Build 2025.01.12.1

Signed-off-by: celenity <[email protected]>
celenityy · Jan 12, 2025 · 5d91a7c · 5d91a7c
1 parent 8fbb1fd
commit 5d91a7c
Show file tree

Hide file tree

Showing 4 changed files with 95 additions and 14 deletions.
diff --git a/archives/dove.zip b/archives/dove.zip
diff --git a/build/policies/policies-spec.json b/build/policies/policies-spec.json
@@ -1127,6 +1127,18 @@
                 "Value": "",
                 "Status": "locked"
             },
+            "network.early-hints.enabled": {
+                "Value": false,
+                "Status": "locked"
+            },
+            "network.early-hints.preconnect.enabled": {
+                "Value": false,
+                "Status": "locked"
+            },
+            "network.preconnect": {
+                "Value": false,
+                "Status": "locked"
+            },
             "network.protocol-handler.external.shell": {
                 "Value": false,
                 "Status": "locked"

diff --git a/dove.cfg b/dove.cfg
@@ -4,7 +4,7 @@
 lockPref("general.config.filename", "phoenix.cfg");
 lockPref("general.config.vendor", "phoenix");
 
-lockPref("browser.phoenix.version", "2025.01.06.1");
+lockPref("browser.phoenix.version", "2025.01.12.1");
 
 // 000 ABOUT:CONFIG
 
@@ -45,11 +45,6 @@ lockPref("messaging-system.rsexperimentloader.collection_id", "");
 lockPref("nimbus.appId", ""); // https://searchfox.org/mozilla-central/source/toolkit/components/backgroundtasks/defaults/backgroundtasks_browser.js
 lockPref("toolkit.telemetry.pioneer-new-studies-available", false);
 
-/// WebVTT Testing Events
-// https://searchfox.org/mozilla-central/source/modules/libpref/init/StaticPrefList.yaml
-
-lockPref("media.webvtt.testing.events", false);
-
 /// Origin Trials
 // https://wiki.mozilla.org/Origin_Trials
 
@@ -597,6 +592,20 @@ lockPref("network.predictor.enable-prefetch", false); // [DEFAULT]
 lockPref("network.predictor.enabled", false);
 lockPref("network.prefetch-next", false);
 
+/// Disable Preconnect
+// https://github.com/uBlockOrigin/uBlock-issues/issues/2913
+// https://developer.mozilla.org/docs/Web/HTML/Attributes/rel/preconnect
+
+lockPref("network.preconnect", false);
+
+/// Disable Early Hints
+// https://developer.mozilla.org/docs/Web/HTTP/Status/103
+// https://github.com/bashi/early-hints-explainer/blob/main/explainer.md
+// Ex. like Cromite https://github.com/uazo/cromite/blob/master/build/patches/Client-hints-overrides.patch
+
+lockPref("network.early-hints.enabled", false);
+lockPref("network.early-hints.preconnect.enabled", false);
+
 /// Disable Search Suggestions
 /// We also set "SearchSuggestEnabled" in policies
 // https://mozilla.github.io/policy-templates/#searchsuggestenabled
@@ -662,7 +671,8 @@ defaultPref("browser.xul.error_pages.expert_bad_cert", true);
 
 lockPref("security.tls.enable_0rtt_data", false);
 
-// Require safe renegotiations - Disables RFC 5746
+/// Require safe renegotiations - Disables connections to servers without RFC 5746
+// https://wiki.mozilla.org/Security:Renegotiation
 
 defaultPref("security.ssl.require_safe_negotiation", true);
 
@@ -685,9 +695,10 @@ lockPref("security.tls.hello_downgrade_check", true); // [DEFAULT]
 
 lockPref("network.websocket.allowInsecureFromHTTPS", false); // [DEFAULT]
 
-/// Enforce blocking additional ports
+/// Always block access to restricted ports
+// https://superuser.com/questions/1272036/firefox-quantum-i-want-to-access-restricted-port-but-network-security-ports-b
 
-lockPref("network.security.ports.banned.override", ""); // [DEFAULT]
+lockPref("network.security.ports.banned.override", ""); // [DEFAULT, HIDDEN]
 
 /// Enable Post Quantum Key Agreement (Kyber)
 /// We also set "PostQuantumKeyAgreementEnabled" in policies
@@ -768,9 +779,9 @@ lockPref("network.notify.checkForNRPT", false);
 lockPref("network.notify.checkForProxies", false);
 
 /// Enforce EncryptedClientHello
+// https://blog.cloudflare.com/announcing-encrypted-client-hello
 // We also set "DisableEncryptedClientHello" in policies
 // https://mozilla.github.io/policy-templates/#disableencryptedclienthello
-// https://blog.cloudflare.com/announcing-encrypted-client-hello
 
 lockPref("network.dns.echconfig.enabled", true); // [DEFAULT]
 lockPref("network.dns.http3_echconfig.enabled", true); // [DEFAULT]
@@ -810,10 +821,12 @@ lockPref("security.remote_settings.crlite_filters.enabled", true);
 lockPref("security.certerrors.permanentOverride", false);
 
 /// Enforce Strict Certificate Pinning
+// https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning#How_to_use_pinning
 
 lockPref("security.cert_pinning.enforcement_level", 2);
 
 /// Enable & Enforce Certificate Transparency
+// https://wiki.mozilla.org/SecurityEngineering/Certificate_Transparency
 // https://searchfox.org/mozilla-central/source/modules/libpref/init/StaticPrefList.yaml#15868
 
 lockPref("security.pki.certificate_transparency.mode", 2); // [DEFAULT: 0]
@@ -960,6 +973,11 @@ defaultPref("browser.ml.chat.hideFromLabs", false);
 
 defaultPref("browser.ml.chat.shortcuts.custom", true); // [DEFAULT]
 
+/// Disable AI "Autofill Experiment"...
+// https://searchfox.org/mozilla-central/source/toolkit/components/formautofill/MLAutofill.sys.mjs
+
+defaultPref("extensions.formautofill.ml.experiment.enabled", false);
+
 lockPref("browser.phoenix.011.applied", true);
 
 // 012 WEBRTC
@@ -1202,6 +1220,12 @@ lockPref("webgl.disable-fail-if-major-performance-caveat", false);
 
 lockPref("browser.display.use_system_colors", false);
 
+/// Enable fdlibm for Math.sin, Math.cos, and Math.tan
+// https://searchfox.org/mozilla-central/source/modules/libpref/init/StaticPrefList.yaml#8720
+// https://groups.google.com/a/mozilla.org/g/dev-platform/c/0dxAO-JsoXI/m/eEhjM9VsAgAJ
+
+defaultPref("javascript.options.use_fdlibm_for_sin_cos_tan", true);
+
 lockPref("browser.phoenix.016.applied", true);
 
 // 017 MISC. PRIVACY
@@ -1365,11 +1389,15 @@ lockPref("browser.phoenix.018.applied", true);
 
 /// Disable JavaScript Just-in-time Compilation (JIT)
 // https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/
+// https://firefox-source-docs.mozilla.org/js/index.html#javascript-jits
+// https://codeberg.org/rusty-snake/firefox-config/src/branch/main/assets/user-overrides.js#L60
 
-defaultPref("javascript.options.baselinejit", false);
-defaultPref("javascript.options.ion", false);
-defaultPref("javascript.options.native_regexp", false); //  https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21865 https://searchfox.org/mozilla-central/source/modules/libpref/init/StaticPrefList.yaml
-defaultPref("javascript.options.wasm_baselinejit", false);
+defaultPref("javascript.options.baselinejit", false); // Baseline Compiler
+defaultPref("javascript.options.blinterp", false); // Baseline Interpreter 
+defaultPref("javascript.options.ion", false); // WarpMonkey
+defaultPref("javascript.options.main_process_disable_jit", true); // https://searchfox.org/mozilla-central/source/modules/libpref/init/StaticPrefList.yaml#8761
+defaultPref("javascript.options.native_regexp", false); // irregexp https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21865 https://searchfox.org/mozilla-central/source/modules/libpref/init/StaticPrefList.yaml
+defaultPref("javascript.options.wasm_baselinejit", false); // WASM Baseline Compiler
 
 /// Disable ASM.JS (More JIT)
 // https://rh0dev.github.io/blog/2017/the-return-of-the-jit/
@@ -1393,6 +1421,16 @@ defaultPref("gfx.font_rendering.opentype_svg.enabled", false);
 
 defaultPref("permissions.default.xr", 2);
 
+/// Disable SharedArrayBuffer using window.postMessage
+// https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/SharedArrayBuffer
+// https://developer.mozilla.org/docs/Web/API/Window/postMessage
+// https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
+// https://github.com/tc39/ecma262/issues/1435
+// By default, Firefox restricts the use of SharedArrayBuffer - this fully disables it.
+
+lockPref("dom.postMessage.sharedArrayBuffer.bypassCOOP_COEP.insecure.enabled", false); // [DEFAULT]
+defaultPref("dom.postMessage.sharedArrayBuffer.withCOOP_COEP", false);
+
 lockPref("browser.phoenix.019.applied", true);
 
 // 020 MISC. SECURITY
@@ -1510,6 +1548,8 @@ lockPref("security.external_protocol_requires_permission", true); // [DEFAULT]
 /// Enforce various other important security-related prefs
 // https://searchfox.org/mozilla-central/source/modules/libpref/init/StaticPrefList.yaml#15473
 
+lockPref("dom.block_external_protocol_in_iframes", true); // [DEFAULT]
+lockPref("dom.block_external_protocol_navigation_from_sandbox", true); // [DEFAULT]
 lockPref("security.all_resource_uri_content_accessible", false); // [DEFAULT]
 lockPref("security.allow_eval_in_parent_process", false); //[DEFAULT on standard Firefox releases only, not on ex. Thunderbird & other builds]
 lockPref("security.allow_eval_with_system_principal", false); // [DEFAULT on standard Firefox releases only, not on ex. Thunderbird & other builds]
@@ -1523,13 +1563,25 @@ lockPref("security.data_uri.block_toplevel_data_uri_navigations", true); // [DEF
 
 lockPref("dom.security.skip_about_page_has_csp_assert", false);
 
+/// Apply CSP to internal browser.xhtml
+// https://searchfox.org/mozilla-central/source/modules/libpref/init/StaticPrefList.yaml#15628
+
+lockPref("security.browser_xhtml_csp.enabled", true); // [HIDDEN]
+
 /// Enable Trusted Types (Like Chromium)
 // https://w3c.github.io/trusted-types/dist/spec/
 // https://developer.mozilla.org/docs/Web/API/Trusted_Types_API
 // https://www.theregister.com/2023/12/21/mozilla_decides_trusted_types_is/
 
 defaultPref("dom.security.trusted_types.enabled", true);
 
+/// Prevent marking JIT code pages as both writable and executable, only one or the other...
+// https://searchfox.org/mozilla-central/source/modules/libpref/init/StaticPrefList.yaml#8714
+// Might cause issues in certain specific set-ups
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1876632
+
+defaultPref("javascript.options.content_process_write_protect_code", true);
+
 lockPref("browser.phoenix.020.applied", true);
 
 // 021 BLOCK COOKIE BANNERS
@@ -1628,6 +1680,11 @@ lockPref("browser.phoenix.024.applied", true);
 
 /// 025 MISC.
 
+/// Disable WebVTT Testing Events
+// https://searchfox.org/mozilla-central/source/modules/libpref/init/StaticPrefList.yaml
+
+lockPref("media.webvtt.testing.events", false);
+
 /// Disable middle mouse clicks from pasting clipboard contents by default
 // Too easy to accidentally press...
 

diff --git a/policies.json b/policies.json
@@ -1939,6 +1939,18 @@
         "Value": "",
         "Status": "locked"
       },
+      "network.early-hints.enabled": {
+        "Value": false,
+        "Status": "locked"
+      },
+      "network.early-hints.preconnect.enabled": {
+        "Value": false,
+        "Status": "locked"
+      },
+      "network.preconnect": {
+        "Value": false,
+        "Status": "locked"
+      },
       "network.protocol-handler.external.shell": {
         "Value": false,
         "Status": "locked"