summaryrefslogtreecommitdiff
path: root/libre/iceweasel
diff options
context:
space:
mode:
Diffstat (limited to 'libre/iceweasel')
-rw-r--r--libre/iceweasel/vendor.js82
1 files changed, 65 insertions, 17 deletions
diff --git a/libre/iceweasel/vendor.js b/libre/iceweasel/vendor.js
index 4ca107453..5b8f7a591 100644
--- a/libre/iceweasel/vendor.js
+++ b/libre/iceweasel/vendor.js
@@ -86,8 +86,71 @@ pref("general.platform.override", "Win32");
pref("privacy.donottrackheader.enabled", true);
pref("privacy.donottrackheader.value", 1);
pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
-pref("browser.safebrowsing.enabled", false);
-pref("browser.safebrowsing.malware.enabled", false);
+
+// CIS 2.1.1 Disable Auto Update / Balrog
+pref("app.update.auto", false);
+pref("app.update.checkInstallTime", false);
+pref("app.update.enabled", false);
+pref("app.update.staging.enabled", false);
+pref("app.update.url", "about:blank");
+pref("media.gmp-manager.certs.1.commonName", "");
+pref("media.gmp-manager.certs.2.commonName", "");
+// Disable Gecko media plugins: https://wiki.mozilla.org/GeckoMediaPlugins
+pref("media.gmp-manager.url", "http://127.0.0.1/");
+pref("media.gmp-manager.url.override", "data:text/plain,");
+pref("media.gmp-provider.enabled", false);
+// Don't install openh264 codec
+pref("media.gmp-gmpopenh264.enabled", false);
+pref("media.gmp-eme-adobe.enabled", false);
+pref("media.peerconnection.video.h264_enabled", false);
+
+// CIS 2.3.4 Block Reported Web Forgeries
+// http://kb.mozillazine.org/Browser.safebrowsing.enabled
+// http://kb.mozillazine.org/Safe_browsing
+// https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work
+// http://forums.mozillazine.org/viewtopic.php?f=39&t=2711237&p=12896849#p12896849
+pref("browser.safebrowsing.enabled", false);
+
+// CIS 2.3.5 Block Reported Attack Sites
+// http://kb.mozillazine.org/Browser.safebrowsing.malware.enabled
+pref("browser.safebrowsing.malware.enabled", false);
+
+// Disable safe browsing remote lookups for downloaded files.
+// This leaks information to google.
+// https://www.mozilla.org/en-US/firefox/39.0/releasenotes/
+// https://wiki.mozilla.org/Security/Application_Reputation
+pref("browser.safebrowsing.downloads.remote.enabled", false);
+pref("browser.safebrowsing.appRepURL", "about:blank");
+pref("browser.safebrowsing.provider.mozilla.gethashURL", "about:blank");
+pref("browser.safebrowsing.provider.mozilla.updateURL", "about:blank");
+pref("browser.safebrowsing.downloads.remote.block_dangerous", false);
+pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false);
+pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
+pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
+pref("browser.safebrowsing.downloads.remote.enabled", false);
+pref("browser.safebrowsing.downloads.remote.url", "about:blank");
+pref("browser.safebrowsing.provider.google.gethashURL", "about:blank");
+pref("browser.safebrowsing.provider.google.updateURL", "about:blank");
+pref("browser.safebrowsing.provider.google.lists", "about:blank");
+
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1025965
+pref("browser.safebrowsing.phishing.enabled", false);
+pref("browser.safebrowsing.provider.google4.lists", "about:blank");
+pref("browser.safebrowsing.provider.google4.updateURL", "about:blank");
+pref("browser.safebrowsing.provider.google4.gethashURL", "about:blank");
+pref("browser.safebrowsing.provider.google4.reportURL", "about:blank");
+pref("browser.safebrowsing.provider.mozilla.lists", "about:blank");
+
+// Disable Microsoft Family Safety MiTM support
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1239166
+// https://wiki.mozilla.org/SecurityEngineering/Untrusted_Certificates_in_Windows_Child_Mode
+// https://hg.mozilla.org/releases/mozilla-release/file/ddb37c386bb2ffa180117b4d30ca3b41a8af233c/security/manager/ssl/nsNSSComponent.cpp#l782
+pref("security.family_safety.mode", 0);
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1265113
+// https://hg.mozilla.org/releases/mozilla-release/rev/d9659c22b3c5
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1298883
+pref("security.enterprise_roots.enabled", false);
+
//pref("services.sync.privacyURL", "https://www.gnu.org/software/gnuzilla/");
pref("social.enabled", false);
pref("social.remote-install.enabled", false);
@@ -137,9 +200,6 @@ pref("browser.search.suggest.enabled", false);
//pref("security.OCSP.enabled", 1);
//pref("security.OCSP.require", true);
-// Disable channel updates
-pref("app.update.enabled", false);
-pref("app.update.auto", false);
// WebRTC
pref("media.peerconnection.enabled", false);
@@ -175,15 +235,6 @@ pref("pfs.filehint.url", "http://gnuzilla.gnu.org/plugins/PluginFinderService.ph
pref("geo.enabled", false);
pref("geo.wifi.uri", "");
-// Disable Gecko media plugins: https://wiki.mozilla.org/GeckoMediaPlugins
-pref("media.gmp-manager.url", "http://127.0.0.1/");
-pref("media.gmp-manager.url.override", "data:text/plain,");
-pref("media.gmp-provider.enabled", false);
-// Don't install openh264 codec
-pref("media.gmp-gmpopenh264.enabled", false);
-pref("media.gmp-eme-adobe.enabled", false);
-pref("media.peerconnection.video.h264_enabled", false);
-
// Disable heartbeat
pref("browser.selfsupport.url", "");
@@ -225,9 +276,6 @@ pref("extensions.pocket.enabled", false);
// Do not require xpi extensions to be signed by Mozilla
pref("xpinstall.signatures.required", false);
-// Disable Barlog
-pref("app.update.url", "about:blank");
-
// Disable File and Directory Entries API (Imported from Edge/Chromium)
// https://developer.mozilla.org/en-US/Firefox/Releases/50#Files_and_directories
// https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API