28 lines
1.7 KiB
Nix
28 lines
1.7 KiB
Nix
|
{
|
||
|
|
/*** [SECTION 1400]: FONTS ***/
|
||
|
|
/* 1401: disable websites choosing fonts (0=block, 1=allow)
|
||
|
|
* This can limit most (but not all) JS font enumeration which is a high entropy fingerprinting vector
|
||
|
|
* [WARNING] DO NOT USE: in FF80+ RFP covers this, and non-RFP users should use font vis (4620)
|
||
|
|
* [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Allow pages to choose... ***/
|
||
|
|
# // user_pref("browser.display.use_document_fonts", 0);
|
||
|
|
/* 1403: disable icon fonts (glyphs) and local fallback rendering
|
||
|
|
* [1] https://bugzilla.mozilla.org/789788
|
||
|
|
* [2] https://gitlab.torproject.org/legacy/trac/-/issues/8455 ***/
|
||
|
|
# // user_pref("gfx.downloadable_fonts.enabled", false); // [FF41+]
|
||
|
|
# // user_pref("gfx.downloadable_fonts.fallback_delay", -1);
|
||
|
|
/* 1404: disable rendering of SVG OpenType fonts
|
||
|
|
* [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/
|
||
|
|
"gfx.font_rendering.opentype_svg.enabled" = false;
|
||
|
|
/* 1408: disable graphite
|
||
|
|
* Graphite has had many critical security issues in the past [1]
|
||
|
|
* [1] https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778
|
||
|
|
* [2] https://en.wikipedia.org/wiki/Graphite_(SIL) ***/
|
||
|
|
"gfx.font_rendering.graphite.enabled" = false;
|
||
|
|
/* 1409: limit system font exposure to a whitelist [FF52+] [RESTART]
|
||
|
|
* If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed
|
||
|
|
* [NOTE] In FF81+ the whitelist **overrides** RFP's font visibility (see 4620)
|
||
|
|
* [WARNING] DO NOT USE: in FF80+ RFP covers this, and non-RFP users should use font vis (4620)
|
||
|
|
* [1] https://bugzilla.mozilla.org/1121643 ***/
|
||
|
|
# // user_pref("font.system.whitelist", ""); // [HIDDEN PREF]
|
||
|
|
}
|