commit 7351e561c429adbbb94f2130a77b0a153bff8d8f
parent 4e42bad6a13ba8a840a61e5807ea0d3ddd162690
Author: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Thu, 15 Nov 2018 07:06:34 +0000
1243: mixed OBJECT_SUBREQUESTS
Diffstat:
1 file changed, 3 insertions(+), 0 deletions(-)
diff --git a/user.js b/user.js
@@ -793,6 +793,9 @@ user_pref("security.cert_pinning.enforcement_level", 2);
user_pref("security.mixed_content.block_active_content", true); // default: true
/* 1241: disable insecure passive content (such as images) on https pages - mixed context ***/
user_pref("security.mixed_content.block_display_content", true);
+/* 1243: block unencrypted requests from Flash on encrypted pages to mitigate MitM attacks (FF59+)
+ * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1190623 ***/
+user_pref("security.mixed_content.block_object_subrequest", true);
/** CIPHERS [see the section 1200 intro] ***/
/* 1260: disable or limit SHA-1
