Mommy, what's "the epitomy of hypocrisy?" mozilla: "We respect your privacy" post-install, firefox first-run default opens these 2 tabs: http://i.imgur.com/KG1DTSV.png http://i.imgur.com/KG1DTSV.png http://i.imgur.com/h8kyNQb.png http://i.imgur.com/h8kyNQb.png and had it been able to connect to accounts.firefox.com the page would display a webform asking for firstname, lastname, email, mother's maiden name, cup size.... yep, stick a fork in me, I'm Almost done
@inka: Did you track that down? A quick glance at code based guess: an update check for system addons failed because it used HTTP rather than HTTPS. However, extensions.systemAddon.update.url values I see use HTTPS. Did you modify that value? Something else going on?
Why would you get a "Request failed certificate checks" error due to "scheme is not https" exception if the destination server was blocked via hosts file? What branch BTW? The scheme is not https bothers me. Looking at Release, that appears to come from CertUtils.jsm#145 after the call at ProductAddonChecker.jsm#121. I find it interesting that said call is in the XHR success handler rather than fail handler. Looking at the code more closely, I don't think XPIProvider updateSystemAddons() is a potential source because it doesn't pass allowedCerts. GMPInstallManager checkForAddons() can though. Something doesn't seem right. I need to get some real work done so enough poking around for now. Maybe your reply will clear things up for me.
Something to keep an eye on: Bug 1240932 introduced a networkId and related functions including calculateNetworkId() which you can find in Win32, Linux, and Mac specific files. The code appears to be working in FF 49.0.1 for Windows (I see the debug output). Perhaps it is functional in other platforms too. However, I can't find it in mozilla-release at DXR. So here is a link to the Win32 version in mozilla-central: https://dxr.mozilla.org/mozilla-central/source/netwerk/system/win32/nsNotifyAddrListener.cpp#284. The current implementation combines the MAC Address of the default gateway with the hard coded string "local-rubbish", calculates the SHA-1 of that, then Base64Encodes. So different apps, different profiles, and different devices will have the same networkId while behind the same default gateway. A networkId that could be precomputed for known gateways and MAC Addresses. It appears they aren't yet using the networkId for its intended purpose(s).
Sounds like there is a new tampering-with-user-systems + data-collection-via-altered-update-ping System Addon on the way. Called Application Update Service Helper: http://www.ghacks.net/2016/11/04/application-update-service-helper/ A quote of a quote, but I'm too lazy to click through right now: I lost track of their Websense related plans before they executed. But I was hoping that someone within Mozilla would have enough security sense to stop the others from crossing that line. Pushing a ping altering System Addon to collect information about who is/isn't using a particular security tool is not cool. Doesn't even matter if the software really did bork Firefox. Heck, doesn't matter if it is a security tool either. I wonder what they'll take from user computers with this one.
Code: var defunctPrefs = [ // // Gathered from diffs at https://cat-in-136.github.io/ (which links // to CC license http://creativecommons.org/licenses/by-nc-sa/4.0/) // and some of my own notes. // // Due to several factors, these entries may not accurately // represent which prefs are no longer checked for by the // application code you are using. Consult the source code // when in doubt: https://dxr.mozilla.org // // // // Removed from Firefox (Linux) pref files in FF50: // "browser.addon-watch.percentage-limit", "browser.safebrowsing.enabled", "browser.safebrowsing.forbiddenURIs.enabled", "browser.safebrowsing.provider.mozilla.lists.mozfull.description", "browser.safebrowsing.provider.mozilla.lists.mozfull.name", "browser.safebrowsing.provider.mozilla.lists.mozstd.description", "browser.safebrowsing.provider.mozilla.lists.mozstd.name", "devtools.command-button-eyedropper.enabled", "dom.mozKillSwitch.enabled", "dom.workers.maxPerDomain", "gfx.filter.nearest.force-enabled", "javascript.options.mem.gc_decommit_threshold_mb", "layers.compositor-lru-size", "layers.tiled-drawtarget.enabled", "media.webvtt.enabled", "plugins.update.notifyUser", "plugins.update.url", "security.ssl3.ecdhe_ecdsa_rc4_128_sha", "security.ssl3.ecdhe_rsa_rc4_128_sha", "security.ssl3.rsa_rc4_128_md5", "security.ssl3.rsa_rc4_128_sha", "services.sync.addons.ignoreRepositoryChecking", "services.sync.prefs.sync.browser.safebrowsing.enabled", "urlclassifier.forbiddenTable", "webgl.enable-prototype-webgl2", // // Removed from Firefox (Linux) pref files in FF49: // "app.update.incompatible.mode", "app.update.mode", "app.update.showInstalledUI", "devtools.webconsole.fontSize", "dom.datastore.enabled", "dom.disable_window_open_feature.scrollbars", "dom.inter-app-communication-api.enabled", "dom.push.adaptive.enabled", "dom.push.adaptive.gap", "dom.push.adaptive.lastGoodPingInterval", "dom.push.adaptive.lastGoodPingInterval.mobile", "dom.push.adaptive.lastGoodPingInterval.wifi", "dom.push.adaptive.upperLimit", "dom.push.pingInterval.default", "dom.push.pingInterval.mobile", "dom.push.pingInterval.wifi", "dom.push.udp.wakeupEnabled", "dom.requestSync.enabled", "dom.server-events.enabled", "layout.css.text-emphasis.enabled", "services.kinto.addons.checked", "services.kinto.addons.collection", "services.kinto.base", "services.kinto.bucket blocklists", "services.kinto.changes.path", "services.kinto.gfx.checked", "services.kinto.gfx.collection", "services.kinto.onecrl.checked", "services.kinto.onecrl.collection", "services.kinto.plugins.checked", "services.kinto.plugins.collection", "services.kinto.update_enabled", "services.sync.prefs.sync.app.update.mode", // // Removed from Firefox (Linux) pref files in FF48: // "browser.urlbar.unifiedcomplete", "devtools.errorconsole.enabled", "devtools.memory.custom-dominator-tree-displays", "dom.always_allow_move_resize_window", "dom.document.scrollingElement.enabled", "dom.ipc.plugins.enabled", "dom.mozContacts.enabled", "dom.mozPay.enabled", "dom.mozTCPSocket.enabled", "dom.requestcache.enabled", "extensions.blocklist.suppressUI", "extensions.enabledScopes", "extensions.installDistroAddons", "extensions.showMismatchUI", "layers.offmainthreadcomposition.enabled", "layout.accessiblecaret.extendedvisibility", "layout.css.sticky.enabled", "layout.imagevisibility.enabled", "layout.imagevisibility.numscrollportheights", "layout.imagevisibility.numscrollportwidths", "places.database.growthIncrementKiB", "plugin.allowed_types", "security.csp.debug", "security.webauth.u2f.softtoken", "security.webauth.u2f.usbtoken", "toolkit.asyncshutdown.timeout.crash", "webapprt.app_update_interval", "xpinstall.enabled", // // Removed from Firefox (Linux) pref files in FF47: // "apz.fling_repaint_interval", "apz.pan_repaint_interval", "apz.smooth_scroll_repaint_interval", "browser.history.allowPopState", "browser.history.allowPushState", "browser.history.allowReplaceState", "browser.search.param.yahoo-fr", "browser.search.param.yahoo-fr-ja", "datareporting.healthreport.about.reportUrlUnified", "devtools.command-button-tilt.enabled", "devtools.memory.custom-breakdowns", "devtools.memory.custom-dominator-tree-breakdowns", "devtools.performance.ui.enable-jit-optimizations", "devtools.tilt.enabled", "devtools.tilt.intro_transition", "devtools.tilt.outro_transition", "dom.identity.enabled", "dom.max_child_script_run_time", "dom.permissions.enabled", "dom.serviceWorkers.interception.enabled", "dom.serviceWorkers.interception.opaque.enabled", "layers.offmainthreadcomposition.testing.enabled", "layout.css.text-align-true-value.enabled", "network.cookie.alwaysAcceptSessionCookies", "plugin.state.box edit", "plugin.state.cisco jabber guest plug-in", "plugin.state.ciscowebcommunicator", "plugin.state.couponprinter-firefox_v", "plugin.state.esteidfirefoxplugin", "plugin.state.f5 sam inspection host plugin", "plugin.state.f5 ssl vpn plugin", "plugin.state.facebookvideocalling", "plugin.state.gcplugin", "plugin.state.iprint", "plugin.state.libplugins", "plugin.state.lwaplugin", "plugin.state.np_prsnl", "plugin.state.npatgpc", "plugin.state.npauthz", "plugin.state.npbispbrowser", "plugin.state.npboxedit", "plugin.state.npchip", "plugin.state.npciscowebcommunicator", "plugin.state.npesteid-firefox-plugin", "plugin.state.npfacebookvideocalling", "plugin.state.npgcplugin", "plugin.state.npgoogleupdate", "plugin.state.npmcafeemss", "plugin.state.npmcffplg", "plugin.state.npmeetingjoinpluginoc", "plugin.state.npmozcouponprinter", "plugin.state.npmvtplugin", "plugin.state.npnipp", "plugin.state.npnisp", "plugin.state.nppdf", "plugin.state.npplayerplugin", "plugin.state.nproblox", "plugin.state.nprobloxproxy", "plugin.state.npskypewebplugin", "plugin.state.npspwrap", "plugin.state.npunity3d", "plugin.state.npvidyoweb", "plugin.state.npviewright", "plugin.state.npwebcard", "plugin.state.personalplugin", "plugin.state.playerplugin", "plugin.state.playerplugin.charter", "plugin.state.playerplugin.ciscodrm", "plugin.state.playerplugin.dtv", "plugin.state.skypewebplugin", "plugin.state.unity web player", "plugin.state.vidyoweb", "plugin.state.viewrightwebplayer", "plugin.state.webex", "privacy.sanitize.migrateClearSavedPwdsOnExit", "services.sync.enabled", "services.sync.syncedTabsUIRefresh", "toolkit.telemetry.optoutSample", // // Removed from Firefox (Linux) pref files in FF46: // "apz.num_paint_duration_samples", "apz.use_paint_duration", "browser.apps.URL", "browser.panorama.animate_zoom", "browser.pocket.api", "browser.pocket.enabled", "browser.pocket.enabledLocales", "browser.pocket.oAuthConsumerKey", "browser.pocket.site", "browser.pocket.useLocaleList", "browser.safebrowsing.appRepURL", "datareporting.healthreport.currentDaySubmissionFailureCount", "datareporting.healthreport.documentServerNamespace", "datareporting.healthreport.documentServerURI", "datareporting.healthreport.lastDataSubmissionFailureTime", "datareporting.healthreport.lastDataSubmissionRequestedTime", "datareporting.healthreport.lastDataSubmissionSuccessfulTime", "datareporting.healthreport.logging.consoleEnabled", "datareporting.healthreport.logging.consoleLevel", "datareporting.healthreport.logging.dumpEnabled", "datareporting.healthreport.logging.dumpLevel", "datareporting.healthreport.nextDataSubmissionTime", "datareporting.healthreport.pendingDeleteRemoteData", "datareporting.healthreport.service.enabled", "datareporting.healthreport.service.loadDelayFirstRunMsec", "datareporting.healthreport.service.loadDelayMsec", "datareporting.healthreport.service.providerCategories", "datareporting.policy.dataSubmissionEnabled.v2", "datareporting.policy.firstRunTime", "dom.abortablepromise.enabled", "media.format-reader.webm", "media.gstreamer.enable-blacklist", "media.gstreamer.enabled", "selectioncaret.enabled", "selectioncaret.inflatesize.threshold", "touchcaret.enabled", "touchcaret.expiration.time", "touchcaret.inflatesize.threshold", // // Removed from Firefox (Linux) pref files in FF45: // "apz.asyncscroll.throttle", "apz.asyncscroll.timeout", "apz.cross_slide.enabled", "apz.fling_snap_friction", "browser.sessionstore.privacy_level_deferred", "caret.manages-android-actionbar", "devtools.appmanager.enabled", "devtools.appmanager.lastTab", "devtools.appmanager.manifestEditor.enabled", "dom.push.debug", "image.onload.decode.limit", "layers.offmainthreadcomposition.force-basic", "layout.css.ruby.enabled", "loop.contextInConversations.enabled", "loop.feedback.baseUrl", "loop.feedback.product", "loop.gettingStarted.seen", "loop.oauth.google.redirect_uri", "loop.oauth.google.scope", "loop.ringtone", "selectioncaret.detects.longtap", "selectioncaret.observes.compositions", "selectioncaret.visibility.affectscaret", "touchcaret.extendedvisibility", // // Removed from Firefox (Linux) pref files in FF44: // "browser.push.warning.infoURL", "devtools.inspector.markupPreview", "devtools.webide.sidebars", "dom.disable_image_src_set", "dom.mouseEvent.offsetXY.enabled", "dom.workers.sharedWorkers.enabled", "layout.css.unicode-range.enabled", "layout.imagevisibility.enabled_for_browser_elements_only", "loop.contacts.gravatars.promo", "loop.contacts.gravatars.show", "loop.debug.websocket", "media.fragmented-mp4.enabled", "media.fragmented-mp4.ffmpeg.enabled", "media.fragmented-mp4.gmp.enabled", "media.fragmented-mp4.use-blank-decoder", "media.youtube-ua.override", "media.youtube-ua.override.from", "media.youtube-ua.override.to", "network.http.packaged-apps-developer-mode", "security.tls.insecure_fallback_hosts.use_static_list", // // Removed from Firefox (Linux) pref files in FF43: // "browser.safebrowsing.appRepURL", "browser.safebrowsing.gethashURL", "browser.safebrowsing.malware.reportURL", "browser.safebrowsing.updateURL", "browser.search.jarURIs", "browser.search.loadFromJars", "browser.search.showOneOffButtons", "browser.trackingprotection.gethashURL", "browser.trackingprotection.updateURL", "browser.zoom.reflowOnZoom false", "browser.zoom.reflowZoom.reflowTextOnPageLoad", "browser.zoom.reflowZoom.reflowTimeout", "devtools.inspector.animationInspectorV3", "dom.messageChannel.enabled", "gfx.vsync.compositor", "gfx.vsync.hw-vsync.enabled", "gfx.vsync.refreshdriver", "image.high_quality_downscaling.enabled", "image.high_quality_downscaling.min_factor", "image.high_quality_upscaling.max_size", "layout.css.will-change.enabled", "media.audio_data.enabled", "media.fragmented-mp4.exposed", "media.mediasource.format-reader", "media.mediasource.format-reader.webm", "media.useAudioChannelService", "network.http.use-cache", "network.sts.serve_multiple_events_per_poll_iteration", "pfs.datasource.url", "security.ssl.warn_missing_rfc5746", "svg.transform-origin.enabled", // // Removed from Firefox (Linux) pref files in FF42: // 'app.update.cert.maxErrors', 'app.update.certs.1.commonName', 'app.update.certs.1.issuerName', 'app.update.certs.2.commonName', 'app.update.certs.2.issuerName', 'browser.preferences.inContent', 'browser.readinglist.enabled', 'browser.readinglist.sidebarEverOpened', 'devtools.debugger.tracer', 'dom.broadcastChannel.enabled', 'dom.ipc.plugins.asyncInit.enabled', 'full-screen-api.approval-required', 'image.decode-only-on-draw.enabled', 'layers.async-video-oop.enabled', 'layers.async-video.enabled', 'layout.frames.force_resizability', 'loop.seenToS', 'loop.showPartnerLogo', 'media.format-reader.mp4', 'media.mediasource.format-reader.mp4', 'media.mediasource.whitelist', 'media.windows-media-foundation.enabled', // Windows, manually added 'network.auth.subresource-http-auth-allow', 'privacy.clearOnShutdown.passwords', 'readinglist.scheduler.enabled', 'readinglist.server', 'services.sync.prefs.sync.privacy.clearOnShutdown.passwords', 'services.sync.tokenServerURI', 'toolkit.telemetry.optoutSample', 'toolkit.telemetry.unifiedIsOptIn', // // Removed from Firefox (Linux) pref files in FF41: // "browser.download.debug", "browser.newtab.url", "browser.safebrowsing.reportErrorURL", "browser.safebrowsing.reportGenericURL", "browser.safebrowsing.reportMalwareErrorURL", "browser.safebrowsing.reportMalwareURL", "browser.safebrowsing.reportURL", "devtools.debugger.ui.panes-sources-width", "devtools.performance.ui.show-jit-optimizations", "dom.workers.websocket.enabled", "font.mathfont-family", "full-screen-api.content-only", "network.http.spdy.enabled.http2draft", "plugins.enumerable_names", "print.postscript.orientation", "print.postscript.paper_size", "print.postscript.print_command", "print.print_command", "toolkit.telemetry.unifiedIsOptIn", // // Removed from Firefox (Linux) pref files in FF40: // "browser.devedition.theme.enabled", "browser.devedition.theme.showCustomizeButton", "devtools.debugger.chrome-enabled", "devtools.performance_dev.enabled", "devtools.profiler.enabled", "devtools.profiler.ui.flatten-tree-recursion", "devtools.profiler.ui.show-idle-blocks", "devtools.profiler.ui.show-platform-data", "devtools.timeline.enabled", "devtools.timeline.hiddenMarkers", "dom.webcrypto.enabled", "loop.contextInConverations.enabled", "network.http.atsvc.enabled", "network.http.atsvc.oe", "services.push.enabled", "services.push.serverURL", "toolbar.customization.usesheet", // // Removed from Firefox (Linux) pref files in FF39: // "dom.fetch.enabled", "image.mem.decodeondraw", "layout.async-containerless-scrolling.enabled", "loop.screenshare.enabled", "print.enable_e10s_testing", "services.sync.prefs.sync.lightweightThemes.isThemeSelected", // // Removed from Firefox (Linux) pref files in FF38: // "apz.subframe.enabled", "browser.search.highlightCount", "browser.search.param.yahoo-fr", "browser.search.param.yahoo-fr-ja", "devtools.performance.ui.show-timeline-memory", "dom.indexedDB.warningQuota", "loop.rooms.enabled", "media.gmp-eme-adobe.hidden", "media.mediasource.youtubeonly", "network.http.atsvc.enabled", "network.http.atsvc.oe", "network.predictor.max-db-size", "network.predictor.max-queue-size", "network.predictor.preserve", "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", "security.ssl.renego_unrestricted_hosts", "svg.svg-iframe.enabled", "webgl.shader_validator", // // Removed from Firefox (Linux) pref files in FF37: // "browser.display.use_document_colors", "camera.control.autofocus_moving_callback.enabled", "image.mem.max_ms_before_yield", "image.multithreaded_decoding.enabled", "media.gmp-gmpopenh264.provider.enabled", "media.gmp-manager.log", "network.negotiate-auth.allow-insecure-ntlm-v1", "network.negotiate-auth.allow-insecure-ntlm-v1-https", "network.ntlm.send-lm-response", "network.websocket.extensions.stream-deflate", "profiler.enabled", "profiler.entries", "profiler.interval", "security.ssl.false_start.require-forward-secrecy", "security.ssl3.dhe_dss_aes_128_sha", "security.ssl3.dhe_dss_aes_256_sha", "security.ssl3.dhe_rsa_camellia_128_sha", "security.ssl3.dhe_rsa_camellia_256_sha", "security.ssl3.dhe_rsa_des_ede3_sha", "security.ssl3.ecdhe_rsa_des_ede3_sha", "security.ssl3.rsa_camellia_128_sha", "security.ssl3.rsa_camellia_256_sha", "selectioncaret.noneditable", // // Removed from Firefox (Linux) pref files in FF36: // "apz.overscroll.fling_friction", "apz.overscroll.fling_stopped_threshold", "apz.overscroll.snap_back.mass", "apz.overscroll.snap_back.spring_friction", "apz.overscroll.snap_back.spring_stiffness", "browser.urlbar.default.behavior", "dns.ttl-experiment.enabled", "dns.ttl-experiment.variant", "font.alias-list", "image.mem.hard_limit_decoded_image_kb", "image.mem.min_discard_timeout_ms", "loop.soft_start_hostname", "loop.soft_start_ticket_number", "loop.throttled2", "network.http.spdy.enabled.v3", "privacy.donottrackheader.value", "services.sync.prefs.sync.browser.urlbar.default.behavior", "services.sync.prefs.sync.privacy.donottrackheader.value", "webgl.lose-context-on-memory-preasure", // // Removed from Firefox (Linux) pref files in FF35: // "apz.axis_lock_mode", "browser.tabs.remote", "browser.uitour.whitelist.add.260", "browser.uitour.whitelist.add.340", "browser.uitour.whitelist.add.341", "devtools.scratchpad.enableCodeFolding", "dom.unsafe_legacy_crypto.enabled", "dom.window_experimental_bindings", "geo.wifi.logging.enabled", "loop.soft_start_hostname", "loop.soft_start_ticket_number", "loop.throttled", "media.peerconnection.trickle_ice", "plugins.hideMissingPluginsNotification", "plugins.notifyMissingFlash", "privacy.panicButton.enabledLocales", "privacy.panicButton.useLocaleList", "touchcaret.distance.threshold", "xpinstall.whitelist.add", "xpinstall.whitelist.add.180", // // Removed from Firefox (Linux) pref files in FF34: // "datareporting.policy.dataSubmissionPolicyAccepted", "datareporting.policy.dataSubmissionPolicyBypassAcceptance", "datareporting.policy.dataSubmissionPolicyResponseTime", "datareporting.policy.dataSubmissionPolicyResponseType", "dom.global-constructor.disable.mozContact", "dom.navigator-property.disable.mozContacts", "experiments.manifest.cert.checkAttributes", "experiments.manifest.cert.requireBuiltin", "experiments.manifest.certs.1.commonName", "experiments.manifest.certs.1.issuerName", "font.default.tr serif", "font.default.x-baltic serif", "font.default.x-central-euro", "font.minimum-size.tr", "font.minimum-size.x-baltic", "font.minimum-size.x-central-euro", "font.name.monospace.tr", "font.name.monospace.x-baltic", "font.name.monospace.x-central-euro", "font.name.sans-serif.tr", "font.name.sans-serif.x-baltic", "font.name.sans-serif.x-central-euro", "font.name.serif.tr", "font.name.serif.x-baltic", "font.name.serif.x-central-euro", "font.size.fixed.tr", "font.size.fixed.x-baltic", "font.size.fixed.x-central-euro", "font.size.variable.tr", "font.size.variable.x-baltic", "font.size.variable.x-central-euro", "layers.scroll-graph", "layout.css.font-features.enabled", "security.csp.newbackend.enable", "services.sync.prefs.sync.browser.search.selectedEngine", "ui.scrollToClick", "webgl.prefer-native-gl", // // Removed from Firefox (Linux) pref files in FF33: // "gfx.font_rendering.harfbuzz.scripts", "javascript.options.ion.parallel_compilation", "media.tabstreaming.height", "media.tabstreaming.time_per_frame", "media.tabstreaming.width", "plugins.hide_infobar_for_blocked_plugin", "plugins.hide_infobar_for_outdated_plugin", "security.csp.speccompliant", "security.ssl3.dhe_dss_camellia_128_sha", "security.ssl3.dhe_dss_camellia_256_sha", "security.ssl3.rsa_fips_des_ede3_sha", "security.ssl3.rsa_seed_sha", "security.use_mozillapkix_verification", "social.manifest.facebook", "urlclassifier.malware_table", "urlclassifier.phish_table", "webgl.lose-context-on-heap-minimize", // // Removed from Firefox (Linux) pref files in FF32: // "browser.frames.enabled", "browser.newtabpage.directorySource", "browser.search.param.ms-pc", "browser.search.param.yahoo-fr-cjkt", "intl.charsetmenu.browser.cache", "intl.charsetmenu.browser.cache.size", "intl.charsetmenu.browser.more1", "intl.charsetmenu.browser.more2", "intl.charsetmenu.browser.more3", "intl.charsetmenu.browser.more4", "intl.charsetmenu.browser.more5", "intl.charsetmenu.browser.static", "intl.charsetmenu.composer.cache", "intl.charsetmenu.mailedit", "intl.charsetmenu.mailview.cache", "layout.css.supports-rule.enabled", "network.seer.enable-hover-on-ssl", "network.seer.enabled", "network.seer.max-db-size", "network.seer.max-queue-size", "network.seer.page-degradation.day", "network.seer.page-degradation.max", "network.seer.page-degradation.month", "network.seer.page-degradation.week", "network.seer.page-degradation.year", "network.seer.preconnect-min-confidence", "network.seer.preresolve-min-confidence", "network.seer.preserve", "network.seer.redirect-likely-confidence", "network.seer.subresource-degradation.day", "network.seer.subresource-degradation.max", "network.seer.subresource-degradation.month", "network.seer.subresource-degradation.week", "network.seer.subresource-degradation.year", // // Removed from Firefox (Linux) pref files in FF 31: // "browser.cache.memory_limit", "browser.tabs.closeButtons", "dom.network.enabled", "dom.network.metered", "javascript.options.typeinference", "layers.use-deprecated-textures", "media.peerconnection.aec", "media.peerconnection.aec_enabled", "media.peerconnection.agc", "media.peerconnection.agc_enabled", "media.peerconnection.noise", "media.peerconnection.noise_enabled", "memory_info_dumper.watch_fifo", "services.sync.prefs.sync.browser.tabs.closeButtons", //"toolkit.telemetry.enabled", // // Removed from Firefox (Linux) pref files in FF 30: // "browser.ctrlTab.recentlyUsedLimit", "devtools.debugger.enable-content-actors", "devtools.gcli.allowSet", "javascript.options.baselinejit.chrome", "javascript.options.baselinejit.content", "javascript.options.ion.chrome", "javascript.options.ion.content", "javascript.options.typeinference.chrome", "javascript.options.typeinference.content", "media.webaudio.enabled", "print.whileInPrintPreview", "signon.overrideAutocomplete", "social.enabled", "social.sidebar.open", "urlclassifier.download_allow_table", "urlclassifier.download_block_table", // // Removed from Firefox (Linux) pref files in FF 29: // "browser.safebrowsing.keyURL", "browser.sessionstore.async", "browser.sessionstore.postdata", "browser.tabs.onTop", "capability.policy.default.Clipboard.cutcopy", "capability.policy.default.Clipboard.paste", "capability.policy.default.DOMException.code", "capability.policy.default.DOMException.message", "capability.policy.default.DOMException.name", "capability.policy.default.DOMException.result", "capability.policy.default.DOMException.toString.get", "capability.policy.default.DOMParser.parseFromStream", "capability.policy.default.History.back.get", "capability.policy.default.History.current", "capability.policy.default.History.forward.get", "capability.policy.default.History.go.get", "capability.policy.default.History.item", "capability.policy.default.History.next", "capability.policy.default.History.previous", "capability.policy.default.History.toString", "capability.policy.default.Location.hash.set", "capability.policy.default.Location.href.set", "capability.policy.default.Location.replace.get", "capability.policy.default.Selection.addSelectionListener", "capability.policy.default.Selection.removeSelectionListener", "capability.policy.default.Window.blur.get", "capability.policy.default.Window.close.get", "capability.policy.default.Window.closed.get", "capability.policy.default.Window.focus.get", "capability.policy.default.Window.frames.get", "capability.policy.default.Window.history.get", "capability.policy.default.Window.length.get", "capability.policy.default.Window.location", "capability.policy.default.Window.opener.get", "capability.policy.default.Window.parent.get", "capability.policy.default.Window.postMessage.get", "capability.policy.default.Window.self.get", "capability.policy.default.Window.top.get", "capability.policy.default.Window.window.get", "capability.policy.default.XMLHttpRequest.channel", "capability.policy.default.XMLHttpRequest.getInterface", "capability.policy.default.XMLHttpRequest.open-uri", "capability.policy.default_policynames", "capability.policy.mailnews.*.attributes.get", "capability.policy.mailnews.*.baseURI.get", "capability.policy.mailnews.*.data.get", "capability.policy.mailnews.*.documentURI", "capability.policy.mailnews.*.getAttribute", "capability.policy.mailnews.*.getAttributeNS", "capability.policy.mailnews.*.getAttributeNode", "capability.policy.mailnews.*.getAttributeNodeNS", "capability.policy.mailnews.*.getNamedItem", "capability.policy.mailnews.*.getNamedItemNS", "capability.policy.mailnews.*.host.get", "capability.policy.mailnews.*.hostname.get", "capability.policy.mailnews.*.href.get", "capability.policy.mailnews.*.innerHTML.get", "capability.policy.mailnews.*.lowSrc.get", "capability.policy.mailnews.*.nodeValue.get", "capability.policy.mailnews.*.pathname.get", "capability.policy.mailnews.*.protocol.get", "capability.policy.mailnews.*.src.get", "capability.policy.mailnews.*.substringData.get", "capability.policy.mailnews.*.text.get", "capability.policy.mailnews.*.textContent", "capability.policy.mailnews.*.title.get", "capability.policy.mailnews.*.wholeText", "capability.policy.mailnews.DOMException.toString", "capability.policy.mailnews.DOMParser.parseFromStream", "capability.policy.mailnews.DOMParser.parseFromString", "capability.policy.mailnews.HTMLAnchorElement.toString", "capability.policy.mailnews.HTMLDivElement.getAttribute", "capability.policy.mailnews.HTMLDocument.URL", "capability.policy.mailnews.HTMLDocument.domain", "capability.policy.mailnews.Location.toString", "capability.policy.mailnews.Range.toString", "capability.policy.mailnews.SOAPCall.asyncInvoke", "capability.policy.mailnews.SOAPCall.invoke", "capability.policy.mailnews.SOAPCall.transportURI", "capability.policy.mailnews.SOAPCall.verifySourceHeader", "capability.policy.mailnews.SOAPEncoding.decode", "capability.policy.mailnews.SOAPEncoding.defaultDecoder", "capability.policy.mailnews.SOAPEncoding.defaultEncoder", "capability.policy.mailnews.SOAPEncoding.encode", "capability.policy.mailnews.SOAPEncoding.getAssociatedEncoding", "capability.policy.mailnews.SOAPEncoding.getDecoder", "capability.policy.mailnews.SOAPEncoding.getEncoder", "capability.policy.mailnews.SOAPEncoding.getExternalSchemaURI", "capability.policy.mailnews.SOAPEncoding.getInternalSchemaURI", "capability.policy.mailnews.SOAPEncoding.mapSchemaURI", "capability.policy.mailnews.SOAPEncoding.schemaCollection", "capability.policy.mailnews.SOAPEncoding.setDecoder", "capability.policy.mailnews.SOAPEncoding.setEncoder", "capability.policy.mailnews.SOAPEncoding.styleURI", "capability.policy.mailnews.SOAPEncoding.unmapSchemaURI", "capability.policy.mailnews.SOAPFault.detail", "capability.policy.mailnews.SOAPFault.element", "capability.policy.mailnews.SOAPFault.faultActor", "capability.policy.mailnews.SOAPFault.faultCode", "capability.policy.mailnews.SOAPFault.faultNamespaceURI", "capability.policy.mailnews.SOAPFault.faultString", "capability.policy.mailnews.SOAPHeaderBlock.actorURI", "capability.policy.mailnews.SOAPHeaderBlock.mustUnderstand", "capability.policy.mailnews.SOAPParameter", "capability.policy.mailnews.SOAPPropertyBagMutator.addProperty", "capability.policy.mailnews.SOAPPropertyBagMutator.propertyBag", "capability.policy.mailnews.SOAPResponse.fault", "capability.policy.mailnews.SchemaLoader.load", "capability.policy.mailnews.SchemaLoader.loadAsync", "capability.policy.mailnews.SchemaLoader.onError", "capability.policy.mailnews.SchemaLoader.onLoad", "capability.policy.mailnews.SchemaLoader.processSchemaElement", "capability.policy.mailnews.WSDLLoader.load", "capability.policy.mailnews.WSDLLoader.loadAsync", "capability.policy.mailnews.WSDLLoader.onError", "capability.policy.mailnews.WSDLLoader.onLoad", "capability.policy.mailnews.WebServiceProxyFactory.createProxy", "capability.policy.mailnews.WebServiceProxyFactory.createProxyAsync", "capability.policy.mailnews.WebServiceProxyFactory.onError", "capability.policy.mailnews.WebServiceProxyFactory.onLoad", "capability.policy.mailnews.Window.blur", "capability.policy.mailnews.Window.focus", "capability.policy.mailnews.Window.innerHeight.set", "capability.policy.mailnews.Window.innerWidth.set", "capability.policy.mailnews.Window.moveBy", "capability.policy.mailnews.Window.moveTo", "capability.policy.mailnews.Window.name.set", "capability.policy.mailnews.Window.outerHeight.set", "capability.policy.mailnews.Window.outerWidth.set", "capability.policy.mailnews.Window.resizeBy", "capability.policy.mailnews.Window.resizeTo", "capability.policy.mailnews.Window.screenX.set", "capability.policy.mailnews.Window.screenY.set", "capability.policy.mailnews.Window.sizeToContent", "capability.policy.mailnews.XMLHttpRequest.abort", "capability.policy.mailnews.XMLHttpRequest.channel", "capability.policy.mailnews.XMLHttpRequest.getAllResponseHeaders", "capability.policy.mailnews.XMLHttpRequest.getInterface", "capability.policy.mailnews.XMLHttpRequest.getResponseHeader", "capability.policy.mailnews.XMLHttpRequest.onerror noAccess", "capability.policy.mailnews.XMLHttpRequest.onload noAccess", "capability.policy.mailnews.XMLHttpRequest.onreadystatechange", "capability.policy.mailnews.XMLHttpRequest.open", "capability.policy.mailnews.XMLHttpRequest.overrideMimeType", "capability.policy.mailnews.XMLHttpRequest.readyState", "capability.policy.mailnews.XMLHttpRequest.responseText", "capability.policy.mailnews.XMLHttpRequest.responseXML", "capability.policy.mailnews.XMLHttpRequest.send", "capability.policy.mailnews.XMLHttpRequest.setRequestHeader", "capability.policy.mailnews.XMLHttpRequest.status", "capability.policy.mailnews.XMLHttpRequest.statusText", "capability.policy.mailnews.XMLSerializer.serializeToStream", "capability.policy.mailnews.XMLSerializer.serializeToString", "capability.policy.mailnews.document.load", "capability.policy.mailnews.sites", "devtools.styleeditor.transitions", "dom.promise.enabled", "font.default.x-user-def serif", "font.minimum-size.x-user-def", "font.name.monospace.x-user-def", "font.name.sans-serif.x-user-def", "font.name.serif.x-user-def", "font.size.fixed.x-user-def", "font.size.variable.x-user-def", "javascript.options.jit_hardening", "layers.prefer-memory-over-shmem", "services.sync.scheduler.singleDeviceInterval", "signon.useDOMFormHasPassword", "social.allowMultipleWorkers", "urlclassifier.download_allow_table", "urlclassifier.download_block_table", // // Removed from Firefox (Linux) pref files in FF 28: // "browser.download.manager.closeWhenDone", "browser.download.manager.flashCount", "browser.download.manager.focusWhenStarting", "browser.download.manager.quitBehavior", "browser.download.manager.retention", "browser.download.manager.scanWhenDone", "browser.download.manager.showAlertInterval", "browser.download.manager.showAlertOnComplete", "browser.download.manager.showWhenStarting", "browser.download.panel.firstSessionCompleted", "browser.fixup.use-utf8", "devtools.appmanager.firstrun", "devtools.editor.component", "general.useragent.enable_overrides", "gfx.content.azure.enabled", "intl.charset.default", "layout.css.flexbox.enabled", "network.http.spdy.enabled.v2", "security.enable_md5_signatures", "services.sync.prefs.sync.browser.download.manager.closeWhenDone", "services.sync.prefs.sync.browser.download.manager.retention", "services.sync.prefs.sync.browser.download.manager.scanWhenDone", "services.sync.prefs.sync.browser.download.manager.showWhenStarting", "svg.text.css-frames.enabled", // // Removed from Firefox (Linux) pref files in FF 27: // "browser.safebrowsing.warning.infoURL", "devtools.responsiveUI.enabled", "devtools.scratchpad.enabled", "layout.enable_japanese_specific_transform", "security.enable_tls_session_tickets", "security.ssl3.dhe_dss_des_ede3_sha", "security.ssl3.ecdh_ecdsa_aes_128_sha", "security.ssl3.ecdh_ecdsa_aes_256_sha", "security.ssl3.ecdh_ecdsa_des_ede3_sha", "security.ssl3.ecdh_ecdsa_rc4_128_sha", "security.ssl3.ecdh_rsa_aes_128_sha", "security.ssl3.ecdh_rsa_aes_256_sha", "security.ssl3.ecdh_rsa_des_ede3_sha", "security.ssl3.ecdh_rsa_rc4_128_sha", "security.ssl3.ecdhe_ecdsa_des_ede3_sha", "signon.SignonFileName", "signon.SignonFileName2", "signon.SignonFileName3", "urlclassifier.gethashtables", // // Removed from Firefox (Linux) pref files in FF 26: // "browser.download.useJSTransfer", "browser.download.useToolkitUI", "browser.mixedcontent.warning.infoURL", "devtools.layoutview.enabled", "devtools.layoutview.open", "dom.experimental_forms_range", "dom.omit_components_in_content", "javascript.options.mem.analysis_purge_mb", "javascript.options.mem.disable_explicit_compartment_gc", "javascript.options.typeinference", "nglayout.events.dispatchLeftClickOnly", "services.sync.engine.apps", // // Additional prefs were removed in earlier versions // of Firefox but are not included here. // ];
Do you guys replace URLs in about:config with "https://localhost/" after installs or upgrades to FF? This is one of the first things I do with FF when upgrading, since some URLs are restored, while some are not. It might help with the stuff in this post. "System add-ons and user installed add-ons are mixed together, but it should be easy enough to distinguish them." <---- I don't have any system addons listed. Is removing them from "C:\Program Files (x86)\Mozilla Firefox\browser\features" (or is it components) the reason why, or is it a combo of that and about:config mods? @TheWindBringeth - nice list in your latest post... kudos. OMGosh, FF 50 doesn't have "dom.workers.maxPerDomain"!
I apply pref changes via autoconfig file. Which contains a blockUrlPref(prefName) function that can either set the URL to "" or point it to a local server so I can log what Firefox is doing. I think System Addon updates are retrieved via extensions.systemAddon.update.url. There is some related information at http://gecko.readthedocs.io/en/latest/toolkit/mozapps/extensions/addon-manager/SystemAddons.html.
Ghacks.net Firefox privacy and security user.js 0.11 is out https://www.ghacks.net/2017/02/12/ghacks-net-firefox-user-js-config-0-11-is-out/
http://www.ghacks.net/2017/02/22/firefox-fingerprinting-using-intermediate-ca-caching/ Also it works with Firefox Mobile:
I haven't seen any official announcement of Mozilla about this. Have they comented anything or are they going to fix it?
Notwithstanding a possible fix from Mozilla, you can prevent this with RequestPolicy, uMatrix and uBlock Origin once configured accordingly. See this post.
Missing telepathy is admittedly one of my biggest deficiencies. That's why I haven't even started guessing which "chance" exactly is "denied" and what "profile setting" you are referring to. Hint: A certain degree of verbosity makes life in forums much easier.
I was tossing up whether or not to set this about:config setting to true ever since the new ghacks about:config file came out, but not sure how it will effect AdGuard since AG uses a file called cert.db
