Skip to content

Alters the Mozilla Firefox behaviour extensively and holistically with Firefox customization file(s). The main focus in this project is on privacy and security.

License

Notifications You must be signed in to change notification settings

auberginehill/firefox-customization-files

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Firefox Customization Files

OS: Not defined
Type: Mozilla Firefox customization files
Language: JavaScript
Description:

The deployment of the Firefox Customization File(s) allows to extensively and holistically modify the behaviour of the Mozilla Firefox browser. The settings listed below are mainly centered on reinforcing privacy with a few touches on security, too. For a full list of available settings, please, for example, see a fairly comprehensive list of Firefox privacy and security settings managed by Martin Brinkmann.

This code is partially based on the advice "Browser Security Guidance: Mozilla Firefox" released by the UK government's National Technical Authority for Information Assurance (CESG), which is part of the Government Communications Headquarters (in UK).

Homepage: https://github.com/auberginehill/firefox-customization-files
Short URL: http://tinyurl.com/hc7uvh9
Version: 1.1
Sources:
Emojis: Emoji Table
MozillaZine: Locking preferences
MozillaZine: About:config entries
MozillaZine: User.js file
haasn: about:config.md
MrYar: about:config.md
amq: firefox-debloat
Andrew: Firefox Customization File
Martin Brinkmann: A comprehensive list of Firefox privacy and security settings
Martin Brinkmann: How to disable the Firefox Saved Telemetry Pings and archive folder
UK government's National Technical Authority for Information Assurance (CESG): Browser Security Guidance: Mozilla Firefox
Downloads: For instance prefs.js and firefox.cfg. Or everything as a .zip-file. Or by cloning using git:
git clone https://github.com/auberginehill/firefox-customization-files/

Deployment and Configuration

📖

To use this code with Mozilla Firefox, for instance:

  1. Step 1: Recommended configuration

    Firefox is configured by using two configuration files (a system-wide installation):

      A system-wide installation

      Windows:
      OS Original name Path and file name
      Windows prefs.js %programfiles(x86)%\Mozilla Firefox\defaults\pref\prefs.js
      Windows firefox.cfg %programfiles(x86)%\Mozilla Firefox\firefox.cfg
      Windows prefs.js C:\Program Files (x86)\Mozilla Firefox\defaults\pref\prefs.js
      Windows firefox.cfg C:\Program Files (x86)\Mozilla Firefox\firefox.cfg
      Linux:
      OS Original name Path and file name
      Linux prefs.js Either this file is not required or is copied to ~/.mozilla/firefox/*.default/prefs.js
      Linux firefox.cfg /etc/firefox/firefox.js
      Linux (Debian) firefox.cfg /etc/firefox-esr/firefox-esr.js
      Linux (CentOS 6.3) firefox.cfg /usr/l/usr/lib64/firefox/defaults/preferencesib64/firefox/defaults/preferences/your_site.js
      OS X:
      OS Original name Path and file name
      OS X prefs.js /Applications/Firefox.app/Contents/Resources/defaults/pref/prefs.js
      OS X firefox.cfg /Applications/Firefox.app/Contents/Resources/firefox.cfg

    Build a lock file with computer wide settings (prefs.js) containing only two rows of actual data (in addition to the comments, listed below starting with "pref(") and a configuration file (firefox.cfg) containing all the many configuration settings in accordance with the settings listed further down below starting with "lockPref(". These files should contain the settings which the organisation wishes to configure and enforce. The files are then deployed to the EUDs in %programfiles(x86)%\Mozilla Firefox\firefox.cfg and %programfiles(x86)%\Mozilla Firefox\defaults\pref\prefs.js in Windows – for the file locations and file names in other platforms, please see the tables above. Please note, that a prefs.js file inside a Mozilla Firefox user profile directory (the path to a user profile directory is mentioned in the optional Step 2) shouldn't be altered, since that file with the same name (which resides inside a Mozilla Firefox user profile directory) is generated automatically by the program itself. The main difference between these files, which have a common name (prefs.js) is that the other resides inside the program installation folder (target) and the other is found under user profiles (not to be changed).

      prefs.js (lock file) content:

      pref('general.config.filename', 'firefox.cfg');
      pref('general.config.obscure_value', 0);

  2. Step 2: Optional configuration (concerning a single Firefox user profile)

    Alternatively, if a computer-wide installation is not preferred, Firefox can be configured with a single configuration file, where the installation will concern only a single Firefox user profile.

      N.B. Please read A brief guide to Mozilla preferences
      N.B. In this option before doing any modifications that concern an existing Firefox user profile (for instance in Windows %APPDATA%\Roaming\Mozilla\Firefox\Profiles\[a_profile_name]\), it is highly recommended to backup the whole existing Firefox user profile directory before anything is copied to or otherwise altered inside the Firefox user profile directory, since the settings listed below may alter the browser behaviour quite a bit.
      N.B. In this option it is highly recommended to create a completely new user profile to use with the custom configuration settings.
      N.B. Please note, that a prefs.js file inside a Mozilla Firefox user profile directory shouldn't be altered, since that file (which resides inside a Mozilla Firefox user profile directory) is generated automatically by the program itself.
      N.B. In this option it is mandatory to follow option 3 below.

      File (user.js) location

      OS Original name Path and file name
      Windows firefox.cfg %APPDATA%\Roaming\Mozilla\Firefox\Profiles\[a_profile_name]\user.js
      Linux firefox.cfg ~/.mozilla/firefox/[a_profile_name]/user.js
      OS X firefox.cfg ~/Library/Application Support/Firefox/Profiles/[a_profile_name]/user.js
      Android firefox.cfg /data/data/org.mozilla.firefox/files/mozilla/[a_profile_name]/user.js
      Sailfish OS + Alien Dalvik firefox.cfg /opt/alien/data/data/org.mozilla.firefox/files/mozilla/[a_profile_name]/user.js
      Windows (portable) firefox.cfg [firefox_directory]\Data\[a_profile_name]\user.js

    Build a configuration file called user.js containing all the many configuration settings in accordance with the settings listed further down below starting with "lockPref(". The file should contain the settings which the organisation wishes to configure and enforce. Please notice that since lockPref() may be called only in the configuration file (firefox.cfg), and user.js can only contain pref(), user_pref() and sticky_pref() calls, it is mandatory to follow the Step 3 below before deployment. The file is then deployed to the EUDs in %APPDATA%\Roaming\Mozilla\Firefox\Profiles\[a_profile_name]\user.js in Windows – for the file locations and file names in other platforms, please see the table above. Please note, that a prefs.js file inside a Mozilla Firefox user profile directory shouldn't be altered, since that file which resides inside a Mozilla Firefox user profile directory is generated automatically by the program itself.

  3. Step 3: Tweaking the settings: Setting the settings settable rather than in a locked state

    In the firefox.cfg file, if the settings are preferred to be controllable (not locked) on the about:config -page, please change every


      lockPref("

      to

      pref("

    Please notice that lockPref() may be called only in the configuration file (firefox.cfg), and user.js can only contain pref(), user_pref() and sticky_pref() calls.

  4. Step 4: Additional notes

    For disabling the Pocket integration, please start by removing the "pocket" icon from the toolbar.

Settings

📐

Recommended configuration

    Disable telemetry and health reporting

    Firefox Health Report
    Telemetry (usage statistics)
    Preferences

    lockPref("breakpad.reportURL", "");
    lockPref("browser.tabs.crashReporting.sendReport", false);
    lockPref("datareporting.healthreport.documentServerURI", "");
    lockPref("datareporting.healthreport.service.enabled", false);
    lockPref("datareporting.healthreport.uploadEnabled", false);
    lockPref("datareporting.policy.dataSubmissionEnabled", false);
    lockPref("datareporting.policy.dataSubmissionEnabled.v2", false);
    lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
    lockPref("dom.ipc.plugins.reportCrashURL", false);
    lockPref("toolkit.telemetry.archive.enabled", false);
    lockPref("toolkit.telemetry.cachedClientID", "");
    lockPref("toolkit.telemetry.enabled", false);
    lockPref("toolkit.telemetry.prompted", 2);
    lockPref("toolkit.telemetry.rejected", true);
    lockPref("toolkit.telemetry.server", "");
    lockPref("toolkit.telemetry.unified", false);
    lockPref("toolkit.telemetry.unifiedIsOptIn", true);
    lockPref("toolkit.telemetry.optoutSample", false);

    Disable sync

    lockPref("identity.fxaccounts.auth.uri", "");
    lockPref("identity.fxaccounts.remote.force_auth.uri", "");
    lockPref("identity.fxaccounts.remote.signin.uri", "");
    lockPref("identity.fxaccounts.remote.signup.uri", "");
    lockPref("identity.fxaccounts.settings.uri", "");
    lockPref("services.sync.autoconnect", false);
    lockPref("services.sync.engine.addons", false);
    lockPref("services.sync.engine.bookmarks", false);
    lockPref("services.sync.engine.history", false);
    lockPref("services.sync.engine.passwords", false);
    lockPref("services.sync.engine.prefs", false);
    lockPref("services.sync.engine.tabs", false);
    lockPref("services.sync.serverURL", "");

    Turn on Do not Track

    lockPref("privacy.donottrackheader.enabled", true);
    lockPref("privacy.donottrackheader.value", 1);

    Disable features that have an impact on privacy

    Location-Aware Browsing

    lockPref("accessibility.typeaheadfind", false);
    lockPref("geo.enabled", false);
    lockPref("geo.wifi.logging.enabled", false);
    lockPref("geo.wifi.uri", "");
    lockPref("layout.spellcheckDefault", 0);

    Disable certificate warning bypass

    lockPref("browser.xul.error_pages.enabled", false);

    Enable support for Content Security Policy

    lockPref("security.csp.enable", true);

    Disable Safe Browsing anti-malware

    Safe Browsing communicates with a third party and leaks the browsing history and also sends metadata about the downloads made.
    How does built-in Phishing and Malware Protection work?

    lockPref("browser.safebrowsing.enabled", false);
    lockPref("browser.safebrowsing.downloads.enabled", false);
    lockPref("browser.safebrowsing.malware.enabled", false);

    Turn on XSS Filter

    lockPref("browser.urlbar.filter.javascript", true);

    Restrict third party cookies

    lockPref("network.cookie.cookieBehavior", 1);

    Enable Flash as it's in a sandbox

    lockPref("plugin.state.flash", 2);

    Disable Java unless required

    lockPref("plugin.state.java", 0);
    lockPref("plugin.state.npdeployjava1", 0);

    Disable webcam and microphone unless necessary

    lockPref("media.navigator.enabled", false);
    lockPref("media.navigator.video.enabled", false);

    Disable Firefox Hello

    Firefox connects to third-party (Telefonica) servers without asking for permission.
    Firefox Hello - video and voice conversations online

    lockPref("loop.enabled", false);

Optional configuration

    Clear personal and temporary data on shutdown

    lockPref("privacy.clearOnShutdown.cache", true);
    lockPref("privacy.clearOnShutdown.cookies", true);
    lockPref("privacy.clearOnShutdown.downloads", true);
    lockPref("privacy.clearOnShutdown.formData", true);
    lockPref("privacy.clearOnShutdown.history", true);
    lockPref("privacy.clearOnShutdown.offlineApps", true);
    lockPref("privacy.clearOnShutdown.openWindows", false);
    lockPref("privacy.clearOnShutdown.passwords", true);
    lockPref("privacy.clearOnShutdown.sessions", true);
    lockPref("privacy.clearOnShutdown.siteprefs", true);
    lockPref("privacy.clearOnShutdown.siteSettings", true);
    lockPref("privacy.cpd.cache", true);
    lockPref("privacy.cpd.cookies", true);
    lockPref("privacy.cpd.downloads", true);
    lockPref("privacy.cpd.formdata", true);
    lockPref("privacy.cpd.history", true);
    lockPref("privacy.cpd.offlineApps", true);
    lockPref("privacy.cpd.openWindows", false);
    lockPref("privacy.cpd.passwords", true);
    lockPref("privacy.cpd.sessions", true);
    lockPref("privacy.cpd.siteprefs", true);
    lockPref("privacy.cpd.siteSettings", true);
    lockPref("privacy.sanitize.sanitizeOnShutdown", true);

    Prevent the use of SPDY, Websockets and WebRTC if not supported by the web proxy

    Media/WebRTC

    lockPref("media.http.spdy.enabled", false);
    lockPref("media.peerconnection.enabled", false);
    lockPref("media.websocket.enabled", false);
    lockPref("network.websocket.enabled", false);

    Disable automatic form filling

    lockPref("signon.autofillForms", false);
    lockPref("signon.prefillForms", false);
    lockPref("signon.rememberSignons", false);

    Disable Pocket integration

    A third-party service (proprietary) for managing a reading list of articles.
    For disabling the Pocket integration, please start by removing the "pocket" icon from the toolbar.
    Save web pages for later with Pocket for Firefox
    Pocket-Erweiterung in Firefox 57 deaktivieren

    lockPref("browser.pocket.enabled", false);
    lockPref("extensions.pocket.enabled", false);

    Disable Firefox's new Screenshot tool (requires at least Firefox 55)

    How to enable or disable Firefox's new Screenshot tool

    lockPref("extensions.screenshots.disabled", true);

    Expire master password

    lockPref("signon.expireMasterPassword", true);

    Disable the version updated page

    lockPref("browser.startup.homepage_override.mstone", "ignore");

    Disable default browser check

    lockPref("browser.shell.checkDefaultBrowser", false);

    Set disk cache to 1MB

    lockPref("browser.cache.disk.capacity", 1024);
    lockPref("browser.cache.disk.smart_size.enabled", false);
    lockPref("browser.cache.disk.smart_size.first_run", false);
    lockPref("browser.cache.disk.smart_size.use_old_max", false);

Ideas (not enabled nor disabled)

    Disable updates and notifications

    lockPref("app.update.auto", false);
    lockPref("app.update.autoUpdateEnabled", false);
    lockPref("app.update.enabled", false);
    lockPref("app.update.mode", 1);
    lockPref("app.update.service.enabled", false);
    lockPref("app.update.silent", true);
    lockPref("update_notifications.enabled", false);

    Disable unnecessary protocols

    This disables older protocols that are known to be weak or entirely broken (3DES, RC4 and MD5).

    lockPref("security.ssl3.rsa_rc4_128_sha", false);
    lockPref("security.ssl3.rsa_rc4_128_md5", false);
    lockPref("security.ssl3.rsa_des_ede3_sha", false);
    lockPref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false);
    lockPref("security.ssl3.ecdhe_rsa_rc4_128_sha", false);
    lockPref("app.update.auto", false);

    Disable device sensors

    lockPref("device.sensors.enabled", false);
    lockPref("camera.control.face_detection.enabled", false);
    lockPref("camera.control.autofocus_moving_callback.enabled", false);

    Disable JavaScript fingerprinting and/or data collection

    lockPref("dom.event.clipboardevents.enabled", false);
    lockPref("dom.battery.enabled", false);
    lockPref("browser.send_pings", false);
    lockPref("webgl.disabled", false);

    Disable search suggestions

    By default everything that is typed in the search box is sent to the search engine.
    If disabled, suggestions based on local history will still work.

    lockPref("browser.search.suggest.enabled", false);

    Turn on tracking protection

    This makes Firefox block known tracking domains by default.

    lockPref("privacy.trackingprotection.enabled", true);

For more ideas, please see A comprehensive list of Firefox privacy and security settings

Contributing

Find a bug? Have a feature request? Here is how you can contribute to this project:

contributing Bugs: Submit bugs and help us verify fixes.
Feature Requests: Feature request can be submitted by creating an Issue.
Edit Source Files: Submit pull requests for bug fixes and features and discuss existing proposals.

www

www Script Homepage
MozillaZine: Locking preferences
MozillaZine: About:config entries
MozillaZine: User.js file
haasn: about:config.md
MrYar: about:config.md
amq: firefox-debloat
Andrew: Firefox Customization File
Martin Brinkmann: A comprehensive list of Firefox privacy and security settings
Martin Brinkmann: How to disable the Firefox Saved Telemetry Pings and archive folder
UK government's National Technical Authority for Information Assurance (CESG): Browser Security Guidance: Mozilla Firefox
ASCII Art: http://www.figlet.org/ and ASCII Art Text Generator

Related scripts

www Get-AsciiTable
Get-BatteryInfo
Get-ComputerInfo
Get-DirectorySize
Get-InstalledPrograms
Get-InstalledWindowsUpdates
Get-RAMInfo
Get-TimeDifference
Get-TimeZoneTable
Get-UnusedDriveLetters
Rock-Paper-Scissors
Toss-a-Coin
Update-AdobeFlashPlayer

About

Alters the Mozilla Firefox behaviour extensively and holistically with Firefox customization file(s). The main focus in this project is on privacy and security.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published