From 59f1109923e62c85c273614d2b84932460a50771 Mon Sep 17 00:00:00 2001 From: Gaming4JC Date: Tue, 14 Mar 2017 19:11:11 -0400 Subject: completely remove google safe-browsing from regular iceweasel --- libre/iceweasel/vendor.js | 82 +++++++++++++++++++++++++++++++++++++---------- 1 file changed, 65 insertions(+), 17 deletions(-) diff --git a/libre/iceweasel/vendor.js b/libre/iceweasel/vendor.js index 4ca107453..5b8f7a591 100644 --- a/libre/iceweasel/vendor.js +++ b/libre/iceweasel/vendor.js @@ -86,8 +86,71 @@ pref("general.platform.override", "Win32"); pref("privacy.donottrackheader.enabled", true); pref("privacy.donottrackheader.value", 1); pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); -pref("browser.safebrowsing.enabled", false); -pref("browser.safebrowsing.malware.enabled", false); + +// CIS 2.1.1 Disable Auto Update / Balrog +pref("app.update.auto", false); +pref("app.update.checkInstallTime", false); +pref("app.update.enabled", false); +pref("app.update.staging.enabled", false); +pref("app.update.url", "about:blank"); +pref("media.gmp-manager.certs.1.commonName", ""); +pref("media.gmp-manager.certs.2.commonName", ""); +// Disable Gecko media plugins: https://wiki.mozilla.org/GeckoMediaPlugins +pref("media.gmp-manager.url", "http://127.0.0.1/"); +pref("media.gmp-manager.url.override", "data:text/plain,"); +pref("media.gmp-provider.enabled", false); +// Don't install openh264 codec +pref("media.gmp-gmpopenh264.enabled", false); +pref("media.gmp-eme-adobe.enabled", false); +pref("media.peerconnection.video.h264_enabled", false); + +// CIS 2.3.4 Block Reported Web Forgeries +// http://kb.mozillazine.org/Browser.safebrowsing.enabled +// http://kb.mozillazine.org/Safe_browsing +// https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work +// http://forums.mozillazine.org/viewtopic.php?f=39&t=2711237&p=12896849#p12896849 +pref("browser.safebrowsing.enabled", false); + +// CIS 2.3.5 Block Reported Attack Sites +// http://kb.mozillazine.org/Browser.safebrowsing.malware.enabled +pref("browser.safebrowsing.malware.enabled", false); + +// Disable safe browsing remote lookups for downloaded files. +// This leaks information to google. +// https://www.mozilla.org/en-US/firefox/39.0/releasenotes/ +// https://wiki.mozilla.org/Security/Application_Reputation +pref("browser.safebrowsing.downloads.remote.enabled", false); +pref("browser.safebrowsing.appRepURL", "about:blank"); +pref("browser.safebrowsing.provider.mozilla.gethashURL", "about:blank"); +pref("browser.safebrowsing.provider.mozilla.updateURL", "about:blank"); +pref("browser.safebrowsing.downloads.remote.block_dangerous", false); +pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); +pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); +pref("browser.safebrowsing.downloads.remote.block_uncommon", false); +pref("browser.safebrowsing.downloads.remote.enabled", false); +pref("browser.safebrowsing.downloads.remote.url", "about:blank"); +pref("browser.safebrowsing.provider.google.gethashURL", "about:blank"); +pref("browser.safebrowsing.provider.google.updateURL", "about:blank"); +pref("browser.safebrowsing.provider.google.lists", "about:blank"); + +// https://bugzilla.mozilla.org/show_bug.cgi?id=1025965 +pref("browser.safebrowsing.phishing.enabled", false); +pref("browser.safebrowsing.provider.google4.lists", "about:blank"); +pref("browser.safebrowsing.provider.google4.updateURL", "about:blank"); +pref("browser.safebrowsing.provider.google4.gethashURL", "about:blank"); +pref("browser.safebrowsing.provider.google4.reportURL", "about:blank"); +pref("browser.safebrowsing.provider.mozilla.lists", "about:blank"); + +// Disable Microsoft Family Safety MiTM support +// https://bugzilla.mozilla.org/show_bug.cgi?id=1239166 +// https://wiki.mozilla.org/SecurityEngineering/Untrusted_Certificates_in_Windows_Child_Mode +// https://hg.mozilla.org/releases/mozilla-release/file/ddb37c386bb2ffa180117b4d30ca3b41a8af233c/security/manager/ssl/nsNSSComponent.cpp#l782 +pref("security.family_safety.mode", 0); +// https://bugzilla.mozilla.org/show_bug.cgi?id=1265113 +// https://hg.mozilla.org/releases/mozilla-release/rev/d9659c22b3c5 +// https://bugzilla.mozilla.org/show_bug.cgi?id=1298883 +pref("security.enterprise_roots.enabled", false); + //pref("services.sync.privacyURL", "https://www.gnu.org/software/gnuzilla/"); pref("social.enabled", false); pref("social.remote-install.enabled", false); @@ -137,9 +200,6 @@ pref("browser.search.suggest.enabled", false); //pref("security.OCSP.enabled", 1); //pref("security.OCSP.require", true); -// Disable channel updates -pref("app.update.enabled", false); -pref("app.update.auto", false); // WebRTC pref("media.peerconnection.enabled", false); @@ -175,15 +235,6 @@ pref("pfs.filehint.url", "http://gnuzilla.gnu.org/plugins/PluginFinderService.ph pref("geo.enabled", false); pref("geo.wifi.uri", ""); -// Disable Gecko media plugins: https://wiki.mozilla.org/GeckoMediaPlugins -pref("media.gmp-manager.url", "http://127.0.0.1/"); -pref("media.gmp-manager.url.override", "data:text/plain,"); -pref("media.gmp-provider.enabled", false); -// Don't install openh264 codec -pref("media.gmp-gmpopenh264.enabled", false); -pref("media.gmp-eme-adobe.enabled", false); -pref("media.peerconnection.video.h264_enabled", false); - // Disable heartbeat pref("browser.selfsupport.url", ""); @@ -225,9 +276,6 @@ pref("extensions.pocket.enabled", false); // Do not require xpi extensions to be signed by Mozilla pref("xpinstall.signatures.required", false); -// Disable Barlog -pref("app.update.url", "about:blank"); - // Disable File and Directory Entries API (Imported from Edge/Chromium) // https://developer.mozilla.org/en-US/Firefox/Releases/50#Files_and_directories // https://developer.mozilla.org/en-US/docs/Web/API/File_and_Directory_Entries_API -- cgit v1.2.3