diff options
Diffstat (limited to 'nonprism/iceweasel-hardened-preferences/iceweasel-branding.js')
-rw-r--r-- | nonprism/iceweasel-hardened-preferences/iceweasel-branding.js | 35 |
1 files changed, 24 insertions, 11 deletions
diff --git a/nonprism/iceweasel-hardened-preferences/iceweasel-branding.js b/nonprism/iceweasel-hardened-preferences/iceweasel-branding.js index 78739ebd7..687feaeed 100644 --- a/nonprism/iceweasel-hardened-preferences/iceweasel-branding.js +++ b/nonprism/iceweasel-hardened-preferences/iceweasel-branding.js @@ -202,7 +202,9 @@ pref("dom.indexedDB.enabled", false); // Disable gamepad input // http://www.w3.org/TR/gamepad/ pref("dom.gamepad.enabled", false); +pref("dom.gamepad.non_standard_events.enabled", false); pref("dom.gamepad.test.enabled", false); +pref("dom.gamepad.extensions.enabled", false); // Disable virtual reality devices // https://developer.mozilla.org/en-US/Firefox/Releases/36#Interfaces.2FAPIs.2FDOM @@ -218,6 +220,9 @@ pref("dom.vr.osvr.enabled", false); // disable notifications pref("dom.webnotifications.enabled", false); +// https://developer.mozilla.org/en-US/docs/Web/API/Notification/requireInteraction +// https://bugzilla.mozilla.org/show_bug.cgi?id=862395 +pref("dom.webnotifications.requireinteraction.enabled", false); // HTML5 privacy https://bugzilla.mozilla.org/show_bug.cgi?id=500328 pref("browser.history.allowPopState", false); @@ -669,6 +674,10 @@ pref("browser.safebrowsing.provider.mozilla.lists", "about:blank"); // https://wiki.mozilla.org/SecurityEngineering/Untrusted_Certificates_in_Windows_Child_Mode // https://hg.mozilla.org/releases/mozilla-release/file/ddb37c386bb2ffa180117b4d30ca3b41a8af233c/security/manager/ssl/nsNSSComponent.cpp#l782 pref("security.family_safety.mode", 0); +// https://bugzilla.mozilla.org/show_bug.cgi?id=1265113 +// https://hg.mozilla.org/releases/mozilla-release/rev/d9659c22b3c5 +// https://bugzilla.mozilla.org/show_bug.cgi?id=1298883 +pref("security.enterprise_roots.enabled", false); // Disable pocket // https://support.mozilla.org/en-US/kb/save-web-pages-later-pocket-firefox @@ -909,9 +918,9 @@ pref("privacy.clearOnShutdown.downloads", true); pref("privacy.clearOnShutdown.formdata", true); pref("privacy.clearOnShutdown.history", true); pref("privacy.clearOnShutdown.offlineApps", true); -pref("privacy.clearOnShutdown.passwords", true); +//pref("privacy.clearOnShutdown.passwords", true); // Wipes all saved passwords, best to let the user decide. pref("privacy.clearOnShutdown.sessions", true); -pref("privacy.clearOnShutdown.siteSettings", true); +pref("privacy.clearOnShutdown.siteSettings", true); // http://www.ghacks.net/2015/10/16/how-to-prevent-hsts-tracking-in-firefox/ // Firefox will store small amounts (less than 50 MB) of data without asking for permission, unless this is set to false // https://support.mozilla.org/en-US/questions/1014708 @@ -1021,10 +1030,16 @@ pref("layout.css.visited_links_enabled", false); // http://kb.mozillazine.org/Disabling_autocomplete_-_Firefox#Firefox_3.5 pref("browser.urlbar.autocomplete.enabled", false); +// Require manual intervention to autofill known username/passwords sign-in forms // http://kb.mozillazine.org/Signon.autofillForms // https://www.torproject.org/projects/torbrowser/design/#identifier-linkability pref("signon.autofillForms", false); +// Disable the password manager for pages with autocomplete=off +// Does not prevent any kind of auto-completion (see browser.formfill.enable, signon.autofillForms) +// OWASP ASVS V9.1, https://bugzilla.mozilla.org/show_bug.cgi?id=956906 +pref("signon.storeWhenAutocompleteOff", false); + // do not check if firefox is the default browser pref("browser.shell.checkDefaultBrowser", false); @@ -1064,9 +1079,6 @@ pref("network.stricttransportsecurity.preloadlist", false); pref("security.mixed_content.send_hsts_priming", false); pref("security.mixed_content.use_hsts", false); -// OWASP ASVS V9.1 -// https://bugzilla.mozilla.org/show_bug.cgi?id=956906 -pref("signon.storeWhenAutocompleteOff", false); // CIS Version 1.2.0 October 21st, 2011 2.2.4 Enable Online Certificate Status Protocol // https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol#Privacy_concerns @@ -1080,6 +1092,7 @@ pref("security.ssl.enable_ocsp_stapling", true); // NOTICE: this leaks information about the sites you visit to the CA. pref("security.OCSP.require", true); +// Disable TLS Session Tickets // https://www.blackhat.com/us-13/briefings.html#NextGen // https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf // https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-WP.pdf @@ -1090,7 +1103,7 @@ pref("security.ssl.disable_session_identifiers", true); pref("security.ssl.enable_false_start", true); pref("security.enable_tls_session_tickets", false); -// TLS 1.[012] +// TLS 1.[0-3] // http://kb.mozillazine.org/Security.tls.version.max // 1 = TLS 1.0 is the minimum required / maximum supported encryption protocol. (This is the current default for the maximum supported version.) // 2 = TLS 1.1 is the minimum required / maximum supported encryption protocol. @@ -1205,12 +1218,12 @@ pref("security.ssl3.ecdh_ecdsa_aes_256_sha", false); pref("security.ssl3.rsa_camellia_256_sha", false); // Ciphers with ECDHE and > 128bits -pref("security.ssl3.ecdhe_rsa_aes_256_sha", true); -pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true); +pref("security.ssl3.ecdhe_rsa_aes_256_sha", true); // 0xc014 +pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true); // 0xc00a -// GCM, yes please! -pref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true); -pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true); +// GCM, yes please! (TLSv1.2 only) +pref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true); // 0xc02b +pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true); // 0xc02f // ChaCha20 and Poly1305. Supported since Firefox 47. // https://www.mozilla.org/en-US/firefox/47.0/releasenotes/ |