Quote:
Originally Posted by oceanus2
What are the recommended best security practices for using Firefox on a new Linux system (Centos 7 in my case)? I only access the web using Firefox using my regular, non-root, account. Other than that, what Firefox and/or system settings should I enable/disable in order to safeguard my system from malware scripts, viruses, etc?
|
Hello
I'd recommend using one or more of the following add-ons:
NoScript
Policeman
uBlock
...and you might also consider setting some or all of the following in Firefox/about
:config to help with security:
beacon.enable = false
breakpad.reportURL = blank
browser.cache.disk.enable = false
browser.cache.disk.capacity = 0
browser.cache.offline.enable = false
browser.cache.offline.capacity = 0
browser.safebrowsing.appRepURL = blank
browser.safebrowsing.downloads.enabled = false
browser.safebrowsing.enabled = false
browser.safebrowsing.gethashURL = blank
browser.safebrowsing.malware.enabled = false
browser.safebrowsing.malware.reportURL = blank
browser.safebrowsing.reportErrorURL = blank
browser.safebrowsing.reportGenericURL = blank
browser.safebrowsing.reportMalwareErrorURL = blank
browser.safebrowsing.reportMalwareURL = blank
browser.safebrowsing.reportPhishURL = blank
browser.safebrowsing.reportURL = blank
browser.safebrowsing.updateURL = blank
services.sync.prefs.sync.browser.safebrowsing.enabled = false
services.sync.prefs.sync.browser.safebrowsing.malware.enabled = false
browser.send_pings.require_same_host = true
browser.sessionhistory.max_total_viewers = 0
browser.sessionstore.privacy_level = 2
devtools.cache.disabled = true
dom.event.clipboardevents.enabled = false
dom.storage.enabled = false
geo.enabled = false
geo.wifi.uri = blank (or
http://127.0.0.1)
keyword.enabled = false
media.peerconnection.enabled = false
network.dns.disablePrefetch = true
network.http.pipelining = true
network.http.pipelining.ssl = true
network.http.pipelining.maxrequests = 10
network.http.proxy.pipelining = true
network.http.referer.XOriginPolicy = 1
network.http.referer.spoofSource = true
network.http.referer.trimmingPolicy = 2
network.http.sendRefererHeader = 0
network.http.use-cache = false
network.prefetch-next = false
newtabpage.enabled = false
privacy.trackingprotection.enabled = true (may break some sites)
security.ssl3.ecdhe_ecdsa_rc4_128_sha = false
security.ssl3.ecdhe_rsa_rc4_128_sha = false
security.ssl3.rsa_rc4_128_md5 = false
security.ssl3.rsa_rc4_128_sha = false
social.remote-install.enabled = false
webgl.disabled = true