domi/foxgirl-settings
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
foxgirl-settings/dist/docs/settings/security.md

7.2 KiB
Raw Blame History

title
Security

security.insecure_password.ui.enabled

Status: locked

Value: true

Enable insecure password warnings (login forms in non-HTTPS pages)

References

https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please/

https://bugzilla.mozilla.org/show_bug.cgi?id=1319119

https://bugzilla.mozilla.org/show_bug.cgi?id=1217156

security.insecure_field_warning.contextual.enabled

Status: locked

Value: true

Show in-content login form warning UI for insecure login fields

References

https://hg.mozilla.org/integration/mozilla-inbound/rev/f0d146fe7317

network.stricttransportsecurity.preloadlist

Status: locked

Value: false

Disable HSTS preload list (pre-set HSTS sites list provided by Mozilla)

References

https://blog.mozilla.org/security/2012/11/01/preloading-hsts/

https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List

https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

security.ssl.disable_session_identifiers

Status: locked

Value: true

Disable TLS Session Tickets

References

https://www.blackhat.com/us-13/briefings.html#NextGen

https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf

https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-WP.pdf

https://bugzilla.mozilla.org/show_bug.cgi?id=917049

https://bugzilla.mozilla.org/show_bug.cgi?id=967977

network.dns.localDomains

Status: unlocked

Value: "librefox.com"

Blocking GD Parking Scam Site

security.tls.version.fallback-limit

Status: locked

Value: 3

Disable insecure TLS version fallback

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1084025

https://github.com/pyllyukko/user.js/pull/206#issuecomment-280229645

security.tls.version.min

Status: locked

Value: 2

Only allow TLS 1.[0-3]

References

http://kb.mozillazine.org/Security.tls.version.*

security.cert_pinning.enforcement_level

Status: locked

Value: 2

Enfore Public Key Pinning

References

https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning

https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning

security.pki.sha1_enforcement_level

Status: locked

Value: 1

Disallow SHA-1

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1302140

https://shattered.io/

security.ssl.treat_unsafe_negotiation_as_broken

Status: locked

Value: true

Warn the user when server doesn't support RFC 5746 ('safe' renegotiation)

References

https://wiki.mozilla.org/Security:Renegotiation#security.ssl.treat_unsafe_negotiation_as_broken

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555

browser.ssl_override_behavior

Status: locked

Value: 1

Pre-populate the current URL but do not pre-fetch the certificate in the 'Add Security Exception' dialog

References

http://kb.mozillazine.org/Browser.ssl_override_behavior

https://github.com/pyllyukko/user.js/issues/210

security.ssl.errorReporting.automatic

Status: locked

Value: false

security.ssl.errorReporting.url

Status: locked

Value: ""

security.OCSP.enabled

Status: locked

Value: 0

security.OCSP.require

Status: locked

Value: false

security.ssl.enable_ocsp_stapling

Status: locked

Value: true

References

https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/

security.ssl.errorReporting.enabled

Status: locked

Value: false

security.disable_button.openCertManager

Unused Setting

Status: locked

Value: false

Manage certificates button

security.disable_button.openDeviceManager

Unused Setting

Status: locked

Value: false

Manage security devices button

security.mixed_content.upgrade_display_content

Status: locked

Value: true

security.mixed_content.block_object_subrequest

Status: locked

Value: true

security.mixed_content.block_display_content

Status: locked

Value: true

security.mixed_content.block_active_content

Status: locked

Value: true

security.insecure_connection_icon.enabled

Status: locked

Value: true

security.insecure_connection_icon.pbmode.enabled

Status: locked

Value: true

security.insecure_connection_text.enabled

Status: locked

Value: true

security.ssl3.rsa_des_ede3_sha

Status: locked

Value: false

security.ssl3.rsa_aes_256_sha

Status: locked

Value: false

security.ssl3.rsa_aes_128_sha

Status: locked

Value: false

security.ssl3.ecdh_ecdsa_rc4_128_sha

Status: locked

Value: false

Disable RC4

References

https://developer.mozilla.org/en-US/Firefox/Releases/38#Security

https://bugzilla.mozilla.org/show_bug.cgi?id=1138882

https://rc4.io/

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566

security.ssl3.ecdh_rsa_rc4_128_sha

Status: locked

Value: false

Disable RC4

References

https://developer.mozilla.org/en-US/Firefox/Releases/38#Security

https://bugzilla.mozilla.org/show_bug.cgi?id=1138882

https://rc4.io/

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566

security.ssl3.rsa_seed_sha

Status: locked

Value: false

Disable SEED cipher

References

https://en.wikipedia.org/wiki/SEED