// // CERT Firefox 3 user.js recommendations v1 // January 5, 2009 - Initial Release // May 2, 2009 - Fixed placeholder icon entry, set preference to not load NoScript web page after updates // //////////////////////////////////////////////////////////// // Main //////////////////////////////////////////////////////////// // Always ask where to save files user_pref('browser.download.useDownloadDir', false); //////////////////////////////////////////////////////////// // Content //////////////////////////////////////////////////////////// // Block pop-up windows user_pref('dom.disable_open_during_load',true); // Disable Java user_pref('security.enable_java', false); // Javascript // Enable JavaScript //user_pref('javascript.enabled',true); // Disable JavaScript window resize user_pref('dom.disable_window_move_resize',true); // Disable JavaScript window raising or lowering user_pref('dom.disable_window_flip',true); // Disable JavaScript disable or replace context menus user_pref('dom.event.contextmenu.enabled',false); // Disable JavaScript ability to hide the status bar user_pref('dom.disable_window_open_feature.status',true); // Disable JavaScript ability to change status bar text user_pref('dom.disable_window_status_change',true); // Disable the ability to change the status bar text user_pref("capability.policy.default.Window.status", "noAccess"); //////////////////////////////////////////////////////////// // Privacy //////////////////////////////////////////////////////////// // Don't remember what has been entered in forms and the search bar user_pref('browser.formfill.enable', false); // Cookies // network.cookie.cookieBehavior // 0: Enable all cookies // 1: Don't accept third party cookies // 2: Disable all cookies user_pref('network.cookie.cookieBehavior',1); // network.cookie.lifetimePolicy // 0: Keep cookies until they expire // 1: Prompt for every cookie // 2: Keep cookies for session only //user_pref('network.cookie.lifetimePolicy',1); //// Private Data //// Clear my private data when I close Firefox //// These options are commented out by default due to the limited safety/hassle ratio //// Uncomment them if you wish to enable the extra privacy features //user_pref('privacy.sanitize.sanitizeOnShutdown', true); //// Do not ask before clearing private data //user_pref('privacy.sanitize.promptOnSanitize',false); //// Clear browsing history when clearing private data //user_pref('privacy.item.history',false); //// Clear download history when clearing private data //user_pref('privacy.item.downloads',false); //// Clear saved form and search history when clearing private data //user_pref('privacy.item.formdata',true); //// Clear cache when clearing private data //user_pref('privacy.item.cache',false); //// Clear cookies when clearing private data //user_pref('privacy.item.cookies',true); //// Clear offline website data when clearing private data //user_pref('privacy.item.offlineApps',false); //// Clear saved passwords when clearing private data //user_pref('privacy.item.passwords',false); //// Clear authenticated sessions when clearing private data //user_pref('privacy.item.sessions',true); // Do not send the HTTP Referer header when navigating from one https site to another user_pref('network.http.sendSecureXSiteReferrer',false); //////////////////////////////////////////////////////////// // Security //////////////////////////////////////////////////////////// // Warn when sites try to install add-ons user_pref('xpinstall.whitelist.required',true); // Alert if the site visited is a suspected attack site user_pref('browser.safebrowsing.malware.enabled',true); // Alert if the site visited is a suspected forgery (local blacklist) user_pref('browser.safebrowsing.enabled',true); // browser.safebrowsing.remoteLookups // true : Check sites by querying third-party (Google) for each site // false: Check sites against local downloaded blacklist only user_pref('browser.safebrowsing.remoteLookups', false); // Warn when a website uses weak encryption user_pref('security.warn_entering_weak', true); // Don't remember passwords for sites user_pref("signon.rememberSignons",false); //////////////////////////////////////////////////////////// // Download options //////////////////////////////////////////////////////////// // Prompt before opening downloaded executables user_pref("browser.download.manager.alertOnEXEOpen",true); // Prompt before launching helper applications user_pref("browser.helperApps.alwaysAsk.force",true); // Set MIME types which browser will always open automatically user_pref("browser.helperApps.neverAsk.openFile",""); //////////////////////////////////////////////////////////// // Misc options //////////////////////////////////////////////////////////// // Prompt before handling mailto: URIs user_pref("network.protocol-handler.warn-external.mailto",true); // Prompt before handling news: URIs user_pref("network.protocol-handler.warn-external.news",true); // Prompt before handling nntp: URIs user_pref("network.protocol-handler.warn-external.nntp",true); // Prompt before handling snews: URIs user_pref("network.protocol-handler.warn-external.snews",true); // Show punycode encoding for IDN. Can help prevent spoofing user_pref("network.IDN_show_punycode",true); //////////////////////////////////////////////////////////// // NoScript //////////////////////////////////////////////////////////// // Apply content blocking to trusted sites as well as untrusted user_pref("noscript.contentBlocker",true); // Block frames by default user_pref("noscript.forbidFrames",true); // Block iframes by default user_pref("noscript.forbidIFrames",true); // Disable Java by default user_pref("noscript.forbidJava",true); // Disable Adobe Flash by default user_pref("noscript.forbidFlash",true); // Disable Microsoft Silverlight by default user_pref("noscript.forbidSilverlight",true); // Disable other plugins by default user_pref("noscript.forbidPlugins",true); // Ask for confirmation before temporarily unblocking an object user_pref("noscript.confirmUnblock",true); // Show placeholder icon user_pref("noscript.showPlaceholder",true); // Do not display the NoScript web page when add-on is updated user_pref("noscript.firstRunRedirection",false);