Firefox configuration hardening, using a single file

A custom user.js configuration file designed to make your Firefox more secure


A user.js file is an alternative method of modifying Firefox’s preferences: it can make certain preference settings more or less “permanent” in a specific profile, and is also a way of documenting preference customizations and it makes it easier to transfer customized settings to another profile.

The GitHub user pyllyukko has developed a custom user.js focused on hardening browser settings and make it more secure:

Main goals

– Limit the possibilities to track the user through web analytics.

– Harden the browser against known data disclosure or code execution vulnerabilities.

– Limit the browser from storing anything even remotely sensitive persistently.

– Make sure the browser doesn’t reveal too much information to shoulder surfers.

– Harden the browser’s encryption (cipher suites, protocols, trusted CAs).

– Limit possibilities to uniquely identify the browser/device using browser fingerpriting.

– Hopefully limit the attack surface by disabling various features.

– Still be usable in daily use.


Installation

Simply copy user.js in your current user profile directory, or (recommended) to a fresh, newly created Firefox profile directory.

The file should be located at:

Windows 7

%APPDATA%MozillaFirefoxProfilesXXXXXXXX.your_profile_nameuser.js

Linux

~/.mozilla/firefox/XXXXXXXX.your_profile_name/user.js

OS X

~/Library/Application Support/Firefox/Profiles/XXXXXXXX.your_profile_name

Android

/data/data/org.mozilla.firefox/files/mozilla/XXXXXXXX.your_profile_name

Sailfish OS + Alien Dalvik

/opt/alien/data/data/org.mozilla.firefox/files/mozilla/XXXXXXXX.your_profile_name

Windows (portable)

[firefox directory]Dataprofile


Warning!

Installing user.js will remove your saved passwords (https://github.com/pyllyukko/user.js/issues/27)


More informations and downloads

https://github.com/pyllyukko/user.js

Comments