Share your browser prefs.js!

The advances users of Mozilla-based web browsers tend to have a large set of preferences. Let’s start a trend of sharing them!

I throw all my settings into one prefs.js that gets distributed through my various means to the system directory. That’s why you see pref() here instead of user_pref(). Not all of these options apply to each browser, but the extra ones do not hurt. So these could affect Waterfox, Palemoon, or Firefox web browsers.

// file: /usr/lib/waterfox/browser/defaults/preferences/bgstack15-waterfox-prefs.js
// last modified 2020-04-15
// reference:
//    https://support.mozilla.org/en-US/kb/customizing-firefox-using-autoconfig
// Turn off updates. I use my package manager for browser updates.
pref("app.update.auto",                     false);
pref("app.update.autoInstallEnabled",       false);
pref("app.update.enabled",                  false);
pref("extensions.update.autoUpdateDefault", false);
// Disable previews of tabs. I just do not like the feature
pref("browser.allTabs.previews", false);
pref("browser.ctrlTab.previews", false);
pref("browser.ctrlTab.recentlyUsedOrder", false);
// Old-style backspace action to navigate backwards through browsing history.
pref("browser.backspace_action", 0);
// Do not prompt for download location. Just use ~/Downloads.
pref("browser.download.useDownloadDir", true);
// Show blank page on a new tab.
pref("browser.newtab.choice", 1);
pref("browser.newtabpage.enabled", false);
pref("browser.newtabpage.storageVersion", 1);
// Do not suggest similar searches when typing into the bar. 
pref("browser.search.suggest.enabled", false);
// Disable these by choice.
pref("browser.safebrowsing.malware.enabled", false);
pref("browser.safebrowsing.phishing.enabled", false);
// Hide this search plugin.
pref("browser.search.hiddenOneOffs", "DuckDuckGo");
// Do not automatically check for updates to search plugins.
pref("browser.search.update", false);
// Do not show separate widget in navigation bar.
pref("browser.search.widget.inNavBar", false);
// Load all tabs when starting browser. I hate load-on-demand, which is when it loads only when you switch to that tab.
pref("browser.sessionstore.restore_on_demand", false);
// Do not check if this is the OS default browser.
pref("browser.shell.checkDefaultBrowser",   false);
// Set my home page.
pref("browser.startup.homepage",            "data:text/plain,browser.startup.homepage=https://start.duckduckgo.com/");
pref("browser.startup.page", 3);
// Closing the last tab does not close the browser window.
pref("browser.tabs.closeWindowWithLastTab", false);
// Obviously I did not type this one myself. This controls the layout of the buttons on the navigation bar.
pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"e10s-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-button\",\"history-panelmenu\",\"fullscreen-button\",\"find-button\",\"preferences-button\",\"add-ons-button\",\"developer-button\",\"sync-button\"],\"addon-bar\":[\"addonbar-closebutton\",\"status-bar\"],\"PersonalToolbar\":[\"personal-bookmarks\"],\"nav-bar\":[\"urlbar-container\",\"bookmarks-menu-button\",\"downloads-button\",\"home-button\",\"jid1-n8wh2cbfc2qauj_jetpack-browser-action\",\"ublock0_raymondhill_net-browser-action\",\"_f73df109-8fb4-453e-8373-f59e61ca4da3_-browser-action\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"toolbar-menubar\":[\"menubar-items\"]},\"seen\":[\"jid1-n8wh2cbfc2qauj_jetpack-browser-action\",\"ublock0_raymondhill_net-browser-action\",\"_f73df109-8fb4-453e-8373-f59e61ca4da3_-browser-action\",\"developer-button\"],\"dirtyAreaCache\":[\"PersonalToolbar\",\"nav-bar\",\"TabsToolbar\",\"toolbar-menubar\",\"PanelUI-contents\",\"addon-bar\"],\"currentVersion\":6,\"newElementCount\":0}");
// Use dense view.
pref("browser.uidensity", 1);
// Do not hide the http and colon-slash-slash elements of a URL in the url bar.
pref("browser.urlbar.trimURLs", false);
// Disable enlarged-upon-selected url bar.
pref("browser.urlbar.update1", false);
// Allow me to see ssl error messages (and the ability to continue past them).
pref("browser.xul.error_pages.enabled", false);
// Do not use webcam for this feature.
pref("camera.control.face_detection.enabled", false);
// Null-route these URLs
pref("captivedetect.canonicalURL", "http://127.0.0.1:9999/");
pref("devtools.devedition.promo.url", "https://127.0.0.1:9999/");
pref("dom.push.serverURL", "wss://127.0.0.1:9999/");
pref("security.ssl.errorReporting.url", "http://127.0.0.1:9999/");
pref("services.settings.server", "http://127.0.0.1:9999/");
pref("webextensions.storage.sync.serverURL", "http://127.0.0.1:9999/");
// Metadata that is not very important but it ended up in my copy-paste work.
pref("distribution.stackrpms.bookmarksProcessed", true);
// Disable Mozilla experiments.
pref("experiments.activeExperiment", false);
// This plugin is probably uBlock origin.
pref("extensions.enabledAddons", "%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.3.0");
// Tell the browser that we already showed the user the page for "Select your addons" so it does not bother the user.
pref("extensions.shownSelectionUI", true);
// Already assume these plugins are enabled. This can help suppress the warning, "An admin added these plugins. Please choose to enable them or not."
pref("extensions.webextensions.uuids", "{\"uBlock0@raymondhill.net\":\"7f64930e-0e43-4813-97c3-6fcb8a82e63b\",\"jid1-n8wH2cBfc2QaUj@jetpack\":\"5b1c5018-34cd-4778-902b-08741e3d0002\",\"{f73df109-8fb4-453e-8373-f59e61ca4da3}\":\"b7ece467-f6eb-4254-a815-1029330a9793\"}");
// Select "Highlight all" for the find function.
pref("findbar.highlightAll", true);
// Miscellaneous
pref("gecko.handlerService.migrated", true);
pref("marionette.prefs.recommended", false);
pref("network.cookie.prefsMigrated", true);
pref("privacy.sanitize.migrateFx3Prefs", true);
// Do not warn me when entering about:config
pref("general.warnOnAboutConfig", false);
// Disable geolocation functions
pref("geo.enabled", false);
// Trust my domain for Kerberos authentication
pref("network.automatic-ntlm-auth.trusted-uris", ".ipa.example.com");
pref("network.negotiate-auth.trusted-uris", ".ipa.example.com");
// Disable the captive portal detection logic.
pref("network.captive-portal-service.enabled", false);
// Disable dns prefetching (exactly what it sounds like).
pref("network.dns.disablePrefetch", true);
// Disable whatever these are.
pref("network.predictor.enabled", false);
pref("network.prefetch-next", false);
// Disable requiring HSTS. Use at my own risk!
pref("network.stricttransportsecurity.preloadlist", false);
// Disable Reader mode.
pref("reader.parse-on-load.enabled", false);
// More personal ssl choices. Use at my own risk!
pref("security.cert_pinning.enforcement_level", 0);
// Hide these search plugins. Somehow the Debian package search keeps getting re-enabled so I need to work on this one.
pref("services.sync.declinedEngines", "");
// Startup home page (if I were to choose the option "Load these pages at startup," which I did not)
pref("startup.homepage_override_url",       "");
pref("startup.homepage_override_url", "");
// Hm, there should be more of these, particularly toolkit.telemetry.enabled = false
pref("toolkit.telemetry.reportingpolicy.firstRun", false);
// Trust these domain names for installing extensions: none!
pref("xpinstall.whitelist.add", "");
// Control DNS over HTTPS (DoH) and Trusted Recursive Resolver (TRR).
// More about DoH: https://github.com/bambenek/block-doh
// https://blog.nightly.mozilla.org/2018/06/01/improving-dns-privacy-in-firefox/
// https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https
// https://wiki.mozilla.org/Trusted_Recursive_Resolver
// 0: Off by default, 1: Firefox chooses faster, 2: TRR default w/DNS fallback,
// 3: TRR only mode, 4: Use DNS and shadow TRR for timings, 5: Disabled.
pref("network.trr.mode", 0);
// Disable Pocket and null-route the URLs.
pref("extensions.pocket.enabled", false);
pref("extensions.pocket.api", "http://localhost:9980");
pref("extensions.pocket.site", "http://localhost:9980");

Save firefox profile to 7zip file

Because one of my workstations is a non-persistent environment, I wrote a script to backup my Firefox profile. It uses a few tricks to do what I want it to do– serialize the filename, and encrypt even the filenames in the compressed file.

# File: \\storage2\c$\users\bgstack15\u_drive\vdi\save-firefox.ps1
# License: CC-BY-SA 4.0
# Author: bgstack15
# Startdate: 2019-11-05 11:24
# Title: Script that Saves Firefox Profile from VDI
# Purpose: Backup the entire Firefox directory because the VDI has nonpersistent sessions
# History:
# Usage:
# Reference:
#    https://stackoverflow.com/questions/20886243/press-any-key-to-continue/20886446#20886446
#    https://stackoverflow.com/questions/28352141/convert-a-secure-string-to-plain-text/28353003#28353003
# Improve:
# Documentation:
#  Assumptions:
#   The network location  has already been accessed, particularly because this script is hosted there and we need to dump a file there without having to authenticate.
#   7zip is installed in the VDI

# Define variables
# it is assumed I already access this network location so I do not need to authenticate
$outdir = "\\storage2\c$\users\bgstack15\u_drive\vdi"
$7z = "${env:ProgramFiles}\7-zip\7z.exe"
$today = Get-Date -Format yyyy-MM-dd
$indir = "${env:APPDATA}\Mozilla\Firefox"

# Functions
Function MyWait {
   Write-Host -NoNewLine 'Press any key to continue...'
   $null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown')
}

Function ToPlainText {
	param(
		[Parameter(ValueFromPipeline=$true)]$inSecureString
	)
	#$inSecureString = ConvertTo-SecureString $PlainPassword
	$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($inSecureString)
	$outPlainString = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
	[System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($BSTR)
	Return $outPlainString
}

######
# Main

# learn filename to use
$outfile = $outdir + "\firefox." + $today
# if file exists, change name.
$num=0
while (Test-Path "${outfile}.${num}.7z")
{
   write-Host "Incrementing because ${outfile}.${num}.7z exists..."
   $num++;
}
$outfile="${outfile}.${num}.7z"

# prompt for password
$pass1 = Read-Host -AsSecureString -Prompt "Generate a password"
$pass2 = Read-Host -AsSecureString -Prompt "Enter the password again"

# validate passwords
if (($pass1 | ToPlainText) -ne ($pass2 | ToPlainText))
{
   Write-Error -Category InvalidData -ErrorId "PasswordsMismatched" "Passwords do not match. Aborted."
   Exit 1
}
$passparam="-p$($pass1 | ToPlainText)"

# archive
Write-Host "$7z" -ArgumentList $passparam,"a","${outfile}",$indir
Start-Process -Wait -NoNewWindow "$7z" -ArgumentList "-mhe=on","$passparam","a","${outfile}",$indir

firefox keeps reloading existing tabs when i switch

Firefox will unload tabs if you’re running low on memory (for whatever reason). Change these settings in about:config to keep the tabs loaded, and then restart Firefox.

browser.tabs.unloadOnLowMemory = false
accessibility.blockautorefresh = true

References

Weblinks

  1. How To Stop Firefox Tabs From Auto-Refreshing on Tab Switch – Super User
  2. [Fix] Mozilla Firefox Automatically Suspends Tabs and Reloads When You Visit – AskVG

Internet searches

  1. firefox having to reload loaded tabs

Firefox disable a ping

What is an html a ping

An html “a ping” is a characteristic of an <a> tag that is used to track when a link is followed.
An example: the following link to the front page of this blog has an A ping characteristic:
https://bgstack15.wordpress.com

The characteristic looks like:

<a href="https://bgstack15.wordpress.com" ping="https://bgstack15.wordpress.com/ping">https://bgstack15.wordpress.com</a>

Disable html ping in Firefox

In about:config, set:

browser.send_pings = false

References

Weblinks

  1. https://www.thewindowsclub.com/ping-hyperlink-auditing-in-chrome-firefox

Firefox disable recommended extensions

Firefox apparently is trying to jump the shark with even more pocket-esque behavior. This is why I install Pale Moon (and its Linux page) on my new builds instead of Firefox.

I normally schedule my posts, in case you couldn’t tell, for the morning of every fourth day. But this post is going out immediately.

Disable Firefox’s “Contextual Feature Recommender” with this entry in prefs.js:

user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", false);

You can extrapolate the about:config option.

Other places on the Internet show you how to do it through the gui if you prefer.

References

My own research (diff prefs.js prefs.js.old)

Firefox trust system trusted certificates

last updated 2019-07-11

Mozilla maintains its own certificate store mechanism (nss), and eschews the system trust store.

Somehow, my Fedora systems that are joined to freeipa work correctly with my ipa certs. I suspect Fedora compiles firefox with the directive to read the /etc/ipa/nss directory. On Devuan I have not had success with that location, nor /etc/pki/nss. All of this is still a bit voodoo to me, and it’s sad that Firefox trusts [techrepublic.com] the Windows system trusted root cert store but not the GNU/Linux one.

To programmatically add your root ca certs to the existing firefox profiles, use a shell scriptlet lifted from firefox – Programmatically Install Certificate Into Mozilla [stackoverflow.com]:

certificateFile="MyCa.cert.pem"
certificateName="MyCA Name" 
for certDB in $(find  ~/.mozilla* ~/.thunderbird -name "cert8.db")
do
  certDir=$(dirname ${certDB});
  #log "mozilla certificate" "install '${certificateName}' in ${certDir}"
  certutil -A -n "${certificateName}" -t "TCu,Cuw,Tuw" -i ${certificateFile} -d ${certDir}
done

For new users, you probably need to do this to /etc/skel/.mozilla/firefox/*.default.

Update

An easier way is possible on debian-based distros with the p11-kit package. After installing that package, you can configure Firefox to include the library in the “Security Devices” in about:preferences -> Privacy and Security tab.

Select the “Load” button to add a new entry, and name it something and specify the full path to the library. On Devuan ceres, my file was /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so

It would not hurt to restart Firefox, but I think the change was immediate for me.

References

Internet searches

firefox p11-trust

Weblinks

  1. Original https://www.techrepublic.com/article/how-to-add-a-trusted-certificate-authority-certificate-to-chrome-and-firefox/
  2. Kernel of idea for p11-kit https://askubuntu.com/questions/244582/add-certificate-authorities-system-wide-on-firefox/1036637#1036637
  3. Simple instructions https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox

Getting Firefox and Java to work with jnlp files

If you are having trouble opening a jnlp file (e.g., for IPMI console access) you can try some of these steps.

Tell Firefox to allow pop-up windows for this site

Tell Firefox how to handle the filetype .jnlp

Tell it to open it with /usr/bin/javaws

Tell Java to allow the site to run applications

If you get “Application Blocked by Java Security” you can fix that by editing an exceptions list.

Modify file ~/.java/deployment/security/exception.sites

Each line in this file should be a protocol and domain name or IP address for the exception, e.g.:

http://172.20.0.19
http://172.20.0.20

References

  1. https://java.com/en/download/faq/java_webstart.xml
  2. https://stackoverflow.com/questions/25949651/openjdk-how-to-add-site-to-exception-list#25950032

Firefox disable don’t load tabs until selected

tl;dr

about:config
browser.sessionstore.restore_on_demand = False

Explanation

When I tell my browser to run, I want it to load all of my previous tabs, as well as actually load the tabs. When I switch to it, it should be fast, because it as already loaded the content. I don’t want it to flash and load upon my selecting the tab; it should already do that!

There used to be an option in Firefox’s preferences for changing this, but it was removed from the gui. But it’s still there in about:config.

References

Weblinks

https://bugzilla.mozilla.org/show_bug.cgi?id=711193#c63