref("security.cert_pinning.enforcement_level", 2);
-// disallow SHA-1
+// PREF: Disallow SHA-1
// https://bugzilla.mozilla.org/show_bug.cgi?id=1302140
// https://hg.mozilla.org/releases/mozilla-release/rev/43c724bde81c#l3.34
// http://www.scmagazine.com/mozilla-pulls-back-on-rejecting-sha-1-certs-outright/article/463913/
// 0 = allow SHA-1; 1 = forbid SHA-1; 2 = allow SHA-1 only if notBefore < 2016-01-01
// https://shattered.io/
-pref("security.pki.sha1_enforcement_level", 1);
+pref("security.pki.sha1_enforcement_level", 1);
+// PREF: Warn the user when server doesn't support RFC 5746 ("safe" renegotiation)
// https://wiki.mozilla.org/Security:Renegotiation#security.ssl.treat_unsafe_negotiation_as_broken
-// see also CVE-2009-3555
+// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555
pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
+// PREF: Disallow connection to servers not supporting safe renegotiation (disabled)
// https://wiki.mozilla.org/Security:Renegotiation#security.ssl.require_safe_negotiation
-// this makes browsing next to impossible=) (13.2.2012)
-// update: the world is not ready for this! (6.5.2014)
-// see also CVE-2009-3555
-// The world must comply with this! (11.20.2016)
-pref("security.ssl.require_safe_negotiation", true);
+// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555
+// TODO: `security.ssl.require_safe_negotiation` is more secure but makes browsing next to impossible (2012-2014-... - `ssl_error_unsafe_negotiation` errors), so is left disabled
+// pref("security.ssl.require_safe_negotiation", true);
+// PREF: Disable automatic reporting of TLS connection errors
// https://support.mozilla.org/en-US/kb/certificate-pinning-reports
-//
// we could also disable security.ssl.errorReporting.enabled, but I think it's
// good to leave the option to report potentially malicious sites if the user
// chooses to do so.
-//
// you can test this at https://pinningtest.appspot.com/
pref("security.ssl.errorReporting.automatic", false);
+// PREF: Pre-populate the current URL but do not pre-fetch the certificate in the "Add Security Exception" dialog
// http://kb.mozillazine.org/Browser.ssl_override_behavior
-// Pre-populate the current URL but do not pre-fetch the certificate.
+// https://github.com/pyllyukko/user.js/issues/210
pref("browser.ssl_override_behavior", 1);
/******************************************************************************
- * CIPHERS *
+ * SECTION: Cipher suites *
* *
* you can debug the SSL handshake with tshark: *
* tshark -t ad -n -i wlan0 -T text -V -R ssl.handshake *
******************************************************************************/
-// disable null ciphers
-pref("security.ssl3.rsa_null_sha", false);
-pref("security.ssl3.rsa_null_md5", false);
-pref("security.ssl3.ecdhe_rsa_null_sha", false);
-pref("security.ssl3.ecdhe_ecdsa_null_sha", false);
+// PREF: Disable null ciphers
+pref("security.ssl3.rsa_null_sha", false);
+pref("security.ssl3.rsa_null_md5", false);
+pref("security.ssl3.ecdhe_rsa_null_sha", false);
+pref("security.ssl3.ecdhe_ecdsa_null_sha", false);
pref("security.ssl3.ecdh_rsa_null_sha", false);
-pref("security.ssl3.ecdh_ecdsa_null_sha", false);
+pref("security.ssl3.ecdh_ecdsa_null_sha", false);
-// SEED
+// PREF: Disable SEED cipher
// https://en.wikipedia.org/wiki/SEED
-pref("security.ssl3.rsa_seed_sha", false);
+pref("security.ssl3.rsa_seed_sha", false);
-// 40 bits...
+// PREF: Disable 40/56/128-bit ciphers
+// 40-bit ciphers
pref("security.ssl3.rsa_rc4_40_md5", false);
pref("security.ssl3.rsa_rc2_40_md5", false);
-
-// 56 bits
-pref("security.ssl3.rsa_1024_rc4_56_sha", false);
-
-// 128 bits
-pref("security.ssl3.rsa_camellia_128_sha", false);
+// 56-bit ciphers
+pref("security.ssl3.rsa_1024_rc4_56_sha", false);
+// 128-bit ciphers
+pref("security.ssl3.rsa_camellia_128_sha", false);
pref("security.ssl3.ecdhe_rsa_aes_128_sha", false);
pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false);
-pref("security.ssl3.ecdh_rsa_aes_128_sha", false);
+pref("security.ssl3.ecdh_rsa_aes_128_sha", false);
pref("security.ssl3.ecdh_ecdsa_aes_128_sha", false);
pref("security.ssl3.dhe_rsa_camellia_128_sha", false);
-pref("security.ssl3.dhe_rsa_aes_128_sha", false);
+pref("security.ssl3.dhe_rsa_aes_128_sha", false);
-// RC4 (CVE-2013-2566)
+// PREF: Disable RC4
+// https://developer.mozilla.org/en-US/Firefox/Releases/38#Security
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1138882
+// https://rc4.io/
+// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566
pref("security.ssl3.ecdh_ecdsa_rc4_128_sha", false);
-pref("security.ssl3.ecdh_rsa_rc4_128_sha", false);
+pref("security.ssl3.ecdh_rsa_rc4_128_sha", false);
pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false);
pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false);
pref("security.ssl3.rsa_rc4_128_md5", false);
pref("security.ssl3.rsa_rc4_128_sha", false);
-// https://developer.mozilla.org/en-US/Firefox/Releases/38#Security
-// https://bugzil.la/1138882
-// https://rc4.io/
pref("security.tls.unrestricted_rc4_fallback", false);
-// 3DES -> false because effective key size < 128
+// PREF: Disable 3DES (effective key size is < 128)
// https://en.wikipedia.org/wiki/3des#Security
// http://en.citizendium.org/wiki/Meet-in-the-middle_attack
// http://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html
@@ -1208,49 +1625,47 @@ pref("security.ssl3.dhe_dss_des_ede3_sha", false);
pref("security.ssl3.dhe_rsa_des_ede3_sha", false);
pref("security.ssl3.ecdh_ecdsa_des_ede3_sha", false);
pref("security.ssl3.ecdh_rsa_des_ede3_sha", false);
-pref("security.ssl3.ecdhe_ecdsa_des_ede3_sha", false);
+pref("security.ssl3.ecdhe_ecdsa_des_ede3_sha", false);
pref("security.ssl3.ecdhe_rsa_des_ede3_sha", false);
pref("security.ssl3.rsa_des_ede3_sha", false);
pref("security.ssl3.rsa_fips_des_ede3_sha", false);
-// Ciphers with ECDH (without /e$/)
+// PREF: Disable ciphers with ECDH (non-ephemeral)
pref("security.ssl3.ecdh_rsa_aes_256_sha", false);
pref("security.ssl3.ecdh_ecdsa_aes_256_sha", false);
-// 256 bits without PFS
-pref("security.ssl3.rsa_camellia_256_sha", false);
+// PREF: Disable 256 bits ciphers without PFS
+pref("security.ssl3.rsa_camellia_256_sha", false);
-// Ciphers with ECDHE and > 128bits
+// PREF: Enable ciphers with ECDHE and key size > 128bits
pref("security.ssl3.ecdhe_rsa_aes_256_sha", true); // 0xc014
pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true); // 0xc00a
-// GCM, yes please! (TLSv1.2 only)
+// PREF: Enable GCM ciphers (TLSv1.2 only)
+// https://en.wikipedia.org/wiki/Galois/Counter_Mode
pref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true); // 0xc02b
pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true); // 0xc02f
-// ChaCha20 and Poly1305. Supported since Firefox 47.
+// PREF: Enable ChaCha20 and Poly1305 (47+)
// https://www.mozilla.org/en-US/firefox/47.0/releasenotes/
// https://tools.ietf.org/html/rfc7905
-// https://bugzil.la/917571
-// https://bugzil.la/1247860
+// https://bugzilla.mozilla.org/show_bug.cgi?id=917571
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1247860
// https://cr.yp.to/chacha.html
pref("security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256", true);
pref("security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256", true);
-// Susceptible to the logjam attack - https://weakdh.org/
+// PREF: Disable ciphers susceptible to the logjam attack
+// https://weakdh.org/
pref("security.ssl3.dhe_rsa_camellia_256_sha", false);
pref("security.ssl3.dhe_rsa_aes_256_sha", false);
-// Ciphers with DSA (max 1024 bits)
+// PREF: Disable ciphers with DSA (max 1024 bits)
pref("security.ssl3.dhe_dss_aes_128_sha", false);
pref("security.ssl3.dhe_dss_aes_256_sha", false);
pref("security.ssl3.dhe_dss_camellia_128_sha", false);
pref("security.ssl3.dhe_dss_camellia_256_sha", false);
-// Fallbacks due compatibility reasons
-pref("security.ssl3.rsa_aes_256_sha", true);
-pref("security.ssl3.rsa_aes_128_sha", true);
-
-// Disable static TLS insecure fallback whitelist
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1128227
-pref("security.tls.insecure_fallback_hosts.use_static_list", false);
+// PREF: Fallbacks due compatibility reasons
+pref("security.ssl3.rsa_aes_256_sha", true); // 0x35
+pref("security.ssl3.rsa_aes_128_sha", true); // 0x2f