Improving Firefox Security Through about:config

Discussion in 'other security issues & news' started by Searching_ _ _, Aug 13, 2011.

Thread Status:
Not open for further replies.
  1. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    I'm using Firefox 5.0.1

    I'm looking to improve Firefox security through about:config.

    So far I have altered:

    geo.enabled = false
    network.dns.disableIPv6 = true
    network.prefetch-next = false
    browser.cache.disk.enable = false
    browser.cache.memory.enable = false
    browser.cache.offline.enable = false
    browser.sessionstore.max_tabs_undo = 0
    browser.sessionstore.max_windows_undo = 0
    browser.sessionstore.resume_from_crash = false

    Planning on implementing:
    add:
    "New" -> "Integer" -> "network.dnsCacheExpiration" as the name and "0" as the integer value
    "New" -> "Integer" -> "network.dnsCacheEntries" as the name and "0" as the integer value

    What other about:config tweaks are available to help improve security for Firefox?
     
    Searching_ _ _, Aug 13, 2011
    #1
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    How does removing your cache improve security?
     
    Hungry Man, Aug 13, 2011
    #2
  3. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    I assume he's trying to only have it in memory. I'm not too familiar with Fx variables but disabling cache.memory sounds counter-productive.

    Also if you're disabling IPv6 because of the Win7 IP leak when using a proxy, it was fixed in SP1, otherwise there's no need to disable it.
     
    elapsed, Aug 13, 2011
    #3
  4. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    There were certain attacks involving the cache in Firefox. I'll have to Google to review which article as I didn't save the address and it was some time ago.
    Here is one place:

    Bohdizazen: Internet Privacy


    If you feel they are not a security risk then please explain your position.
     
    Searching_ _ _, Aug 13, 2011
    #4
  5. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    It is quite possible I accidentily included browser.cache.memory.enable based on the other two recomendations, at some point thinking they were linked. But...
    http://www.infohole.com/blog/computing/firefox-cache-location/

    browser.cache.memory.enable
    Caching Off: With caching turned off, no memory will be set aside giving you more free.

    Setting it so does not appear to be harmful.

    Also:
    Browser-Cache-Poisoning.Song.Spring10.attack-project.pdf

    Your thoughts and suggestions appreciated.
     
    Searching_ _ _, Aug 13, 2011
    #5
  6. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Analyzing Information Flow in JavaScript-based Browser Extensions - PDF

    Altering security.xpconnect.plugins.xyz seems more complicated then most of the other about:config adjustments, requiring a list be used for each plugin for its proper functioning.
    Will messing with this in about:config improve Firefox security or are there other methods to improve JSE security?
     
    Searching_ _ _, Aug 15, 2011
    #6
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...