notkshitij/Betterfox
1
0
Fork 0
mirror of https://github.com/yokoffing/Betterfox.git synced 2026-06-12 07:30:47 +05:30
Code Issues Releases Wiki Activity

Updated Optional Hardening (markdown)

HJ
2023-10-04 22:18:13 -04:00
parent 3d43bd9bd5
commit 0a12722a62
1 changed files with 15 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Optional-Hardening.md
+15 -15
@@ -52,21 +52,6 @@ user_pref("urlclassifier.features.socialtracking.skipURLs", "");
***
### Public Key Pinning
[Public Key Pinning](https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning) (PKP) is a tool that boosts the safety of [SSL certificates](https://www.cloudflare.com/learning/ssl/what-is-an-ssl-certificate/) by linking a website to its unique security key. This process ensures that the website you're visiting is real and not fake. PKP stops any attempts to trick your computer into connecting with a fraudulent website.
:warning: Sometimes antivirus software — or some other [source](https://github.com/yokoffing/Betterfox/issues/232#issuecomment-1732346856) — won't let you open websites ([example](https://www.reddit.com/r/firefox/comments/16mlv15/kaspersky_cant_scan_encrypted_connections_with/)).
:bulb: Unless you experience unwanted behavior during setup, we strongly recommend you add this override. Reset it to `0` if you run into issues.
```javascript
// PREF: enforce certificate pinning
// [ERROR] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE
user_pref("security.cert_pinning.enforcement_level", 2);
```
***
### HTTPS-Only Mode
We already:
* [block](https://github.com/yokoffing/Betterfox/blob/df5fc26a1bdccd30e01f3c1dfe69a09a2c050410/Securefox.js#L810-L827) HTTP subresources from loading on HTTPS pages, including insecure downloads
@@ -109,6 +94,21 @@ user_pref("default-browser-agent.enabled", false);
***
### Public Key Pinning
[Public Key Pinning](https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning) (PKP) is a tool that boosts the safety of [SSL certificates](https://www.cloudflare.com/learning/ssl/what-is-an-ssl-certificate/) by linking a website to its unique security key. This process ensures that the website you're visiting is real and not fake. PKP stops any attempts to trick your computer into connecting with a fraudulent website.
:warning: Sometimes antivirus software — or some other [source](https://github.com/yokoffing/Betterfox/issues/232#issuecomment-1732346856) — won't let you open websites ([example](https://www.reddit.com/r/firefox/comments/16mlv15/kaspersky_cant_scan_encrypted_connections_with/)).
:bulb: Unless you experience unwanted behavior during setup, we strongly recommend you add this override. Reset it to `0` if you run into issues.
```javascript
// PREF: enforce certificate pinning
// [ERROR] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE
user_pref("security.cert_pinning.enforcement_level", 2);
```
***
### Require Safe Negotiation
Block connections to servers that don't support [RFC 5746](https://datatracker.ietf.org/doc/html/rfc5746) as they're potentially [vulnerable](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555) to a man-in-the-middle attack.