7.2 KiB
title |
---|
Security |
security.insecure_password.ui.enabled
Status: locked
Value: true
Enable insecure password warnings (login forms in non-HTTPS pages)
References
https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please/
https://bugzilla.mozilla.org/show_bug.cgi?id=1319119
https://bugzilla.mozilla.org/show_bug.cgi?id=1217156
security.insecure_field_warning.contextual.enabled
Status: locked
Value: true
Show in-content login form warning UI for insecure login fields
References
https://hg.mozilla.org/integration/mozilla-inbound/rev/f0d146fe7317
network.stricttransportsecurity.preloadlist
Status: locked
Value: false
Disable HSTS preload list (pre-set HSTS sites list provided by Mozilla)
References
https://blog.mozilla.org/security/2012/11/01/preloading-hsts/
https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List
https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
security.ssl.disable_session_identifiers
Status: locked
Value: true
Disable TLS Session Tickets
References
https://www.blackhat.com/us-13/briefings.html#NextGen
https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf
https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-WP.pdf
https://bugzilla.mozilla.org/show_bug.cgi?id=917049
https://bugzilla.mozilla.org/show_bug.cgi?id=967977
network.dns.localDomains
Status: unlocked
Value: "librefox.com"
Blocking GD Parking Scam Site
security.tls.version.fallback-limit
Status: locked
Value: 3
Disable insecure TLS version fallback
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1084025
https://github.com/pyllyukko/user.js/pull/206#issuecomment-280229645
security.tls.version.min
Status: locked
Value: 2
Only allow TLS 1.[0-3]
References
http://kb.mozillazine.org/Security.tls.version.*
security.cert_pinning.enforcement_level
Status: locked
Value: 2
Enfore Public Key Pinning
References
https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning
https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning
security.pki.sha1_enforcement_level
Status: locked
Value: 1
Disallow SHA-1
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1302140
security.ssl.treat_unsafe_negotiation_as_broken
Status: locked
Value: true
Warn the user when server doesn't support RFC 5746 ('safe' renegotiation)
References
https://wiki.mozilla.org/Security:Renegotiation#security.ssl.treat_unsafe_negotiation_as_broken
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555
browser.ssl_override_behavior
Status: locked
Value: 1
Pre-populate the current URL but do not pre-fetch the certificate in the 'Add Security Exception' dialog
References
http://kb.mozillazine.org/Browser.ssl_override_behavior
https://github.com/pyllyukko/user.js/issues/210
security.ssl.errorReporting.automatic
Status: locked
Value: false
security.ssl.errorReporting.url
Status: locked
Value: ""
security.OCSP.enabled
Status: locked
Value: 0
security.OCSP.require
Status: locked
Value: false
security.ssl.enable_ocsp_stapling
Status: locked
Value: true
References
https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
security.ssl.errorReporting.enabled
Status: locked
Value: false
security.disable_button.openCertManager
Unused Setting
Status: locked
Value: false
Manage certificates button
security.disable_button.openDeviceManager
Unused Setting
Status: locked
Value: false
Manage security devices button
security.mixed_content.upgrade_display_content
Status: locked
Value: true
security.mixed_content.block_object_subrequest
Status: locked
Value: true
security.mixed_content.block_display_content
Status: locked
Value: true
security.mixed_content.block_active_content
Status: locked
Value: true
security.insecure_connection_icon.enabled
Status: locked
Value: true
security.insecure_connection_icon.pbmode.enabled
Status: locked
Value: true
security.insecure_connection_text.enabled
Status: locked
Value: true
security.ssl3.rsa_des_ede3_sha
Status: locked
Value: false
security.ssl3.rsa_aes_256_sha
Status: locked
Value: false
security.ssl3.rsa_aes_128_sha
Status: locked
Value: false
security.ssl3.ecdh_ecdsa_rc4_128_sha
Status: locked
Value: false
Disable RC4
References
https://developer.mozilla.org/en-US/Firefox/Releases/38#Security
https://bugzilla.mozilla.org/show_bug.cgi?id=1138882
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566
security.ssl3.ecdh_rsa_rc4_128_sha
Status: locked
Value: false
Disable RC4
References
https://developer.mozilla.org/en-US/Firefox/Releases/38#Security
https://bugzilla.mozilla.org/show_bug.cgi?id=1138882
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566
security.ssl3.rsa_seed_sha
Status: locked
Value: false
Disable SEED cipher