diff --git a/distribution/policies.json b/distribution/policies.json index 48175ca..e7552d4 100644 --- a/distribution/policies.json +++ b/distribution/policies.json @@ -31,7 +31,7 @@ }, "Extensions": { "Install": [ - "https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.37.0-an+fx.xpi" + "https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.37.2-an+fx.xpi" ], "Uninstall": [ "google@search.mozilla.org", diff --git a/librewolf.cfg b/librewolf.cfg index 9a58cd3..82dfb0b 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -27,7 +27,7 @@ // # SETTINGS VERSION // ----------------------------------- -defaultPref("librewolf.cfg.version", "1.4"); +defaultPref("librewolf.cfg.version", "1.5"); // ----------------------------------- // # TRACKING PROTECTION @@ -268,6 +268,7 @@ defaultPref("network.auth.subresource-http-auth-allow", 1); defaultPref("security.ssl.require_safe_negotiation", true); lockPref("security.ssl.treat_unsafe_negotiation_as_broken", true); +defaultPref("security.tls.version.enable-deprecated", false); // default but helps resetting the preference defaultPref("browser.ssl_override_behavior", 1); lockPref("security.tls.enable_0rtt_data", false); defaultPref("security.tls.version.fallback-limit", 3); @@ -305,9 +306,9 @@ defaultPref("privacy.spoof_english", 2); defaultPref("extensions.webextensions.restrictedDomains", ""); // This will allow extensions to work everywhere, default "debug-notes.log" lockPref("extensions.webextensions.identity.redirectDomain", ""); // Redirect basedomain used by identity api, default "extensions.allizom.org" -// disable network for the extensions -// Enable-Firewall-Feature-In-The-Next-Line extensions-firewall >>>>>> -defaultPref("extensions.webextensions.base-content-security-policy", "script-src 'self' https://* moz-extension: blob: filesystem: 'unsafe-eval' 'unsafe-inline'; object-src 'self' https://* moz-extension: blob: filesystem:;"); +// extension firewall, disabled by default +// defaultPref("extensions.webextensions.base-content-security-policy", "default-src 'none'; script-src 'none'; object-src 'none';"); +// defaultPref("extensions.webextensions.base-content-security-policy.v3", "default-src 'none'; script-src 'none'; object-src 'none';"); // set extensions scopes defaultPref("extensions.enabledScopes", 5); @@ -332,11 +333,6 @@ defaultPref("extensions.update.enabled", false); defaultPref("extensions.update.autoUpdateDefault", false); defaultPref("extensions.getAddons.cache.enabled", false); -// blocklist is a security feature, best left at default -// defaultPref("extensions.blocklist.enabled", false); -// defaultPref("extensions.blocklist.detailsURL", ""); -// defaultPref("extensions.blocklist.itemURL", ""); - // system addons lockPref("extensions.systemAddon.update.url", ""); lockPref("extensions.systemAddon.update.enabled", false); @@ -373,7 +369,6 @@ lockPref("security.mixed_content.block_active_content", true); lockPref("security.insecure_connection_text.enabled", true); lockPref("security.insecure_connection_text.pbmode.enabled", true); -lockPref("security.dialog_enable_delay", 700); lockPref("security.csp.enable", true); // ------------------------------------------------------- @@ -635,6 +630,7 @@ lockPref("network.protocol-handler.external.ms-windows-store", false); // disable background update service [WINDOWS] lockPref("app.update.service.enabled", false); +defaultPref("app.update.background.scheduling.enabled", false); // disable automatic Firefox start and session restore after reboot [WINDOWS] lockPref("toolkit.winRegisterApplicationRestart", false);