summaryrefslogtreecommitdiff
path: root/libre/iceweasel
diff options
context:
space:
mode:
authorAndré Fabian Silva Delgado <emulatorman@parabola.nu>2016-09-23 11:29:48 -0300
committerAndré Fabian Silva Delgado <emulatorman@parabola.nu>2016-09-23 11:29:48 -0300
commitd5e8ba9d872a0f16eaef0fe6cd5f50d5cd726358 (patch)
tree43f8507fa2c71e712dc44e7389c195b95cd21a8e /libre/iceweasel
parentb97eed1a3eddbc830491b9421d0344b3267ac17e (diff)
iceweasel: move new security patches to [libre-testing] since it is under testing yet
Diffstat (limited to 'libre/iceweasel')
-rw-r--r--libre/iceweasel/vendor.js545
1 files changed, 199 insertions, 346 deletions
diff --git a/libre/iceweasel/vendor.js b/libre/iceweasel/vendor.js
index 91d644a1b..ab4a9aedb 100644
--- a/libre/iceweasel/vendor.js
+++ b/libre/iceweasel/vendor.js
@@ -1,360 +1,213 @@
-pref("extensions.getAddons.search.url", "https://directory.fsf.org/wiki/GNU_IceCat");
-pref("extensions.getAddons.link.url", "https://directory.fsf.org/wiki/GNU_IceCat");
-pref("extensions.getAddons.search.browseURL", "https://directory.fsf.org/wiki/GNU_IceCat");
-//pref("accessibility.blockautorefresh", true);
-//pref("browser.meta_refresh_when_inactive.disabled", true);
-pref("extensions.webservice.discoverURL", "https://directory.fsf.org/wiki/GNU_IceCat");
-pref("app.faqURL", "https://libreplanet.org/wiki/Group:IceCat/FAQ");
-pref("app.update.auto", false);
-pref("app.update.checkInstallTime", false);
-pref("app.update.enabled", false);
-pref("app.update.staging.enabled", false);
-pref("app.update.url", "about:blank");
-pref("beacon.enabled", false);
-pref("breakpad.reportURL", "about:blank");
-pref("browser.EULA.override", true);
-pref("browser.aboutHomeSnippets.updateUrl", "about:blank");
-pref("browser.apps.URL", "about:blank");
-pref("browser.cache.disk.enable", false);
-pref("browser.cache.offline.enable", false);
-pref("browser.casting.enabled", false);
-pref("browser.search.order.US.1", "");
-pref("browser.search.order.US.2", "");
-pref("browser.search.order.US.3", "");
-pref("gecko.handlerService.schemes.mailto.0.name", "");
-pref("browser.disableResetPrompt", true);
-pref("browser.display.max_font_attempts",10);
-pref("browser.display.max_font_count",10);
-pref("browser.display.use_document_fonts", 0); // Prevent font fingerprinting
-pref("browser.download.manager.addToRecentDocs", false);
-pref("browser.download.manager.retention", 1);
-pref("browser.download.manager.scanWhenDone", false); // prevents AV remote reporting of downloads
-pref("browser.download.useDownloadDir", false);
-pref("browser.eme.ui.enabled", false);
-pref("browser.fixup.alternate.enabled", false);
-pref("browser.formfill.enable", false);
-pref("browser.history.allowPopState", false); // HTML5 privacy https://bugzilla.mozilla.org/show_bug.cgi?id=500328
-pref("browser.history.allowPushState", false);
-pref("browser.history.allowReplaceState", false);
-pref("browser.link.open_newwindow.restriction", 0); // Bug 9881: Open popups in new tabs (to avoid fullscreen popups)
-pref("browser.newtab.preload", false);
-pref("browser.newtabpage.directory.ping", "about:blank");
-pref("browser.newtabpage.directory.source", "about:blank");
-pref("browser.newtabpage.enabled", false);
-pref("browser.newtabpage.enhanced", false);
-pref("browser.newtabpage.introShown", true);
-pref("browser.pocket.api", "about:blank");
-pref("browser.pocket.enabled", false);
-pref("browser.pocket.enabledLocales", "about:blank");
-pref("browser.pocket.oAuthConsumerKey", "about:blank");
-pref("browser.pocket.site", "about:blank");
-pref("browser.pocket.useLocaleList", false);
-pref("browser.preferences.inContent",false);
-//pref("browser.privatebrowsing.autostart", true);
-pref("browser.rights.3.shown", true);
-pref("browser.safebrowsing.appRepURL", "about:blank");
-pref("browser.safebrowsing.enabled", false);
-pref("browser.safebrowsing.malware.enabled", false);
-pref("browser.safebrowsing.provider.mozilla.gethashURL", "about:blank");
-pref("browser.safebrowsing.provider.mozilla.updateURL", "about:blank");
-pref("browser.safebrowsing.downloads.remote.block_dangerous", false);
-pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false);
-pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
-pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
-pref("browser.safebrowsing.downloads.remote.enabled", false);
-pref("browser.safebrowsing.downloads.remote.url", "");
-pref("browser.safebrowsing.provider.google.gethashURL", "");
-pref("browser.safebrowsing.provider.google.updateURL", "");
-pref("browser.safebrowsing.provider.google.lists", "");
-pref("browser.search.geoSpecificDefaults.url", "about:blank");
-pref("browser.search.geoSpecificDefaults", false);
-pref("browser.search.geoip.url", "about:blank");
-pref("browser.search.suggest.enabled", false);
-pref("browser.search.update", false);
-pref("browser.selfsupport.url", "about:blank");
-pref("browser.send_pings", false);
-pref("browser.sessionstore.privacy_level", 2);
+// Use LANG environment variable to choose locale
+pref("intl.locale.matchOS", true);
+
+// Disable default browser checking.
pref("browser.shell.checkDefaultBrowser", false);
-pref("browser.slowStartup.maxSamples", 0);
-pref("browser.slowStartup.notificationDisabled", true);
-pref("browser.slowStartup.samples", 0);
-pref("browser.snippets.enabled", false);
-pref("browser.snippets.geoUrl", "about:blank");
-pref("browser.snippets.statsUrl", "about:blank");
-pref("browser.snippets.syncPromo.enabled", false);
-pref("browser.snippets.updateUrl", "about:blank");
-pref("browser.startup.homepage_override.buildID", "20100101");
-pref("browser.startup.homepage_override.mstone", "9001.0.0");
-pref("browser.syncPromoViewsLeftMap", "{\"addons\":0, \"passwords\":0, \"bookmarks\":0}"); // Don't promote sync
-pref("browser.newtabpage.remote", false);
-pref("browser.tabs.crashReporting.sendReport", false);
-pref("browser.tabs.remote.desktopbehavior", false);
-pref("browser.toolbarbuttons.introduced.pocket-button", true);
-pref("browser.uitour.enabled", false); // https://trac.torproject.org/projects/tor/ticket/19047
-pref("browser.urlbar.maxRichResults", 0);
-pref("browser.webapps.checkForUpdates", 0);
-pref("browser.webapps.updateCheckUrl", "about:blank");
-pref("browser.zoom.siteSpecific", false);
-pref("camera.control.autofocus_moving_callback.enabled", false);
-pref("camera.control.face_detection.enabled", false);
-pref("captivedetect.canonicalURL", "about:blank");
-pref("datareporting.healthreport.about.reportUrl", "about:blank");
-pref("datareporting.healthreport.documentServerURI", "about:blank");
-pref("datareporting.healthreport.service.enabled", false); // Yes, all three of these must be set
-pref("datareporting.healthreport.uploadEnabled", false);
-pref("datareporting.policy.dataSubmissionEnabled", false);
-pref("datareporting.policy.dataSubmissionPolicyVersion", 2);
-pref("datareporting.policy.firstRunTime", 0);
-pref("device.sensors.enabled", false);
-pref("devtools.debugger.remote-enabled", false); // https://developer.mozilla.org/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop#Enable_remote_debugging
-pref("devtools.devices.url", "about:blank");
-pref("devtools.gcli.imgurUploadURL", "about:blank");
-pref("devtools.gcli.jquerySrc", "about:blank");
-pref("devtools.gcli.lodashSrc", "about:blank");
-pref("devtools.gcli.underscoreSrc", "about:blank");
-pref("devtools.remote.wifi.scan", false); // http://forum.top-hat-sec.com/index.php?topic=4951.5;wap2
-pref("devtools.remote.wifi.visible", false);
-pref("devtools.webide.adaptersAddonURL", "about:blank");
-pref("devtools.webide.adbAddonURL", "about:blank");
-pref("devtools.webide.addonsURL", "about:blank");
-pref("devtools.webide.enabled", false); //https://trac.torproject.org/projects/tor/ticket/16222
-pref("devtools.webide.simulatorAddonsURL", "about:blank");
-pref("devtools.webide.templatesURL", "about:blank");
-pref("dom.battery.enabled", false); // fingerprinting due to differing OS implementations
-pref("dom.enable_performance", false);
-pref("dom.event.clipboardevents.enabled",false);
-pref("dom.gamepad.enabled", false); // bugs.torproject.org/13023
-pref("dom.indexedDB.enabled", false);
-pref("dom.enable_user_timing", false);
-pref("dom.event.highrestimestamp.enabled", false);
-pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
-pref("dom.mozApps.signed_apps_installable_from", "about:blank");
-pref("dom.netinfo.enabled", false); // Network Information API provides general information about the system's connection type (WiFi, cellular, etc.)
-pref("dom.network.enabled",false); // fingerprinting due to differing OS implementations
-pref("dom.push.enabled", false);
-pref("dom.push.serverURL", "");
-pref("dom.presentation.discovery.enabled", false);
-pref("dom.presentation.discoverable", false);
-pref("dom.storage.enabled", false);
-pref("dom.telephony.enabled", false); // https://wiki.mozilla.org/WebAPI/Security/WebTelephony
-pref("dom.vibrator.enabled", false);
-pref("dom.vr.enabled", false);
-pref("dom.vr.cardboard.enabled", false);
-pref("dom.vr.oculus.enabled", false);
-pref("dom.vr.oculus050.enabled", false);
-pref("dom.vr.poseprediction.enabled", false);
-pref("dom.vr.add-test-devices", 0);
-pref("dom.workers.sharedWorkers.enabled", false); // See https://bugs.torproject.org/15562
-pref("dom.idle-observers-api.enabled", false); // disable idle observation
-pref("experiments.enabled", false);
-pref("experiments.manifest.uri", "about:blank");
-pref("extensions.blocklist.detailsURL", "about:blank");
-pref("extensions.blocklist.enabled", false);
-pref("extensions.blocklist.itemURL", "about:blank");
-pref("extensions.blocklist.url", "about:blank");
-pref("extensions.bootstrappedAddons", "{}");
-pref("extensions.databaseSchema", 3);
-pref("extensions.enabledScopes", 1);
+
// Don't disable our bundled extensions in the application directory
pref("extensions.autoDisableScopes", 11);
pref("extensions.shownSelectionUI", true);
-pref("extensions.getAddons.cache.enabled", false); // https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
-pref("extensions.getAddons.get.url", "about:blank");
-pref("extensions.getAddons.getWithPerformance.url", "about:blank");
-pref("extensions.getAddons.recommended.url", "about:blank");
-pref("extensions.pendingOperations", false);
-pref("extensions.pocket.api", "about:blank");
-pref("extensions.pocket.enabled", false);
-pref("extensions.shownSelectionUI", true);
-pref("extensions.ui.lastCategory", "addons://list/extension");
-pref("extensions.update.autoUpdateDefault", false);
-pref("extensions.update.enabled", false); // Fingerprints all installed addons, best to let the user decide when to run updates manually.
-pref("extensions.update.background.url", ""); // User can still update manually, but we disable background updates.
-pref("extensions.systemAddon.update.url", ""); // The system add-ons infrastructure that's used to ship Hello and Pocket in Firefox
-pref("font.default.x-western", "sans-serif");
-pref("general.appname.override", "Netscape");
-pref("general.appversion.override", "5.0 (Windows)");
-pref("general.buildID.override", "20100101");
-pref("general.oscpu.override", "Windows NT 6.1");
-pref("general.platform.override", "Win32");
-pref("general.productSub.override", "20100101");
-pref("general.useragent.compatMode.firefox", true);
-pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0");
-pref("general.useragent.vendor", "");
-pref("general.useragent.vendorSub", "");
-//pref("general.warnOnAboutConfig", false);
+
+// Disable "alt" as a shortcut key to open full menu bar. Conflicts with "alt" as a modifier
+pref("ui.key.menuAccessKeyFocuses", false);
+
+// Disable the GeoLocation API for content
pref("geo.enabled", false);
-pref("geo.wifi.uri", "about:blank");
-pref("gfx.direct2d.disabled", true);
-pref("gfx.downloadable_fonts.fallback_delay", -1);
-pref("gfx.font_rendering.opentype_svg.enabled", false); // https://wiki.mozilla.org/SVGOpenTypeFonts - iSEC Partners Report recommends to disable this
-pref("healthreport.uploadEnabled", false);
-pref("identity.fxaccounts.auth.uri", "about:blank");
-pref("intl.charset.default", "windows-1252");
-pref("intl.locale.matchOS", true);
-pref("javascript.options.asmjs", false); // Multiple security advisories, low level js
-pref("javascript.options.wasm", false); // https://hacks.mozilla.org/2016/03/a-webassembly-milestone/
-pref("javascript.use_us_english_locale", true);
-pref("javascript.options.typeinference", false);
-pref("javascript.options.baselinejit.content", false);
-pref("javascript.options.ion.content", false); // https://trac.torproject.org/projects/tor/ticket/9387#comment:43
-pref("keyword.enabled", false);
-pref("layers.acceleration.disabled", true);
-pref("layout.css.visited_links_enabled", false);
-pref("lightweightThemes.update.enabled", false); // We can update our themes manually, may fingerprint the user.
-pref("loop.copy.throttler", "about:blank");
-pref("loop.enabled",false); //Disable Firefox Hello
-pref("loop.facebook.appId", "about:blank");
-pref("loop.facebook.enabled", false);
-pref("loop.facebook.fallbackUrl", "about:blank");
-pref("loop.facebook.shareUrl", "about:blank");
-pref("loop.feedback.baseUrl", "about:blank");
-pref("loop.feedback.formURL", "about:blank");
-pref("loop.feedback.manualFormURL", "about:blank");
-pref("loop.gettingStarted.url", "about:blank");
-pref("loop.learnMoreUrl", "about:blank");
-pref("loop.legal.ToS_url", "about:blank");
-pref("loop.legal.privacy_url", "about:blank");
-pref("loop.linkClicker.url", "about:blank");
-pref("loop.oauth.google.redirect_uri", "about:blank");
-pref("loop.oauth.google.scope", "about:blank");
-pref("loop.remote.autostart", false);
-pref("loop.server", "about:blank");
-pref("loop.soft_start_hostname", "about:blank");
-pref("loop.support_url", "about:blank");
-pref("loop.throttled2",false);
-pref("mathml.disabled", true); // https://www.torproject.org/projects/torbrowser/design
-pref("media.audio_data.enabled", false);
-pref("media.autoplay.enabled", false);
-pref("media.cache_size", 0);
-pref("media.eme.apiVisible", false); // Disable Freedom Violating DRM Feature
+
+// Make sure that the request URL of the GeoLocation backend is empty
+pref("geo.wifi.uri", "");
+
+// Disable Pocket and make sure that the request URLs of the Pocket are empty
+pref("browser.pocket.enabled", false);
+pref("browser.pocket.api", "");
+pref("browser.pocket.site", "");
+pref("browser.pocket.oAuthConsumerKey", "");
+pref("browser.pocket.useLocaleList", false);
+pref("browser.pocket.enabledLocales", "");
+
+// Disable Freedom Violating DRM Feature
+pref("browser.eme.ui.enabled", false);
pref("media.eme.enabled", false);
-pref("media.getusermedia.screensharing.allowed_domains", ""); // We really don't want to be promoting Cisco and Cloudflare in a whitelist here.
-pref("media.getusermedia.screensharing.enabled", false);
-pref("media.gmp-eme-adobe.enabled", false);
-pref("media.gmp-gmpopenh264.enabled", false);
-pref("media.gmp-manager.url", "about:blank"); // Disable Gecko media plugins: https://wiki.mozilla.org/GeckoMediaPlugins
-pref("media.gmp-manager.url.override", "data:text/plain");
-pref("media.gmp-provider.enabled", false);
-pref("media.gmp.trial-create.enabled", false);
-pref("media.navigator.enabled", false);
-pref("media.peerconnection.enabled", false); // Disable WebRTC interfaces
-pref("media.peerconnection.ice.default_address_only", true);
-pref("media.video_stats.enabled", false);
-pref("media.webspeech.recognition.enable", false);
-pref("media.webspeech.synth.enabled", false);
-pref("network.allow-experiments", false);
-pref("network.http.altsvc.enabled", false);
-pref("network.http.altsvc.oe", false); // https://trac.torproject.org/projects/tor/ticket/16673
-pref("network.cookie.cookieBehavior", 1);
-pref("network.cookie.lifetimePolicy", 2);
-pref("network.dns.disablePrefetch", true);
-pref("network.http.connection-retry-timeout", 0);
-pref("network.http.max-persistent-connections-per-proxy", 256);
-pref("network.http.pipelining", true);
-pref("network.http.pipelining.aggressive", true);
-pref("network.http.pipelining.max-optimistic-requests", 3);
-pref("network.http.pipelining.maxrequests", 10);
-pref("network.http.pipelining.maxrequests", 12);
-pref("network.http.pipelining.read-timeout", 60000);
-pref("network.http.pipelining.reschedule-timeout", 15000);
-pref("network.http.pipelining.ssl", true);
-pref("network.http.proxy.pipelining", true);
-pref("network.http.referer.spoofSource", true);
-pref("network.http.sendRefererHeader", 2);
-pref("network.http.sendSecureXSiteReferrer", false);
-pref("network.http.spdy.enabled", false); // Stores state and may have keepalive issues (both fixable)
-pref("network.http.spdy.enabled.v2", false); // Seems redundant, but just in case
-pref("network.http.spdy.enabled.v3", false); // Seems redundant, but just in case
-pref("network.http.speculative-parallel-limit", 0);
-pref("network.jar.block-remote-files", true); // https://bugzilla.mozilla.org/show_bug.cgi?id=1173171
-pref("network.jar.open-unsafe-types", false);
-pref("network.manage-offline-status", false); // https://trac.torproject.org/projects/tor/ticket/18945
-pref("network.predictor.enabled", false); // https://trac.torproject.org/projects/tor/ticket/16625
-pref("network.prefetch-next", false);
-pref("network.protocol-handler.external-default", false);
-pref("network.protocol-handler.external.mailto", false);
-pref("network.protocol-handler.external.news", false);
-pref("network.protocol-handler.external.nntp", false);
-pref("network.protocol-handler.external.snews", false);
-pref("network.protocol-handler.warn-external.mailto", true);
-pref("network.protocol-handler.warn-external.news", true);
-pref("network.protocol-handler.warn-external.nntp", true);
-pref("network.protocol-handler.warn-external.snews", true);
-pref("network.proxy.no_proxies_on", ""); // For fingerprinting and local service vulns (#10419)
-pref("network.proxy.socks", "127.0.0.1");
-pref("network.proxy.socks_port", 9050);
-pref("network.proxy.socks_remote_dns", true);
-pref("network.proxy.type", 0); // Setup for TOR for default proxy, but do not enable by default.
-pref("network.security.ports.banned", "9050,9051,9150,9151");
-pref("network.websocket.max-connections", 0);
-pref("nglayout.initialpaint.delay", 0);
-pref("noscript.forbidMedia", true);
-pref("offline-apps.allow_by_default", false); // https://support.mozilla.org/en-US/questions/1014708
-//pref("pdfjs.disabled", true); // https://www.exploit-db.com/exploits/37958/
-pref("permissions.memory_only", true);
-pref("pfs.datasource.url", "about:blank"); // Fingerprints the user, not HTTPS. Remove it.
-pref("pfs.filehint.url", "about:blank");
-pref("plugin.disable", true); // Disable to search plugins on first start
-pref("plugin.expose_full_path", false);
-pref("plugin.state.flash", 0);
-pref("plugin.state.libgnome-shell-browser-plugin", 0); // disable Gnome Shell Integration
-pref("plugins.click_to_play", true);
-pref("plugins.enumerable_names", "about:blank");
-pref("plugins.hideMissingPluginsNotification", true);
+pref("media.eme.apiVisible", false);
+
+// Default to classic view for about:newtab
+pref("browser.newtabpage.enhanced", false);
+
+// Override add-on signing
+pref("xpinstall.signatures.required", false);
+
+// Poodle attack
+pref("security.tls.version.min", 1);
+
+// Don't call home for blacklisting
+pref("extensions.blocklist.enabled", false);
+
+// Disable plugin installer
pref("plugins.hide_infobar_for_missing_plugin", true);
pref("plugins.hide_infobar_for_outdated_plugin", true);
pref("plugins.notifyMissingFlash", false);
-pref("privacy.announcements.enabled", false);
-pref("privacy.donottrackheader.enabled", false); // http://www.howtogeek.com/126705/why-enabling-do-not-track-doesnt-stop-you-from-being-tracked/
+
+//https://developer.mozilla.org/en-US/docs/Web/API/MediaSource
+//pref("media.mediasource.enabled",true);
+
+//Speeding it up
+pref("network.http.pipelining", true);
+pref("network.http.proxy.pipelining", true);
+pref("network.http.pipelining.maxrequests", 10);
+pref("nglayout.initialpaint.delay", 0);
+
+// Disable third party cookies
+pref("network.cookie.cookieBehavior", 1);
+
+// Prevent EULA dialog to popup on first run
+pref("browser.EULA.override", true);
+
+// disable app updater url
+pref("app.update.url", "http://127.0.0.1/");"
+
+// Set useragent to Firefox compatible
+//pref("general.useragent.compatMode.firefox", true);
+// Spoof the useragent to a generic one
+pref("general.useragent.compatMode.firefox", true);
+// Spoof the useragent to a generic one
+pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0");
+pref("general.appname.override", "Netscape");
+pref("general.appversion.override", "48.0");
+pref("general.buildID.override", "Gecko/20100101");
+pref("general.oscpu.override", "Windows NT 6.1");
+pref("general.platform.override", "Win32");
+
+// Privacy & Freedom Issues
+// https://webdevelopmentaid.wordpress.com/2013/10/21/customize-privacy-settings-in-mozilla-firefox-part-1-aboutconfig/
+// https://panopticlick.eff.org
+// http://ip-check.info
+// http://browserspy.dk
+// https://wiki.mozilla.org/Fingerprinting
+// http://www.browserleaks.com
+// http://fingerprint.pet-portal.eu
+pref("privacy.donottrackheader.enabled", true);
pref("privacy.donottrackheader.value", 1);
-pref("privacy.thirdparty.isolate", 2); // Always enforce third party isolation
-pref("privacy.trackingprotection.enabled", true);
-pref("privacy.trackingprotection.pbmode.enabled", true);
-pref("security.OCSP.enabled", 0); // https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol#Privacy_concerns
-pref("security.OCSP.require", false);
-pref("security.ask_for_password", 0);
-pref("security.cert_pinning.enforcement_level", 2); // https://trac.torproject.org/projects/tor/ticket/16206
-pref("security.enable_tls_session_tickets", false);
-pref("security.mixed_content.block_active_content", true); // Note: Can be disabled for user experience. https://bugzilla.mozilla.org/show_bug.cgi?id=878890
-pref("security.nocertdb", false);
-pref("security.ssl.errorReporting.url", "");
-pref("security.ssl.errorReporting.enabled", false);
-pref("security.ssl.disable_session_identifiers", true);
-pref("security.ssl.enable_false_start", true);
-pref("security.ssl.require_safe_negotiation", true);
-pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
-pref("security.ssl3.rsa_seed_sha", true);
-pref("security.tls.insecure_fallback_hosts.use_static_list", false);
-pref("security.tls.unrestricted_rc4_fallback", false);
-pref("security.tls.version.max", 3);
-pref("security.tls.version.min", 1);
-pref("services.kinto.base", "");
-pref("services.sync.engine.addons", false);
-pref("services.sync.engine.prefs", false); // Never sync prefs, addons, or tabs with other browsers
-pref("services.sync.engine.tabs", false);
-pref("services.sync.prefs.sync.addons.ignoreUserEnabledChanges", false);
-pref("services.sync.prefs.sync.extensions.update.enabled", false);
-pref("services.sync.serverURL", "about:blank");
-pref("services.sync.jpake.serverURL", "about:blank");
-pref("signon.autofillForms", false); // disable cross-site form exposure from password manager - http://kb.mozillazine.org/Signon.autofillForms
-//pref("signon.rememberSignons", false);
-pref("social.directories", "");
+pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
+pref("browser.safebrowsing.enabled", false);
+pref("browser.safebrowsing.malware.enabled", false);
+//pref("services.sync.privacyURL", "https://www.gnu.org/software/gnuzilla/");
pref("social.enabled", false);
pref("social.remote-install.enabled", false);
-pref("social.shareDirectory", "");
+pref("datareporting.healthreport.uploadEnabled", false);
+pref("datareporting.healthreport.about.reportUrl", "127.0.0.1");
+pref("datareporting.healthreport.documentServerURI", "127.0.0.1");
+pref("healthreport.uploadEnabled", false);
pref("social.toast-notifications.enabled", false);
-pref("social.whitelist", "");
-pref("startup.homepage_override_url", "");
-pref("startup.homepage_welcome_url", "");
-pref("svg.in-content.enabled", true);
+pref("datareporting.policy.dataSubmissionEnabled", false);
+pref("datareporting.healthreport.service.enabled", false);
+pref("browser.slowStartup.notificationDisabled", true);
+pref("network.http.sendRefererHeader", 2);
+//pref("network.http.referer.spoofSource", true);
+//http://grack.com/blog/2010/01/06/3rd-party-cookies-dom-storage-and-privacy/
+//pref("dom.storage.enabled", false);
+pref("dom.event.clipboardevents.enabled",false);
+pref("network.prefetch-next", false);
+pref("network.dns.disablePrefetch", true);
+pref("network.http.sendSecureXSiteReferrer", false);
pref("toolkit.telemetry.enabled", false);
-pref("toolkit.telemetry.server", "about:blank");
-pref("toolkit.telemetry.archive.enabled", false);
-pref("ui.key.menuAccessKeyFocuses", false); // Disable "alt" as a shortcut key to open full menu bar. Conflicts with "alt" as a modifier
-//pref("webgl.disable-extensions", true);
-//pref("webgl.disabled", true);
-pref("webgl.min_capability_mode", true);
-pref("xpinstall.signatures.required", true); // Requires AMO signing key for addons
-pref("xpinstall.whitelist.add", "");
-pref("xpinstall.whitelist.add.36", "");
+// Do not tell what plugins do we have enabled: https://mail.mozilla.org/pipermail/firefox-dev/2013-November/001186.html
+pref("plugins.enumerable_names", "");
+pref("plugin.state.flash", 1);
+// Do not autoupdate search engines
+pref("browser.search.update", false);
+// Warn when the page tries to redirect or refresh
+//pref("accessibility.blockautorefresh", true);
+pref("dom.battery.enabled", false);
+pref("device.sensors.enabled", false);
+pref("camera.control.face_detection.enabled", false);
+pref("camera.control.autofocus_moving_callback.enabled", false);
+pref("network.http.speculative-parallel-limit", 0);
+
+// Crypto hardening
+// https://gist.github.com/haasn/69e19fc2fe0e25f3cff5
+//General settings
+//pref("security.tls.unrestricted_rc4_fallback", false);
+//pref("security.tls.insecure_fallback_hosts.use_static_list", false);
+//pref("security.tls.version.min", 1);
+//pref("security.ssl.require_safe_negotiation", true);
+//pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
+//pref("security.ssl3.rsa_seed_sha", true);
+//pref("security.OCSP.enabled", 1);
+//pref("security.OCSP.require", true);
+
+// Disable channel updates
+pref("app.update.enabled", false);
+pref("app.update.auto", false);
+
+pref("font.default.x-western", "sans-serif");
+
+// Preferences for the Get Add-ons panel
+pref ("extensions.webservice.discoverURL", "https://directory.fsf.org/wiki/GNU_IceCat");
+pref ("extensions.getAddons.search.url", "https://directory.fsf.org/wiki/GNU_IceCat");
+
+// Mobile
+pref("privacy.announcements.enabled", false);
+pref("browser.snippets.enabled", false);
+pref("browser.snippets.syncPromo.enabled", false);
+pref("browser.snippets.geoUrl", "http://127.0.0.1/");
+pref("browser.snippets.updateUrl", "http://127.0.0.1/");
+pref("browser.snippets.statsUrl", "http://127.0.0.1/");
+pref("datareporting.policy.firstRunTime", 0);
+pref("datareporting.policy.dataSubmissionPolicyVersion", 2);
+pref("browser.webapps.checkForUpdates", 0);
+pref("browser.webapps.updateCheckUrl", "http://127.0.0.1/");
+pref("app.faqURL", "http://libreplanet.org/wiki/Group:IceCat/FAQ");
+
+// PFS url
+pref("pfs.datasource.url", "http://gnuzilla.gnu.org/plugins/PluginFinderService.php?mimetype=%PLUGIN_MIMETYPE%");
+pref("pfs.filehint.url", "http://gnuzilla.gnu.org/plugins/PluginFinderService.php?mimetype=%PLUGIN_MIMETYPE%");
+
+// Disable Gecko media plugins: https://wiki.mozilla.org/GeckoMediaPlugins
+pref("media.gmp-manager.url", "http://127.0.0.1/");
+pref("media.gmp-manager.url.override", "data:text/plain,");
+pref("media.gmp-provider.enabled", false);
+// Don't install openh264 codec
+pref("media.gmp-gmpopenh264.enabled", false);
+
+//Disable heartbeat
+pref("browser.selfsupport.url", "");
+
+//Disable Link to FireFox Marketplace, currently loaded with non-free "apps"
+pref("browser.apps.URL", "");
+
+//Disable Firefox Hello
+pref("loop.enabled",false);
+pref("loop.feedback.baseUrl", "");
+pref("loop.gettingStarted.url", "");
+pref("loop.learnMoreUrl", "");
+pref("loop.legal.ToS_url", "");
+pref("loop.legal.privacy_url", "");
+pref("loop.oauth.google.redirect_uri", "");
+pref("loop.oauth.google.scope", "");
+pref("loop.server", "");
+pref("loop.soft_start_hostname", "");
+pref("loop.support_url", "");
+pref("loop.throttled2",false);
+
+// Use old style preferences, that allow javascript to be disabled
+pref("browser.preferences.inContent",false);
+
+// Don't download ads for the newtab page
+pref("browser.newtabpage.directory.source", "");
+pref("browser.newtabpage.directory.ping", "");
+pref("browser.newtabpage.introShown", true);
+
+// Disable home snippets
+pref("browser.aboutHomeSnippets.updateUrl", "data:text/html");
+
+// Disable hardware acceleration and WebGL
+//pref("layers.acceleration.disabled", false);
+pref("webgl.disabled", false);
+
+// Disable SSDP
+pref("browser.casting.enabled", false);
+
+//Disable directory service
+pref("social.directories", "");
+pref("social.whitelist", "");
+pref("social.shareDirectory", "");