diff --git a/Securefox.js b/Securefox.js index 5d98d90..39ab9f0 100644 --- a/Securefox.js +++ b/Securefox.js @@ -1298,7 +1298,7 @@ user_pref("privacy.userContext.ui.enabled", true); //user_pref("browser.eme.ui.enabled", false); /****************************************************************************** - * SECTION: JIT * + * SECTION: JIT & WASM * ******************************************************************************/ // PREF: Just-In-Time Compilation // Around half of zero-day exploits are directly related to "just in time" @@ -1307,8 +1307,7 @@ user_pref("privacy.userContext.ui.enabled", true); // [1] https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ // [2] https://www.youtube.com/watch?v=i7qlZeDt9o4 -// PREF: JavaScript JIT -// PREF: disable Ion and baseline JIT to harden against JS exploits +// PREF: Ion and Baseline JIT // [NOTE] When both Ion and JIT are disabled, and trustedprincipals // is enabled, then Ion can still be used by extensions [4]. // Tor Browser doesn't even ship with these disabled by default. @@ -1318,31 +1317,40 @@ user_pref("privacy.userContext.ui.enabled", true); // [4] https://bugzilla.mozilla.org/show_bug.cgi?id=1599226 // [5] https://wiki.mozilla.org/IonMonkey // [6] https://github.com/arkenfox/user.js/issues/1791#issuecomment-1891273681 -//user_pref("javascript.options.baselinejit", false); +//user_pref("javascript.options.baselinejit", false); // DO NOT TOUCH //user_pref("javascript.options.ion", false); -//user_pref("javascript.options.jit_trustedprincipals", false); +//user_pref("javascript.options.jit_trustedprincipals", true); // HIDDEN PREF + +// PREF: Blinterp (JIT-like) +// You do not need to touch blinterp unless you want to go even slower +// than the Baseline JIT (which I do not recommend). +//user_pref("javascript.options.blinterp", false); // PREF: WebAssembly JIT [FF52+] // Vulnerabilities [1] have increasingly been found, including those known and fixed // in native programs years ago [2]. WASM has powerful low-level access, making // certain attacks (brute-force) and vulnerabilities more possible. +// trustedprincipals: This controls whether WebAssembly is allowed in "privileged" contexts +// (like your extensions or internal browser scripts). // [STATS] ~0.2% of websites, about half of which are for cryptomining / malvertising [2][3] // [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=wasm // [2] https://spectrum.ieee.org/tech-talk/telecom/security/more-worries-over-the-security-of-web-assembly // [3] https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes //user_pref("javascript.options.wasm", false); //user_pref("javascript.options.wasm_trustedprincipals", false); - //user_pref("javascript.options.wasm_baselinejit", false); + //user_pref("javascript.options.wasm_baselinejit", true); // DO NOT TOUCH //user_pref("javascript.options.wasm_optimizingjit", false); // PREF: Asm.js JIT [FF22+] +// Asm.js is essentially the "ancestor" of WebAssembly. It was a strict subset of JavaScript +// designed to allow browsers to pre-compile code into highly efficient machine instructions. +// However, WebAssembly was created specifically to replace Asm.js and has done so almost entirely. +// Disabling Asm.js removes the "legacy" risk surface without affecting your ability to run modern WebAssembly sites. // [1] http://asmjs.org/ // [2] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=asm.js // [3] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ -//user_pref("javascript.options.asmjs", false); - -// PREF: Blinterp (JIT-like) -//user_pref("javascript.options.blinterp", false); +// [4] https://github.com/rh0dev/slides/blob/master/OffensiveCon2018_From_Assembly_to_JavaScript_and_back.pdf +//user_pref("javascript.options.asmjs", false); // DEFAULT /****************************************************************************** * SECTION: VARIOUS *