diff options
author | Gaming4JC <g4jc@openmailbox.org> | 2017-05-08 22:20:06 -0400 |
---|---|---|
committer | Gaming4JC <g4jc@openmailbox.org> | 2017-05-08 22:20:06 -0400 |
commit | 28b4e69d02cd3ed216d598902c4c7f9ad634da59 (patch) | |
tree | 58ac8acff25b471f3f6feb579aee29be8ee25ac8 /nonprism | |
parent | 225946f2ea9b0e9932db93c94f7c03c9d1cb8128 (diff) | |
download | abslibre-28b4e69d02cd3ed216d598902c4c7f9ad634da59.tar.gz abslibre-28b4e69d02cd3ed216d598902c4c7f9ad634da59.tar.bz2 abslibre-28b4e69d02cd3ed216d598902c4c7f9ad634da59.zip |
update iceweasel-hardened-prefs
Diffstat (limited to 'nonprism')
-rw-r--r-- | nonprism/iceweasel-hardened-preferences/PKGBUILD | 8 | ||||
-rw-r--r-- | nonprism/iceweasel-hardened-preferences/iceweasel-branding.js | 1393 |
2 files changed, 908 insertions, 493 deletions
diff --git a/nonprism/iceweasel-hardened-preferences/PKGBUILD b/nonprism/iceweasel-hardened-preferences/PKGBUILD index 17954f5a0..e5c3883f6 100644 --- a/nonprism/iceweasel-hardened-preferences/PKGBUILD +++ b/nonprism/iceweasel-hardened-preferences/PKGBUILD @@ -2,8 +2,8 @@ # Contributor: André Silva <emulatorman@parabola.nu> pkgname=iceweasel-hardened-preferences -pkgver=0.7 -pkgrel=2 +pkgver=0.8 +pkgrel=1 pkgdesc="Hardened preferences script which runs Iceweasel to protect from a variety of privacy, security, and fingerprinting attacks." arch=(any) license=(MPL) @@ -21,11 +21,11 @@ source=('firefox-branding.js' 'iceweasel-hardened.install') sha512sums=('cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e' 'd542452fa1d619d22e9c9b6e4af58d7310abdc5c81d871a1abbddb0087c53913c8a244af2b7be416a2c439383afc2480c439078ebde0ccac518300d9027b4800' - 'bfaa9287eb7fc27198fe9885755520b92db1f4db998a056170d6cc35bf0965198df4ff68e7500d62bf1f7778bf33dea7da70cda1975d38058ff9e73058490cef' + '0e94131a7d8f536131a492965612e24bd414673a7d029cfa5e973b881f5321649e31b07635c31168edd151ac4192b1e29751f43f1e24beaf867603e12a6ebef4' 'e9baa13d50195ff5be507093c45c00bb06a77c9e633ac183ec2fd74eebb11bfc07bde334fe4455b763e8700cde146ae223578ebd8d13066739220502b6eebff6') whirlpoolsums=('19fa61d75522a4669b44e39c1d2e1726c530232130d407f89afee0964997f7a73e83be698b288febcf88e3e03c4f0757ea8964e59b63d93708b138cc42a66eb3' 'f7cb38e58f644ddeae9f931c290ae1d96e54d0a8937171f2ebad498b65b87f2115cbd0a0f2a55e12dceba7a387e70fd2432678010a87975f8322c9c27b41efd2' - '575d312dd027ec2958c0098e9617a14edc312231d8c2f56d9b77620f4cd0109947f02ac3f38ea2f746c1a24a97d2683c3fa7d571abfb85fc1fa21d366fec2137' + '2bf292142f87bb6e31bebadd79294362f04b7aa53b151393df5c9ae2e87b6f78e17042df1e87a1143a22b39739a60425dc60751260d84c9e764c22774a64ab6e' '44b57bbbf8f00ffee11afc84f5ea3daedc39e59da3ee91e337c1eaad24c014caf5680eb250e25a3e046db9caaf6829c3b667693de9f040d8864be34b96300bb9') package() { diff --git a/nonprism/iceweasel-hardened-preferences/iceweasel-branding.js b/nonprism/iceweasel-hardened-preferences/iceweasel-branding.js index 470ecd168..f22d25921 100644 --- a/nonprism/iceweasel-hardened-preferences/iceweasel-branding.js +++ b/nonprism/iceweasel-hardened-preferences/iceweasel-branding.js @@ -1,8 +1,9 @@ -/****************************************************************************** - * user.js * - * Adapted from... * - * https://github.com/pyllyukko/user.js * - * https://github.com/The-OP/Fox/tree/master/prefs * +/**************************************************************************** + * user.js * + * Adapted from... * + * https://github.com/pyllyukko/user.js * + * https://github.com/The-OP/Fox/tree/master/prefs * + * https://github.com/ghacksuserjs/ghacks-user.js * ******************************************************************************/ /***************************************************************************** @@ -16,44 +17,233 @@ pref("gfx.direct2d.disabled", true); pref("layers.acceleration.disabled", true); pref("gfx.downloadable_fonts.fallback_delay", -1); pref("intl.charset.default", "windows-1252"); -pref("intl.locale.matchOS", false); -// Set locale to en-US (if you are using localized version of FF) -pref("intl.accept_languages", "en-US, en"); -pref("javascript.use_us_english_locale", true); +pref("privacy.use_utc_timezone", true); +pref("privacy.suppressModifierKeyEvents", true); // Bug #17009: Suppress ALT and SHIFT events" pref("noscript.forbidFonts", true); -// Favicons cause fingerprinting by downloading your entire bookmarks toolbar on start-up. -pref("browser.chrome.favicons", false); -pref("browser.chrome.site_icons", false); -pref("browser.shell.shortcutFavicons", false); +pref("dom.maxHardwareConcurrency", 1); // Bug 21675: Spoof single-core cpu + +// Tor Browser Font config +// https://gitweb.torproject.org/tor-browser.git/tree/browser/app/profile/000-tor-browser.js?h=tor-browser-52.1.0esr-7.0-2 +pref("font.default.lo", "Noto Sans Lao"); +pref("font.default.my", "Noto Sans Myanmar"); +pref("font.default.x-western", "sans-serif"); +pref("font.name-list.cursive.ar", "Noto Naskh Arabic, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.cursive.he", "Noto Sans Hebrew, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.cursive.x-cyrillic", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.cursive.x-unicode", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.cursive.x-western", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.fantasy.ar", "Noto Naskh Arabic, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.fantasy.el", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.fantasy.he", "Noto Sans Hebrew, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.fantasy.x-cyrillic", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.fantasy.x-unicode", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.fantasy.x-western", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.ar", "Noto Naskh Arabic, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.el", "Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.he", "Noto Sans Hebrew, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.ja", "Noto Sans JP Regular, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.ko", "Noto Sans KR Regular, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.th", "Noto Sans Thai, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.x-armn", "Noto Sans Armenian, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.x-beng", "Noto Sans Bengali, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.x-cyrillic", "Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.x-devanagari", "Noto Sans Devanagari, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.x-ethi", "Noto Sans Ethiopic, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.x-geor", "Noto Sans Georgian, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.x-gujr", "Noto Sans Gujarati, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.x-guru", "Noto Sans Gurmukhi, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.x-khmr", "Noto Sans Khmer, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.x-knda", "Noto Sans Kannada, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.x-mlym", "Noto Sans Malayalam, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.x-orya", "Noto Sans Oriya, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.x-sinh", "Noto Sans Sinhala, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.x-tamil", "Noto Sans Tamil, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.x-telu", "Noto Sans Telugu, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.x-tibt", "Noto Sans Tibetan, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.x-unicode", "Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.x-western", "Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.zh-CN", "Noto Sans SC Regular, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.zh-HK", "Noto Sans TC Regular, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.monospace.zh-TW", "Noto Sans TC Regular, Cousine, Courier, Courier New, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.ar", "Noto Naskh Arabic, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.el", "Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.he", "Noto Sans Hebrew, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.ja", "Noto Sans JP Regular, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.ko", "Noto Sans KR Regular, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.th", "Noto Sans Thai, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.x-armn", "Noto Sans Armenian, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.x-beng", "Noto Sans Bengali, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.x-cyrillic", "Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.x-devanagari", "Noto Sans Devanagari, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.x-ethi", "Noto Sans Ethiopic, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.x-geor", "Noto Sans Georgian, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.x-gujr", "Noto Sans Gujarati, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.x-guru", "Noto Sans Gurmukhi, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.x-khmr", "Noto Sans Khmer, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.x-knda", "Noto Sans Kannada, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.x-mlym", "Noto Sans Malayalam, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.x-orya", "Noto Sans Oriya, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.x-sinh", "Noto Sans Sinhala, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.x-tamil", "Noto Sans Tamil, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.x-telu", "Noto Sans Telugu, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.x-tibt", "Noto Sans Tibetan, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.x-unicode", "Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.x-western", "Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.zh-CN", "Noto Sans SC Regular, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.zh-HK", "Noto Sans TC Regular, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.sans-serif.zh-TW", "Noto Sans TC Regular, Arimo, Arial, Verdana, Noto Naskh Arabic, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans JP Regular, Noto Sans KR Regular, Noto Sans SC Regular, Noto Sans TC Regular, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Georgian, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Hebrew, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Thai, Noto Sans Tibetan, Noto Sans Yi, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.ar", "Noto Naskh Arabic, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.el", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.he", "Tinos, Georgia, Noto Sans Hebrew, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.ja", "Noto Sans JP Regular, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.ko", "Noto Sans KR Regular, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.th", "Noto Serif Thai, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-armn", "Noto Serif Armenian, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-beng", "Noto Sans Bengali, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-cyrillic", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-devanagari", "Noto Sans Devanagari, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-ethi", "Noto Sans Ethiopic, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-geor", "Noto Sans Georgian, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-gujr", "Noto Sans Gujarati, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-guru", "Noto Sans Gurmukhi, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-khmr", "Noto Serif Khmer, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-knda", "Noto Sans Kannada, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-mlym", "Noto Sans Malayalam, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-orya", "Noto Sans Oriya, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-sinh", "Noto Sans Sinhala, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-tamil", "Noto Sans Tamil, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-telu", "Noto Sans Telugu, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-tibt", "Noto Sans Tibetan, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-unicode", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.x-western", "Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.zh-CN", "Noto Sans SC Regular, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.zh-HK", "Noto Sans TC Regular, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name-list.serif.zh-TW", "Noto Sans TC Regular, Tinos, Georgia, Noto Serif Armenian, Noto Serif Khmer, Noto Serif Lao, Noto Serif Thai"); +pref("font.name.cursive.ar", "Noto Naskh Arabic"); +pref("font.name.cursive.el", "Tinos, Georgia"); +pref("font.name.cursive.he", "Noto Sans Hebrew"); +pref("font.name.cursive.x-cyrillic", "Tinos, Georgia"); +pref("font.name.cursive.x-unicode", "Tinos, Georgia"); +pref("font.name.cursive.x-western", "Tinos, Georgia"); +pref("font.name.fantasy.ar", "Noto Naskh Arabic"); +pref("font.name.fantasy.el", "Tinos, Georgia"); +pref("font.name.fantasy.he", "Noto Sans Hebrew"); +pref("font.name.fantasy.x-cyrillic", "Tinos, Georgia"); +pref("font.name.fantasy.x-unicode", "Tinos, Georgia"); +pref("font.name.fantasy.x-western", "Tinos, Georgia"); +pref("font.name.monospace.ar", "Noto Naskh Arabic"); +pref("font.name.monospace.el", "Tinos, Georgia"); +pref("font.name.monospace.he", "Noto Sans Hebrew"); +pref("font.name.monospace.ja", "Noto Sans JP Regular"); +pref("font.name.monospace.ko", "Noto Sans KR Regular"); +pref("font.name.monospace.my", "Noto Sans Myanmar"); +pref("font.name.monospace.th", "Noto Sans Thai"); +pref("font.name.monospace.x-armn", "Noto Sans Armenian"); +pref("font.name.monospace.x-beng", "Noto Sans Bengali"); +pref("font.name.monospace.x-cyrillic", "Cousine, Courier, Courier New"); +pref("font.name.monospace.x-devanagari", "Noto Sans Devanagari"); +pref("font.name.monospace.x-ethi", "Noto Sans Ethiopic"); +pref("font.name.monospace.x-geor", "Noto Sans Georgian"); +pref("font.name.monospace.x-gujr", "Noto Sans Gujarati"); +pref("font.name.monospace.x-guru", "Noto Sans Gurmukhi"); +pref("font.name.monospace.x-khmr", "Noto Sans Khmer"); +pref("font.name.monospace.x-knda", "Noto Sans Kannada"); +pref("font.name.monospace.x-mlym", "Noto Sans Malayalam"); +pref("font.name.monospace.x-orya", "Noto Sans Oriya"); +pref("font.name.monospace.x-sinh", "Noto Sans Sinhala"); +pref("font.name.monospace.x-tamil", "Noto Sans Tamil"); +pref("font.name.monospace.x-telu", "Noto Sans Telugu"); +pref("font.name.monospace.x-tibt", "Noto Sans Tibetan"); +pref("font.name.monospace.x-unicode", "Cousine, Courier, Courier New"); +pref("font.name.monospace.x-western", "Cousine, Courier, Courier New"); +pref("font.name.monospace.zh-CN", "Noto Sans SC Regular"); +pref("font.name.monospace.zh-HK", "Noto Sans TC Regular"); +pref("font.name.monospace.zh-TW", "Noto Sans TC Regular"); +pref("font.name.sans-serif.ar", "Noto Naskh Arabic"); +pref("font.name.sans-serif.el", "Arimo, Arial, Verdana"); +pref("font.name.sans-serif.he", "Noto Sans Hebrew"); +pref("font.name.sans-serif.ja", "Noto Sans JP Regular"); +pref("font.name.sans-serif.ko", "Noto Sans KR Regular"); +pref("font.name.sans-serif.th", "Noto Sans Thai"); +pref("font.name.sans-serif.x-armn", "Noto Sans Armenian"); +pref("font.name.sans-serif.x-beng", "Noto Sans Bengali"); +pref("font.name.sans-serif.x-cyrillic", "Arimo, Arial, Verdana"); +pref("font.name.sans-serif.x-devanagari", "Noto Sans Devanagari"); +pref("font.name.sans-serif.x-ethi", "Noto Sans Ethiopic"); +pref("font.name.sans-serif.x-geor", "Noto Sans Georgian"); +pref("font.name.sans-serif.x-gujr", "Noto Sans Gujarati"); +pref("font.name.sans-serif.x-guru", "Noto Sans Gurmukhi"); +pref("font.name.sans-serif.x-khmr", "Noto Sans Khmer"); +pref("font.name.sans-serif.x-knda", "Noto Sans Kannada"); +pref("font.name.sans-serif.x-mlym", "Noto Sans Malayalam"); +pref("font.name.sans-serif.x-orya", "Noto Sans Oriya"); +pref("font.name.sans-serif.x-sinh", "Noto Sans Sinhala"); +pref("font.name.sans-serif.x-tamil", "Noto Sans Tamil"); +pref("font.name.sans-serif.x-telu", "Noto Sans Telugu"); +pref("font.name.sans-serif.x-tibt", "Noto Sans Tibetan"); +pref("font.name.sans-serif.x-unicode", "Arimo, Arial, Verdana"); +pref("font.name.sans-serif.x-western", "Arimo, Arial, Verdana"); +pref("font.name.sans-serif.zh-CN", "Noto Sans SC Regular"); +pref("font.name.sans-serif.zh-HK", "Noto Sans TC Regular"); +pref("font.name.sans-serif.zh-TW", "Noto Sans TC Regular"); +pref("font.name.sans.my", "Noto Sans Myanmar"); +pref("font.name.serif.ar", "Noto Naskh Arabic"); +pref("font.name.serif.el", "Tinos, Georgia"); +pref("font.name.serif.he", "Noto Sans Hebrew"); +pref("font.name.serif.ja", "Noto Sans JP Regular"); +pref("font.name.serif.ko", "Noto Sans KR Regular"); +pref("font.name.serif.my", "Noto Sans Myanmar"); +pref("font.name.serif.th", "Noto Serif Thai"); +pref("font.name.serif.x-armn", "Noto Serif Armenian"); +pref("font.name.serif.x-beng", "Noto Sans Bengali"); +pref("font.name.serif.x-cyrillic", "Tinos, Georgia"); +pref("font.name.serif.x-devanagari", "Noto Sans Devanagari"); +pref("font.name.serif.x-ethi", "Noto Sans Ethiopic"); +pref("font.name.serif.x-geor", "Noto Sans Georgian"); +pref("font.name.serif.x-gujr", "Noto Sans Gujarati"); +pref("font.name.serif.x-guru", "Noto Sans Gurmukhi"); +pref("font.name.serif.x-khmr", "Noto Serif Khmer"); +pref("font.name.serif.x-knda", "Noto Sans Kannada"); +pref("font.name.serif.x-mlym", "Noto Sans Malayalam"); +pref("font.name.serif.x-orya", "Noto Sans Oriya"); +pref("font.name.serif.x-sinh", "Noto Sans Sinhala"); +pref("font.name.serif.x-tamil", "Noto Sans Tamil"); +pref("font.name.serif.x-telu", "Noto Sans Telugu"); +pref("font.name.serif.x-tibt", "Noto Sans Tibetan"); +pref("font.name.serif.x-unicode", "Tinos, Georgia"); +pref("font.name.serif.x-western", "Tinos, Georgia"); +pref("font.name.serif.zh-CN", "Noto Sans SC Regular"); +pref("font.name.serif.zh-HK", "Noto Sans TC Regular"); +pref("font.name.serif.zh-TW", "Noto Sans TC Regular"); /****************************************************************************** - * HTML5 / APIs / DOM * - * * + * SECTION: HTML5 / APIs / DOM * ******************************************************************************/ -// disable Location-Aware Browsing -// http://www.mozilla.org/en-US/firefox/geolocation/ -pref("geo.enabled", false); - -// Disable dom.mozTCPSocket.enabled (raw TCP socket support) -// https://trac.torproject.org/projects/tor/ticket/18863 -// https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/ -// https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket -pref("dom.mozTCPSocket.enabled", false); - -// Disable DOM Shared Workers -// See https://bugs.torproject.org/15562 -pref("dom.workers.sharedWorkers.enabled", false); +// PREF: Disable Service Workers // https://developer.mozilla.org/en-US/docs/Web/API/Worker // https://developer.mozilla.org/en-US/docs/Web/API/ServiceWorker_API // https://wiki.mozilla.org/Firefox/Push_Notifications#Service_Workers +// NOTICE: Disabling ServiceWorkers breaks functionality on some sites (Google Street View...) +// Unknown security implications +// CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287 (fixed) pref("dom.serviceWorkers.enabled", false); +// PREF: Disable Web Workers +// https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Using_web_workers +// https://www.w3schools.com/html/html5_webworkers.asp +pref("dom.workers.enabled", false); + // Disable WebSockets // https://www.infoq.com/news/2012/03/websockets-security // http://mdn.beonex.com/en/WebSockets.html pref("network.websocket.max-connections", 0); + +// PREF: Disable web notifications +// https://support.mozilla.org/t5/Firefox/I-can-t-find-Firefox-menu-I-m-trying-to-opt-out-of-Web-Push-and/m-p/1317495#M1006501 +pref("dom.webnotifications.enabled", false); + // Disable DOM Push API // https://developer.mozilla.org/en-US/docs/Web/API/Push_API // https://wiki.mozilla.org/Security/Reviews/Push_API @@ -61,6 +251,7 @@ pref("network.websocket.max-connections", 0); // https://bugzilla.mozilla.org/show_bug.cgi?id=1038811 // https://bugzilla.mozilla.org/show_bug.cgi?id=1153499 pref("dom.push.enabled", false); +// As a "defense in depth" measure, configure an empty push server URL (the pref("dom.push.serverURL", ""); pref("dom.push.userAgentID", ""); // https://hg.mozilla.org/releases/mozilla-beta/file/e549349b8d66/modules/libpref/init/all.js#l4237 @@ -74,17 +265,23 @@ pref("dom.push.maxQuotaPerSubscription", 0); pref("services.push.enabled", false); pref("services.push.serverURL", ""); -// Make sure DOM "beforeunload" is off, caches user pages in bfcache and tries to stop user from closing page. -// https://developer.mozilla.org/en-US/docs/Web/Events/beforeunload -pref("dom.disable_beforeunload", true); -pref("dom.require_user_interaction_for_beforeunload", false); +// PREF: Disable DOM timing API +// https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI +// https://www.w3.org/TR/navigation-timing/#privacy +pref("dom.enable_performance", false); -// Disable Kinto Cloud -// Note: Pref may change name in future release -// https://bugzilla.mozilla.org/show_bug.cgi?id=1266235#c2 -// https://hg.mozilla.org/releases/mozilla-release/file/c1de04f39fa956cfce83f6065b0e709369215ed5/services/common/kinto-updater.js -pref("services.kinto.base", "data:application/json,{}"); -pref("services.kinto.changes.path", ""); +// PREF: Make sure the User Timing API does not provide a new high resolution timestamp +// https://trac.torproject.org/projects/tor/ticket/16336 +// https://www.w3.org/TR/2013/REC-user-timing-20131212/#privacy-security +// https://network23.org/inputisevil/2015/09/06/how-html5-apis-can-fingerprint-users/ +pref("dom.performance.enable_user_timing_logging", false); +pref("dom.enable_resource_timing", false); // Bug 13024 +pref("dom.enable_user_timing", false); // Bug 16336 +pref("dom.event.highrestimestamp.enabled", true); // Bug 17046: Don't leak system uptime in Events + +// PREF: Disable Web Audio API +// https://bugzilla.mozilla.org/show_bug.cgi?id=1288359 +pref("dom.webaudio.enabled", false); // Disable MDNS (Supposedly only for Android but is in Desktop version also) // https://hg.mozilla.org/releases/mozilla-beta/file/00bcc10b3bdc/dom/presentation/provider/MulticastDNSDeviceProvider.cpp#l18 @@ -96,15 +293,30 @@ pref("dom.presentation.tcp_server.debug", false); pref("dom.presentation.discoverable", false); pref("dom.presentation.discovery.legacy.enabled", false); +// PREF: Disable Location-Aware Browsing (geolocation) +// https://www.mozilla.org/en-US/firefox/geolocation/ +pref("geo.enabled", false); + +// PREF: When geolocation is enabled, use Mozilla geolocation service instead of Google +// https://bugzilla.mozilla.org/show_bug.cgi?id=689252 +pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); + +// PREF: When geolocation is enabled, don't log geolocation requests to the console +pref("geo.wifi.logging.enabled", false); + +// PREF: Disable raw TCP socket support (mozTCPSocket) +// https://trac.torproject.org/projects/tor/ticket/18863 +// https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/ +// https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket +pref("dom.mozTCPSocket.enabled", false); + +// PREF: Disable DOM storage (disabled) // http://kb.mozillazine.org/Dom.storage.enabled -// http://dev.w3.org/html5/webstorage/#dom-localstorage -// you can also see this with Panopticlick's "DOM localStorage" -pref("dom.storage.enabled", false); -// https://developer.mozilla.org/en-US/docs/Web/API/Storage_API -// https://storage.spec.whatwg.org/ -pref("dom.storageManager.enabled", false); - -// Whether JS can get information about the network/browser connection +// https://html.spec.whatwg.org/multipage/webstorage.html +// NOTICE: Disabling DOM storage is known to cause`TypeError: localStorage is null` errors +//pref("dom.storage.enabled", false); + +// PREF: Disable leaking network/browser connection information via Javascript // Network Information API provides general information about the system's connection type (WiFi, cellular, etc.) // https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API // https://wicg.github.io/netinfo/#privacy-considerations @@ -113,14 +325,26 @@ pref("dom.netinfo.enabled", false); // fingerprinting due to differing OS implementations pref("dom.network.enabled", false); -// Disable Web Audio API -// https://bugzil.la/1288359 -pref("dom.webaudio.enabled", false); +// PREF: Disable WebRTC entirely to prevent leaking internal IP addresses (Firefox < 42) +// NOTICE: Disabling WebRTC breaks peer-to-peer file sharing tools (reep.io ...) +pref("media.peerconnection.enabled", false); -// Audio Recording API (Currently only used by WebRTC) +// PREF: Don't reveal your internal IP when WebRTC is enabled (Firefox >= 42) +// https://wiki.mozilla.org/Media/WebRTC/Privacy +// https://github.com/beefproject/beef/wiki/Module%3A-Get-Internal-IP-WebRTC +pref("media.peerconnection.ice.default_address_only", true); // Firefox 42-51 +pref("media.peerconnection.ice.no_host", true); // Firefox >= 52 + +// PREF: Disable WebRTC getUserMedia, screen sharing, audio capture, video capture +// https://wiki.mozilla.org/Media/getUserMedia +// https://blog.mozilla.org/futurereleases/2013/01/12/capture-local-camera-and-microphone-streams-with-getusermedia-now-enabled-in-firefox/ +// https://developer.mozilla.org/en-US/docs/Web/API/Navigator +pref("media.navigator.enabled", false); +pref("media.navigator.video.enabled", false); +pref("media.getusermedia.screensharing.enabled", false); +pref("media.getusermedia.audiocapture.enabled", false); // https://hg.mozilla.org/releases/mozilla-beta/file/00bcc10b3bdc/dom/media/MediaManager.cpp#l1942 pref("media.getusermedia.noise_enabled", false); -pref("media.getusermedia.audiocapture.enabled", false); // Audio_data is deprecated in future releases, but still present // in FF24. This is a dangerous combination (spotted by iSec) @@ -139,90 +363,85 @@ pref("media.ondevicechange.enabled", false); // https://hg.mozilla.org/releases/mozilla-release/rev/5022a33fd3e9 pref("media.ondevicechange.fakeDeviceChangeEvent.enabled", false); -// Don't reveal your internal IP -// Check the settings with: http://net.ipcalf.com/ -// https://wiki.mozilla.org/Media/WebRTC/Privacy -pref("media.peerconnection.ice.default_address_only", true); // Firefox < 51 -pref("media.peerconnection.ice.no_host", true); // Firefox >= 51 -pref("media.peerconnection.ice.relay_only", true); -// Disable WebRTC entirely -pref("media.peerconnection.enabled", false); - -// getUserMedia -// https://wiki.mozilla.org/Media/getUserMedia -pref("media.getusermedia.screensharing.allowed_domains", ""); -pref("media.getusermedia.screensharing.enabled", false); -// https://developer.mozilla.org/en-US/docs/Web/API/Navigator -pref("media.navigator.enabled", false); +// PREF: Disable battery API (Firefox < 52) // https://developer.mozilla.org/en-US/docs/Web/API/BatteryManager +// https://bugzilla.mozilla.org/show_bug.cgi?id=1313580 pref("dom.battery.enabled", false); + +// PREF: Disable telephony API // https://wiki.mozilla.org/WebAPI/Security/WebTelephony pref("dom.telephony.enabled", false); + +// PREF: Disable "beacon" asynchronous HTTP transfers (used for analytics) // https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon pref("beacon.enabled", false); + +// PREF: Disable clipboard event detection (onCut/onCopy/onPaste) via Javascript +// NOTICE: Disabling clipboard events breaks Ctrl+C/X/V copy/cut/paste functionaility in JS-based web applications (Google Docs...) // https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled pref("dom.event.clipboardevents.enabled", false); -// https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI -pref("dom.enable_performance", false); -// https://wiki.mozilla.org/B2G/QA/WebAPI_Test_Plan/Vibration#API -pref("dom.vibrator.enabled", false); -// Speech recognition +// PREF: Disable "copy to clipboard" functionality via Javascript (Firefox >= 41) +// NOTICE: Disabling clipboard operations will break legitimate JS-based "copy to clipboard" functionality +// https://hg.mozilla.org/mozilla-central/rev/2f9f8ea4b9c3 +pref("dom.allow_cut_copy", false); + +// PREF: Disable speech recognition // https://dvcs.w3.org/hg/speech-api/raw-file/tip/speechapi.html +// https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition // https://wiki.mozilla.org/HTML5_Speech_API pref("media.webspeech.recognition.enable", false); -pref("media.webspeech.synth.enabled", false); -// Disable getUserMedia screen sharing -// https://mozilla.github.io/webrtc-landing/gum_test.html -pref("media.getusermedia.screensharing.enabled", false); +// PREF: Disable speech synthesis +// https://developer.mozilla.org/en-US/docs/Web/API/SpeechSynthesis +pref("media.webspeech.synth.enabled", false); -// Disable sensor API +// PREF: Disable sensor API // https://wiki.mozilla.org/Sensor_API pref("device.sensors.enabled", false); // Disable MMS pref("dom.mms.retrieval_mode", "never"); +// PREF: Disable pinging URIs specified in HTML <a> ping= attributes // http://kb.mozillazine.org/Browser.send_pings pref("browser.send_pings", false); -// this shouldn't have any effect, since we block pings altogether, but we'll set it anyway. + +// PREF: When browser pings are enabled, only allow pinging the same host as the origin page // http://kb.mozillazine.org/Browser.send_pings.require_same_host pref("browser.send_pings.require_same_host", true); +// PREF: Disable IndexedDB (disabled) // https://developer.mozilla.org/en-US/docs/IndexedDB +// https://en.wikipedia.org/wiki/Indexed_Database_API // https://wiki.mozilla.org/Security/Reviews/Firefox4/IndexedDB_Security_Review -// TODO: find out why html5test still reports this as available -// Note: Disabled, Can be enable if it breaks plugins/sites which require it. Privacy Risk. -// see: http://forums.mozillazine.org/viewtopic.php?p=13842047#p13842047 -pref("dom.indexedDB.enabled", false); +// http://forums.mozillazine.org/viewtopic.php?p=13842047 +// https://github.com/pyllyukko/user.js/issues/8 +// NOTICE: IndexedDB could be used for tracking purposes, but is required for some add-ons to work (notably uBlock), so is left enabled +//pref("dom.indexedDB.enabled", true); // TODO: "Access Your Location" "Maintain Offline Storage" "Show Notifications" -// Disable gamepad input -// http://www.w3.org/TR/gamepad/ +// PREF: Disable gamepad API to prevent USB device enumeration +// https://www.w3.org/TR/gamepad/ +// https://trac.torproject.org/projects/tor/ticket/13023 pref("dom.gamepad.enabled", false); -pref("dom.gamepad.non_standard_events.enabled", false); -pref("dom.gamepad.test.enabled", false); -pref("dom.gamepad.extensions.enabled", false); +pref("dom.gamepad.non_standard_events.enabled", false); +pref("dom.gamepad.test.enabled", false); +pref("dom.gamepad.extensions.enabled", false); -// Disable virtual reality devices +// PREF: Disable virtual reality devices APIs // https://developer.mozilla.org/en-US/Firefox/Releases/36#Interfaces.2FAPIs.2FDOM +// https://developer.mozilla.org/en-US/docs/Web/API/WebVR_API pref("dom.vr.enabled", false); pref("dom.vr.cardboard.enabled", false); pref("dom.vr.oculus.enabled", false); pref("dom.vr.oculus050.enabled", false); -pref("dom.vr.poseprediction.enabled", false); +pref("dom.vr.poseprediction.enabled", false); pref("dom.vr.openvr.enabled", false); // https://hg.mozilla.org/releases/mozilla-release/file/970d0cf1c5d9/modules/libpref/init/all.js#l4778 pref("dom.vr.add-test-devices", 0); -pref("dom.vr.osvr.enabled", false); - -// disable notifications -pref("dom.webnotifications.enabled", false); -// https://developer.mozilla.org/en-US/docs/Web/API/Notification/requireInteraction -// https://bugzilla.mozilla.org/show_bug.cgi?id=862395 -pref("dom.webnotifications.requireinteraction.enabled", false); +pref("dom.vr.osvr.enabled", false); // HTML5 privacy https://bugzilla.mozilla.org/show_bug.cgi?id=500328 pref("browser.history.allowPopState", false); @@ -231,28 +450,32 @@ pref("browser.history.allowReplaceState", false); // Idle Observation pref("dom.idle-observers-api.enabled", false); -// Prevent Timing Attacks -// https://network23.org/inputisevil/2015/09/06/how-html5-apis-can-fingerprint-users/ -pref("dom.performance.enable_user_timing_logging", false); -pref("dom.enable_resource_timing", false); // Bug 13024 -pref("dom.enable_user_timing", false); // Bug 16336 -pref("dom.event.highrestimestamp.enabled", true); // Bug 17046: Don't leak system uptime in Events -// disable webGL -// http://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/ +// PREF: Disable vibrator API +pref("dom.vibrator.enabled", false); + +// PREF: Disable webGL +// https://en.wikipedia.org/wiki/WebGL +// https://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/ pref("webgl.disabled", true); -// https://bugzilla.mozilla.org/show_bug.cgi?id=1171228 -// https://developer.mozilla.org/en-US/docs/Web/API/WEBGL_debug_renderer_info -pref("webgl.enable-debug-renderer-info", false); -pref("webgl.disable-extensions", false); +// PREF: When webGL is enabled, use the minimum capability mode pref("webgl.min_capability_mode", true); -pref("webgl.disable-wgl", true); -pref("webgl.enable-webgl2", false); +// PREF: When webGL is enabled, disable webGL extensions +// https://developer.mozilla.org/en-US/docs/Web/API/WebGL_API#WebGL_debugging_and_testing +pref("webgl.disable-extensions", true); +// PREF: When webGL is enabled, force enabling it even when layer acceleration is not supported // https://trac.torproject.org/projects/tor/ticket/18603 pref("webgl.disable-fail-if-major-performance-caveat", true); +// PREF: When webGL is enabled, do not expose information about the graphics driver +// https://bugzilla.mozilla.org/show_bug.cgi?id=1171228 +// https://developer.mozilla.org/en-US/docs/Web/API/WEBGL_debug_renderer_info +pref("webgl.enable-debug-renderer-info", false); // somewhat related... pref("pdfjs.enableWebGL", false); +/****************************************************************************** + * SECTION: Misc * + ******************************************************************************/ // Disable File and Directory Entries API (Imported from Edge/Chromium) // https://developer.mozilla.org/en-US/Firefox/Releases/50#Files_and_directories // https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API @@ -264,58 +487,69 @@ pref("dom.webkitBlink.filesystem.enabled", false); // https://bugzilla.mozilla.org/show_bug.cgi?id=1258489 // https://hg.mozilla.org/releases/mozilla-release/rev/133af19777be pref("dom.webkitBlink.dirPicker.enabled", false); - // Directory Upload API, webkitdirectory // https://bugzilla.mozilla.org/show_bug.cgi?id=1188880 // https://bugzilla.mozilla.org/show_bug.cgi?id=907707 // https://wicg.github.io/directory-upload/proposal.html pref("dom.input.dirpicker", false); -// Disable FlyWeb -// http://www.ghacks.net/2016/07/26/firefox-flyweb/ -// https://www.reddit.com/r/firefox/comments/4uwd1n/flyweb_we_dont_need_no_stinking_iot_apps/ -// https://hg.mozilla.org/releases/mozilla-release/rev/576019c74103 -// https://hg.mozilla.org/releases/mozilla-release/file/8dc18bf5abac/browser/extensions/flyweb/bootstrap.js#l36 -pref("dom.flyweb.enabled", false); - - // Disable Pointer Lock API. // https://developer.mozilla.org/en-US/docs/Web/API/Pointer_Lock_API // https://bugzilla.mozilla.org/show_bug.cgi?id=1273351 - pref("full-screen-api.pointer-lock.enabled", false); +pref("full-screen-api.pointer-lock.enabled", false); pref("pointer-lock-api.prefixed.enabled", false); -/****************************************************************************** - * Misc * - * * - ******************************************************************************/ - +// PREF: Disable face detection +pref("camera.control.face_detection.enabled", false); +pref("camera.control.autofocus_moving_callback.enabled", false); + + +// PREF: Disable GeoIP lookup on your address to set default search engine region +// https://trac.torproject.org/projects/tor/ticket/16254 +// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_geolocation-for-default-search-engine +pref("browser.search.countryCode", "US"); +pref("browser.search.region", "US"); +pref("browser.search.geoip.url", ""); + +// PREF: Set Accept-Language HTTP header to en-US regardless of Firefox localization +// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Language +pref("intl.accept_languages", "en-us, en"); + +// PREF: Set Firefox locale to en-US +// http://kb.mozillazine.org/General.useragent.locale +pref("general.useragent.locale", "en-US"); + // Disable website autorefresh, user can still proceed with warning pref("accessibility.blockautorefresh", true); pref("browser.meta_refresh_when_inactive.disabled", true); pref("noscript.forbidMetaRefresh", true); // NoScript ignores this preference? +// PREF: Don't use OS values to determine locale, force using Firefox locale setting +// http://kb.mozillazine.org/Intl.locale.matchOS +pref("intl.locale.matchOS", false); -// Disable face detection by default -pref("camera.control.face_detection.enabled", false); -pref("camera.control.autofocus_moving_callback.enabled", false); - -// Default search engine -//pref("browser.search.defaultenginename", "DuckDuckGo"); +// PREF: Don't use Mozilla-provided location-specific search engines +_pref("browser.search.geoSpecificDefaults", false); +pref("browser.search.geoSpecificDefaults.url", ""); +// PREF: Do not automatically send selection to clipboard on some Linux platforms (Disabled) // http://kb.mozillazine.org/Clipboard.autocopy //pref("clipboard.autocopy", false); -// Display an error message indicating the entered information is not a valid -// URL instead of asking from google. -// http://kb.mozillazine.org/Keyword.enabled#Caveats +// PREF: Prevent leaking application locale/date format using JavaScript +// https://bugzilla.mozilla.org/show_bug.cgi?id=867501 +// https://hg.mozilla.org/mozilla-central/rev/52d635f2b33d +pref("javascript.use_us_english_locale", true); + +// PREF: Do not submit invalid URIs entered in the address bar to the default search engine +// http://kb.mozillazine.org/Keyword.enabled pref("keyword.enabled", false); -// Don't trim HTTP off of URLs in the address bar. +// PREF: Don't trim HTTP off of URLs in the address bar. // https://bugzilla.mozilla.org/show_bug.cgi?id=665580 pref("browser.urlbar.trimURLs", false); -// Don't try to guess where i'm trying to go!!! e.g.: "http://foo" -> "http://(prefix)foo(suffix)" +// PREF: Don't try to guess domain names when entering an invalid domain name in URL bar // http://www-archive.mozilla.org/docs/end-user/domain-guessing.html pref("browser.fixup.alternate.enabled", false); @@ -332,44 +566,50 @@ pref("network.security.ports.banned", "9050,9051,9150,9151"); // https://hg.mozilla.org/releases/mozilla-release/rev/5139b0dd7acc pref("network.proxy.autoconfig_url.include_path", false); +// PREF: When browser.fixup.alternate.enabled is enabled, do not fix URLs containing 'user:password' data +pref("browser.fixup.hide_user_pass", true); + +// PREF: Send DNS request through SOCKS when SOCKS proxying is in use // https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers pref("network.proxy.socks_remote_dns", true); // For fingerprinting and local service vulns (#10419) pref("network.proxy.no_proxies_on", ""); -// We not want to monitoring the connection state of users +// PREF: Don't monitor OS online/offline connection state // https://trac.torproject.org/projects/tor/ticket/18945 -pref("network.manage-offline-status", false); +pref("network.manage-offline-status", false); -// Mixed content stuff +// PREF: Enforce Mixed Active Content Blocking +// https://support.mozilla.org/t5/Protect-your-privacy/Mixed-content-blocking-in-Firefox/ta-p/10990 // https://developer.mozilla.org/en-US/docs/Site_Compatibility_for_Firefox_23#Non-SSL_contents_on_SSL_pages_are_blocked_by_default // https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/ pref("security.mixed_content.block_active_content", true); -// Mixed Passive Content (a.k.a. Mixed Display Content). -pref("security.mixed_content.block_display_content", true); -// https://secure.wikimedia.org/wikibooks/en/wiki/Grsecurity/Application-specific_Settings#Firefox_.28or_Iceweasel_in_Debian.29 -pref("javascript.options.methodjit.chrome", false); -pref("javascript.options.methodjit.content", false); +// PREF: Enforce Mixed Passive Content blocking (a.k.a. Mixed Display Content) +// NOTICE: Enabling Mixed Display Content blocking can prevent images/styles... from loading properly when connection to the website is only partially secured +pref("security.mixed_content.block_display_content", true); -// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.7 Disable JAR from opening Unsafe File Types +// PREF: Disable JAR from opening Unsafe File Types // http://kb.mozillazine.org/Network.jar.open-unsafe-types +// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.7 pref("network.jar.open-unsafe-types", false); -// https://bugzilla.mozilla.org/show_bug.cgi?id=1173171 -pref("network.jar.block-remote-files", true); // CIS 2.7.4 Disable Scripting of Plugins by JavaScript +// http://forums.mozillazine.org/viewtopic.php?f=7&t=153889 pref("security.xpconnect.plugin.unrestricted", false); -// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.8 Set File URI Origin Policy +// PREF: Set File URI Origin Policy // http://kb.mozillazine.org/Security.fileuri.strict_origin_policy +// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.8 pref("security.fileuri.strict_origin_policy", true); -// CIS 2.3.6 Disable Displaying Javascript in History URLs +// PREF: Disable Displaying Javascript in History URLs // http://kb.mozillazine.org/Browser.urlbar.filter.javascript +// CIS 2.3.6 pref("browser.urlbar.filter.javascript", true); +// PREF: Disable asm.js // http://asmjs.org/ // https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/ // https://www.mozilla.org/en-US/security/advisories/mfsa2015-50/ @@ -385,138 +625,172 @@ pref("javascript.options.ion.content", false); // https://www.torproject.org/projects/torbrowser/design pref("mathml.disabled", true); +// PREF: Disable SVG in OpenType fonts // https://wiki.mozilla.org/SVGOpenTypeFonts -// the iSEC Partners Report recommends to disable this +// https://github.com/iSECPartners/publications/tree/master/reports/Tor%20Browser%20Bundle pref("gfx.font_rendering.opentype_svg.enabled", false); -// Disable SVG -// Note: May only work in TBB due to upstream not implementing? -// https://trac.torproject.org/projects/tor/ticket/18770 -// https://bugzilla.mozilla.org/show_bug.cgi?id=1173199#c9 -pref("svg.in-content.enabled", false); +// PREF: Disable in-content SVG rendering (Firefox >= 53) +// NOTICE: Disabling SVG support breaks many UI elements on many sites +// https://bugzilla.mozilla.org/show_bug.cgi?id=1216893 +// https://github.com/iSECPartners/publications/raw/master/reports/Tor%20Browser%20Bundle/Tor%20Browser%20Bundle%20-%20iSEC%20Deliverable%201.3.pdf#16 +pref("svg.disabled", true); + -// https://bugzil.la/654550 +// PREF: Disable video stats to reduce fingerprinting threat +// https://bugzilla.mozilla.org/show_bug.cgi?id=654550 // https://github.com/pyllyukko/user.js/issues/9#issuecomment-100468785 // https://github.com/pyllyukko/user.js/issues/9#issuecomment-148922065 pref("media.video_stats.enabled", false); -// Don't reveal build ID +// PREF: Don't reveal build ID // Value taken from Tor Browser -// https://bugzil.la/583181 +// https://bugzilla.mozilla.org/show_bug.cgi?id=583181 pref("general.buildID.override", "20100101"); -// Prevent font fingerprinting -// http://www.browserleaks.com/fonts +// PREF: Prevent font fingerprinting +// https://browserleaks.com/fonts // https://github.com/pyllyukko/user.js/issues/120 pref("browser.display.use_document_fonts", 0); -// Prefer sans-serif -pref("font.default.x-western", "sans-serif"); - - /****************************************************************************** - * extensions / plugins * - * * + * SECTION: Extensions / plugins * ******************************************************************************/ -// Require signatures -pref("xpinstall.signatures.required", true); +// PREF: Ensure you have a security delay when installing add-ons (milliseconds) +// http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox +// http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ +pref("security.dialog_enable_delay", 1000); -// Opt-out of add-on metadata updates +// PREF: Require signatures (Disabled due to bundled extensions) +// https://wiki.mozilla.org/Addons/Extension_Signing +//pref("xpinstall.signatures.required", true); + +// PREF: Opt-out of add-on metadata updates // https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/ pref("extensions.getAddons.cache.enabled", false); -// Flash plugin state - never activate +// PREF: Opt-out of themes (Persona) updates +// https://support.mozilla.org/t5/Firefox/how-do-I-prevent-autoamtic-updates-in-a-50-user-environment/td-p/144287 +pref("lightweightThemes.update.enabled", false); + +// PREF: Flash Player plugin state - never activate +// http://kb.mozillazine.org/Flash_plugin pref("plugin.state.flash", 0); -pref("plugins.notifyMissingFlash", false); -// Java plugin state - never activate +// PREF: Java plugin state - never activate pref("plugin.state.java", 0); -// disable Gnome Shell Integration +// PREF: Disable sending Flash Player crash reports +pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); + +// PREF: When Flash crash reports are enabled, don't send the visited URL in the crash report +pref("dom.ipc.plugins.reportCrashURL", false); + +// PREF: When Flash is enabled, download and use Mozilla SWF URIs blocklist +// https://bugzilla.mozilla.org/show_bug.cgi?id=1237198 +// https://github.com/mozilla-services/shavar-plugin-blocklist +pref("browser.safebrowsing.blockedURIs.enabled", true); + +// PREF: Disable Gnome Shell Integration pref("plugin.state.libgnome-shell-browser-plugin", 0); -// disable the bundled OpenH264 video codec +// PREF: Disable the bundled OpenH264 video codec (disabled) // http://forums.mozillazine.org/viewtopic.php?p=13845077&sid=28af2622e8bd8497b9113851676846b1#p13845077 pref("media.gmp-provider.enabled", false); +// PREF: Enable plugins click-to-play // https://wiki.mozilla.org/Firefox/Click_To_Play // https://blog.mozilla.org/security/2012/10/11/click-to-play-plugins-blocklist-style/ pref("plugins.click_to_play", true); -// Updates addons automatically -// Disabled due to Fingerprinting, you can update addons manually. +// PREF: Disable automatic updates of addons // https://blog.mozilla.org/addons/how-to-turn-off-add-on-updates/ pref("extensions.update.enabled", false); pref("extensions.update.autoUpdateDefault", false); // User can still update manually, but we disable background updates. pref("extensions.update.background.url", ""); + // The system add-ons infrastructure that's used to ship Hello and Pocket in Firefox pref("extensions.systemAddon.update.url", ""); -// We can update our themes manually, may fingerprint the user. -pref("lightweightThemes.update.enabled", false); // Only install extensions to user profile // https://developer.mozilla.org/en-US/Add-ons/Installing_extensions // https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/ pref("extensions.enabledScopes", 1); +// PREF: Enable add-on and certificate blocklists (OneCRL) from Mozilla +// https://wiki.mozilla.org/Blocklisting +// https://blocked.cdn.mozilla.net/ // http://kb.mozillazine.org/Extensions.blocklist.enabled +// http://kb.mozillazine.org/Extensions.blocklist.url +// https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ +// Updated at interval defined in extensions.blocklist.interval (default: 86400) pref("extensions.blocklist.enabled", false); pref("extensions.blocklist.detailsURL", "about:blank"); pref("extensions.blocklist.itemURL", "about:blank"); -pref("extensions.blocklist.url", "about:blank"); pref("extensions.getAddons.get.url", "about:blank"); pref("extensions.getAddons.getWithPerformance.url", "about:blank"); pref("extensions.getAddons.recommended.url", "about:blank"); -pref("services.settings.server", ""); // If blocklist still downloads, we want it to be signed. pref("services.blocklist.signing.enforced", true); // Firefox 49: https://hg.mozilla.org/releases/mozilla-release/rev/c6c57d394549 // https://hg.mozilla.org/releases/mozilla-release/file/c6c57d394549/toolkit/mozapps/extensions/nsBlocklistService.js#l633 pref("services.blocklist.update_enabled", false); // https://hg.mozilla.org/releases/mozilla-release/file/c6c57d394549/services/common/blocklist-updater.js -pref("services.settings.server", "data:application/json,{\"data\":[]}"); +// Remove Kinto Blacklist URL +// https://hg.mozilla.org/releases/mozilla-release/file/c1de04f39fa956cfce83f6065b0e709369215ed5/services/common/kinto-updater.js +pref("services.settings.server", "data:application/json,{}"); pref("services.blocklist.changes.path", ""); +// PREF: Decrease system information leakage to Mozilla blocklist update servers +// https://trac.torproject.org/projects/tor/ticket/16931 +pref("extensions.blocklist.url", "about:blank"); + // Disable Freedom Violating DRM Feature // https://bugzilla.mozilla.org/show_bug.cgi?id=1144903#c8 pref("media.eme.apiVisible", false); pref("media.eme.enabled", false); -pref("browser.eme.ui.enabled", false); -pref("media.gmp-eme-adobe.enabled", false); +pref("browser.eme.ui.enabled", false); +pref("media.gmp-eme-adobe.enabled", false); // Google Widevine DRM // https://blog.mozilla.org/futurereleases/2016/04/08/mozilla-to-test-widevine-cdm-in-firefox-nightly/ // https://wiki.mozilla.org/QA/Widevine_CDM // https://bugzilla.mozilla.org/show_bug.cgi?id=1288580 -pref("media.gmp-widevinecdm.visible", false); -pref("media.gmp-widevinecdm.enabled", false); -pref("media.gmp-widevinecdm.autoupdate", false); +pref("media.gmp-widevinecdm.visible", false); +pref("media.gmp-widevinecdm.enabled", false); +pref("media.gmp-widevinecdm.autoupdate", false); -// Fingerprints the user, does not use HTTPS. Remove it. +// Plugin Updater: Fingerprints the user, does not use HTTPS, Not used on GNU/Linux. Remove it. pref("pfs.datasource.url", "about:blank"); pref("pfs.filehint.url", "about:blank"); /****************************************************************************** - * firefox features / components * - * * + * SECTION: Firefox (anti-)features / components * * ******************************************************************************/ -// WebIDE +// PREF: Disable WebIDE // https://trac.torproject.org/projects/tor/ticket/16222 +// https://developer.mozilla.org/docs/Tools/WebIDE pref("devtools.webide.enabled", false); pref("devtools.webide.autoinstallADBHelper", false); pref("devtools.webide.autoinstallFxdtAdapters", false); -// disable remote debugging -// https://developer.mozilla.org/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop#Enable_remote_debugging +// PREF: Disable remote debugging +// https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop // https://developer.mozilla.org/en-US/docs/Tools/Tools_Toolbox#Advanced_settings pref("devtools.debugger.remote-enabled", false); // "to use developer tools in the context of the browser itself, and not only web content" -pref("devtools.chrome.enabled", false); +pref("devtools.chrome.enabled", false); // https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop#Firefox_37_onwards -pref("devtools.debugger.force-local", true); +pref("devtools.debugger.force-local", true); +// The in-browser debugger for debugging chrome code is not coping with our +// restrictive DNS look-up policy. We use "127.0.0.1" instead of "localhost" as +// a workaround. See bug 16523 for more details. +pref("devtools.debugger.chrome-debugging-host", "127.0.0.1"); +pref("devtools.appmanager.enabled", false); +pref("devtools.debugger.prompt-connection", true); pref("devtools.devices.url", "about:blank"); pref("devtools.gcli.imgurUploadURL", "about:blank"); pref("devtools.gcli.jquerySrc", "about:blank"); @@ -532,144 +806,150 @@ pref("devtools.webide.addonsURL", "about:blank"); pref("devtools.webide.enabled", false); pref("devtools.webide.simulatorAddonsURL", "about:blank"); pref("devtools.webide.templatesURL", "about:blank"); +// https://hg.mozilla.org/releases/mozilla-release/rev/47ead489b52e +pref("devtools.screenshot.audio.enabled", false); +// PREF: Disable Mozilla telemetry/experiments // https://wiki.mozilla.org/Platform/Features/Telemetry +// https://wiki.mozilla.org/Privacy/Reviews/Telemetry +// https://wiki.mozilla.org/Telemetry // https://www.mozilla.org/en-US/legal/privacy/firefox.html#telemetry +// https://support.mozilla.org/t5/Firefox-crashes/Mozilla-Crash-Reporter/ta-p/1715 // https://wiki.mozilla.org/Security/Reviews/Firefox6/ReviewNotes/telemetry +// https://gecko.readthedocs.io/en/latest/browser/experiments/experiments/manifest.html +// https://wiki.mozilla.org/Telemetry/Experiments pref("toolkit.telemetry.enabled", false); -// https://gecko.readthedocs.org/en/latest/toolkit/components/telemetry/telemetry/preferences.html pref("toolkit.telemetry.unified", false); -pref("toolkit.telemetry.server", "about:blank"); -pref("toolkit.telemetry.archive.enabled", false); -// https://wiki.mozilla.org/Telemetry/Experiments -pref("experiments.supported", false); -pref("experiments.enabled", false); -pref("experiments.manifest.uri", false); -// https://trac.torproject.org/projects/tor/ticket/13170 -pref("network.allow-experiments", false); +pref("experiments.supported", false); +pref("experiments.enabled", false); +pref("experiments.manifest.uri", ""); -// Disable the UITour backend so there is no chance that a remote page -// can use it to confuse Tor Browser users. +// PREF: Disallow Necko to do A/B testing +// https://trac.torproject.org/projects/tor/ticket/13170 +pref("network.allow-experiments", false); + +// PREF: Disable sending Firefox crash reports to Mozilla servers +// https://wiki.mozilla.org/Breakpad +// http://kb.mozillazine.org/Breakpad +// https://dxr.mozilla.org/mozilla-central/source/toolkit/crashreporter +// https://bugzilla.mozilla.org/show_bug.cgi?id=411490 +// A list of submitted crash reports can be found at about:crashes +pref("breakpad.reportURL", ""); + +// PREF: Disable sending reports of tab crashes to Mozilla (about:tabcrashed), don't nag user about unsent crash reports +// https://hg.mozilla.org/mozilla-central/file/tip/browser/app/profile/firefox.js +pref("browser.tabs.crashReporting.sendReport", false); +pref("browser.crashReports.unsubmittedCheck.enabled", false); +pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); + +// PREF: Disable FlyWeb (discovery of LAN/proximity IoT devices that expose a Web interface) +// https://wiki.mozilla.org/FlyWeb +// https://wiki.mozilla.org/FlyWeb/Security_scenarios +// https://docs.google.com/document/d/1eqLb6cGjDL9XooSYEEo7mE-zKQ-o-AuDTcEyNhfBMBM/edit +// http://www.ghacks.net/2016/07/26/firefox-flyweb +pref("dom.flyweb.enabled", false); + +// PREF: Disable the UITour backend +// https://trac.torproject.org/projects/tor/ticket/19047#comment:3 pref("browser.uitour.enabled", false); +// PREF: Enable Firefox Tracking Protection // https://wiki.mozilla.org/Security/Tracking_protection // https://support.mozilla.org/en-US/kb/tracking-protection-firefox -pref("privacy.trackingprotection.enabled", true); // https://support.mozilla.org/en-US/kb/tracking-protection-pbm +// https://kontaxis.github.io/trackingprotectionfirefox/ +// https://feeding.cloud.geek.nz/posts/how-tracking-protection-works-in-firefox/ +pref("privacy.trackingprotection.enabled", true); pref("privacy.trackingprotection.pbmode.enabled", true); -// Third Party Isolation Enabled Always -// https://github.com/arthuredelstein/tor-browser/commit/b8da7721a9df4af1b595eb046e94280fe8e32d31 -pref("privacy.thirdparty.isolate", 2); +// PREF: Enable contextual identity Containers feature (Firefox >= 52) +// NOTICE: Containers are not available in Private Browsing mode +// https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers +pref("privacy.userContext.enabled", true); -// Resist fingerprinting via window.screen and CSS media queries and other techniques -// https://bugzil.la/418986 -// https://bugzil.la/1281949 -// https://bugzil.la/1281963 +// PREF: Enable hardening against various fingerprinting vectors (Tor Uplift project) +// https://wiki.mozilla.org/Security/Tor_Uplift/Tracking pref("privacy.resistFingerprinting", true); -// Disable the built-in PDF viewer (CVE-2015-2743) +// PREF: Disable the built-in PDF viewer // https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2743 +// https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/ +// https://www.mozilla.org/en-US/security/advisories/mfsa2015-69/ pref("pdfjs.disabled", true); -// Disable sending of the health report +// PREF: Disable collection/sending of the health report (healthreport.sqlite*) // https://support.mozilla.org/en-US/kb/firefox-health-report-understand-your-browser-perf +// https://gecko.readthedocs.org/en/latest/toolkit/components/telemetry/telemetry/preferences.html pref("datareporting.healthreport.uploadEnabled", false); -// disable collection of the data (the healthreport.sqlite* files) pref("datareporting.healthreport.service.enabled", false); -// https://gecko.readthedocs.org/en/latest/toolkit/components/telemetry/telemetry/preferences.html pref("datareporting.policy.dataSubmissionEnabled", false); -pref("datareporting.healthreport.about.reportUrl", "about:blank"); -pref("datareporting.healthreport.documentServerURI", "about:blank"); -pref("datareporting.policy.firstRunTime", 0); -pref("datareporting.policy.firstRunURL", ""); - -// Disable new tab tile ads & preload -// http://www.thewindowsclub.com/disable-remove-ad-tiles-from-firefox -// http://forums.mozillazine.org/viewtopic.php?p=13876331#p13876331 -pref("browser.newtabpage.enhanced", false); -pref("browser.newtab.preload", false); -pref("browser.newtabpage.introShown", true); -// https://wiki.mozilla.org/Tiles/Technical_Documentation#Ping -// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-ping -pref("browser.newtabpage.directory.ping", ""); -// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-source -pref("browser.newtabpage.directory.source", "data:text/plain,{}"); -// disable heartbeat +// PREF: Disable Heartbeat (Mozilla user rating telemetry) // https://wiki.mozilla.org/Advocacy/heartbeat +// https://trac.torproject.org/projects/tor/ticket/19047 pref("browser.selfsupport.url", ""); -// Disable firefox hello +// PREF: Disable Firefox Hello (disabled) (Firefox < 49) // https://wiki.mozilla.org/Loop +// https://support.mozilla.org/t5/Chat-and-share/Support-for-Hello-discontinued-in-Firefox-49/ta-p/37946 +// NOTICE: Firefox Hello requires setting `media.peerconnection.enabled` and `media.getusermedia.screensharing.enabled` to true, `security.OCSP.require` to false to work. //pref("loop.enabled", false); + +// PREF: Disable Firefox Hello metrics collection // https://groups.google.com/d/topic/mozilla.dev.platform/nyVkCx-_sFw/discussion pref("loop.logDomains", false); -// Disable Crash Reporter (Massive browser fingerprinting) -pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); -pref("browser.tabs.crashReporting.sendReport", false); -pref("breakpad.reportURL", "about:blank"); -// https://bugzilla.mozilla.org/show_bug.cgi?id=1287178 -// https://hg.mozilla.org/releases/mozilla-release/file/a67a1682be8f0327435aaa2f417154330eff0017/browser/modules/ContentCrashHandlers.jsm#l383 -pref("browser.crashReports.unsubmittedCheck.enabled", false); -// https://hg.mozilla.org/releases/mozilla-release/rev/c94848691f8a -pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); -// https://hg.mozilla.org/releases/mozilla-release/file/a67a1682be8f0327435aaa2f417154330eff0017/browser/modules/ContentCrashHandlers.jsm#l511 -pref("browser.crashReports.unsubmittedCheck.chancesUntilSuppress", 0); - -// Disable Slow Startup Notifications -pref("browser.slowStartup.maxSamples", 0); -pref("browser.slowStartup.notificationDisabled", true); -pref("browser.slowStartup.samples", 0); - -// CIS 2.1.1 Disable Auto Update / Balrog -pref("app.update.auto", false); +// PREF: Disable Auto Update / Balrog +// NOTICE: Fully automatic updates are disabled and left to package management systems on Linux. Windows users may want to change this setting. +// CIS 2.1.1 +pref("app.update.auto", false); pref("app.update.checkInstallTime", false); -pref("app.update.enabled", false); -pref("app.update.staging.enabled", false); +pref("app.update.enabled", false); +pref("app.update.staging.enabled", false); pref("app.update.url", "about:blank"); -pref("media.gmp-manager.certs.1.commonName", ""); -pref("media.gmp-manager.certs.2.commonName", ""); +pref("media.gmp-manager.certs.1.commonName", ""); +pref("media.gmp-manager.certs.2.commonName", ""); -// CIS 2.3.4 Block Reported Web Forgeries -// http://kb.mozillazine.org/Browser.safebrowsing.enabled +// PREF: Disable blocking reported web forgeries +// Leaks information to Google +// https://wiki.mozilla.org/Security/Safe_Browsing // http://kb.mozillazine.org/Safe_browsing // https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work // http://forums.mozillazine.org/viewtopic.php?f=39&t=2711237&p=12896849#p12896849 -pref("browser.safebrowsing.enabled", false); +// CIS 2.3.4 +pref("browser.safebrowsing.enabled", false); // Firefox < 50 +pref("browser.safebrowsing.phishing.enabled", false); // firefox >= 50 -// CIS 2.3.5 Block Reported Attack Sites +// PREF: Disable blocking reported attack sites +// Leaks information to Google // http://kb.mozillazine.org/Browser.safebrowsing.malware.enabled +// CIS 2.3.5 pref("browser.safebrowsing.malware.enabled", false); -// Disable safe browsing remote lookups for downloaded files. -// This leaks information to google. +// PREF: Disable querying Google Application Reputation database for downloaded binary files // https://www.mozilla.org/en-US/firefox/39.0/releasenotes/ // https://wiki.mozilla.org/Security/Application_Reputation -pref("browser.safebrowsing.downloads.remote.enabled", false); -pref("browser.safebrowsing.appRepURL", "about:blank"); +pref("browser.safebrowsing.downloads.remote.enabled", false); +pref("browser.safebrowsing.appRepURL", "about:blank"); pref("browser.safebrowsing.provider.mozilla.gethashURL", "about:blank"); pref("browser.safebrowsing.provider.mozilla.updateURL", "about:blank"); pref("browser.safebrowsing.downloads.remote.block_dangerous", false); pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); -pref("browser.safebrowsing.downloads.remote.block_uncommon", false); -pref("browser.safebrowsing.downloads.remote.enabled", false); +pref("browser.safebrowsing.downloads.remote.block_uncommon", false); pref("browser.safebrowsing.downloads.remote.url", ""); -pref("browser.safebrowsing.provider.google.gethashURL", ""); -pref("browser.safebrowsing.provider.google.updateURL", ""); +pref("browser.safebrowsing.provider.google.gethashURL", ""); +pref("browser.safebrowsing.provider.google.updateURL", ""); pref("browser.safebrowsing.provider.google.lists", ""); // https://bugzilla.mozilla.org/show_bug.cgi?id=1025965 -pref("browser.safebrowsing.phishing.enabled", false); pref("browser.safebrowsing.provider.google4.lists", "about:blank"); pref("browser.safebrowsing.provider.google4.updateURL", "about:blank"); pref("browser.safebrowsing.provider.google4.gethashURL", "about:blank"); pref("browser.safebrowsing.provider.google4.reportURL", "about:blank"); pref("browser.safebrowsing.provider.mozilla.lists", "about:blank"); -// Disable Microsoft Family Safety MiTM support +// Disable Microsoft Family Safety MiTM support (Windows 8.1) (FF50+) // https://bugzilla.mozilla.org/show_bug.cgi?id=1239166 // https://wiki.mozilla.org/SecurityEngineering/Untrusted_Certificates_in_Windows_Child_Mode // https://hg.mozilla.org/releases/mozilla-release/file/ddb37c386bb2ffa180117b4d30ca3b41a8af233c/security/manager/ssl/nsNSSComponent.cpp#l782 @@ -679,20 +959,23 @@ pref("security.family_safety.mode", 0); // https://bugzilla.mozilla.org/show_bug.cgi?id=1298883 pref("security.enterprise_roots.enabled", false); -// Disable pocket +// PREF: Disable Pocket // https://support.mozilla.org/en-US/kb/save-web-pages-later-pocket-firefox -pref("browser.pocket.enabled", false); // https://github.com/pyllyukko/user.js/issues/143 -pref("extensions.pocket.enabled", false); +pref("browser.pocket.enabled", false); +pref("extensions.pocket.enabled", false); pref("extensions.pocket.api", "about:blank"); -pref("extensions.pocket.enabled", false); pref("browser.pocket.api", "about:blank"); -pref("browser.pocket.enabledLocales", "about:blank"); -pref("browser.pocket.oAuthConsumerKey", "about:blank"); +pref("browser.pocket.enabledLocales", "about:blank"); +pref("browser.pocket.oAuthConsumerKey", "about:blank"); pref("browser.pocket.site", "about:blank"); pref("browser.pocket.useLocaleList", false); pref("browser.toolbarbuttons.introduced.pocket-button", true); +// Disable Web Compat Reporter +pref("extensions.webcompat-reporter.enabled", false); +pref("extensions.webcompat-reporter.newIssueEndpoint", ""); + // Disable Social pref("social.directories", ""); pref("social.enabled", false); @@ -703,11 +986,11 @@ pref("social.toast-notifications.enabled", false); pref("social.whitelist", ""); // Disable Snippets -pref("browser.snippets.enabled", false); +pref("browser.snippets.enabled", false); pref("browser.snippets.geoUrl", "about:blank"); -pref("browser.snippets.statsUrl", "about:blank"); -pref("browser.snippets.syncPromo.enabled", false); -pref("browser.snippets.updateUrl", "about:blank"); +pref("browser.snippets.statsUrl", "about:blank"); +pref("browser.snippets.syncPromo.enabled", false); +pref("browser.snippets.updateUrl", "about:blank"); // Disable WAN IP leaks pref("captivedetect.canonicalURL", "about:blank"); @@ -738,81 +1021,70 @@ pref("services.sync.serverURL", "about:blank"); pref("services.sync.jpake.serverURL", "about:blank"); // Disable Failed Sync Logs since we killed sync. pref("services.sync.log.appender.file.logOnError", false); +pref("services.sync.ui.hidden", true); /****************************************************************************** - * automatic connections * - * * + * SECTION: Automatic connections * ******************************************************************************/ -// Disable link prefetching +// PREF: Disable prefetching of <link rel="next"> URLs // http://kb.mozillazine.org/Network.prefetch-next // https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#Is_there_a_preference_to_disable_link_prefetching.3F pref("network.prefetch-next", false); -// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_geolocation-for-default-search-engine+ -// GeoIP-based search -// https://trac.torproject.org/projects/tor/ticket/16254 -pref("browser.search.countryCode", "US"); -pref("browser.search.region", "US"); -pref("browser.search.geoip.url", ""); -pref("browser.search.geoSpecificDefaults.url", "about:blank"); -pref("browser.search.geoSpecificDefaults", false); - +// PREF: Disable DNS prefetching // http://kb.mozillazine.org/Network.dns.disablePrefetch // https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching pref("network.dns.disablePrefetch", true); pref("network.dns.disablePrefetchFromHTTPS", true); -// https://bugzilla.mozilla.org/show_bug.cgi?id=1228457 -pref("network.dns.blockDotOnion", true); - +// PREF: Disable the predictive service (Necko) // https://wiki.mozilla.org/Privacy/Reviews/Necko pref("network.predictor.enabled", false); // https://wiki.mozilla.org/Privacy/Reviews/Necko#Principle:_Real_Choice pref("network.seer.enabled", false); +// PREF: Reject .onion hostnames before passing the to DNS +// https://bugzilla.mozilla.org/show_bug.cgi?id=1228457 +// RFC 7686 +pref("network.dns.blockDotOnion", true); + +// PREF: Disable search suggestions in the search bar // http://kb.mozillazine.org/Browser.search.suggest.enabled pref("browser.search.suggest.enabled", false); -// Disable "Show search suggestions in location bar results" + +// PREF: Disable "Show search suggestions in location bar results" pref("browser.urlbar.suggest.searches", false); -// Disable SSDP -// https://bugzil.la/1111967 +// PREF: Disable SSDP +// https://bugzilla.mozilla.org/show_bug.cgi?id=1111967 pref("browser.casting.enabled", false); +// PREF: Disable automatic downloading of OpenH264 codec // https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_media-capabilities // http://andreasgal.com/2014/10/14/openh264-now-in-firefox/ pref("media.gmp-gmpopenh264.enabled", false); -pref("media.peerconnection.video.h264_enabled", false); +pref("media.peerconnection.video.h264_enabled", false); // Disable Gecko media plugins: https://wiki.mozilla.org/GeckoMediaPlugins pref("media.gmp-manager.url", ""); -pref("media.gmp-manager.url.override", "data:text/plain"); -pref("media.gmp.trial-create.enabled", false); - +pref("media.gmp-manager.url.override", "data:text/plain"); +pref("media.gmp.trial-create.enabled", false); +// Since ESR52 it is not enough anymore to block pinging the GMP update/download +// server. There is a local fallback that must be blocked now as well. See: +// https://bugzilla.mozilla.org/show_bug.cgi?id=1267495. +pref("media.gmp-manager.updateEnabled", false); + +// PREF: Disable speculative pre-connections // https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections -// https://bugzil.la/814169 +// https://bugzilla.mozilla.org/show_bug.cgi?id=814169 pref("network.http.speculative-parallel-limit", 0); -// https://github.com/arthuredelstein/tor-browser/blob/tbb-esr31.1.1/browser/app/profile/000-tor-browser.js -pref("network.http.pipelining", true); -pref("network.http.pipelining.aggressive", true); -pref("network.http.pipelining.maxrequests", 12); -pref("network.http.pipelining.ssl", true); -pref("network.http.proxy.pipelining", true); -pref("security.ssl.enable_false_start", true); -pref("network.http.keep-alive.timeout", 20); -pref("network.http.connection-retry-timeout", 0); -pref("network.http.max-persistent-connections-per-proxy", 256); -pref("network.http.pipelining.reschedule-timeout", 15000); -pref("network.http.pipelining.read-timeout", 60000); -pref("network.http.pipelining.max-optimistic-requests", 3); -pref("network.http.spdy.enabled", false); // Stores state and may have keepalive issues (both fixable) -pref("network.http.spdy.enabled.v2", false); // Seems redundant, but just in case -pref("network.http.spdy.enabled.v3", false); // Seems redundant, but just in case - +// PREF: Disable downloading homepage snippets/messages from Mozilla // https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_mozilla-content +// https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service pref("browser.aboutHomeSnippets.updateUrl", ""); +// PREF: Never check updates for search engines // https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_auto-update-checking pref("browser.search.update", false); @@ -822,42 +1094,62 @@ pref("browser.webapps.checkForUpdates", 0); pref("browser.webapps.updateCheckUrl", "about:blank"); pref("dom.mozApps.signed_apps_installable_from", ""); -// https://bugzilla.mozilla.org/show_bug.cgi?id=1223838#c31 -pref("network.http.enablePerElementReferrer", false); - -// Disable Favicon lookups +// Disable Favicon lookups (Leaks/fingerprints user bookmarks) // http://kb.mozillazine.org/Browser.chrome.favicons -// pref("browser.chrome.favicons", false); -// pref("browser.chrome.site_icons", false); +pref("browser.chrome.favicons", false); +pref("browser.chrome.site_icons", false); +pref("browser.shell.shortcutFavicons", false); /****************************************************************************** - * HTTP * - * * + * SECTION: HTTP * ******************************************************************************/ +// https://gitweb.torproject.org/tor-browser.git/tree/browser/app/profile/000-tor-browser.js?h=tor-browser-52.1.0esr-7.0-2 +pref("network.http.pipelining", true); +pref("network.http.pipelining.aggressive", true); +pref("network.http.pipelining.maxrequests", 12); +pref("network.http.pipelining.ssl", true); +pref("network.http.proxy.pipelining", true); +pref("security.ssl.enable_false_start", true); +pref("network.http.keep-alive.timeout", 20); +pref("network.http.connection-retry-timeout", 0); +pref("network.http.max-persistent-connections-per-proxy", 256); +pref("network.http.pipelining.reschedule-timeout", 15000); +pref("network.http.pipelining.read-timeout", 60000); +pref("network.http.pipelining.max-optimistic-requests", 3); +pref("network.http.spdy.enabled", false); // Stores state and may have keepalive issues (both fixable) +pref("network.http.spdy.enabled.v2", false); // Seems redundant, but just in case +pref("network.http.spdy.enabled.v3", false); // Seems redundant, but just in case +pref("network.http.spdy.enabled.v3-1", false); // Seems redundant, but just in case +pref("privacy.firstparty.isolate", true); // Always enforce first party isolation +pref("network.http.spdy.enabled.http2", false); // Temporarily disabled pending implementation review +pref("network.http.spdy.enabled.http2draft", false); // Temporarily disabled pending implementation review -// Disallow NTLMv1 +// PREF: Disallow NTLMv1 // https://bugzilla.mozilla.org/show_bug.cgi?id=828183 pref("network.negotiate-auth.allow-insecure-ntlm-v1", false); -// it is still allowed through HTTPS. uncomment the following to disable it completely. -//pref("network.negotiate-auth.allow-insecure-ntlm-v1-https", false); +pref("network.negotiate-auth.allow-insecure-ntlm-v1-https", false); +// PREF: Enable CSP 1.1 script-nonce directive support // https://bugzilla.mozilla.org/show_bug.cgi?id=855326 pref("security.csp.experimentalEnabled", true); -// CSP https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy +// PREF: Enable Content Security Policy (CSP) +// https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy +// https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP pref("security.csp.enable", true); -// Subresource integrity +// PREF: Enable Subresource Integrity // https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity // https://wiki.mozilla.org/Security/Subresource_Integrity pref("security.sri.enable", true); -// DNT HTTP header -// http://dnt.mozilla.org/ +// PREF: DNT HTTP header (disabled) +// https://www.mozilla.org/en-US/firefox/dnt/ // https://en.wikipedia.org/wiki/Do_not_track_header // https://dnt-dashboard.mozilla.org // https://github.com/pyllyukko/user.js/issues/11 // http://www.howtogeek.com/126705/why-enabling-do-not-track-doesnt-stop-you-from-being-tracked/ +// NOTICE: Do No Track must be enabled manually //pref("privacy.donottrackheader.enabled", true); // Disable HTTP Alternative Services header @@ -865,28 +1157,48 @@ pref("security.sri.enable", true); pref("network.http.altsvc.enabled", false); pref("network.http.altsvc.oe", false); +// PREF: Send a referer header with the target URI as the source // http://kb.mozillazine.org/Network.http.sendRefererHeader#0 // https://bugzilla.mozilla.org/show_bug.cgi?id=822869 -// Send a referer header with the target URI as the source -//pref("network.http.sendRefererHeader", 1); +// https://github.com/pyllyukko/user.js/issues/227 +// NOTICE: Spoofing referers breaks functionality on websites relying on authentic referer headers +// NOTICE: Spoofing referers breaks visualisation of 3rd-party sites on the Lightbeam addon +// NOTICE: Spoofing referers disables CSRF protection on some login pages not implementing origin-header/cookie+token based CSRF protection +// TODO: https://github.com/pyllyukko/user.js/issues/94, commented-out XOriginPolicy/XOriginTrimmingPolicy = 2 prefs pref("network.http.referer.spoofSource", true); -// CIS 2.5.1 Accept Only 1st Party Cookies +// PREF: Don't send referer headers when following links across different domains (disabled) +// https://github.com/pyllyukko/user.js/issues/227 +// user_pref("network.http.referer.XOriginPolicy", 2); +// https://bugzilla.mozilla.org/show_bug.cgi?id=1223838#c31 +pref("network.http.enablePerElementReferrer", false); + +// PREF: Accept Only 1st Party Cookies // http://kb.mozillazine.org/Network.cookie.cookieBehavior#1 -// This breaks a number of payment gateways so you may need to comment it out. +// NOTICE: Blocking 3rd-party cookies breaks a number of payment gateways +// CIS 2.5.1 pref("network.cookie.cookieBehavior", 1); -// Make sure that third-party cookies (if enabled) never persist beyond the session. + +// PREF: Make sure that third-party cookies (if enabled) never persist beyond the session. // https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ // http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly // https://developer.mozilla.org/en-US/docs/Cookies_Preferences_in_Mozilla#network.cookie.thirdparty.sessionOnly pref("network.cookie.thirdparty.sessionOnly", true); -// user-agent -//pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0"); - -/****************************************************************************** - * Caching * - * * +// PREF: Spoof User-agent +pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0"); +pref("general.appname.override", "Netscape"); +pref("general.appversion.override", "5.0 (Windows)"); +pref("general.platform.override", "Win32"); +pref("general.oscpu.override", "Windows NT 6.1"); +pref("general.productSub.override", "20100101"); +pref("general.buildID.override", "20100101"); +pref("browser.startup.homepage_override.buildID", "20100101"); +pref("general.useragent.vendor", ""); +pref("general.useragent.vendorSub", ""); + +/******************************************************************************* + * SECTION: Caching * ******************************************************************************/ // Prevents the Permissions manager from writing to disk (regardless of whether we are in PBM) @@ -898,182 +1210,261 @@ pref("network.cookie.thirdparty.sessionOnly", true); // https://bugzilla.mozilla.org/show_bug.cgi?id=1216882#c0 pref("security.nocertdb", true); +// PREF: Permanently enable private browsing mode (disabled) +// https://support.mozilla.org/en-US/kb/Private-Browsing +// https://wiki.mozilla.org/PrivateBrowsing +// NOTICE: You can not view or inspect cookies when in private browsing: https://bugzilla.mozilla.org/show_bug.cgi?id=823941 +// NOTICE: When Javascript is enabled, Websites can detect use of Private Browsing mode +// NOTICE: Private browsing breaks Kerberos authentication +// NOTICE: Disables "Containers" functionality (see below) +//pref("browser.privatebrowsing.autostart", true); + +// PREF: Do not store POST data in saved sessions // http://kb.mozillazine.org/Browser.sessionstore.postdata -// NOTE: relates to CIS 2.5.7 +// relates to CIS 2.5.7 pref("browser.sessionstore.postdata", 0); + +// PREF: Disable the Session Restore service // http://kb.mozillazine.org/Browser.sessionstore.enabled pref("browser.sessionstore.enabled", false); +// PREF: Do not download URLs for the offline cache // http://kb.mozillazine.org/Browser.cache.offline.enable pref("browser.cache.offline.enable", false); -// Always use private browsing -// https://support.mozilla.org/en-US/kb/Private-Browsing -// https://wiki.mozilla.org/PrivateBrowsing -// pref("browser.privatebrowsing.autostart", true); - -// Clear history when Firefox closes +// PREF: Clear history when Firefox closes // https://support.mozilla.org/en-US/kb/Clear%20Recent%20History#w_how-do-i-make-firefox-clear-my-history-automatically +// NOTICE: Installing user.js will **remove your saved passwords** (https://github.com/pyllyukko/user.js/issues/27) +// NOTICE: Clearing open windows on Firefox exit causes 2 windows to open when Firefox starts https://bugzilla.mozilla.org/show_bug.cgi?id=1334945 pref("privacy.sanitize.sanitizeOnShutdown", true); pref("privacy.clearOnShutdown.cache", true); pref("privacy.clearOnShutdown.cookies", true); -pref("privacy.clearOnShutdown.downloads", true); -pref("privacy.clearOnShutdown.formdata", true); +pref("privacy.clearOnShutdown.downloads", true); +pref("privacy.clearOnShutdown.formdata", true); pref("privacy.clearOnShutdown.history", true); pref("privacy.clearOnShutdown.offlineApps", true); -//pref("privacy.clearOnShutdown.passwords", true); // Wipes all saved passwords, best to let the user decide. -pref("privacy.clearOnShutdown.sessions", true); +//pref("privacy.clearOnShutdown.passwords", true); // Wipes all saved passwords. (Disabled) +pref("privacy.clearOnShutdown.sessions", true); +pref("privacy.clearOnShutdown.openWindows", true); pref("privacy.clearOnShutdown.siteSettings", true); // http://www.ghacks.net/2015/10/16/how-to-prevent-hsts-tracking-in-firefox/ +// PREF: Set time range to "Everything" as default in "Clear Recent History" +pref("privacy.sanitize.timeSpan", 0); + +// PREF: Clear everything but "Site Preferences" in "Clear Recent History" +pref("privacy.cpd.offlineApps", true); +pref("privacy.cpd.cache", true); +pref("privacy.cpd.cookies", true); +pref("privacy.cpd.downloads", true); +pref("privacy.cpd.formdata", true); +pref("privacy.cpd.history", true); +pref("privacy.cpd.sessions", true); + // Firefox will store small amounts (less than 50 MB) of data without asking for permission, unless this is set to false // https://support.mozilla.org/en-US/questions/1014708 pref("offline-apps.allow_by_default", false); -// don't remember browsing history +// PREF: Don't remember browsing history pref("places.history.enabled", false); -// The cookie expires at the end of the session (when the browser closes). -// http://kb.mozillazine.org/Network.cookie.lifetimePolicy#2 -pref("network.cookie.lifetimePolicy", 2); - +// PREF: Disable disk cache // http://kb.mozillazine.org/Browser.cache.disk.enable pref("browser.cache.disk.enable", false); +// PREF: Disable memory cache (disabled) // http://kb.mozillazine.org/Browser.cache.memory.enable //pref("browser.cache.memory.enable", false); -// CIS Version 1.2.0 October 21st, 2011 2.5.8 Disable Caching of SSL Pages +// PREF: Disable Caching of SSL Pages +// CIS Version 1.2.0 October 21st, 2011 2.5.8 // http://kb.mozillazine.org/Browser.cache.disk_cache_ssl pref("browser.cache.disk_cache_ssl", false); -// CIS Version 1.2.0 October 21st, 2011 2.5.2 Disallow Credential Storage -pref("signon.rememberSignons", false); - -// CIS Version 1.2.0 October 21st, 2011 2.5.5 Delete Download History -// Zero (0) is an indication that no download history is retained for the current profile. +// PREF: Disable download history +// CIS Version 1.2.0 October 21st, 2011 2.5.5 pref("browser.download.manager.retention", 0); -// CIS Version 1.2.0 October 21st, 2011 2.5.6 Delete Search and Form History +// PREF: Disable password manager +// CIS Version 1.2.0 October 21st, 2011 2.5.2 +pref("signon.rememberSignons", false); + +// PREF: Disable form autofill, don't save information entered in web page forms and the Search Bar pref("browser.formfill.enable", false); + +// PREF: Cookies expires at the end of the session (when the browser closes) +// http://kb.mozillazine.org/Network.cookie.lifetimePolicy#2 +pref("network.cookie.lifetimePolicy", 2); + +// PREF: Require manual intervention to autofill known username/passwords sign-in forms +// http://kb.mozillazine.org/Signon.autofillForms +// https://www.torproject.org/projects/torbrowser/design/#identifier-linkability +pref("signon.autofillForms", false); + +// PREF: When username/password autofill is enabled, still disable it on non-HTTPS sites +// https://hg.mozilla.org/integration/mozilla-inbound/rev/f0d146fe7317 +pref("signon.autofillForms.http", false); + +// PREF: Show in-content login form warning UI for insecure login fields +// https://hg.mozilla.org/integration/mozilla-inbound/rev/f0d146fe7317 +pref("security.insecure_field_warning.contextual.enabled", true); + +// PREF: Disable the password manager for pages with autocomplete=off +// https://bugzilla.mozilla.org/show_bug.cgi?id=956906 +// OWASP ASVS V9.1 +// Does not prevent any kind of auto-completion (see browser.formfill.enable, signon.autofillForms) +//pref("signon.storeWhenAutocompleteOff", false); + +// PREF: Delete Search and Form History +// CIS Version 1.2.0 October 21st, 2011 2.5.6 pref("browser.formfill.expire_days", 0); -// CIS Version 1.2.0 October 21st, 2011 2.5.7 Clear SSL Form Session Data +// PREF: Clear SSL Form Session Data // http://kb.mozillazine.org/Browser.sessionstore.privacy_level#2 // Store extra session data for unencrypted (non-HTTPS) sites only. +// CIS Version 1.2.0 October 21st, 2011 2.5.7 // NOTE: CIS says 1, we use 2 pref("browser.sessionstore.privacy_level", 2); -// https://bugzil.la/238789#c19 +// PREF: Delete temporary files on exit +// https://bugzilla.mozilla.org/show_bug.cgi?id=238789 pref("browser.helperApps.deleteTempFileOnExit", true); // Disable the media cache, prvents HTML5 videos from being written to the OS temporary directory // https://www.torproject.org/projects/torbrowser/design/ pref("media.cache_size", 0); +// PREF: Do not create screenshots of visited pages (relates to the "new tab page" feature) // https://support.mozilla.org/en-US/questions/973320 // https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/browser.pagethumbnails.capturing_disabled pref("browser.pagethumbnails.capturing_disabled", true); -/****************************************************************************** - * UI related * - * * - ******************************************************************************/ +/******************************************************************************* + * SECTION: UI related * + *******************************************************************************/ + +pref("ui.use_standins_for_native_colors", true); // https://bugzilla.mozilla.org/232227 -// Webpages will not be able to affect the right-click menu -//pref("dom.event.contextmenu.enabled", false); +// PREF: Enable insecure password warnings (login forms in non-HTTPS pages) +// https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please/ +// https://bugzilla.mozilla.org/show_bug.cgi?id=1319119 +// https://bugzilla.mozilla.org/show_bug.cgi?id=1217156 +pref("security.insecure_password.ui.enabled", true); -// Disable Recently Bookmarked Folder +// Disable Slow Startup Notifications +pref("browser.slowStartup.maxSamples", 0); +pref("browser.slowStartup.notificationDisabled", true); +pref("browser.slowStartup.samples", 0); + +// Display advanced information on Insecure Connection warning pages +// [TEST] https://expired.badssl.com/ +pref("browser.xul.error_pages.expert_bad_cert", true); + +// PREF: Disable right-click menu manipulation via JavaScript +pref("dom.event.contextmenu.enabled", false); + +// Disable Recently Bookmarked Folder (Disabled) // https://bugzilla.mozilla.org/show_bug.cgi?id=1248268 // https://hg.mozilla.org/releases/mozilla-release/rev/f98e3add979e //pref("browser.bookmarks.showRecentlyBookmarked", false); +// PREF: Disable "Are you sure you want to leave this page?" popups on page close +// https://support.mozilla.org/en-US/questions/1043508 +// Does not prevent JS leaks of the page close event. +// https://developer.mozilla.org/en-US/docs/Web/Events/beforeunload +pref("dom.disable_beforeunload", true); +pref("dom.require_user_interaction_for_beforeunload", false); // Don't promote sync pref("browser.syncPromoViewsLeftMap", "{\"addons\":0,\"bookmarks\":0,\"passwords\":0}"); -// CIS 2.3.2 Disable Downloading on Desktop +// PREF: Disable Downloading on Desktop +// CIS 2.3.2 pref("browser.download.folderList", 2); -// always ask the user where to download -// https://developer.mozilla.org/en/Download_Manager_preferences +// PREF: Always ask the user where to download +// https://developer.mozilla.org/en/Download_Manager_preferences (obsolete) pref("browser.download.useDownloadDir", false); +// PREF: Disable the "new tab page" feature and show a blank tab instead // https://wiki.mozilla.org/Privacy/Reviews/New_Tab -pref("browser.newtabpage.enabled", false); // https://support.mozilla.org/en-US/kb/new-tab-page-show-hide-and-customize-top-sites#w_how-do-i-turn-the-new-tab-page-off +pref("browser.newtabpage.enabled", false); pref("browser.newtab.url", "about:blank"); -// CIS Version 1.2.0 October 21st, 2011 2.1.2 Enable Auto Notification of Outdated Plugins +// PREF: Disable new tab tile ads & preload +// http://www.thewindowsclub.com/disable-remove-ad-tiles-from-firefox +// http://forums.mozillazine.org/viewtopic.php?p=13876331#p13876331 +// https://wiki.mozilla.org/Tiles/Technical_Documentation#Ping +// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-source +// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-ping +// TODO: deprecated? not in DXR, some dead links +pref("browser.newtabpage.enhanced", false); +pref("browser.newtab.preload", false); +pref("browser.newtabpage.directory.ping", ""); +pref("browser.newtabpage.directory.source", "data:text/plain,{}"); + +// PREF: Enable Auto Notification of Outdated Plugins (Disabled on GNU/Linux) // https://wiki.mozilla.org/Firefox3.6/Plugin_Update_Awareness_Security_Review -// Note: Disabled, we get plugin updates from repository. -//pref("plugins.update.notifyUser", true); +// CIS Version 1.2.0 October 21st, 2011 2.1.2 +pref("plugins.update.notifyUser", false); -// CIS Version 1.2.0 October 21st, 2011 2.1.3 Enable Information Bar for Outdated Plugins +// PREF: Enable Information Bar for Outdated Plugins +// http://forums.mozillazine.org/viewtopic.php?f=8&t=2490287 +// CIS Version 1.2.0 October 21st, 2011 2.1.3 pref("plugins.hide_infobar_for_outdated_plugin", false); -// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.6 Enable IDN Show Punycode +// PREF: Force Punycode for Internationalized Domain Names // http://kb.mozillazine.org/Network.IDN_show_punycode +// https://www.xudongz.com/blog/2017/idn-phishing/ +// https://wiki.mozilla.org/IDN_Display_Algorithm +// https://en.wikipedia.org/wiki/IDN_homograph_attack +// https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ +// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.6 pref("network.IDN_show_punycode", true); -// http://kb.mozillazine.org/About:config_entries#Browser +// PREF: Disable inline autocomplete in URL bar // http://kb.mozillazine.org/Inline_autocomplete pref("browser.urlbar.autoFill", false); pref("browser.urlbar.autoFill.typed", false); -// http://www.labnol.org/software/browsers/prevent-firefox-showing-bookmarks-address-location-bar/3636/ +// PREF: Don't suggest any URLs while typing at the address bar +// https://www.labnol.org/software/browsers/prevent-firefox-showing-bookmarks-address-location-bar/3636/ // http://kb.mozillazine.org/Browser.urlbar.maxRichResults // "Setting the preference to 0 effectively disables the Location Bar dropdown entirely." pref("browser.urlbar.maxRichResults", 0); +// PREF: Disable CSS :visited selectors // https://blog.mozilla.org/security/2010/03/31/plugging-the-css-history-leak/ -// http://dbaron.org/mozilla/visited-privacy +// https://dbaron.org/mozilla/visited-privacy pref("layout.css.visited_links_enabled", false); // http://kb.mozillazine.org/Places.frecency.unvisited%28place_type%29Bonus +// PREF: Disable URL bar autocomplete // http://kb.mozillazine.org/Disabling_autocomplete_-_Firefox#Firefox_3.5 pref("browser.urlbar.autocomplete.enabled", false); -// Require manual intervention to autofill known username/passwords sign-in forms -// http://kb.mozillazine.org/Signon.autofillForms -// https://www.torproject.org/projects/torbrowser/design/#identifier-linkability -pref("signon.autofillForms", false); - -// Disable the password manager for pages with autocomplete=off -// Does not prevent any kind of auto-completion (see browser.formfill.enable, signon.autofillForms) -// OWASP ASVS V9.1, https://bugzilla.mozilla.org/show_bug.cgi?id=956906 -pref("signon.storeWhenAutocompleteOff", false); - -// do not check if firefox is the default browser +// PREF: Do not check if Firefox is the default browser pref("browser.shell.checkDefaultBrowser", false); +// PREF: When password manager is enabled, lock the password storage periodically // CIS Version 1.2.0 October 21st, 2011 2.5.3 Disable Prompting for Credential Storage -pref("security.ask_for_password", 0); -// When security.ask_for_password is 2 (every n minutes), lock password storage every 5 minutes (default is 30) - pref("security.password_lifetime", 5); -// https://bugzilla.mozilla.org/show_bug.cgi?id=1166947 -pref("signon.formlessCapture.enabled", false); +pref("security.ask_for_password", 2); // Bug 9881: Open popups in new tabs (to avoid fullscreen popups) pref("browser.link.open_newwindow.restriction", 0); -// Enable Insecure login field contextual warning -// https://bugzilla.mozilla.org/show_bug.cgi?id=1217162 -pref("security.insecure_field_warning.contextual.enabled", true); - -// Enable insecure password warnings (login forms in non-HTTPS pages) -// https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please/ -// https://bugzilla.mozilla.org/show_bug.cgi?id=1319119 -// https://bugzilla.mozilla.org/show_bug.cgi?id=1217156 -pref("security.insecure_password.ui.enabled", true); +// PREF: Lock the password storage every 1 minutes (default: 30) +pref("security.password_lifetime", 1); /****************************************************************************** - * TLS / HTTPS / OCSP related stuff * - * * + * SECTION: Cryptography * ******************************************************************************/ +// PREF: Enable HSTS preload list (pre-set HSTS sites list provided by Mozilla) // https://blog.mozilla.org/security/2012/11/01/preloading-hsts/ // https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List -pref("network.stricttransportsecurity.preloadlist", false); +// https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security +pref("network.stricttransportsecurity.preloadlist", true); // Disable HSTS Priming, a beta feature rarely used that allows mixed content on HTTPS pages. // https://wicg.github.io/hsts-priming/ @@ -1082,125 +1473,151 @@ pref("network.stricttransportsecurity.preloadlist", false); pref("security.mixed_content.send_hsts_priming", false); pref("security.mixed_content.use_hsts", false); - -// CIS Version 1.2.0 October 21st, 2011 2.2.4 Enable Online Certificate Status Protocol -// https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol#Privacy_concerns -pref("security.OCSP.enabled", 0); -pref("security.OCSP.require", false); - +// PREF: Enable Online Certificate Status Protocol +// https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol +// https://www.imperialviolet.org/2014/04/19/revchecking.html +// https://www.maikel.pro/blog/current-state-certificate-revocation-crls-ocsp/ +// https://wiki.mozilla.org/CA:RevocationPlan +// https://wiki.mozilla.org/CA:ImprovingRevocation +// https://wiki.mozilla.org/CA:OCSP-HardFail +// https://news.netcraft.com/archives/2014/04/24/certificate-revocation-why-browsers-remain-affected-by-heartbleed.html +// https://news.netcraft.com/archives/2013/04/16/certificate-revocation-and-the-performance-of-ocsp.html +// NOTICE: OCSP leaks your IP and domains you visit to the CA when OCSP Stapling is not available on visited host +// NOTICE: OCSP is vulnerable to replay attacks when nonce is not configured on the OCSP responder +// NOTICE: OCSP adds latency (performance) +// NOTICE: Short-lived certificates are not checked for revocation (security.pki.cert_short_lifetime_in_days, default:10) +// CIS Version 1.2.0 October 21st, 2011 2.2.4 +pref("security.OCSP.enabled", 1); + +// PREF: Enable OCSP Stapling support +// https://en.wikipedia.org/wiki/OCSP_stapling // https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ +// https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx pref("security.ssl.enable_ocsp_stapling", true); -// require certificate revocation check through OCSP protocol. -// NOTICE: this leaks information about the sites you visit to the CA. +// PREF: Enable OCSP Must-Staple support (45+) +// https://blog.mozilla.org/security/2015/11/23/improving-revocation-ocsp-must-staple-and-short-lived-certificates/ +// https://www.entrust.com/ocsp-must-staple/ +// https://github.com/schomery/privacy-settings/issues/40 +// NOTICE: Firefox falls back on plain OCSP when must-staple is not configured on the host certificate +pref("security.ssl.enable_ocsp_must_staple", true); + +// PREF: Require a valid OCSP response for OCSP enabled certificates +// https://groups.google.com/forum/#!topic/mozilla.dev.security/n1G-N2-HTVA +// Disabling this will make OCSP bypassable by MitM attacks suppressing OCSP responses +// NOTICE: `security.OCSP.require` will make the connection fail when the OCSP responder is unavailable +// NOTICE: `security.OCSP.require` is known to break browsing on some [captive portals](https://en.wikipedia.org/wiki/Captive_portal) pref("security.OCSP.require", true); -// Disable TLS Session Tickets +// PREF: Disable TLS Session Tickets // https://www.blackhat.com/us-13/briefings.html#NextGen // https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf // https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-WP.pdf -// https://bugzil.la/917049 -// https://bugzil.la/967977 +// https://bugzilla.mozilla.org/show_bug.cgi?id=917049 +// https://bugzilla.mozilla.org/show_bug.cgi?id=967977 pref("security.ssl.disable_session_identifiers", true); // https://www.torproject.org/projects/torbrowser/design/index.html.en pref("security.ssl.enable_false_start", true); pref("security.enable_tls_session_tickets", false); -// TLS 1.[0-3] -// http://kb.mozillazine.org/Security.tls.version.max +// PREF: Only allow TLS 1.[0-3] +// http://kb.mozillazine.org/Security.tls.version.* // 1 = TLS 1.0 is the minimum required / maximum supported encryption protocol. (This is the current default for the maximum supported version.) // 2 = TLS 1.1 is the minimum required / maximum supported encryption protocol. pref("security.tls.version.min", 1); pref("security.tls.version.max", 4); -// TLS version fallback +// PREF: Disable insecure TLS version fallback +// https://bugzilla.mozilla.org/show_bug.cgi?id=1084025 +// https://github.com/pyllyukko/user.js/pull/206#issuecomment-280229645 pref("security.tls.version.fallback-limit", 3); -// pinning -// https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning#How_to_use_pinning +// PREF: Enfore Public Key Pinning +// https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning +// https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning // "2. Strict. Pinning is always enforced." -pref("security.cert_pinning.enforcement_level", 2); +pref("security.cert_pinning.enforcement_level", 2); -// disallow SHA-1 +// PREF: Disallow SHA-1 // https://bugzilla.mozilla.org/show_bug.cgi?id=1302140 // https://hg.mozilla.org/releases/mozilla-release/rev/43c724bde81c#l3.34 // http://www.scmagazine.com/mozilla-pulls-back-on-rejecting-sha-1-certs-outright/article/463913/ // 0 = allow SHA-1; 1 = forbid SHA-1; 2 = allow SHA-1 only if notBefore < 2016-01-01 // https://shattered.io/ -pref("security.pki.sha1_enforcement_level", 1); +pref("security.pki.sha1_enforcement_level", 1); +// PREF: Warn the user when server doesn't support RFC 5746 ("safe" renegotiation) // https://wiki.mozilla.org/Security:Renegotiation#security.ssl.treat_unsafe_negotiation_as_broken -// see also CVE-2009-3555 +// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555 pref("security.ssl.treat_unsafe_negotiation_as_broken", true); +// PREF: Disallow connection to servers not supporting safe renegotiation (disabled) // https://wiki.mozilla.org/Security:Renegotiation#security.ssl.require_safe_negotiation -// this makes browsing next to impossible=) (13.2.2012) -// update: the world is not ready for this! (6.5.2014) -// see also CVE-2009-3555 -// The world must comply with this! (11.20.2016) -pref("security.ssl.require_safe_negotiation", true); +// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555 +// TODO: `security.ssl.require_safe_negotiation` is more secure but makes browsing next to impossible (2012-2014-... - `ssl_error_unsafe_negotiation` errors), so is left disabled +// pref("security.ssl.require_safe_negotiation", true); +// PREF: Disable automatic reporting of TLS connection errors // https://support.mozilla.org/en-US/kb/certificate-pinning-reports -// // we could also disable security.ssl.errorReporting.enabled, but I think it's // good to leave the option to report potentially malicious sites if the user // chooses to do so. -// // you can test this at https://pinningtest.appspot.com/ pref("security.ssl.errorReporting.automatic", false); +// PREF: Pre-populate the current URL but do not pre-fetch the certificate in the "Add Security Exception" dialog // http://kb.mozillazine.org/Browser.ssl_override_behavior -// Pre-populate the current URL but do not pre-fetch the certificate. +// https://github.com/pyllyukko/user.js/issues/210 pref("browser.ssl_override_behavior", 1); /****************************************************************************** - * CIPHERS * + * SECTION: Cipher suites * * * * you can debug the SSL handshake with tshark: * * tshark -t ad -n -i wlan0 -T text -V -R ssl.handshake * ******************************************************************************/ -// disable null ciphers -pref("security.ssl3.rsa_null_sha", false); -pref("security.ssl3.rsa_null_md5", false); -pref("security.ssl3.ecdhe_rsa_null_sha", false); -pref("security.ssl3.ecdhe_ecdsa_null_sha", false); +// PREF: Disable null ciphers +pref("security.ssl3.rsa_null_sha", false); +pref("security.ssl3.rsa_null_md5", false); +pref("security.ssl3.ecdhe_rsa_null_sha", false); +pref("security.ssl3.ecdhe_ecdsa_null_sha", false); pref("security.ssl3.ecdh_rsa_null_sha", false); -pref("security.ssl3.ecdh_ecdsa_null_sha", false); +pref("security.ssl3.ecdh_ecdsa_null_sha", false); -// SEED +// PREF: Disable SEED cipher // https://en.wikipedia.org/wiki/SEED -pref("security.ssl3.rsa_seed_sha", false); +pref("security.ssl3.rsa_seed_sha", false); -// 40 bits... +// PREF: Disable 40/56/128-bit ciphers +// 40-bit ciphers pref("security.ssl3.rsa_rc4_40_md5", false); pref("security.ssl3.rsa_rc2_40_md5", false); - -// 56 bits -pref("security.ssl3.rsa_1024_rc4_56_sha", false); - -// 128 bits -pref("security.ssl3.rsa_camellia_128_sha", false); +// 56-bit ciphers +pref("security.ssl3.rsa_1024_rc4_56_sha", false); +// 128-bit ciphers +pref("security.ssl3.rsa_camellia_128_sha", false); pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); -pref("security.ssl3.ecdh_rsa_aes_128_sha", false); +pref("security.ssl3.ecdh_rsa_aes_128_sha", false); pref("security.ssl3.ecdh_ecdsa_aes_128_sha", false); pref("security.ssl3.dhe_rsa_camellia_128_sha", false); -pref("security.ssl3.dhe_rsa_aes_128_sha", false); +pref("security.ssl3.dhe_rsa_aes_128_sha", false); -// RC4 (CVE-2013-2566) +// PREF: Disable RC4 +// https://developer.mozilla.org/en-US/Firefox/Releases/38#Security +// https://bugzilla.mozilla.org/show_bug.cgi?id=1138882 +// https://rc4.io/ +// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566 pref("security.ssl3.ecdh_ecdsa_rc4_128_sha", false); -pref("security.ssl3.ecdh_rsa_rc4_128_sha", false); +pref("security.ssl3.ecdh_rsa_rc4_128_sha", false); pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); pref("security.ssl3.rsa_rc4_128_md5", false); pref("security.ssl3.rsa_rc4_128_sha", false); -// https://developer.mozilla.org/en-US/Firefox/Releases/38#Security -// https://bugzil.la/1138882 -// https://rc4.io/ pref("security.tls.unrestricted_rc4_fallback", false); -// 3DES -> false because effective key size < 128 +// PREF: Disable 3DES (effective key size is < 128) // https://en.wikipedia.org/wiki/3des#Security // http://en.citizendium.org/wiki/Meet-in-the-middle_attack // http://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html @@ -1208,49 +1625,47 @@ pref("security.ssl3.dhe_dss_des_ede3_sha", false); pref("security.ssl3.dhe_rsa_des_ede3_sha", false); pref("security.ssl3.ecdh_ecdsa_des_ede3_sha", false); pref("security.ssl3.ecdh_rsa_des_ede3_sha", false); -pref("security.ssl3.ecdhe_ecdsa_des_ede3_sha", false); +pref("security.ssl3.ecdhe_ecdsa_des_ede3_sha", false); pref("security.ssl3.ecdhe_rsa_des_ede3_sha", false); pref("security.ssl3.rsa_des_ede3_sha", false); pref("security.ssl3.rsa_fips_des_ede3_sha", false); -// Ciphers with ECDH (without /e$/) +// PREF: Disable ciphers with ECDH (non-ephemeral) pref("security.ssl3.ecdh_rsa_aes_256_sha", false); pref("security.ssl3.ecdh_ecdsa_aes_256_sha", false); -// 256 bits without PFS -pref("security.ssl3.rsa_camellia_256_sha", false); +// PREF: Disable 256 bits ciphers without PFS +pref("security.ssl3.rsa_camellia_256_sha", false); -// Ciphers with ECDHE and > 128bits +// PREF: Enable ciphers with ECDHE and key size > 128bits pref("security.ssl3.ecdhe_rsa_aes_256_sha", true); // 0xc014 pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true); // 0xc00a -// GCM, yes please! (TLSv1.2 only) +// PREF: Enable GCM ciphers (TLSv1.2 only) +// https://en.wikipedia.org/wiki/Galois/Counter_Mode pref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true); // 0xc02b pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true); // 0xc02f -// ChaCha20 and Poly1305. Supported since Firefox 47. +// PREF: Enable ChaCha20 and Poly1305 (47+) // https://www.mozilla.org/en-US/firefox/47.0/releasenotes/ // https://tools.ietf.org/html/rfc7905 -// https://bugzil.la/917571 -// https://bugzil.la/1247860 +// https://bugzilla.mozilla.org/show_bug.cgi?id=917571 +// https://bugzilla.mozilla.org/show_bug.cgi?id=1247860 // https://cr.yp.to/chacha.html pref("security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256", true); pref("security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256", true); -// Susceptible to the logjam attack - https://weakdh.org/ +// PREF: Disable ciphers susceptible to the logjam attack +// https://weakdh.org/ pref("security.ssl3.dhe_rsa_camellia_256_sha", false); pref("security.ssl3.dhe_rsa_aes_256_sha", false); -// Ciphers with DSA (max 1024 bits) +// PREF: Disable ciphers with DSA (max 1024 bits) pref("security.ssl3.dhe_dss_aes_128_sha", false); pref("security.ssl3.dhe_dss_aes_256_sha", false); pref("security.ssl3.dhe_dss_camellia_128_sha", false); pref("security.ssl3.dhe_dss_camellia_256_sha", false); -// Fallbacks due compatibility reasons -pref("security.ssl3.rsa_aes_256_sha", true); -pref("security.ssl3.rsa_aes_128_sha", true); - -// Disable static TLS insecure fallback whitelist -// https://bugzilla.mozilla.org/show_bug.cgi?id=1128227 -pref("security.tls.insecure_fallback_hosts.use_static_list", false); +// PREF: Fallbacks due compatibility reasons +pref("security.ssl3.rsa_aes_256_sha", true); // 0x35 +pref("security.ssl3.rsa_aes_128_sha", true); // 0x2f |