Firefox configuration hardening, using a single file
A custom user.js configuration file designed to make your Firefox more secure
A user.js file is an alternative method of modifying Firefox’s preferences: it can make certain preference settings more or less “permanent” in a specific profile, and is also a way of documenting preference customizations and it makes it easier to transfer customized settings to another profile.
The GitHub user pyllyukko has developed a custom user.js focused on hardening browser settings and make it more secure:
Main goals
- Limit the possibilities to track the user through web analytics.
- Harden the browser against known data disclosure or code execution vulnerabilities.
- Limit the browser from storing anything even remotely sensitive persistently.
- Make sure the browser doesn’t reveal too much information to shoulder surfers.
- Harden the browser’s encryption (cipher suites, protocols, trusted CAs).
- Limit possibilities to uniquely identify the browser/device using browser fingerpriting.
- Hopefully limit the attack surface by disabling various features.
- Still be usable in daily use.
Installation
Simply copy user.js
in your current user profile directory, or (recommended) to a fresh, newly created Firefox profile directory.
The file should be located at:
Windows 7
%APPDATA%MozillaFirefoxProfilesXXXXXXXX.your_profile_nameuser.js
Linux
~/.mozilla/firefox/XXXXXXXX.your_profile_name/user.js
OS X
~/Library/Application Support/Firefox/Profiles/XXXXXXXX.your_profile_name
Android
/data/data/org.mozilla.firefox/files/mozilla/XXXXXXXX.your_profile_name
Sailfish OS + Alien Dalvik
/opt/alien/data/data/org.mozilla.firefox/files/mozilla/XXXXXXXX.your_profile_name
Windows (portable)
[firefox directory]Dataprofile
Warning!
Installing user.js will remove your saved passwords (https://github.com/pyllyukko/user.js/issues/27)
More informations and downloads
[embed]https://github.com/pyllyukko/user.js[/embed]