Firefox hardening

Sane security conscious settings

To use, place user.js in one of the following folders:

• GNU/Linux (hidden folder): ~/.mozilla/firefox/
• Windows: C:\Users<Username>\AppData\Roaming\Mozilla\Firefox\Profiles<Profile>\

IMPORTANT: You are to manually check everything below extensions.ui.locale.hidden. Something is wrong with the user.js parser.

Notes:

• Set user_pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0"); manually. You can thank mozilla for that, since it's 'technically' obsolete (it does work, I have no idea why Firefox stops reading user.js at that entry);
• DOM storage's size has been reduced, but has not been disabled for compatibility purposes;
• webGL is turned on for my convenience;

• Fonts used:

  Serif: Liberation Serif Sans-Serif: Ubuntu Monospace: Ubuntu Mono

Extensions:

• BetterPrivacy (not compatible with FF42)
• Decentraleyes
• HTTPS-Everywhere
• HTTPS Finder
• Policeman uMatrix (in default-deny mode; malware lists checked)
• uBlock by Gorhill (non-advanced mode; malware lists unchecked)

Chromium requires Chameleon 0.6 in order to change the HTTP_ACCEPT headers, as well as the user agent (although replacing the latter is trivial).

Flash users, disable font enumeration if possible (mms.cfg). Firefox users ought to use freshplayerplugin, a ppapi2npapi compatibility layer that allows Firefox to use Chrome's up-to-date pepperflash.

For a user.js with more emphasis on security (occasionally at the cost of functionality, like when you completely disable DOM storage, for instance), and less emphasis on blending in, check pyllyukko's user.js.

Note: This is my ESR Firefox profile, with not only security-focused settings, but also network related tweaks to squeeze some performance out of it, general performance based settings, amongst other things.