This is an automated email from the git hooks/post-receive script.
pierov pushed a commit to branch tor-browser-102.4.0esr-12.0-2 in repository tor-browser.
commit 10a60cd7c4d07d66c57c7aa53e08fff19979b06c Author: Pier Angelo Vendrame pierov@torproject.org AuthorDate: Tue Nov 15 10:05:14 2022 +0100
squash! Firefox preference overrides.
Bug 40783: Review 000-tor-browser.js and 001-base-profile.js for 102
We reviewed all the preferences we set for 102, and remove a few old ones. See the description of that issue to see all the preferences we believed were still valid for 102, and some brief description for the reasons to keep them. --- browser/app/profile/001-base-profile.js | 53 ++++++++++----------------------- 1 file changed, 15 insertions(+), 38 deletions(-)
diff --git a/browser/app/profile/001-base-profile.js b/browser/app/profile/001-base-profile.js index 0d344b55eca8..86684930e896 100644 --- a/browser/app/profile/001-base-profile.js +++ b/browser/app/profile/001-base-profile.js @@ -1,12 +1,11 @@ // Preferences to harden Firefox's security and privacy // Do not edit this file.
-// Use the OS locale by default +// Use the OS locale by default (tor-browser#17400) pref("intl.locale.requested", "");
// Disable initial homepage notifications pref("browser.search.update", false); -pref("browser.rights.3.shown", true); pref("startup.homepage_welcome_url", ""); pref("startup.homepage_welcome_url.additional", "");
@@ -31,12 +30,6 @@ pref("app.update.promptWaitTime", 3600); pref("app.update.staging.enabled", false); #endif
-// Disable "Slow startup" warnings and associated disk history -// (bug #13346) -pref("browser.slowStartup.notificationDisabled", true); -pref("browser.slowStartup.maxSamples", 0); -pref("browser.slowStartup.samples", 0); - // Disable the "Refresh" prompt that is displayed for stale profiles. pref("browser.disableResetPrompt", true);
@@ -47,9 +40,6 @@ pref("permissions.memory_only", true); pref("network.cookie.lifetimePolicy", 2); pref("security.nocertdb", true);
-// Enabled LSNG -pref("dom.storage.next_gen", true); - // Disk activity: TBB Directory Isolation pref("browser.download.useDownloadDir", false); pref("browser.download.manager.addToRecentDocs", false); @@ -63,9 +53,8 @@ pref("browser.sessionstore.privacy_level", 2); pref("browser.privatebrowsing.forceMediaMemoryCache", true); pref("media.memory_cache_max_size", 16384);
-// Enable HTTPS-Only mode +// Enable HTTPS-Only mode (tor-browser#19850) pref("dom.security.https_only_mode", true); -pref("dom.security.https_only_mode.upgrade_onion", false);
// Require Safe Negotiation ( https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27719 ) // Blocks connections to servers that don't support RFC 5746 [2] as they're potentially vulnerable to a @@ -167,7 +156,6 @@ pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0);
// Disable about:newtab and "first run" experiments pref("messaging-system.rsexperimentloader.enabled", false); -pref("trailhead.firstrun.branches", "");
// [SETTING] General>Browsing>Recommend extensions as you browse (Bug #40700) pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); // disable CFR [FF67+] @@ -179,6 +167,8 @@ pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false pref("network.trr.resolvers", "");
// Disable the /etc/hosts parser +// If true, entries from /etc/hosts will be excluded **from TRR results**. +// Vice-versa, if it is false, TRR will override any /etc/hosts customization. pref("network.trr.exclude-etc-hosts", false);
// Disable crlite @@ -186,11 +176,6 @@ pref("security.pki.crlite_mode", 0);
// Disable website password breach alerts pref("signon.management.page.breach-alerts.enabled", false); -pref("extensions.fxmonitor.enabled", false); - -// Remove mobile app tracking URLs -pref("signon.management.page.mobileAndroidURL", ""); -pref("signon.management.page.mobileAppleURL", "");
// Disable remote "password recipes" pref("signon.recipes.remoteRecipes.enabled", false); @@ -222,15 +207,11 @@ pref("security.remote_settings.intermediates.enabled", false); pref("dom.use_components_shim", false); // Enable letterboxing pref("privacy.resistFingerprinting.letterboxing", true); -// Disable network information API everywhere. It gets spoofed in bug 1372072 -// but, alas, the behavior is inconsistent across platforms, see: -// https://trac.torproject.org/projects/tor/ticket/27268#comment:19. We should -// not leak that difference if possible. +// Enforce Network Information API as disabled pref("dom.netinfo.enabled", false); pref("network.http.referer.defaultPolicy", 2); // Bug 32948: Make referer behavior consistent regardless of private browing mode status pref("network.http.referer.XOriginTrimmingPolicy", 2); // Bug 17228: Force trim referer to scheme+host+port in cross-origin requests pref("media.videocontrols.picture-in-picture.enabled", false); // Bug 40148: disable until audited in #40147 -pref("network.http.referer.hideOnionSource", true); // Bug 40463: Disable Windows SSO pref("network.http.windows-sso.enabled", false); // Bug 40383: Disable new PerformanceEventTiming @@ -240,6 +221,7 @@ pref("dom.textMetrics.actualBoundingBox.enabled", false); pref("dom.textMetrics.baselines.enabled", false); pref("dom.textMetrics.emHeight.enabled", false); pref("dom.textMetrics.fontBoundingBox.enabled", false); +// tor-browser#40424 pref("pdfjs.enableScripting", false); pref("javascript.options.large_arraybuffers", false); // Bug 40057: Ensure system colors are not used for CSS4 colors @@ -251,7 +233,7 @@ pref("privacy.partition.network_state", false); // Disable for now until audit pref("network.cookie.cookieBehavior", 1); pref("network.cookie.cookieBehavior.pbmode", 1); pref("network.predictor.enabled", false); // Temporarily disabled. See https://bugs.torproject.org/16633 -// Bug 40177: Make sure tracker cookie purging is disabled +// Bug 40220: Make sure tracker cookie purging is disabled pref("privacy.purge_trackers.enabled", false);
pref("network.dns.disablePrefetch", true); @@ -289,8 +271,8 @@ pref("network.http.http2.default-hpack-buffer", 65536, locked); pref("network.http.http2.websockets", false, locked); pref("network.http.http2.enable-hpack-dump", false, locked);
-// Make sure we don't have any GIO supported protocols (defense in depth -// measure) +// tor-browser#23044: Make sure we don't have any GIO supported protocols +// (defense in depth measure) pref("network.gio.supported-protocols", ""); pref("media.peerconnection.enabled", false); // Disable WebRTC interfaces // Disables media devices but only if `media.peerconnection.enabled` is set to @@ -300,6 +282,7 @@ pref("media.navigator.enabled", false); // We make sure they don't show up on the Add-on panel and confuse users. // And the external update/donwload server must not get pinged. We apply a // clever solution for https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769716. +// See tor-browser#15910. pref("media.gmp-provider.enabled", false); pref("media.gmp-manager.url.override", "data:text/plain,"); // Since ESR52 it is not enough anymore to block pinging the GMP update/download @@ -315,10 +298,6 @@ pref("media.gmp-widevinecdm.visible", false); pref("media.gmp-widevinecdm.enabled", false); pref("media.eme.enabled", false); pref("media.mediadrm-widevinecdm.visible", false); -// WebIDE can bypass proxy settings for remote debugging. It also downloads -// some additional addons that we have not reviewed. Turn all that off. -pref("devtools.webide.autoinstallADBExtension", false); -pref("devtools.webide.enabled", false); // The in-browser debugger for debugging chrome code is not coping with our // restrictive DNS look-up policy. We use "127.0.0.1" instead of "localhost" as // a workaround. See bug 16523 for more details. @@ -326,7 +305,7 @@ pref("devtools.debugger.chrome-debugging-host", "127.0.0.1"); // Disable using UNC paths (bug 26424 and Mozilla's bug 1413868) pref("network.file.disable_unc_paths", true); // Enhance our treatment of file:// to avoid proxy bypasses (see Mozilla's bug -// 1412081) +// 1412081 and CVE-2017-16541) pref("network.file.path_blacklist", "/net");
// Security slider @@ -338,19 +317,18 @@ pref("svg.context-properties.content.allowed-domains", "");
// Network and performance pref("security.ssl.enable_false_start", true); -pref("network.http.connection-retry-timeout", 0); +// tor-browser#18945 pref("network.manage-offline-status", false); // No need to leak things to Mozilla, see bug 21790 and tor-browser#40322 pref("network.captive-portal-service.enabled", false); pref("network.connectivity-service.enabled", false); // As a "defense in depth" measure, configure an empty push server URL (the // DOM Push features are disabled by default via other prefs). +// See tor-browser#18801. pref("dom.push.serverURL", "");
// Extension support pref("extensions.autoDisableScopes", 0); -pref("extensions.bootstrappedAddons", "{}"); -pref("extensions.checkCompatibility.4.*", false); pref("extensions.databaseSchema", 3); pref("extensions.enabledScopes", 5); // AddonManager.SCOPE_PROFILE=1 | AddonManager.SCOPE_APPLICATION=4 pref("extensions.pendingOperations", false); @@ -360,6 +338,7 @@ pref("extensions.pendingOperations", false); pref("extensions.getAddons.showPane", false); pref("extensions.htmlaboutaddons.recommendations.enabled", false); // Bug 26114: Allow NoScript to access addons.mozilla.org etc. +// TODO: Audit again (tor-browser#41445) pref("extensions.webextensions.restrictedDomains", ""); // Don't give Mozilla-recommended third-party extensions special privileges. pref("extensions.postDownloadThirdPartyPrompt", false); @@ -398,11 +377,9 @@ pref("browser.share_menu.allow", false, locked);
// Disable special URL bar behaviors pref("browser.urlbar.suggest.topsites", false); -pref("browser.urlbar.update1.interventions", false); -pref("browser.urlbar.update1.searchTips", false);
// Skip checking omni.ja and other files for corruption since the result -// is only reported via telemetry (which is disabled). +// is only reported via telemetry (which is disabled). See tor-browser#40048. pref("corroborator.enabled", false);
// Onboarding.