Thehandyman1957 wrote:
Seems like you are using this add-on:
https://addons.mozilla.org/en-US/firefo ... -uri-leak/
But you don't need that one to stop BL/ff ... NoScript will do the same
go to about:config
remove
resource: from
noscript.mandatory
add
resource: and
resource://gre to
noscript.untrusted
Yes you are right, I am using that add-on. I do have one questions about your instructions on Noscript.
When I add the bottom two to noscript.untrusted, is there a particular place those two need to be?
Like, does it matter where they are inserted? I am assuming there needs to be a space in front and in back?
Thanks for your great post. I did quit using the user string agent as it was causing to many problems and
Even when I was just using FF and PM strings the versions were to old. So I ditched that one.
Observe! I made a mistake in my original post,
resource: should be
resource:// (notice the double slashes added)
Yeah, just add a space in between, if you already have a bunch of websites etc added to your
noscript.untrusted, it probably looks something like....
Code: Select all
.........www.idonttrustthisshiteweb.com http://www.anothershillweb.com resource:// resource://gre
and it doesn't matter in which order you put it, I just added the goodies in the end of that string.
But I ought to add a disclaimer here, my experiences is mainly with Firefox, Palemoon though is still quite a new experience for me.
Secondly, adding resource:// to the untrusted list may still break with some add-on's, as I discovered with FreeMemory2
https://addons.mozilla.org/en-US/firefo ... -memory-20
I had to add an additional path under about:config called
capability.policy.maonoscript.sites
By adding
resource://freememory2 (actually I think, more exactly it was
resource://freememory2/data, don't remember now) will add an exclusice bypass for freememroy2 addon overriding the untrusted setting.
This might make things a bit fiddly with some add-on's, but so far I haven't noticed many glithches at all with the few add-on's I am using.
BTW, here's some more bonus stuff from maiko-the-apprentice-jap-babe, I don't know if it adds some additional protection, but you could try out adding some more exotic fun stuff to the
noscript.untrusted list, such as
blob: chrome: irc: ircs: mediasource: mediastream: /favicon.ico and manymanymany... more goodies, this is pretty new stuff as I haven't seen anyone else covering this and I too have only started scratching the surface, but considering all the nice "features" Firefox is flaunting with in the open cyberspace these might need some sweet love and care...
And don't forget to remove the equal preferences under noscript.mandatory when adding them to
noscript.untrusted and/or
capability.policy.maonoscript.sites.
Thehandyman1957 wrote:By the way, welcome to the PM forum.
Thanks a lot!