commit 26c9478ed9539a12a3a2939ccd7ef28ce916215d Author: Yawning Angel <yawning@schwanenlied.me> Date: Mon Jul 24 15:59:07 2017 +0000 Default disable `dom.securecontext.whitelist_onions`. Honestly, bluring the line between CA signed HTTPS and onions is terrible. --- ChangeLog | 1 + data/installer/mozilla.cfg | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index 0484a7b..bc20c39 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,7 @@ Changes in version 0.0.12 - UNRELEASED: * Bug 22984: Force IDNs to be displayed as punycode to thwart homograph attacks. * Bug 22967: Force disable crashdump reporting. + * Default disable `dom.securecontext.whitelist_onions`. Changes in version 0.0.11 - 2017-07-18: * Bug 22910: Deprecate the volatile extension dir option. diff --git a/data/installer/mozilla.cfg b/data/installer/mozilla.cfg index dc03adb..1b8f97d 100644 --- a/data/installer/mozilla.cfg +++ b/data/installer/mozilla.cfg @@ -37,3 +37,7 @@ lockPref("extensions.blocklist.enabled", false); // Force IDNs to be displayed as punycode to thwart homograph attacks. defaultPref("network.IDN_show_punycode", true); + +// Anything that tries to blur the line between CA signed HTTPS and Onion +// Services is misguided at best. +defaultPref("dom.securecontext.whitelist_onions", false);