From d50ab008e707f43f2045971ced3ac989c7119f8f Mon Sep 17 00:00:00 2001 From: yokoffing <11689349+yokoffing@users.noreply.github.com> Date: Mon, 9 Oct 2023 18:25:11 -0400 Subject: [PATCH] Updated Optional Hardening (markdown) --- Optional-Hardening.md | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/Optional-Hardening.md b/Optional-Hardening.md index f1ab1eb..36dd8f5 100644 --- a/Optional-Hardening.md +++ b/Optional-Hardening.md @@ -83,25 +83,12 @@ user_pref("dom.security.https_only_mode_error_page_user_suggestions", true); *** -### `default-browser-agent` (Windows only) -On Windows, Mozilla [collects information](https://techdows.com/2020/04/what-is-firefox-default-browser-agent-and-how-to-disable-it.html) on what you've set as your default browser. However, disabling `default-browser-agent.enabled` also breaks the `Make Default...` button to set Firefox as the default browser. - -Add it to your overrides if you do not use this part of the UI (or already have Firefox set as the default browser). - -```javascript -// PREF: disable telemetry of what default browser you use [WINDOWS] -// [NOTE] Breaks "Make Default..." button in Settings. -user_pref("default-browser-agent.enabled", false); -``` - -*** - ### Public Key Pinning [Public Key Pinning](https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning) (PKP) is a tool that boosts the safety of [SSL certificates](https://www.cloudflare.com/learning/ssl/what-is-an-ssl-certificate/) by linking a website to its unique security key. This process ensures that the website you're visiting is real and not fake. PKP stops any attempts to trick your computer into connecting with a fraudulent website. :warning: Sometimes antivirus software — or some other [source](https://github.com/yokoffing/Betterfox/issues/232#issuecomment-1732346856) — won't let you open websites ([example](https://www.reddit.com/r/firefox/comments/16mlv15/kaspersky_cant_scan_encrypted_connections_with/)). -:bulb: Unless you experience unwanted behavior during setup, we strongly recommend you add this override. Reset it to `1` if you run into issues. +:bulb: Reset it to `1` if you run into issues. ```javascript // PREF: enforce certificate pinning @@ -170,6 +157,19 @@ user_pref("network.trr.uri", "https://dns.quad9.net/dns-query"); *** +### `default-browser-agent` (Windows only) +On Windows, Mozilla [collects information](https://techdows.com/2020/04/what-is-firefox-default-browser-agent-and-how-to-disable-it.html) on what you've set as your default browser. However, disabling `default-browser-agent.enabled` also breaks the `Make Default...` button to set Firefox as the default browser. + +Add it to your overrides if you do not use this part of the UI (or already have Firefox set as the default browser). + +```javascript +// PREF: disable telemetry of what default browser you use [WINDOWS] +// [NOTE] Breaks "Make Default..." button in Settings. +user_pref("default-browser-agent.enabled", false); +``` + +*** + ### Require Safe Negotiation Block connections to servers that don't support [RFC 5746](https://datatracker.ietf.org/doc/html/rfc5746) as they're potentially [vulnerable](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555) to a man-in-the-middle attack.