Firefox Hardening
The purpose of this document is to assist with This document was last updated on 10/18/22 and was written and tested with Firefox 105.
Tab: General
- Uncheck “Open previous windows and tabs”
Downloads
- Enable “Always ask you where to save files”
Applications
- Review known content types and the related actions. Consider changing them all to “Always ask”
- Under “What should Firefox do with other files” select “Ask whether to open or save files”
Digital Rights Management (DRM) Content
- Disable “Play DRM-controlled content”
Browsing
- Disable “Recommend extensions as you browse”
- Disable “Recommend features as you browse”
Network Settings
- Click on “Settings”
- Enable “Enable DNS over HTTPS”
- Under “Use Provider” select “Custom”
- Put in the address of a privacy-focused DNS over HTTPS (DoH) provider.
Tab: Home
New Windows and Tabs
- Consider setting “Homepage and new windows” to “Blank Page”
- Consdier setting “New tabs” to “Blank Page”
Firefox Home Content
- If you chose not to set both “Homepage and new windows” and “New tabs” you should, at a minimum, disable:
- Recommended by Pocket
- Recent Activity
- Snippets
Tab: Search
Default Search Engine
- Set the Default Search Engine to a privacy-focused search engine.
Search Suggestions
- Disable “Provide search suggestions”
Tab: Privacy & Security
Tracking Protection
- Set to “Strict”
- Set “Send websites a ‘Do not Track’ signal that you don’t want to be tracked.” to “Always”
Cookies and Site Data
- Enable “Delete cookies and site data when Firefox is closed” ** Feel free to add exceptions on a case by case basis.
Logins and Passwords
- Disable “Ask to save logins and passwords for websites”
- Click on “Saved Logins…” and delete all records (after backing them up into a privacy-focused password manager)
- Consider disableing “Show alerts about passwords for breached sites”
Forms and Autofill
- Disable “Autofill addresses”
- Click on “Saved Addresses…” and delete all records.
- Disable “Autofill credit cards”
- Click on “Saved Credit Cards…” and delete all records.
History
- For “Firefox will…” choose “Never remember history”
Address Bar - Firefox Suggest
- Disable everything
Permissions
- Review which websites have access to “Location”, “Camera”, “Microphone”, “Notifications”, “Autoplay”, and “Virtual Reality” delete permissions that you are not longer using or do not remember allowing.
- Enable “Block pop-up windows”
- Enable “Warn you when websites try to install add-ons”
Firefox Data Collection and Use
- Disable everything
Deceptive Content and Dangerous Software Protection
- Enable “Block dangerous and deceptive web content”
- Enable “Block dangerous downloads”
- Enable “Warn you about unwanted and uncommon software”
Certificates
- Enable “Query OSCP responder servers to confirm the current validity of certificates”
HTTPS-Only Mode
- Select Enable HTTPS-Only Mode in all Windows (This may break wifi auth)
Advanced Configuration
The following steps are advanced configuration steps and require changing non-standard settings. Some of the settings listed below may be related to features which are currently considered to be experimental, in development, or not rolled out to all versions of Firefox. Depending on your browsing experience, you may need to undo changes made in this section if certain websites cease to function as expected.
All of the changes listed in this section are made through the Firefox “Advanced Preferences” interface which is accessed through entering “about:config” in your address bar.
Fission
- Set the “fission.autostart” property to true
Fission is Mozilla’s implementation of Site Isolation in Firefox. Site Isolation is a security feature that offers additional protection in case of large classes of security bugs. Site Isolation safely sandboxes web pages and web frames, isolating them from each other, further strengthening Firefox security. For more information, please visit the Mozilla wiki.
Resist Fingerprinting
- Set the “privacy.resistFingerPrinting” property to true. Firefox’s resist fingerprinting setting enables a powerful features which blocks many of the techniques used to fingerprint web browsers and evade user attempts to preserve privacy. Changing this setting makes myriad under-the-hood changes to how Firefox behaves. A full list of implemented changes is available at the Mozilla wiki
Plugins
The following is a list of plugins which it is suggested you use.