From 9052068d89f8dc5a5a7691fb90046fefe13b9597 Mon Sep 17 00:00:00 2001
From: yokoffing <11689349+yokoffing@users.noreply.github.com>
Date: Mon, 2 Jun 2025 00:45:46 -0400
Subject: [PATCH] 138.0 (#392)
---
Fastfox.js | 19 ++++++++++---------
README.md | 2 +-
Securefox.js | 25 +++++++++++++++++--------
personal/user-overrides.js | 11 ++++++++++-
user.js | 15 +++++++++------
zen/user.js | 6 ++++--
6 files changed, 51 insertions(+), 27 deletions(-)
diff --git a/Fastfox.js b/Fastfox.js
index a648650..33ff68a 100644
--- a/Fastfox.js
+++ b/Fastfox.js
@@ -254,13 +254,14 @@ user_pref("browser.cache.disk.enable", false);
// that only contains settings for systems at or below 8GB of system memory [1].
// Waterfox G6 allows it to go above 8GB machines [3].
// Value can be up to the max size of an unsigned 64-bit integer.
-// -1=Automatically decide the maximum memory to use to cache decoded images,
+// -1 = Automatically decide the maximum memory to use to cache decoded images,
// messages, and chrome based on the total amount of RAM
+// For machines with 8GB+ RAM, that equals 32768 kb = 32 MB
// [1] https://kb.mozillazine.org/Browser.cache.memory.capacity#-1
// [2] https://searchfox.org/mozilla-central/source/netwerk/cache2/CacheObserver.cpp#94-125
// [3] https://github.com/WaterfoxCo/Waterfox/commit/3fed16932c80a2f6b37d126fe10aed66c7f1c214
-//user_pref("browser.cache.memory.capacity", -1); // DEFAULT; 256000=256 MB; 512000=500 MB; 1048576=1GB, 2097152=2GB
-//user_pref("browser.cache.memory.max_entry_size", 10240); // (10 MB); default=5120 (5 MB)
+//user_pref("browser.cache.memory.capacity", 131072); // (128 MB)
+//user_pref("browser.cache.memory.max_entry_size", 20480); // (20 MB); default=5120 (5 MB)
// PREF: amount of Back/Forward cached pages stored in memory for each tab
// Pages that were recently visited are stored in memory in such a way
@@ -271,7 +272,7 @@ user_pref("browser.cache.disk.enable", false);
// is no reason for Firefox to keep memory for this.
// -1=determine automatically (8 pages)
// [1] https://kb.mozillazine.org/Browser.sessionhistory.max_total_viewers#Possible_values_and_their_effects
-//user_pref("browser.sessionhistory.max_total_viewers", 4);
+user_pref("browser.sessionhistory.max_total_viewers", 4);
/****************************************************************************
* SECTION: MEDIA CACHE *
@@ -403,7 +404,7 @@ user_pref("network.ssl_tokens_cache_capacity", 10240); // default=2048; more TLS
// [3] https://searchfox.org/mozilla-central/rev/028c68d5f32df54bca4cf96376f79e48dfafdf08/modules/libpref/init/all.js#1280-1282
// [4] https://www.keycdn.com/blog/resource-hints#prefetch
// [5] https://3perf.com/blog/link-rels/#prefetch
-//user_pref("network.http.speculative-parallel-limit", 20); // DEFAULT (FF127+?)
+user_pref("network.http.speculative-parallel-limit", 0);
// PREF: DNS prefetching for HTMLLinkElement
// Used for cross-origin connections to provide small performance improvements.
@@ -417,7 +418,7 @@ user_pref("network.ssl_tokens_cache_capacity", 10240); // default=2048; more TLS
user_pref("network.dns.disablePrefetch", true);
user_pref("network.dns.disablePrefetchFromHTTPS", true); // [FF127+ false]
-// PREF: DNS prefetch for HTMLAnchorElement (speculative DNS)
+// PREF: DNS prefetch for HTMLAnchorElement (speculative DNS)
// Disable speculative DNS calls to prevent Firefox from resolving
// hostnames for other domains linked on a page. This may eliminate
// unnecessary DNS lookups, but can increase latency when following external links.
@@ -436,11 +437,11 @@ user_pref("network.dns.disablePrefetch", true);
// [NOTE] Firefox will perform DNS lookup (if enabled) and TCP and TLS handshake,
// but will not start sending or receiving HTTP data.
// [1] https://www.ghacks.net/2017/07/24/disable-preloading-firefox-autocomplete-urls/
-//user_pref("browser.urlbar.speculativeConnect.enabled", false);
+user_pref("browser.urlbar.speculativeConnect.enabled", false);
// PREF: mousedown speculative connections on bookmarks and history [FF98+]
// Whether to warm up network connections for places:menus and places:toolbar.
-//user_pref("browser.places.speculativeConnect.enabled", false);
+user_pref("browser.places.speculativeConnect.enabled", false);
// PREF: network module preload [FF115+]
// High-priority loading of current page JavaScript modules.
@@ -498,7 +499,7 @@ user_pref("network.prefetch-next", false);
// When enabled, it trains and uses Firefox's algorithm to preload page resource
// by tracking past page resources. It uses a local file (history) of needed images,
// scripts, etc. to request them preemptively when navigating.
-// [NOTE] By default, it only preconnects, doing DNS, TCP, and SSL handshakes.
+// [NOTE] By default, it only preconnects DNS, TCP, and SSL handshakes.
// No data sends until clicking. With "network.predictor.enable-prefetch" enabled,
// it also performs prefetches.
// [1] https://wiki.mozilla.org/Privacy/Reviews/Necko
diff --git a/README.md b/README.md
index 7211d1c..fba5e95 100644
--- a/README.md
+++ b/README.md
@@ -48,7 +48,7 @@ The `user.js` — a configuration file that controls Firefox settings — is cur
* [Zen](https://github.com/zen-browser/desktop?tab=readme-ov-file) | [files](https://github.com/zen-browser/desktop/blob/stable/src/browser/app/profile/zen-browser.js) (July 2024)
* [Midori](https://github.com/goastian/midori-desktop/blob/ESR115/README.md) | [files](https://github.com/goastian/midori-desktop/blob/f3d8d96eb8e08f35a64e3c957bea4e839d7c7730/floorp/browser/components/userjsUtils.sys.mjs#L28-L33) (Dec 2023?)
* [Mercury](https://github.com/Alex313031/Mercury/releases/tag/v.115.3.0) | [files](https://github.com/Alex313031/Mercury/commit/eb9600f9fb8f48c8f5b5c6f3264fbcdb5caff7f5) (Sep 2023)
-* [Waterfox](https://www.waterfox.net/en-US/docs/releases/G6.0/) | [files](https://github.com/WaterfoxCo/Waterfox/tree/current/waterfox/browser/app/profile) (Sep 2023)
+* [Waterfox](https://www.waterfox.net/docs/releases/G6.0/) | [files](https://github.com/WaterfoxCo/Waterfox/tree/current/waterfox/browser/app/profile) (Sep 2023)
* [Floorp](https://github.com/Floorp-Projects/Floorp#-betterfox) [1](https://github.com/Floorp-Projects/Floorp/issues/233#issuecomment-1543557167) [2](https://blog.ablaze.one/3135/2023-04-01/) | [files](https://github.com/Floorp-Projects/Floorp/blob/ESR115/floorp/browser/components/preferences/userjs.inc.xhtml) (Apr 2023)
* [Pulse](https://github.com/pulse-browser/browser#%EF%B8%8F-credits) | [files](https://github.com/pulse-browser/browser/tree/alpha/src/browser/app/profile) (Dec 2021)
* [Ghostery Private Browser](https://github.com/ghostery/user-agent-desktop#community) [1](https://web.archive.org/web/20210509171835/https://www.ghostery.com/ghostery-dawn-update-more/) [2](https://web.archive.org/web/20210921114333/https://www.ghostery.com/ghostery-dawn-product-update/) | [files](https://github.com/ghostery/user-agent-desktop/tree/main/brands/ghostery/branding/pref) (Feb 2021)
diff --git a/Securefox.js b/Securefox.js
index 483e897..ff66234 100644
--- a/Securefox.js
+++ b/Securefox.js
@@ -3,7 +3,7 @@
* Securefox *
* "Natura non contristatur" *
* priority: provide sensible security and privacy *
- * version: 137 *
+ * version: 138 *
* url: https://github.com/yokoffing/Betterfox *
* credit: Most prefs are reproduced and adapted from the arkenfox project *
* credit urL: https://github.com/arkenfox/user.js *
@@ -61,7 +61,7 @@ user_pref("browser.contentblocking.category", "strict"); // [HIDDEN]
// [2] https://www.youtube.com/watch?v=VE8SrClOTgw
// [3] https://searchfox.org/mozilla-central/source/browser/extensions/webcompat/data/shims.js
//user_pref("extensions.webcompat.enable_shims", true); // [HIDDEN] enabled with "Strict"
-//user_pref("extensions.webcompat.smartblockEmbeds.enabled", true); // enabled with "Strict"
+//user_pref("extensions.webcompat.smartblockEmbeds.enabled", true); // [DEFAULT FF137+]
// PREF: allow embedded tweets and reddit posts [FF136+]
// [TEST - reddit embed] https://www.pcgamer.com/amazing-halo-infinite-bugs-are-already-rolling-in/
@@ -121,6 +121,7 @@ user_pref("browser.contentblocking.category", "strict"); // [HIDDEN]
// [5] https://hacks.mozilla.org/2021/02/introducing-state-partitioning/
// [6] https://github.com/arkenfox/user.js/issues/1281
// [7] https://hacks.mozilla.org/2022/02/improving-the-storage-access-api-in-firefox/
+// [8] https://blog.includesecurity.com/2025/04/cross-site-websocket-hijacking-exploitation-in-2025/
//user_pref("network.cookie.cookieBehavior", 5); // DEFAULT FF103+
//user_pref("network.cookie.cookieBehavior.optInPartitioning", true); // [ETP FF132+]
//user_pref("browser.contentblocking.reject-and-isolate-cookies.preferences.ui.enabled", true); // DEFAULT
@@ -166,6 +167,7 @@ user_pref("browser.contentblocking.category", "strict"); // [HIDDEN]
// [6] https://web.dev/samesite-cookies-explained/
// [7] https://portswigger.net/web-security/csrf/bypassing-samesite-restrictions
// [8] https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
+// [9] https://blog.includesecurity.com/2025/04/cross-site-websocket-hijacking-exploitation-in-2025/
// [TEST] https://samesite-sandbox.glitch.me/
//user_pref("network.cookie.sameSite.laxByDefault", true);
//user_pref("network.cookie.sameSite.noneRequiresSecure", true); // [DEFAULT FF131+]
@@ -660,6 +662,7 @@ user_pref("network.IDN_show_punycode", true);
// [4] https://web.dev/why-https-matters/
// [5] https://www.cloudflare.com/learning/ssl/why-use-https/
// [6] https://blog.chromium.org/2023/08/towards-https-by-default.html
+// [7] https://attackanddefense.dev/2025/03/31/https-first-in-firefox-136.html
//user_pref("dom.security.https_first", true); // [DEFAULT FF136+]
//user_pref("dom.security.https_first_pbm", true); // [DEFAULT FF91+]
//user_pref("dom.security.https_first_schemeless", true); // [FF120+] [DEFAULT FF129+]
@@ -891,7 +894,7 @@ user_pref("signon.privateBrowsingCapture.enabled", false);
// 0=don't allow sub-resources to open HTTP authentication credentials dialogs
// 1=don't allow cross-origin sub-resources to open HTTP authentication credentials dialogs
// 2=allow sub-resources to open HTTP authentication credentials dialogs (default)
-// [1] https://www.fxsitecompat.com/en-CA/docs/2015/http-auth-dialog-can-no-longer-be-triggered-by-cross-origin-resources/
+// [1] https://web.archive.org/web/20181123134351/https://www.fxsitecompat.com/en-CA/docs/2015/http-auth-dialog-can-no-longer-be-triggered-by-cross-origin-resources/
user_pref("network.auth.subresource-http-auth-allow", 1);
// PREF: prevent password truncation when submitting form data
@@ -1270,6 +1273,8 @@ user_pref("browser.safebrowsing.downloads.remote.enabled", false);
// To add site exceptions: Page Info>Permissions>Receive Notifications
// To manage site exceptions: Options>Privacy & Security>Permissions>Notifications>Settings
// 0=always ask (default), 1=allow, 2=block
+// [1] https://easylinuxtipsproject.blogspot.com/p/security.html#ID5
+// [2] https://github.com/yokoffing/Betterfox/wiki/Common-Overrides#site-notifications
user_pref("permissions.default.desktop-notification", 2);
// PREF: default permission for Location Requests
@@ -1323,6 +1328,10 @@ user_pref("permissions.manager.defaultsUrl", "");
// PREF: remove webchannel whitelist
//user_pref("webchannel.allowObject.urlWhitelist", ""); // [DEFAULT FF132+]
+// PREF: disable metadata caching for installed add-ons by default
+// [1] https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
+user_pref("extensions.getAddons.cache.enabled", false);
+
/******************************************************************************
* SECTION: TELEMETRY *
******************************************************************************/
@@ -1364,8 +1373,7 @@ user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
user_pref("browser.newtabpage.activity-stream.telemetry", false);
// PREF: disable daily active users [FF136+]
-// [NOTE] Already disabled by main telemetry switch
-//user_pref("datareporting.usage.uploadEnabled", false);
+user_pref("datareporting.usage.uploadEnabled", false);
/******************************************************************************
* SECTION: EXPERIMENTS *
@@ -1399,15 +1407,16 @@ user_pref("browser.tabs.crashReporting.sendReport", false);
******************************************************************************/
// PREF: disable Captive Portal detection
+// [WARNING] Do NOT use for mobile devices. May NOT be able to use Firefox on public wifi (hotels, coffee shops, etc).
// [1] https://www.eff.org/deeplinks/2017/08/how-captive-portals-interfere-wireless-security-and-privacy
// [2] https://wiki.mozilla.org/Necko/CaptivePortal
-user_pref("captivedetect.canonicalURL", "");
-user_pref("network.captive-portal-service.enabled", false);
+//user_pref("captivedetect.canonicalURL", "");
+//user_pref("network.captive-portal-service.enabled", false);
// PREF: disable Network Connectivity checks
// [WARNING] Do NOT use for mobile devices. May NOT be able to use Firefox on public wifi (hotels, coffee shops, etc).
// [1] https://bugzilla.mozilla.org/1460537
-user_pref("network.connectivity-service.enabled", false);
+//user_pref("network.connectivity-service.enabled", false);
// PREF: disable Privacy-Preserving Attribution [FF128+]
// [NOTE] PPA disabled if main telemetry switches are disabled.
diff --git a/personal/user-overrides.js b/personal/user-overrides.js
index b2f8412..ba1fbf2 100644
--- a/personal/user-overrides.js
+++ b/personal/user-overrides.js
@@ -19,7 +19,16 @@
/** FASTFOX ***/
user_pref("browser.sessionstore.restore_pinned_tabs_on_demand", true);
-user_pref("browser.sessionhistory.max_total_viewers", 4); // only remember # of pages in Back-Forward cache
+
+// SPECULATIVE LOADING WITHOUT PREDICTOR
+user_pref("network.http.speculative-parallel-limit", 20);
+//user_pref("network.dns.disablePrefetch", false);
+//user_pref("network.dns.disablePrefetchFromHTTPS", false);
+//user_pref("dom.prefetch_dns_for_anchor_https_document", true);
+user_pref("browser.urlbar.speculativeConnect.enabled", true);
+user_pref("browser.places.speculativeConnect.enabled", true);
+user_pref("network.prefetch-next", true);
+
user_pref("network.http.max-persistent-connections-per-server", 20); // increase download connections
/** SECUREFOX ***/
diff --git a/user.js b/user.js
index c81b5e4..78d9d23 100644
--- a/user.js
+++ b/user.js
@@ -10,7 +10,7 @@
/****************************************************************************
* Betterfox *
* "Ad meliora" *
- * version: 137 *
+ * version: 138 *
* url: https://github.com/yokoffing/Betterfox *
****************************************************************************/
@@ -27,6 +27,9 @@ user_pref("gfx.content.skia-font-cache-size", 20);
/** DISK CACHE ***/
user_pref("browser.cache.disk.enable", false);
+/** MEMORY CACHE ***/
+user_pref("browser.sessionhistory.max_total_viewers", 4);
+
/** MEDIA CACHE ***/
user_pref("media.memory_cache_max_size", 65536);
user_pref("media.cache_readahead_limit", 7200);
@@ -44,8 +47,11 @@ user_pref("network.dnsCacheExpiration", 3600);
user_pref("network.ssl_tokens_cache_capacity", 10240);
/** SPECULATIVE LOADING ***/
+user_pref("network.http.speculative-parallel-limit", 0);
user_pref("network.dns.disablePrefetch", true);
user_pref("network.dns.disablePrefetchFromHTTPS", true);
+user_pref("browser.urlbar.speculativeConnect.enabled", false);
+user_pref("browser.places.speculativeConnect.enabled", false);
user_pref("network.prefetch-next", false);
user_pref("network.predictor.enabled", false);
user_pref("network.predictor.enable-prefetch", false);
@@ -119,6 +125,7 @@ user_pref("permissions.default.geo", 2);
user_pref("geo.provider.network.url", "https://beacondb.net/v1/geolocate");
user_pref("browser.search.update", false);
user_pref("permissions.manager.defaultsUrl", "");
+user_pref("extensions.getAddons.cache.enabled", false);
/** TELEMETRY ***/
user_pref("datareporting.policy.dataSubmissionEnabled", false);
@@ -137,6 +144,7 @@ user_pref("toolkit.coverage.opt-out", true);
user_pref("toolkit.coverage.endpoint.base", "");
user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
user_pref("browser.newtabpage.activity-stream.telemetry", false);
+user_pref("datareporting.usage.uploadEnabled", false);
/** EXPERIMENTS ***/
user_pref("app.shield.optoutstudies.enabled", false);
@@ -147,11 +155,6 @@ user_pref("app.normandy.api_url", "");
user_pref("breakpad.reportURL", "");
user_pref("browser.tabs.crashReporting.sendReport", false);
-/** DETECTION ***/
-user_pref("captivedetect.canonicalURL", "");
-user_pref("network.captive-portal-service.enabled", false);
-user_pref("network.connectivity-service.enabled", false);
-
/****************************************************************************
* SECTION: PESKYFOX *
****************************************************************************/
diff --git a/zen/user.js b/zen/user.js
index d756c81..34a8ab3 100644
--- a/zen/user.js
+++ b/zen/user.js
@@ -10,7 +10,7 @@
/****************************************************************************
* BetterZen *
* "Ex nihilo nihil fit" *
- * version: 137 *
+ * version: 138 *
* url: https://github.com/yokoffing/Betterfox *
****************************************************************************/
@@ -18,7 +18,6 @@
* SECTION: FASTFOX *
****************************************************************************/
/** GFX ***/
-user_pref("gfx.canvas.accelerated.cache-items", 8192); // DEFAULT FF135+
user_pref("gfx.canvas.accelerated.cache-size", 512);
/** DISK CACHE ***/
@@ -105,6 +104,9 @@ user_pref("zen.view.experimental-rounded-view", false);
// Currently bugged if you click to view what's blocked
//user_pref("zen.urlbar.show-protections-icon", true);
+// PREF: Disable the Picture in picture pop-out when changing tabs
+//user_pref("media.videocontrols.picture-in-picture.enable-when-switching-tabs.enabled", false);
+
/****************************************************************************
* START: MY OVERRIDES *
****************************************************************************/