user.js

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README
commit 069d8214137df14338a0371b52da6bd6a12918ad
parent 4d0e5825a27ca5a899cad8bb00e8bddd84650940
Author: Roman-Nopantski <Roman-Nopantski@users.noreply.github.com>
Date:   Wed, 22 Feb 2017 07:32:52 +1300

mods to earthlng patch #19

shortened and evened out lines, added that extra link. I changed "Internationalized Domain Names" to IDNs to save space and then realized the kb and wiki articles don;t even say what IDN stands for, so I put it back.

Also swapped the order and wording of the pref to make it consistent with the action. Instead of
- "2672: eliminate possible .. show_punycode", true)"
- "2672: force Punycode .. show_punycode", true)"
Diffstat:

Muser.js | 12+++++++-----


1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/user.js b/user.js
@@ -1240,13 +1240,15 @@ user_pref("security.block_script_with_wrong_mime", true);
    // WARNING: SVG is fairly common (~15% of the top 10K sites), so will cause some breakage
    // https://bugzilla.mozilla.org/show_bug.cgi?id=1216893
 user_pref("svg.disabled", true);
-// 2672: eliminate possible spoofing security risk by forcing Punycode for Internationalized Domain Names - SECURITY
-   // Firefox has *some* protections to mitigate the risk, but better safe than sorry
-   // downside: will also display legitimate IDN's punycoded, which might be undesirable for users from countries with non-latin alphabets
+// 2672: force Punycode for Internationalized Domain Names to eliminate possible spoofing security risk.
+   // Firefox has *some* protections to mitigate the risk, but it is better to be safe than sorry.
+   // The downside: it will also display legitimate IDN's punycoded, which might be undesirable for
+   // users from countries with non-latin alphabets
+   // http://kb.mozillazine.org/Network.IDN_show_punycode
    // https://wiki.mozilla.org/IDN_Display_Algorithm
    // https://en.wikipedia.org/wiki/IDN_homograph_attack
-   // CVE-2017-5383 -> https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/
-user_pref("network.IDN_show_punycode", true); // default in FF51: false
+   // CVE-2017-5383: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/
+user_pref("network.IDN_show_punycode", true);
 
 /*** 2698: FIRST PARTY ISOLATION (FPI) ***/
 // 2698a: enable first party isolation pref and OriginAttribute (FF51+)