From 66e8c64daaf4f4ec244eb3ff97495b5342ba4479 Mon Sep 17 00:00:00 2001 From: yokoffing <11689349+yokoffing@users.noreply.github.com> Date: Sat, 17 Aug 2024 10:46:07 -0400 Subject: [PATCH] Updated Optional Hardening (markdown) --- Optional-Hardening.md | 41 ++++++++++++++++++++++++----------------- 1 file changed, 24 insertions(+), 17 deletions(-) diff --git a/Optional-Hardening.md b/Optional-Hardening.md index 61e31cd..ef28785 100644 --- a/Optional-Hardening.md +++ b/Optional-Hardening.md @@ -84,6 +84,30 @@ user_pref("dom.security.https_only_mode_error_page_user_suggestions", true); *** +### Downloads + +Enforce Firefox to inform you of any download attempts. + +#### Always ask where to save files + +* `☰` *→ Settings → General → Files and Applications → Downloads → Always ask you where to save files* + +```javascript +// PREF: ask where to save every file +user_pref("browser.download.useDownloadDir", false); +``` + +#### Ask to open or save new file types + +* `☰` *→ Settings → General → Files and Applications → Applications → What should Firefox do with other files?* + +```javascript +// PREF: ask whether to open or save new file types +user_pref("browser.download.always_ask_before_handling_new_types", true); +``` + +*** + ### Disk Cache Keep in mind that disabling the disk cache is only available on Firefox. It is consider a non-issue in any other browser. @@ -212,23 +236,6 @@ You can confirm if DRM is disabled by going [here](https://bitmovin.com/demos/dr *** -### Require Secure Renegotiation - -Block connections to servers that do not support RFC 5746, as they are potentially [vulnerable](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555) to man-in-the-middle attacks. - -A server without [RFC 5746](https://datatracker.ietf.org/doc/html/rfc5746) can be safe from the attack if it disables renegotiations. However, the browser cannot know that. Setting this pref to `true` is the only way to ensure no unsafe renegotiations occur between the browser and the server. - -> [!WARNING] -> Some sites, like `EA.com`, will not let you login due to their weak encryption. - -```javascript -// PREF: require safe SSL negotiation -// [ERROR] SSL_ERROR_UNSAFE_NEGOTIATION -user_pref("security.ssl.require_safe_negotiation", true); -``` - -*** - ### default-browser-agent On Windows, Mozilla [collects](https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/data/default-browser-ping.html) information on what you've set as your default browser.