summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--nonprism/iceweasel-hardened-preferences/PKGBUILD12
-rw-r--r--nonprism/iceweasel-hardened-preferences/iceweasel-branding.js62
-rw-r--r--nonprism/iceweasel-hardened-preferences/iceweasel-hardened.install4
3 files changed, 67 insertions, 11 deletions
diff --git a/nonprism/iceweasel-hardened-preferences/PKGBUILD b/nonprism/iceweasel-hardened-preferences/PKGBUILD
index f0fbeb9b9..8abcd2cfb 100644
--- a/nonprism/iceweasel-hardened-preferences/PKGBUILD
+++ b/nonprism/iceweasel-hardened-preferences/PKGBUILD
@@ -2,8 +2,8 @@
# Contributor: André Silva <emulatorman@parabola.nu>
pkgname=iceweasel-hardened-preferences
-pkgver=0.1
-pkgrel=9
+pkgver=0.2
+pkgrel=1
pkgdesc="Hardened preferences script which runs Iceweasel to protect from a variety of privacy, security, and fingerprinting attacks."
arch=(any)
license=(MPL)
@@ -19,12 +19,12 @@ source=('firefox-branding.js'
'iceweasel-hardened.install')
sha512sums=('cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e'
'd542452fa1d619d22e9c9b6e4af58d7310abdc5c81d871a1abbddb0087c53913c8a244af2b7be416a2c439383afc2480c439078ebde0ccac518300d9027b4800'
-'c05992d3db2466928cf001b344fe01e08afc667296f65284f84fc5ba24c7d4fe71c2cb5e7b69776d31db3726f05b1176a3bd20ee077d6a0b43e6c5a007bc7563'
-'26e48145cfeaf8f243c6f4f30ccc806aea3fb825370e43b34dab33e1404a88849c888bf25a0b2038b3535b2d45569af24652894bb7a845b9bbc90fa23787cd2e')
+'c5678128d9b3a442322c9c5ea3aaec8df7e891eca575bd798fd6a820c7f6e39daaed3fcf4b796a0298243ed645ed5a6075d26df2152cb82037104872eb3dbd3f'
+'6dac0640bc84606be573cd5e8f2c2c5b40f30c3c9660b43e3df06dbce7e18f039fcff4e663d4eae61371c949ea78bdda2dd58339100942965b108b29c9d80375')
whirlpoolsums=('19fa61d75522a4669b44e39c1d2e1726c530232130d407f89afee0964997f7a73e83be698b288febcf88e3e03c4f0757ea8964e59b63d93708b138cc42a66eb3'
'f7cb38e58f644ddeae9f931c290ae1d96e54d0a8937171f2ebad498b65b87f2115cbd0a0f2a55e12dceba7a387e70fd2432678010a87975f8322c9c27b41efd2'
-'75096151a65da722382b51ee0655e76cdba717e4bc3ffe9fda731435ac061447e7e019d8e8b50c659b1ab66dd64eabe99798c81fac21cad31cc843b62a05e51d'
-'1b1e6202ce3fbf05e0513af03e94f2ad5a70b774404dd72260363fdc1f810047cbfb9889ad6f800f5bbe87b050c2556ea30567baf7b07e67f1afc05fc665fb5e')
+'111d468f523136ffaf6b886fbca966ec680d5dcdb6afa7ffc308146339672b4f68e721de25cb811d63a58d6b80582befaa59b93b9e5641d7421652eab55323f8'
+'e9c71ee315adf97e0da1f0395a16ac6adf64490da3883875182c9468f15b3707ddfc304b3acfdf05646533239c5dc2ff8e38652d0246f2b07fc9e620ef7d694e')
package() {
install -Dm644 iceweasel-branding.js "$pkgdir"/usr/lib/iceweasel/browser/defaults/preferences/iceweasel-branding.js
diff --git a/nonprism/iceweasel-hardened-preferences/iceweasel-branding.js b/nonprism/iceweasel-hardened-preferences/iceweasel-branding.js
index 120fa2543..daa92b859 100644
--- a/nonprism/iceweasel-hardened-preferences/iceweasel-branding.js
+++ b/nonprism/iceweasel-hardened-preferences/iceweasel-branding.js
@@ -1,6 +1,8 @@
/******************************************************************************
- * user.js *
- * https://github.com/pyllyukko/user.js *
+ * user.js *
+ * Adapted from... *
+ * https://github.com/pyllyukko/user.js *
+ * https://github.com/The-OP/Fox/tree/master/prefs *
******************************************************************************/
/*****************************************************************************
@@ -71,6 +73,7 @@ pref("services.kinto.base", "");
// https://hg.mozilla.org/releases/mozilla-beta/file/00bcc10b3bdc/dom/presentation/provider/MulticastDNSDeviceProvider.cpp#l18
pref("dom.presentation.discovery.enabled", false);
pref("dom.presentation.discoverable", false);
+pref("dom.presentation.discovery.legacy.enabled", false);
// http://kb.mozillazine.org/Dom.storage.enabled
// http://dev.w3.org/html5/webstorage/#dom-localstorage
@@ -161,6 +164,7 @@ pref("dom.indexedDB.enabled", false);
// Disable gamepad input
// http://www.w3.org/TR/gamepad/
pref("dom.gamepad.enabled", false);
+pref("dom.gamepad.test.enabled", false);
// Disable virtual reality devices
// https://developer.mozilla.org/en-US/Firefox/Releases/36#Interfaces.2FAPIs.2FDOM
@@ -196,8 +200,42 @@ pref("webgl.disabled", true);
pref("webgl.enable-debug-renderer-info", false);
pref("webgl.disable-extensions", false);
pref("webgl.min_capability_mode", true);
+pref("webgl.disable-wgl", true);
+pref("webgl.enable-webgl2", false);
// somewhat related...
-pref("pdfjs.enableWebGL", false);
+pref("pdfjs.enableWebGL", false);
+
+// Disable File and Directory Entries API (Imported from Edge/Chromium)
+// https://developer.mozilla.org/en-US/Firefox/Releases/50#Files_and_directories
+// https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API
+// https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API/Introduction
+// https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API/Firefox_support
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1265767
+pref("dom.webkitBlink.filesystem.enabled", false);
+// https://developer.mozilla.org/en-US/docs/Web/API/HTMLInputElement/webkitdirectory
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1258489
+// https://hg.mozilla.org/releases/mozilla-release/rev/133af19777be
+pref("dom.webkitBlink.dirPicker.enabled", false);
+
+// Directory Upload API, webkitdirectory
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1188880
+// https://bugzilla.mozilla.org/show_bug.cgi?id=907707
+// https://wicg.github.io/directory-upload/proposal.html
+pref("dom.input.dirpicker", false);
+
+// Disable FlyWeb
+// http://www.ghacks.net/2016/07/26/firefox-flyweb/
+// https://www.reddit.com/r/firefox/comments/4uwd1n/flyweb_we_dont_need_no_stinking_iot_apps/
+// https://hg.mozilla.org/releases/mozilla-release/rev/576019c74103
+// https://hg.mozilla.org/releases/mozilla-release/file/8dc18bf5abac/browser/extensions/flyweb/bootstrap.js#l36
+pref("dom.flyweb.enabled", false);
+
+
+// Disable Pointer Lock API.
+// https://developer.mozilla.org/en-US/docs/Web/API/Pointer_Lock_API
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1273351
+ pref("full-screen-api.pointer-lock.enabled", false);
+pref("pointer-lock-api.prefixed.enabled", false);
/******************************************************************************
* Misc *
@@ -286,6 +324,7 @@ pref("browser.urlbar.filter.javascript", true);
pref("javascript.options.asmjs", false);
// https://hacks.mozilla.org/2016/03/a-webassembly-milestone/
pref("javascript.options.wasm", false);
+pref("javascript.options.wasm_baselinejit", false);
// https://trac.torproject.org/projects/tor/ticket/9387#comment:43
pref("javascript.options.typeinference", false);
pref("javascript.options.baselinejit.content", false);
@@ -547,6 +586,20 @@ pref("browser.safebrowsing.provider.google.gethashURL", "");
pref("browser.safebrowsing.provider.google.updateURL", "");
pref("browser.safebrowsing.provider.google.lists", "");
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1025965
+user_pref("browser.safebrowsing.phishing.enabled", false);
+user_pref("browser.safebrowsing.provider.google4.lists", "");
+user_pref("browser.safebrowsing.provider.google4.updateURL", "");
+user_pref("browser.safebrowsing.provider.google4.gethashURL", "");
+user_pref("browser.safebrowsing.provider.google4.reportURL", "");
+user_pref("browser.safebrowsing.provider.mozilla.lists", "");
+
+// Disable Microsoft Family Safety MiTM support
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1239166
+// https://wiki.mozilla.org/SecurityEngineering/Untrusted_Certificates_in_Windows_Child_Mode
+// https://hg.mozilla.org/releases/mozilla-release/file/ddb37c386bb2ffa180117b4d30ca3b41a8af233c/security/manager/ssl/nsNSSComponent.cpp#l782
+user_pref("security.family_safety.mode", 0);
+
// Disable pocket
// https://support.mozilla.org/en-US/kb/save-web-pages-later-pocket-firefox
pref("browser.pocket.enabled", false);
@@ -706,6 +759,9 @@ pref("browser.webapps.checkForUpdates", 0);
pref("browser.webapps.updateCheckUrl", "about:blank");
pref("dom.mozApps.signed_apps_installable_from", "");
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1223838#c31
+pref("network.http.enablePerElementReferrer", false);
+
// Disable Favicon lookups
// http://kb.mozillazine.org/Browser.chrome.favicons
// pref("browser.chrome.favicons", false);
diff --git a/nonprism/iceweasel-hardened-preferences/iceweasel-hardened.install b/nonprism/iceweasel-hardened-preferences/iceweasel-hardened.install
index 6e59a0c98..a40085990 100644
--- a/nonprism/iceweasel-hardened-preferences/iceweasel-hardened.install
+++ b/nonprism/iceweasel-hardened-preferences/iceweasel-hardened.install
@@ -1,6 +1,6 @@
post_install() {
echo "..."
- echo "Note: It is now required to use iceweasel-hardened or iceweasel binaries separately. They cannot run at the same time, but can be ran interchangebly."
+ echo "Note: It is now required to use iceweasel-hardened or iceweasel binaries separately. They cannot run at the same time, but can be ran interchangebly. Additionally some user.js preferences may be overriden in your normal profile due to Mozilla bug #1322624."
echo "..."
- echo "Nota: ahora se require usar los binarios iceweasel-hardened o iceweasel de forma separada. No pueden ser usados al mismo tiempo, pero sí de manera alterna."
+ echo "Nota: ahora se require usar los binarios iceweasel-hardened o iceweasel de forma separada. No pueden ser usados al mismo tiempo, pero sí de manera alterna. Además, algunas preferencias de user.js pueden ser anuladas en tu perfil normal debido al error #1322624 de Mozilla."
} \ No newline at end of file