Digital Horizons

Mozilla Firefox security

Today’s web browsers (and Mozilla Firefox is included) leak a lot of information about the user, can run insecure code, are not sandboxed properly from the underlying filesystem, etc, so here are some tips (and settings) on how to improve your Firefox’s security while browsing. Type about:config in your browser’s address bar and click on the I’ll be careful, I promise! button on the next screen. Use the Search field to find the name of the key and double-click on the Value field to toggle the status to true/false.

Besides those settings, you should have some add-ons installed and enabled (NoScript, Privacy Badger, HTTPS everywhere, Random Agent Spoofer and uBlock Origin).

Security/TLS

You might be unable to browse some sites because of the settings below, especially with security.ssl.require_safe_negotiation true and security.tls.version.min 3 but it’s not something on your side, it’s because they use faulty SSL/TLS implementations. If you check your browser’s SSL status, it should be Probably Okey. Anything below that will make you vulnerable to POODLE, BEAST and other strange names (and vulnerabilities).

security.tls.version.min = 3
security.mixed_content.block_display_content = true
security.OCSP.require = true
security.ssl.require_safe_negotiation = true
security.ssl.treat_unsafe_negotiation_as_broken = true
security.ssl3.rsa_aes_256_sha = false
security.ssl3.rsa_rc4_128_md5 = false
security.ssl3.rsa_rc4_128_sha = false
security.ssl3.rsa_des_ede3_sha = false

Extensions

Unless you explicitly need any of the browser extensions below, they should be all turned off because they will leak information about you to third-party sites.

devtools.webide.enabled = false
network.websocket.enabled = false
reader.parse-on-load.enabled = false
dom.battery.enabled = false
network.http.speculative-parallel-limit = 0
media.peerconnection.enabled = false
media.peerconnection.identity.enabled = false
media.peerconnection.simulcast = false
media.peerconnection.turn.disable = true
media.peerconnection.use_document_iceservers = false
media.peerconnection.video.enabled = false
webgl.disabled = true
camera.control.face_detection.enabled = false
device.sensors.enabled = false
dom.event.contextmenu.enabled = false
dom.event.clipboardevents.enabled = false
accessibility.blockautorefresh = true
devtools.remote.wifi.scan = false
geo.enabled = false
browser.search.geoSpecificDefaults = false
geo.wifi.uri = ""
browser.geolocation.warning.infoURL = ""
browser.search.geoSpecificDefaults.url = ""
browser.search.geoip.url = ""
beacon.enabled = false
dom.gamepad.enabled = false
services.sync.enabled = false
services.sync.sendVersionInfo = false
loop.enabled = false
extensions.pocket.enabled = false
media.eme.enabled = false
browser.send_pings = false

Others

You don’t need telemetry, health reports, safe browsing reports and any of the social tools provided by Firefox, so turn them all off, you’re not missing anything.

toolkit.telemetry.unified = false
toolkit.telemetry.server = ""
experiments.manifest.uri = ""
toolkit.telemetry.archive.enabled = false
toolkit.telemetry.enabled = false
datareporting.healthreport.uploadEnabled = false
datareporting.policy.dataSubmissionEnabled = false
browser.safebrowsing.enabled = false
browser.safebrowsing.downloads.enabled = false
browser.safebrowsing.malware.enabled = false
social.remote-install.enabled = false
social.toast-notifications.enabled = false
social.directories = ""
social.whitelist = ""
social.toast-notifications.enabled = false
network.dns.disablePrefetch = true
network.proxy.socks_remote_dns = true
privacy.trackingprotection.enabled = true
browser.fixup.alternate.enabled = false
browser.newtabpage.directory.source = ""
browser.newtabpage.directory.ping = ""
network.http.sendRefererHeader = 0
network.http.referer.XOriginPolicy = 1
network.http.referer.spoofSource = true
network.http.referer.trimmingPolicy = 2
privacy.donottrackheader.enabled = true