Merge pull request #535 from mariux64/new-revision-firefox

Firefox: Add some security/privacy configuration

firefox.be0

@@ -2,7 +2,7 @@
 
 #export BEE_TMP_TMPDIR=/dev/shm BEE_TMP_BUILDROOT=/dev/shm/bee-root BEE_MAKEFLAGS='-j80'
 
-# BEE_VERSION firefox-57.0-0
+# BEE_VERSION firefox-57.0-1
 
 SRCURL[0]="https://ftp.mozilla.org/pub/firefox/releases/${PKGVERSION}/source/firefox-${PKGVERSION}.source.tar.xz"
 
@@ -62,10 +62,6 @@ mee_install_post() {
     start_cmd mkdir -p ${D}${DATADIR}/applications
     start_cmd desktop-file-install --dir ${D}${DATADIR}/applications ${B}/firefox.desktop
 
-    cat <<-EOF >${D}${LIBDIR}/firefox-${PKGVERSION}/defaults/pref/mariux64.js
-	pref("storage.nfs_filesystem", true);
-	EOF
-
   cat <<-EOF >${D}${LIBDIR}/firefox-${PKGVERSION}/defaults/pref/autoconfig.js
   // Any comment. You must start the file with a comment!
 pref("general.config.filename", "default_config_mariux.cfg");
@@ -74,22 +70,124 @@ EOF
 
   cat <<-EOF >${D}${LIBDIR}/firefox-${PKGVERSION}/default_config_mariux.cfg
 // Any comment. You must start the file with a comment!
+pref("storage.nfs_filesystem", true);
 pref("network.captive-portal-service.enabled",false);
 
 // Don't show WhatsNew on first run after every update
 pref("browser.startup.homepage_override.mstone","ignore");
 
+//disable slowStartup Notification
+pref("browser.slowStartup.notificationDisabled", true);
+pref("browser.slowStartup.maxSamples", 0);
+pref("browser.slowStartup.samples", 0);
+pref("browser.rights.3.shown", true);
+pref("startup.homepage_welcome_url", "");
+pref("startup.homepage_welcome_url.additional", "");
+pref("startup.homepage_override_url", "");
+pref("browser.laterrun.enabled", false);
+pref("browser.shell.checkDefaultBrowser", false);
+
+//disable daily pings to Mozilla about extensions and recent startup
+lockPref("extensions.getAddons.cache.enabled", false);
+
+//disable sending the URL of the website where a plugin crashed
+lockPref("dom.ipc.plugins.reportCrashURL", false);
+
+//disable auto update for extensions
+lockPref("extensions.update.autoUpdateDefault", false);
+
+//disable about:addons' Get Add-ons panel (uses Google-Analytics)
+pref("extensions.getAddons.showPane", false); // hidden pref
+pref("extensions.webservice.discoverURL", "");
+
 // Set default homepage - users can change
 // Requires a complex preference
 defaultPref("browser.startup.homepage","data:text/plain,browser.startup.homepage=http://twiki.molgen.mpg.de/foswiki/Main/WebHome");
 
 // Don't ask to install the Flash plugin
 pref("plugins.notifyMissingFlash", false);
 
-// Disable health reporter
-lockPref("datareporting.healthreport.service.enabled", false);
+// Disable upload of health reports
+lockPref("datareporting.healthreport.uploadEnabled", false);
+//disable about:healthreport page (which connects to Mozilla for locale/css+js+json)
+pref("datareporting.healthreport.about.reportUrl", "data:text/plain,");
 
 // Disable all data upload (Telemetry and FHR)
+lockPref("toolkit.telemetry.unified", false);
+lockPref("toolkit.telemetry.enabled", false);
+lockPref("toolkit.telemetry.server", "");
+lockPref("toolkit.telemetry.newProfilePing.enabled", false);
+lockPref("toolkit.telemetry.shutdownPingSender.enabled", false);
+lockPref("toolkit.telemetry.updatePing.enabled", false);
+lockPref("toolkit.telemetry.bhrPing.enabled", false);
+lockPref("toolkit.telemetry.firstShutdownPing.enabled", false);
+lockPref("toolkit.telemetry.cachedClientID", "");
+lockPref("toolkit.telemetry.archive.enabled", false);
 lockPref("datareporting.policy.dataSubmissionEnabled", false);
+lockPref("browser.ping-centre.telemetry", false);
+
+//disable "Snippets" (Mozilla content shown on about:home screen)
+lockPref("browser.aboutHomeSnippets.updateUrl", "https://127.0.0.1"); //test
+
+//disable experiments https://wiki.mozilla.org/Telemetry/Experiments
+lockPref("experiments.enabled", false);
+lockPref("experiments.manifest.uri", "");
+lockPref("experiments.supported", false);
+lockPref("experiments.activeExperiment", false);
+// disable Mozilla permission to silently opt you into tests
+lockPref("network.allow-experiments", false);
+
+//disable pocket
+lockPref("extensions.pocket.enabled", false);
+
+//disable flyweb https://flyweb.github.io/
+pref("dom.flyweb.enabled", false);
+
+//disable Shield https://wiki.mozilla.org/Firefox/Shield
+lockPref("extensions.shield-recipe-client.enabled", false);
+lockPref("extensions.shield-recipe-client.api_url", "");
+
+//disable Follow on Search and Activity Stream
+lockPref("browser.newtabpage.activity-stream.enabled", false);
+lockPref("browser.library.activity-stream.enabled", false);
+
+//disable link-mouseover opening connection to linked server
+lockPref("network.http.speculative-parallel-limit", 0);
+
+//disable pings (but enforce same host in case)
+lockPref("browser.send_pings", false);
+lockPref("browser.send_pings.require_same_host", true);
+
+//disable location bar using search - PRIVACY test
+lockPref("keyword.enabled", false);
+
+//disable location bar domain guessing - PRIVACY/SECURITY
+lockPref("browser.fixup.alternate.enabled", false);
+
+//display all parts of the url in the location bar - helps SECURITY
+lockPref("browser.urlbar.trimURLs", false);
+
+//disable location bar making speculative connections (FF56+)
+lockPref("browser.urlbar.speculativeConnect.enabled", false);
+
+//disable SSL session tracking test
+lockPref("security.ssl.disable_session_identifiers", true);
+
+//disable SSL Error Reporting
+lockPref("security.ssl.errorReporting.automatic", false);
+lockPref("security.ssl.errorReporting.enabled", false);
+lockPref("security.ssl.errorReporting.url", "");
+
+//disable the DNT HTTP header, which is essentially USELESS
+lockPref("privacy.donottrackheader.enabled", false);
+
+//set max popups from a single non-click event - default is 20!
+lockPref("dom.popup_maximum", 3);
+
+//limit events that can cause a popup default is "change click dblclick mouseup pointerup notificationclick reset submit touchend"
+lockPref("dom.popup_allowed_events", "click dblclick");
+
+//enable Firefox's built-in PDF reader
+defaultPref("pdfjs.disabled", false);
 EOF
 }