Firefox Security Settings

Author: Wang xiaofo
Source: Kwangsi

1. Modify useragent
In FF, enter about: config to add general. useragent. override.
Set to GoogleBot 1.2 (+ http://www.google.com/bot.html)
You can also set it to another one.
After being set to googlebot, access to some sites is restricted, such as yahoo, wiki, and gmail. You can use the firefox plug-in to switch between useragents.

2. Install the Security plug-in
Install noscirpt and firekeeper
In NOSCIRPT, disable JAVA/adobe flash/SILVERLIGHT/other INS/IFRAME. If it is disabled, check all.
Select to apply these restrictions to trusted sites.
These settings do not affect usage.

3. Install TOR and TORBuTTON.
Use TOR to browse untrusted websites. But do not use a tor to send emails or anything. The fbi and tianchao both set a lot of sniffable exit nodes.

4. Cancel File Association
By default, wma, avi, and swf can be automatically enabled or played. this is dangerous. On the one hand, you can use these objects to determine the operating system version. In addition, windows media player overflow may also affect ff.
In the file type, set all file actions to save to the local disk. If you want to see flash, no matter flash.

5. XSS/CRSF Protection
There are noscirpt and firekeeper, which should have done well in anti-Cross-Site defense. But you have to set it just in case.
Clear my data when I quit FIREFOX.
In this way, every time you exit the firefox cookie, it will be cleared. If someone else sends a url for you to click something, it will not steal cookies or anything.

6. prevent other EXP attacks and catch 0-day attacks
The above settings are safe. But not enough.
Firekeeper can help.
The following is a rule of firekeeper.
Alert (body_content: "anih | 24 00 00 00 |"; body_re: "/^ RIFF. * anihx24x00x00x00. * anih (?! X24x00x00x00)/s "; msg:" possible ms ani exploit "; reference: url, http://www.determina.com/security.research/vulnerabilities/ani-header.html ;)

Similarly, we can determine whether any jpg or gif file contains a unique file header to determine whether it is a real image.
However, if the image overflows, the file header is still yes. can also be disabled. However, if this is disabled, there will be no significance for the browser.
So some of the keywords I provide for firekeeper are

Unescape
Eval
0x0A0A0A0A
0x0d0d0d0d
0x0c0c0c0c
Payload
For five consecutive % u *
5 In a row &#
And so on.

In this way, we can not only defend against attacks, but what else can we catch if we are lucky.