Copied some changes from arkenfox to custom.js, will merge custom.js with user.js later after reviewing all the changes.

2025-06-06 13:06:45 +05:30
parent 0de4b75615
commit 340b263f67
2 changed files with 168 additions and 102 deletions
@@ -114,6 +114,7 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] [DEFAULT: ""]
   // user_pref("network.trr.uri", "https://example.dns");
   // user_pref("network.trr.custom_uri", "https://example.dns");

+
 /*** [SECTION 1200]: HTTPS (SSL/TLS / OCSP / CERTS / HPKP)
   Your cipher and other settings can be used in server side fingerprinting
   [TEST] https://www.ssllabs.com/ssltest/viewMyClient.html
@@ -143,104 +144,6 @@ user_pref("security.ssl.require_safe_negotiation", true);
 * [3] https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/ ***/
 user_pref("security.tls.enable_0rtt_data", false);

-/** OCSP (Online Certificate Status Protocol)
-   [1] https://scotthelme.co.uk/revocation-is-broken/
-   [2] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
-***/
-/* 1211: enforce OCSP fetching to confirm current validity of certificates
- * 0=disabled, 1=enabled (default), 2=enabled for EV certificates only
- * OCSP (non-stapled) leaks information about the sites you visit to the CA (cert authority)
- * It's a trade-off between security (checking) and privacy (leaking info to the CA)
- * [NOTE] This pref only controls OCSP fetching and does not affect OCSP stapling
- * [SETTING] Privacy & Security>Security>Certificates>Query OCSP responder servers...
- * [1] https://en.wikipedia.org/wiki/Ocsp ***/
-user_pref("security.OCSP.enabled", 1); // [DEFAULT: 1]
-/* 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail
- * [SETUP-WEB] SEC_ERROR_OCSP_SERVER_ERROR | SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST
- * When a CA cannot be reached to validate a cert, Firefox just continues the connection (=soft-fail)
- * Setting this pref to true tells Firefox to instead terminate the connection (=hard-fail)
- * It is pointless to soft-fail when an OCSP fetch fails: you cannot confirm a cert is still valid (it
- * could have been revoked) and/or you could be under attack (e.g. malicious blocking of OCSP servers)
- * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
- * [2] https://www.imperialviolet.org/2014/04/19/revchecking.html
- * [3] https://letsencrypt.org/2024/12/05/ending-ocsp/ ***/
-user_pref("security.OCSP.require", true);
-
-/** CERTS / HPKP (HTTP Public Key Pinning) ***/
-/* 1223: enable strict PKP (Public Key Pinning)
- * 0=disabled, 1=allow user MiTM (default; such as your antivirus), 2=strict
- * [SETUP-WEB] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE ***/
-user_pref("security.cert_pinning.enforcement_level", 2);
-/* 1224: enable CRLite [FF73+]
- * 0 = disabled
- * 1 = consult CRLite but only collect telemetry
- * 2 = consult CRLite and enforce both "Revoked" and "Not Revoked" results
- * 3 = consult CRLite and enforce "Not Revoked" results, but defer to OCSP for "Revoked" (default)
- * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1429800,1670985,1753071
- * [2] https://blog.mozilla.org/security/tag/crlite/ ***/
-user_pref("security.remote_settings.crlite_filters.enabled", true); // [DEFAULT: true FF137+]
-user_pref("security.pki.crlite_mode", 2);
-
-/** MIXED CONTENT ***/
-/* 1241: disable insecure passive content (such as images) on https pages ***/
-   // user_pref("security.mixed_content.block_display_content", true); // Defense-in-depth (see 1244)
-/* 1244: enable HTTPS-Only mode in all windows
- * When the top-level is HTTPS, insecure subresources are also upgraded (silent fail)
- * [SETTING] to add site exceptions: Padlock>HTTPS-Only mode>On (after "Continue to HTTP Site")
- * [SETTING] Privacy & Security>HTTPS-Only Mode (and manage exceptions)
- * [TEST] http://example.com [upgrade]
- * [TEST] http://httpforever.com/ | http://http.rip [no upgrade] ***/
-user_pref("dom.security.https_only_mode", true); // [FF76+]
-   // user_pref("dom.security.https_only_mode_pbm", true); // [FF80+]
-/* 1245: enable HTTPS-Only mode for local resources [FF77+] ***/
-   // user_pref("dom.security.https_only_mode.upgrade_local", true);
-/* 1246: disable HTTP background requests [FF82+]
- * When attempting to upgrade, if the server doesn't respond within 3 seconds, Firefox sends
- * a top-level HTTP request without path in order to check if the server supports HTTPS or not
- * This is done to avoid waiting for a timeout which takes 90 seconds
- * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1642387,1660945 ***/
-user_pref("dom.security.https_only_mode_send_http_background_request", false);
-
-/** UI (User Interface) ***/
-/* 1270: display warning on the padlock for "broken security" (if 1201 is false)
- * Bug: warning padlock not indicated for subresources on a secure page! [2]
- * [1] https://wiki.mozilla.org/Security:Renegotiation
- * [2] https://bugzilla.mozilla.org/1353705 ***/
-user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
-/* 1272: display advanced information on Insecure Connection warning pages
- * only works when it's possible to add an exception
- * i.e. it doesn't work for HSTS discrepancies (https://subdomain.preloaded-hsts.badssl.com/)
- * [TEST] https://expired.badssl.com/ ***/
-user_pref("browser.xul.error_pages.expert_bad_cert", true);
-
-/*** [SECTION 1600]: REFERERS
-                  full URI: https://example.com:8888/foo/bar.html?id=1234
-     scheme+host+port+path: https://example.com:8888/foo/bar.html
-          scheme+host+port: https://example.com:8888
-   [1] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/
-***/
-user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!");
-/* 1602: control the amount of cross-origin information to send [FF52+]
- * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/
-user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
-
-/*** [SECTION 1700]: CONTAINERS ***/
-user_pref("_user.js.parrot", "1700 syntax error: the parrot's bit the dust!");
-/* 1701: enable Container Tabs and its UI setting [FF50+]
- * [SETTING] General>Tabs>Enable Container Tabs
- * https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers ***/
-user_pref("privacy.userContext.enabled", true);
-user_pref("privacy.userContext.ui.enabled", true);
-/* 1702: set behavior on "+ Tab" button to display container menu on left click [FF74+]
- * [NOTE] The menu is always shown on long press and right click
- * [SETTING] General>Tabs>Enable Container Tabs>Settings>Select a container for each new tab ***/
-   // user_pref("privacy.userContext.newTabContainerOnLeftClick.enabled", true);
-/* 1703: set external links to open in site-specific containers [FF123+]
- * [SETUP-WEB] Depending on your container extension(s) and their settings
- * true=Firefox will not choose a container (so your extension can)
- * false=Firefox will choose the container/no-container (default)
- * [1] https://bugzilla.mozilla.org/1874599 ***/
-   // user_pref("browser.link.force_default_user_context_id_for_external_opens", true);

 /*** [SECTION 2000]: PLUGINS / MEDIA / WEBRTC ***/
 user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!");
@@ -259,10 +162,9 @@ user_pref("media.peerconnection.ice.default_address_only", true);
 * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/
   // user_pref("media.gmp-provider.enabled", false);

-/*** [SECTION 2400]: DOM (DOCUMENT OBJECT MODEL) ***/
-user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!");
-/* 2402: prevent scripts from moving and resizing open windows ***/
-user_pref("dom.disable_window_move_resize", true);
+
+
+

 /*** [SECTION 2600]: MISCELLANEOUS ***/
 user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!");
@@ -0,0 +1,164 @@
+DISABLE IPv6
+
+/** SPECULATIVE LOADING ***/
+user_pref("browser.send_pings", false); // [DEFAULT: false]
+
+/** SEARCH / URL BAR ***/
+user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+]
+user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); // [FF92+]
+user_pref("browser.urlbar.suggest.searches", false);
+user_pref("browser.search.separatePrivateDefault", true); // [FF70+]
+
+/** PASSWORDS ***/
+user_pref("signon.autofillForms", false);
+user_pref("signon.formlessCapture.enabled", false);
+
+/** SAFE BROWSING ***/
+user_pref("browser.safebrowsing.malware.enabled", false);
+user_pref("browser.safebrowsing.phishing.enabled", false);
+user_pref("browser.safebrowsing.downloads.enabled", false);
+user_pref("browser.safebrowsing.downloads.remote.url", ""); // Defense-in-depth
+user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
+
+/** CRASH REPORTS ***/
+user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [DEFAULT: false]
+
+/** MOZILLA UI ***/
+user_pref("browser.shopping.experience2023.enabled", false); // [DEFAULT: false]
+
+/** URL BAR ***/
+user_pref("browser.urlbar.addons.featureGate", false); // [FF115+]
+user_pref("browser.urlbar.fakespot.featureGate", false); // [FF130+] [DEFAULT: false]
+user_pref("browser.urlbar.mdn.featureGate", false); // [FF117+] [HIDDEN PREF]
+user_pref("browser.urlbar.pocket.featureGate", false); // [FF116+] [DEFAULT: false]
+user_pref("browser.urlbar.weather.featureGate", false); // [FF108+] [DEFAULT: false]
+user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+]
+user_pref("browser.urlbar.clipboard.featureGate", false);
+
+/** SSL / OCSP **/
+user_pref("security.ssl.require_safe_negotiation", true);
+user_pref("security.OCSP.enabled", 1); // [DEFAULT: 1] // CHANGE IN user.js UPAR UPAR
+user_pref("security.OCSP.require", true);
+
+****************************************************************************
+ * START: MY OVERRIDES                                                      *
+ ****************************************************************************/
+// visit https://github.com/yokoffing/Betterfox/wiki/Common-Overrides
+// visit https://github.com/yokoffing/Betterfox/wiki/Optional-Hardening
+// Enter your personal overrides below this line:
+
+// PREF: restore login manager
+user_pref("signon.rememberSignons", true);
+
+// PREF: restore Top Sites on New Tab page
+user_pref("browser.newtabpage.activity-stream.feeds.topsites", true);
+
+// PREF: enable container tabs
+user_pref("privacy.userContext.enabled", true);
+
+/****************************************************************************
+
+/****************************************************************************
+ * HARDENING                                                                *
+ ***************************************************************************/
+
+// PREF: disable Firefox Sync
+user_pref("identity.fxaccounts.enabled", false);
+
+// PREF: disable the Firefox View tour from popping up
+user_pref("browser.firefox-view.feature-tour", '{"screen":"","complete":true}');
+
+// PREF: enable HTTPS-Only Mode
+// Warn me before loading sites that don't support HTTPS
+// in both Normal and Private Browsing windows.
+user_pref("dom.security.https_only_mode", true);
+user_pref("dom.security.https_only_mode_error_page_user_suggestions", true);
+
+// PREF: disable captive portal detection
+// [WARNING] Do NOT use for mobile devices!
+user_pref("captivedetect.canonicalURL", "");
+user_pref("network.captive-portal-service.enabled", false);
+user_pref("network.connectivity-service.enabled", false);
+
+// PREF: set DoH provider
+user_pref("network.trr.uri", "https://family.dns.mullvad.net/dns-query"); // Hagezi Light + TIF
+
+// PREF: enforce DNS-over-HTTPS (DoH)
+user_pref("network.trr.mode", 3);
+
+// PREF: enforce certificate pinning
+// [ERROR] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE
+// 1 = allow user MiTM (such as your antivirus) (default)
+// 2 = strict
+user_pref("security.cert_pinning.enforcement_level", 2);
+
+/* 1224: enable CRLite [FF73+]
+ * 0 = disabled
+ * 1 = consult CRLite but only collect telemetry
+ * 2 = consult CRLite and enforce both "Revoked" and "Not Revoked" results
+ * 3 = consult CRLite and enforce "Not Revoked" results, but defer to OCSP for "Revoked" (default)
+ * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1429800,1670985,1753071
+ * [2] https://blog.mozilla.org/security/tag/crlite/ ***/
+user_pref("security.remote_settings.crlite_filters.enabled", true); // [DEFAULT: true FF137+]
+
+/* 1244: enable HTTPS-Only mode in all windows
+ * When the top-level is HTTPS, insecure subresources are also upgraded (silent fail)
+ * [SETTING] to add site exceptions: Padlock>HTTPS-Only mode>On (after "Continue to HTTP Site")
+ * [SETTING] Privacy & Security>HTTPS-Only Mode (and manage exceptions)
+ * [TEST] http://example.com [upgrade]
+ * [TEST] http://httpforever.com/ | http://http.rip [no upgrade] ***/
+user_pref("dom.security.https_only_mode", true); // [FF76+]
+user_pref("dom.security.https_only_mode_pbm", true); // [FF80+]
+
+// PREF: delete all browsing data on shutdown
+user_pref("privacy.sanitize.sanitizeOnShutdown", true);
+user_pref("privacy.clearOnShutdown_v2.cache", true);
+
+// PREF: after crashes or restarts, do not save extra session data
+// such as form content, scrollbar positions, and POST data
+user_pref("browser.sessionstore.privacy_level", 2);
+
+// PREF: disable all DRM content
+user_pref("media.eme.enabled", false);
+
+// [SETTING] General>Language>Choose your preferred language for displaying pages>Choose>Request English...
+user_pref("privacy.spoof_english", 1);
+
+/** CONTAINERS **/
+user_pref("privacy.userContext.enabled", true);
+user_pref("privacy.userContext.ui.enabled", true);
+
+/** DOM (DOCUMENT OBJECT MODEL) **/
+// Prevent scripts from moving and resizing open windows
+user_pref("dom.disable_window_move_resize", true);
+
+
+/****************************************************************************
+ * BEGINNING OF ARKEN FOX                                                   *
+ ***************************************************************************/
+
+// Geo-location
+user_pref("geo.provider.use_geoclue", false); // [FF102+] [LINUX]
+
+/****************************************************************************
+ * END OF ARKEN FOX                                                         *
+ ***************************************************************************/
+
+
+
+/****************************************************************************************
+ * OPTION: SHARPEN SCROLLING                                                           *
+ ****************************************************************************************/
+// credit: https://github.com/black7375/Firefox-UI-Fix
+// only sharpen scrolling
+user_pref("apz.overscroll.enabled", true); // DEFAULT NON-LINUX
+user_pref("general.smoothScroll", true); // DEFAULT
+user_pref("mousewheel.min_line_scroll_amount", 10); // adjust this number to your liking; default=5
+user_pref("general.smoothScroll.mouseWheel.durationMinMS", 80); // default=50
+user_pref("general.smoothScroll.currentVelocityWeighting", "0.15"); // default=.25
+user_pref("general.smoothScroll.stopDecelerationWeighting", "0.6"); // default=.4
+// Firefox Nightly only:
+// [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1846935
+user_pref("general.smoothScroll.msdPhysics.enabled", false); // [FF122+ Nightly]
+
+