Improving Firefox Security Through about:config

Discussion in 'other security issues & news' started by Searching_ _ _, Aug 13, 2011.

Thread Status:
Not open for further replies.
  1. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    I'm using Firefox 5.0.1

    I'm looking to improve Firefox security through about:config.

    So far I have altered:

    geo.enabled = false
    network.dns.disableIPv6 = true
    network.prefetch-next = false
    browser.cache.disk.enable = false
    browser.cache.memory.enable = false
    browser.cache.offline.enable = false
    browser.sessionstore.max_tabs_undo = 0
    browser.sessionstore.max_windows_undo = 0
    browser.sessionstore.resume_from_crash = false

    Planning on implementing:
    add:
    "New" -> "Integer" -> "network.dnsCacheExpiration" as the name and "0" as the integer value
    "New" -> "Integer" -> "network.dnsCacheEntries" as the name and "0" as the integer value

    What other about:config tweaks are available to help improve security for Firefox?
     
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    How does removing your cache improve security?
     
  3. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    I assume he's trying to only have it in memory. I'm not too familiar with Fx variables but disabling cache.memory sounds counter-productive.

    Also if you're disabling IPv6 because of the Win7 IP leak when using a proxy, it was fixed in SP1, otherwise there's no need to disable it.
     
  4. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    There were certain attacks involving the cache in Firefox. I'll have to Google to review which article as I didn't save the address and it was some time ago.
    Here is one place:

    Bohdizazen: Internet Privacy


    If you feel they are not a security risk then please explain your position.
     
  5. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    It is quite possible I accidentily included browser.cache.memory.enable based on the other two recomendations, at some point thinking they were linked. But...
    http://www.infohole.com/blog/computing/firefox-cache-location/

    browser.cache.memory.enable
    Caching Off: With caching turned off, no memory will be set aside giving you more free.

    Setting it so does not appear to be harmful.

    Also:
    Browser-Cache-Poisoning.Song.Spring10.attack-project.pdf

    Your thoughts and suggestions appreciated.
     
  6. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Analyzing Information Flow in JavaScript-based Browser Extensions - PDF

    Altering security.xpconnect.plugins.xyz seems more complicated then most of the other about:config adjustments, requiring a list be used for each plugin for its proper functioning.
    Will messing with this in about:config improve Firefox security or are there other methods to improve JSE security?
     
Loading...
Thread Status:
Not open for further replies.