[tbb-commits] [tor-browser/tor-browser-91.2.0esr-11.0-1] squash! TB4: Tor Browser's Firefox preference overrides.

sysrqb at torproject.org sysrqb at torproject.org
Tue Nov 2 20:20:45 UTC 2021


commit 1559973d238a958aad947367881c0678cda4dbb9
Author: Matthew Finkel <sysrqb at torproject.org>
Date:   Mon Nov 1 16:28:22 2021 +0000

    squash! TB4: Tor Browser's Firefox preference overrides.
    
    Bug 40177: Update prefs for Fx91esr
---
 browser/app/profile/000-tor-browser.js | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js
index 0952a3ad5cfc..ed8c4c8c80dd 100644
--- a/browser/app/profile/000-tor-browser.js
+++ b/browser/app/profile/000-tor-browser.js
@@ -53,6 +53,9 @@ pref("permissions.memory_only", true);
 pref("network.cookie.lifetimePolicy", 2);
 pref("security.nocertdb", true);
 
+// Enabled LSNG
+pref("dom.storage.next_gen", true);
+
 // Disk activity: TBB Directory Isolation
 pref("browser.download.useDownloadDir", false);
 pref("browser.shell.checkDefaultBrowser", false);
@@ -119,11 +122,12 @@ pref("privacy.annotate_channels.strict_list.enabled", false);
 
 // Disable the Pocket extension (Bug #18886 and #31602)
 pref("extensions.pocket.enabled", false);
-pref("network.http.referer.hideOnionSource", true);
 
 // Disable use of WiFi location information
 pref("browser.region.network.scan", false);
 pref("browser.region.network.url", "");
+// Bug 40083: Make sure Region.jsm fetching is disabled
+pref("browser.region.update.enabled", false);
 
 // Don't load Mozilla domains in a separate tab process
 pref("browser.tabs.remote.separatedMozillaDomains", "");
@@ -177,6 +181,8 @@ pref("dom.w3c_pointer_events.enabled", false);
 pref("dom.vr.enabled", false); // Bug 21607: Disable WebVR for now
 // Disable randomised Firefox HTTP cache decay user test groups (Bug: 13575)
 pref("security.webauth.webauthn", false); // Bug 26614: Disable Web Authentication API for now
+// Disable SAB, no matter if the sites are cross-origin isolated.
+pref("dom.postMessage.sharedArrayBuffer.withCOOP_COEP", false);
 // Disable intermediate preloading (Bug 30682)
 pref("security.remote_settings.intermediates.enabled", false);
 // Bug 2874: Block Components.interfaces from content
@@ -190,8 +196,17 @@ pref("privacy.resistFingerprinting.letterboxing", true);
 pref("dom.netinfo.enabled", false);
 pref("network.http.referer.defaultPolicy", 2); // Bug 32948: Make referer behavior consistent regardless of private browing mode status
 pref("media.videocontrols.picture-in-picture.enabled", false); // Bug 40148: disable until audited in #40147
+pref("network.http.referer.hideOnionSource", true);
+// Bug 40463: Disable Windows SSO
+pref("network.http.windows-sso.enabled", false);
 // Bug 40383: Disable new PerformanceEventTiming
 pref("dom.enable_event_timing", false);
+// Disable API for measuring text width and height.
+pref("dom.textMetrics.actualBoundingBox.enabled", false);
+pref("dom.textMetrics.baselines.enabled", false);
+pref("dom.textMetrics.emHeight.enabled", false);
+pref("dom.textMetrics.fontBoundingBox.enabled", false);
+pref("pdfjs.enableScripting", false);
 
 // Third party stuff
 pref("privacy.firstparty.isolate", true); // Always enforce first party isolation
@@ -199,6 +214,8 @@ pref("privacy.partition.network_state", false); // Disable for now until audit
 pref("network.cookie.cookieBehavior", 1);
 pref("network.http.spdy.allow-push", false); // Disabled for now. See https://bugs.torproject.org/27127
 pref("network.predictor.enabled", false); // Temporarily disabled. See https://bugs.torproject.org/16633
+// Bug 40177: Make sure tracker cookie purging is disabled
+pref("privacy.purge_trackers.enabled", false);
 
 // Proxy and proxy security
 pref("network.proxy.socks", "127.0.0.1");
@@ -207,6 +224,8 @@ pref("network.proxy.socks_remote_dns", true);
 pref("network.proxy.no_proxies_on", ""); // For fingerprinting and local service vulns (#10419)
 pref("network.proxy.allow_hijacking_localhost", true); // Allow proxies for localhost (#31065)
 pref("network.proxy.type", 1);
+// Bug 40548: Disable proxy-bypass
+pref("network.proxy.failover_direct", false);
 pref("network.security.ports.banned", "9050,9051,9150,9151");
 pref("network.dns.disabled", true); // This should cover the #5741 patch for DNS leaks
 pref("network.dns.disablePrefetch", true);
@@ -307,6 +326,8 @@ pref("extensions.legacy.exceptions", "{972ce4c6-7e08-4474-a285-3208198ce6fd},tor
 pref("extensions.webextensions.restrictedDomains", "");
 // Bug 28896: Make sure our bundled WebExtensions are running in Private Browsing Mode
 pref("extensions.allowPrivateBrowsingByDefault", true);
+// Don't give Mozilla-recommended third-party extensions special privileges.
+pref("extensions.postDownloadThirdPartyPrompt", false);
 
 // Toolbar layout
 pref("browser.uiCustomization.state", "{\"placements\":{\"widget-overflow-fixed-list\":[],\"PersonalToolbar\":[\"personal-bookmarks\"],\"nav-bar\":[\"back-button\",\"forward-button\",\"stop-reload-button\",\"urlbar-container\",\"torbutton-button\",\"security-level-button\",\"downloads-button\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"toolbar-menubar\":[\"menubar-items\"],\"PanelUI-contents\":[\"home-button\",\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"save-page-button\",\"print-button\",\"bookmarks-menu-button\",\"history-panelmenu\",\"find-button\",\"preferences-button\",\"add-ons-button\",\"developer-button\"],\"addon-bar\":[\"addonbar-closebutton\",\"status-bar\"]},\"seen\":[\"developer-button\",\"https-everywhere-eff_eff_org-browser-action\",\"_73a6fe31-595d-460b-a920-fcc0f8843232_-browser-action\"],\"dirtyAreaCache\":[\"PersonalToolbar\",\"nav-bar\",\"TabsToolbar\",\"toolbar-menubar\"],\"currentVersion\":14,\"newElementCount
 \":1}");
@@ -314,6 +335,9 @@ pref("browser.uiCustomization.state", "{\"placements\":{\"widget-overflow-fixed-
 // Enforce certificate pinning, see: https://bugs.torproject.org/16206
 pref("security.cert_pinning.enforcement_level", 2);
 
+// Don't load OS client certs.
+pref("security.osclientcerts.autoload", false);
+
 // Don't allow MitM via Microsoft Family Safety, see bug 21686
 pref("security.family_safety.mode", 0);
 
@@ -453,6 +477,9 @@ pref("extensions.torbutton.pref_fixup_version", 0);
 
 #ifdef MOZ_BUNDLED_FONTS
 
+// Bug 40342: Always use bundled fonts
+pref("gfx.bundled-fonts.activate", 1);
+
 #ifdef XP_MACOSX
 pref("font.system.whitelist", "AppleGothic, Apple Color Emoji, Arial, Courier, Geneva, Georgia, Heiti TC, Helvetica, Helvetica Neue, .Helvetica Neue DeskInterface, Hiragino Kaku Gothic ProN, Lucida Grande, Monaco, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Tibetan, Noto Sans Yi, STHeiti, STIX Math, Tahoma, Thonburi, Times, Times New Roman, Verdana");
 pref("font.name-list.cursive.x-unicode", "Apple Chancery, Noto Sans Armenian, Noto Sans Bengali, Noto Sans Buginese, Noto Sans Canadian Aboriginal, Noto Sans Cherokee, Noto Sans Devanagari, Noto Sans Ethiopic, Noto Sans Gujarati, Noto Sans Gurmukhi, Noto Sans Kannada, Noto Sans Khmer, Noto Sans Lao, Noto Sans Malayalam, Noto Sans Mongolian, Noto Sans Myanmar, Noto Sans Oriya, Noto Sans Sinhala, Noto Sans Tamil, Noto Sans Telugu, Noto Sans Thaana, Noto Sans Tibetan, Noto Sans Yi");





More information about the tbb-commits mailing list