From eb869b8bf7f25e0ace0b2c811cf4cd9157f087ec Mon Sep 17 00:00:00 2001 From: pyllyukko Date: Wed, 28 Jun 2017 13:41:52 +0300 Subject: [PATCH] make whatdoesitdo --- README.md | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/README.md b/README.md index 61ae34fb..d9f57907 100644 --- a/README.md +++ b/README.md @@ -159,8 +159,6 @@ HTML5 / [APIs](https://wiki.mozilla.org/WebAPI) / [DOM](https://en.wikipedia.org * Disable battery API (Firefox < 52) [ [1](https://developer.mozilla.org/en-US/docs/Web/API/BatteryManager) [2](https://bugzilla.mozilla.org/show_bug.cgi?id=1313580) ] * Disable telephony API [ [1](https://wiki.mozilla.org/WebAPI/Security/WebTelephony) ] * Disable "beacon" asynchronous HTTP transfers (used for analytics) [ [1](https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon) ] -* Disable clipboard event detection (onCut/onCopy/onPaste) via Javascript -* Disable "copy to clipboard" functionality via Javascript (Firefox >= 41) * Disable speech recognition [ [1](https://dvcs.w3.org/hg/speech-api/raw-file/tip/speechapi.html) [2](https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition) [3](https://wiki.mozilla.org/HTML5_Speech_API) ] * Disable speech synthesis [ [1](https://developer.mozilla.org/en-US/docs/Web/API/SpeechSynthesis) ] * Disable sensor API [ [1](https://wiki.mozilla.org/Sensor_API) ] @@ -295,7 +293,6 @@ Enable and configure private browsing mode, don't store information locally duri * Disable disk cache [ [1](http://kb.mozillazine.org/Browser.cache.disk.enable) ] * Disable Caching of SSL Pages * Disable download history -* Disable password manager * Disable form autofill, don't save information entered in web page forms and the Search Bar * The cookie's lifetime is supplied by the server * Require manual intervention to autofill known username/passwords sign-in forms [ [1](http://kb.mozillazine.org/Signon.autofillForms) [2](https://www.torproject.org/projects/torbrowser/design/#identifier-linkability) ] @@ -417,9 +414,6 @@ Hardening your often implies a trade-off with ease-of-use and comes with reduced * Disabling ServiceWorkers breaks functionality on some sites (Google Street View...) * Disabling Web Workers breaks "Download as ZIP" functionality on https://mega.nz/, WhatsApp Web and probably others * Disabling WebRTC breaks peer-to-peer file sharing tools (reep.io ...) -* Disabling clipboard events breaks Ctrl+C/X/V copy/cut/paste functionaility in JS-based web applications (Google Docs...) -* Disabling clipboard operations will break legitimate JS-based "copy to clipboard" functionality -* Enabling Mixed Display Content blocking can prevent images/styles... from loading properly when connection to the website is only partially secured * Disabling SVG support breaks many UI elements on many sites * Disabling nonessential protocols breaks all interaction with custom protocols such as mailto:, irc:, magnet: ... and breaks opening third-party mail/messaging/torrent/... clients when clicking on links with these protocols * Containers are not available in Private Browsing mode @@ -438,6 +432,7 @@ Hardening your often implies a trade-off with ease-of-use and comes with reduced * Installing user.js will remove your browsing history, caches and local storage. * Installing user.js **will remove your saved passwords** (https://github.com/pyllyukko/user.js/issues/27) * Clearing open windows on Firefox exit causes 2 windows to open when Firefox starts https://bugzilla.mozilla.org/show_bug.cgi?id=1334945 +* Make sure to set a Master password to protect Firefox's password storage against basic malware that could extract your password information * .URL shortcut files will be created with a generic icon * OCSP leaks your IP and domains you visit to the CA when OCSP Stapling is not available on visited host * OCSP is vulnerable to replay attacks when nonce is not configured on the OCSP responder