Arkenfox user.js for Firefox

0=blank, 1=home, 2=last visited page, 3=resume previous session

about:home=Firefox Home (default, see 0105), custom URL, about:blank

true=Firefox Home (default, see 0105), false=blank page

If disabled, no policy is shown or upload takes place, ever

The "unified" pref affects the behavior of the "enabled" pref - If "unified" is false then "enabled" controls the telemetry module - If "unified" is true then "enabled" only controls whether to record extended data

Shield is a telemetry system that can push and test "recipes"

This is the master switch for the safebrowsing.downloads* prefs (0403, 0404)

To verify the safety of certain executable files, Firefox may submit some information about the file, including the name, origin, size and a cryptographic hash of the contents, to the Google Safe Browsing service which helps Firefox determine whether or not the file should be blocked

If clicked, it bypasses the block for that session. This is a means for admins to enforce SB

e.g. in Tor, this stops your local DNS server from knowing your Tor destination as a remote Tor node will handle the DNS request

Gvfs/GIO has a set of supported protocols like obex, network, archive, computer, dav, cdda, gphoto2, trash, etc. From FF87-117, by default only sftp was accepted

RemoteSettings, UpdateService, Telemetry [1]

0=default, 2=increased (TRR (Trusted Recursive Resolver) first), 3=max (TRR only), 5=off (no rollout) see "doh-rollout.home-region": USA 2019, Canada 2021, Russia/Ukraine 2022 [3]

The custom uri is the value shown when you "Choose provider>Custom>"

Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search

redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing attacks. Don't forget clearing history on exit (2811). However, social engineering [2#limits][4][5] and advanced targeted timing attacks could still produce usable results

can leak in cross-site forms *and* be spoofed

hardens against potential credentials phishing 0 = don't allow sub-resources to open HTTP authentication credentials dialogs 1 = don't allow cross-origin sub-resources to open HTTP authentication credentials dialogs 2 = allow sub-resources to open HTTP authentication credentials dialogs (default)

define on which sites to save extra session data such as form content, cookies and POST data 0=everywhere, 1=unencrypted sites, 2=nowhere

URL shortcuts use a cached randomly named .ico file which is stored in your profile/shortcutCache directory. The .ico remains after the shortcut is deleted If set to false then the shortcuts use a generic Firefox icon

Blocks connections to servers that don't support RFC 5746 [2] as they're potentially vulnerable to a MiTM attack [3]. A server without RFC 5746 can be safe from the attack if it disables renegotiations but the problem is that the browser can't know that. Setting this pref to true is the only way for the browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server

This data is not forward secret, as it is encrypted solely under keys derived using the offered PSK. There are no guarantees of non-replay between connections

0=disabled, 1=enabled (default), 2=enabled for EV certificates only OCSP (non-stapled) leaks information about the sites you visit to the CA (cert authority) It's a trade-off between security (checking) and privacy (leaking info to the CA)

When a CA cannot be reached to validate a cert, Firefox just continues the connection (=soft-fail) Setting this pref to true tells Firefox to instead terminate the connection (=hard-fail) It is pointless to soft-fail when an OCSP fetch fails: you cannot confirm a cert is still valid (it could have been revoked) and/or you could be under attack (e.g. malicious blocking of OCSP servers)

0=disabled, 1=allow user MiTM (default; such as your antivirus), 2=strict

0 = disabled 1 = consult CRLite but only collect telemetry 2 = consult CRLite and enforce both "Revoked" and "Not Revoked" results 3 = consult CRLite and enforce "Not Revoked" results, but defer to OCSP for "Revoked" (default)

When the top-level is HTTPS, insecure subresources are also upgraded (silent fail)

When attempting to upgrade, if the server doesn't respond within 3 seconds, Firefox sends a top-level HTTP request without path in order to check if the server supports HTTPS or not This is done to avoid waiting for a timeout which takes 90 seconds

Bug: warning padlock not indicated for subresources on a secure page! [2]

only works when it's possible to add an exception i.e. it doesn't work for HSTS discrepancies (https://subdomain.preloaded-hsts.badssl.com/)

0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port

https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers

true=Firefox will not choose a container (so your extension can) false=Firefox will choose the container/no-container (default)

When using a system-wide proxy, it uses the proxy interface

grant device access, but often results in breakage on video-conferencing platforms

0 (default) or 1=allow, 2=block

This setting controls if the option "Display in Firefox" is available in the setting below and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With") It doesn't break "state separation" of browser content (by not sharing with OS, independent apps). It maintains disk avoidance and application data isolation. It's convenient. You can still save to disk.

DLP agents are background processes on managed computers that allow enterprises to monitor locally running applications for data exfiltration events, which they can allow/block based on customer defined DLP policies. 0=Block all requests, 1=Warn on all requests (which lets the user decide), 2=Allow all requests

1=profile, 2=user, 4=application, 8=system, 16=temporary, 31=all The pref value represents the sum: e.g. 5 would be profile and application directories

ETP Strict Mode enables Total Cookie Protection (TCP) cross-site state tracking e.g. exceptions for SiteA and SiteB means PartyC on both sites is shared

Opener and redirect heuristics are granted for 30 days, see [3]

via history (2830), will no longer remove sanitize on shutdown "cookie and site data" site exceptions (2815)

add exceptions for both sites e.g. https://www.youtube.com (site) + https://accounts.google.com (single sign on)

Firefox remembers your last choices. This will reset them when you start Firefox

Firefox remembers your last choices. This will reset them when you start Firefox for "Clear Recent History" is opened, it is synced to the same as "history"

Firefox remembers your last choice. This will reset the value when you start Firefox 0=everything, 1=last hour, 2=last two hours, 3=last four hours, 4=today which will display a blank value, and are not guaranteed to work

uses "RFPTargets" [1] which despite the name these are not used by RFP e.g. "+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC" = all targets but allow prefers-color-scheme and do not change timezone e.g. "-AllTargets,+CanvasRandomization,+JSDateTimeUTC" = no targets but do use FPP canvas and change timezone

JSON format: e.g."[{\"firstPartyDomain\": \"netflix.com\", \"overrides\": \"-CanvasRandomization,-FrameRate,\"}]"

RFP also has a few side effects: mainly that timezone is GMT, and websites will prefer light theme

Dynamically resizes the inner window by applying margins in stepped ranges [2] If you use the dimension pref, then it will only apply those resolutions. The format is "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000") dislike the margins, then flip this pref, keeping in mind that it is effectively fingerprintable

0=prompt, 1=disabled, 2=enabled

1=most recent window or tab, 2=new window, 3=new tab Stops malicious window sizes and some screen resolution leaks. You can still right-click a link and open in a new window

caches, searches, cookies, localStorage, IndexedDB etc (which you can achieve in normal mode). In fact, PB mode limits or removes the ability to control some of these, and you need to quit Firefox to clear them. PB is best used as a one off window (Menu>New Private Window) to provide a temporary self-contained new session. Close all private windows to clear the PB session.

capacity: -1=determine dynamically (default), 0=none, n=memory capacity in kibibytes

Saved logins and passwords are not available. Reset the pref and restart to return them

actual history (and bookmarks) already do. Your history is more detailed, so control that instead; e.g. disable history, clear history on exit, use PB mode

Application data isolation [1]

This value controls the total number of entries to appear in the location bar dropdown

0=desktop, 1=downloads (default), 2=custom

If .supportedCountries includes your region (browser.search.region) and .supported is "detect" (default), then the UI will show. Stored data is not secure, uses JSON

Don't leak URL typos to a search engine, give an error message instead Examples: "secretplace,com", "secretplace/com", "secretplace com", "secret place.com" dropdown, or using keyword search shortcuts you configure in options (e.g. "d" for DuckDuckGo)

is enabled, then Ion can still be used by extensions (1599226)

Vulnerabilities [1] have increasingly been found, including those known and fixed in native programs years ago [2]. WASM has powerful low-level access, making certain attacks (brute-force) and vulnerabilities more possible

Optionally hide the UI setting which also disables the DRM prompt

This is an application level fallback. Disabling IPv6 is best done at an OS/network level, and/or configured properly in system wide VPN setups.

0=always (default), 1=only if base domains match, 2=only if hosts match

Firefox uses the system DNS to initially resolve the IP address of your DoH server. When set to a valid, working value that matches your "network.trr.uri" (0712) Firefox won't use the system DNS. If the IP doesn't match then DoH won't work

disables those. FPI is no longer maintained except at Tor Project for Tor Browser's config

Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla

Location-Aware Browsing, Full Screen Geo is behind a prompt (7002). Full screen requires user interaction

Location, Camera, Microphone, Notifications [FF58+] Virtual Reality [FF73+] 0=always ask (default), 1=allow, 2=block exceptions as allow/block for frequently visited/annoying sites: i.e. not global

and isolated with network partitioning (FF85+) and/or containers

0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade

interaction, and paste is limited to focused editable fields

required in TRUSTED scenarios; i.e. after you grant device (microphone or camera) access

in ETP Strict (2701) and sanitizing on close (2800s)