Firefox ESR comes pre-installed with Debian 12 "Bookworm" and LMDE5/6, but it doesn't come with the latest features as Firefox Quantum.
However it has the latest security and stability fixes and it gets constant updates and for LMDE5 users, installing updates are easier then ever.
The Update Manager will let you know when a new version is available for installation.
NOTE: I recommend you read through the entire page.
If you have any of the below-listed four extensions by Avast and its subsidiary AVG installed: Remove them asap!
- Avast Online Security
- AVG Online Security
- Avast SafePrice
- AVG SafePrice
I recommend you keep your plugins / addons to a minimum as some of them comes with Malware, adware and having many plugins makes you stand out on the net.
Important: WebRTC vulnerability and other important settings you should change !
The WebRTC vulnerability lets your true IP address to be exposed via STUN requests with Firefox, Chrome, Opera and Brave browsers, even when you are using a VPN.
media.peerconnection.false ( Enabled by default in V100.0 ) Needs to be changed !!!
Click + or Add button ( the same ), then change it to false. This disables WebRTC-based IP address identification.
media.peerconnection.enabled ( This is set to True by default in 104.0 ) and it will leak your IP.
Click + or Add button ( the same ), Change this to False !
privacy.firstparty.isolate = true ( Activated by default in V100.0 )
A result of the Tor Uplift effort, this preference isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains. (Don't do this if you are using the Firefox Addon "Cookie AutoDelete" with Firefox v58 or below.)
privacy.resistFingerprinting = true ( Activated by default in V100.0 )
A result of the Tor Uplift effort, this preference makes Firefox more resistant to browser fingerprinting.
privacy.trackingprotection.fingerprinting.enabled = true ( Activated by default in V100.0 )
privacy.trackingprotection.cryptomining.enabled = true (Activated by default in V100.0)
privacy.trackingprotection.enabled = true (Activated by default in V100.0)
This is Mozilla's new built-in tracking protection. It uses Disconnect.me filter list, which is redundant if you are already using uBlock Origin 3rd party filters, therefore you should set it to false if you are using the add-on functionalities.
browser.cache.offline.enable = false ( Disabled by default in V100.0 )
Disables offline cache.
userPrefs.browser.search.region = false ( Disabled by default in V100.0 )
It collects your preferred browser region and sends telemetry data to Mozilla. It is set to Boolean, but you can change it to String etc. Change it to False.
cpu.vendor = false ( Disabled by default in V100.0 )
It is set to Boolean True, Number,String. Change it to False.
os.name = false ( Disabled by default in V100.0 )
Sends telemetry about your current operating system to Mozilla. It is set to Boolean True, Number,String. Change it to False.
os.version = false ( Disabled by default in V100.0 )
Sends telemetry about your current operating system version to Mozilla. It is set to Boolean True, Number,String. Change it to False.
browser.safebrowsing.malware.enabled = false (disabled by default as of V71.0)
Disable Google Safe Browsing malware checks. Security risk, but privacy improvement.
browser.safebrowsing.phishing.enabled = false (disabled by default as of V71.0)
Disable Google Safe Browsing and phishing protection. NOTE: Security risk, but privacy improvement.
browser.send_pings = false (disabled by default as of V71.0)
The attribute would be useful for letting websites track visitors' clicks.
browser.send_pings.max_per_link = 1 ( should be 0 )
The attribute would be useful for letting websites track visitors' clicks.
browser.send_pings.require_same_host = true (disabled by default as of V100.0)
Allows Click-Tracking if sending and receiving host match. For better privacy, change to True.
browser.sessionstore.max_tabs_undo = 0 (disabled by default as of V100.0)
Even with Firefox set to not remember history, your closed tabs are stored temporarily at Menu -> History -> Recently Closed Tabs.
browser.urlbar.speculativeConnect.enabled = false (disabled by default as of V100.0)
Disable preloading of autocomplete URLs. Firefox preloads URLs that autocomplete when a user types into the address bar, which is a concern if URLs are suggested that the user does not want to connect to source.
browser.privatebrowsing.autostart (enabled by default as of V100.0)
This automatically starts Firefox in Private Browsing mode.
datareporting.healthreport.uploadEnabled = false
Prevents health reports being sent to Mozilla.
dom.battery.enabled = false (disabled by default as of V100.0)
The battery status of your device could be tracked.
dom.event.clipboardevents.enabled = false (disabled by default as of V100.0)
Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
geo.enabled = false (disabled by default as of V100.0)
media.eme.enabled = false (disabled by default as of V71.0)
Disables playback of DRM-controlled HTML5 content, which, if enabled, automatically downloads the Widevine Content Decryption Module provided by Google Inc. Details DRM-controlled content that requires the Adobe Flash or Microsoft Silverlight NPAPI plugins will still play, if installed and enabled in Firefox.
media.gmp-widevinecdm.enabled = false (disabled by default as of V100.0)
Disables the Widevine Content Decryption Module provided by Google Inc., used for the playback of DRM-controlled HTML5 content.
media.navigator.enabled = false (disabled by default as of V100.0)
Websites can track the microphone and camera status of your device.
network.proxy.socks_remote_dns = false (disabled by default as of V102.0.1 this is set to True)
No need to change this anymore.
network.cookie.cookieBehavior = 4 (Default as of V71.0)
0 = Accept all cookies by default
1 = Only accept from the originating site (block third-party cookies)
2 = Block all cookies by default
network.cookie.lifetimePolicy = 2 (Default as of V71.0)
cookies are deleted at the end of the session
0 = Accept cookies normally
1 = Prompt for each cookie
2 = Accept for current session only
3 = Accept for N days
network.http.referer.trimmingPolicy = 2 (Default as of V100.0)
Send only the scheme, host, and port in the Referer header
0 = Send the full URL in the Referer header
1 = Send the URL without its query string in the Referer header
2 = Send only the scheme, host, and port in the Referer header
network.http.referer.XOriginPolicy = 2 (Default as of V100.0)
Only send Referer header when the full hostnames match. (Note: if you notice significant breakage, you might try 1 combined with an XOriginTrimmingPolicy tweak below.)
0 = Send Referer in all cases
1 = Send Referer to same eTLD sites
2 = Send Referer only when the full hostnames match
network.http.referer.XOriginTrimmingPolicy = 2 (Default as of V100.0)
When sending Referer across origins, only send scheme, host, and port in the Referer header of cross-origin requests.
0 = Send full url in Referer
1 = Send url without query string in Referer
2 = Only send scheme, host, and port in Referer
network.dns.disablePrefetch = True (Default as of V100.0)
Setting this preference to true will disable Firefox from “prefetching” DNS requests. However you might want to read this !
network.prefetch-next = false (disabled by default as of V100.0)
Disable pre-fetching of webpages as this poses as a privacy risk.
network.websocket.enabled ( Finally disabled by default as of V103.0 ) IMPORTANT FOR VPN Users!!!
If you use a VPN, the Websockets can leak your real IP-address ( caution ). Since version 103.0, there is no need to change this, but for security reasons sake, have a look. It should be set to False.
privacy.trackingprotection.enabled = True ( enabled by default as of V100.0 )
Prevent cross-site tracking.
toolkit.telemetry.enabled = True ( enabled by default as of V100.0 and earlier versions ) Change this to false !!!
Prevent data from being sent to Mozilla.
webgl.disabled = false (Default as of V100.0) - Security Risk !
WebGL is a potential security risk. You should set this to True !!!
browser.sessionstore.privacy_level = 2 (Default as of V100.0)
This preference controls when to store extra information about a session: contents of forms, scrollbar positions, cookies, and POST data. Details
0 = Store extra session data for any site. (Default starting with Firefox 4.)
1 = Store extra session data for unencrypted (non-HTTPS) sites only. (Default before Firefox 4.)
2 = Never store extra session data.
extensions.pocket.enabled = false (disabled by default as of V100.0)
Disables Pocket completely.
network.IDN_show_punycode = true (enabled by default as of V100.0)
Not rendering IDNs as their Punycode equivalent leaves you open to phishing attacks that can be very difficult to notice.
extensions.blocklist.url = True (enabled by default as of V100.02)
Change this value to false by doubleclicking on True and it will change.
extensions.blocklist.url = https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%20/%20/
Limit the amount of identifiable information sent when requesting the Mozilla harmful extension blocklist.
extensions.blocklist.enabled = True (enabled by default as of V100.02)
Change this value to false by clicking on the + button
Optionally, the blocklist can be disabled entirely by setting extensions.blocklist.enabled to false for increased privacy, but decreased security.
IMPORTANT ! Enable DNS-over-HTTPS in Firefox:
DNS-over-HTTPS works by sending URLs to a DNS server over encrypted HTTPS.
The point is to hide your DNS queries from third-party observers.
With this protocol at play, those observers won't be able to sniff out your packets and tell what websites you're about to access.
This is how:
- Open Firefox, click the menu button, and then click Preferences.
- In the resulting window, scroll down to Network Settings and click Settings.
- In the Connection Settings popup, click the checkbox for Enable DNS over HTTPS.
- In the dropdown, select either Cloudflare (which is the default), or select Custom to enter your choice of DNS servers.
- If you choose custom route, you have to have a DNS provider that supports DNS-over-HTTPS (such as CleanBrowsing, Google Public DNS, Quad9, and Yandex.DNS).
The new settings will apply, without having to restart your browser.
Once you're done, close the preferences window and enjoy your DNS queries tucked inside the HTTPS protocol.
How to copy your settings profile before updating your browser to a new version:
It is a hassle to always need to manually update your Firefox settings every time there is an update released. So why not just copy your profile instead and be on the lookout for additional recommended settings you might have missed.
Note: The path to your profile, depends on which distro you are using, therefore the easiest way is to use Firefox to find out where its stored.
Here is how you do that, open a Firefox tab, type:
Root Directory: This shows you the path to your Firefox profile.
Copy the path to a text editor, you will need it.
Then close Firefox browser.
Open a terminal window:
Type your administrator password and hit Enter again.
Now for simplicity and speed, lets use the filemanager ( I use Cinnamon desktop environment ).
Not sure which filemanager you are using see, FileManager Debian.
Now in terminal type:
Press Enter, ( Nemo opens up with superuser rights ).
Copy the path from your texteditor, paste and hit Enter.
In .mozilla/firefox you will see a folder with the ending .default-release
Copy this folder to an USB pendrive or other backup.
Now update / replace Firefox with the latest version !
Once this is done, return to the .mozilla/firefox folder and replace the "*.default-release folder" with the backup.
Finally run Firefox and check your settings.
This worked for me....
IMPORTANT A NEW FEATURE:
Track THIS lets you cover your browsing history tracks from advertisers.
You must however enter the site created by Firefox and there choose one of four profiles. For Firefox, only 20 tabs will open, but for others like Chrome etc, 100 tabs will open.