firefox tuning

Firefox is a great software, but the fast evolving environment of the world wide web is continuously reflected in its development. The default configuration try to accommodates the majority of the users, but those interested in tweaking are allowed to do it, via the about:config special url or editing the configurations files in the profile directory.

The annotated user.js configuration file is briefly explained in this page. Check it for details.

[ DOWNLOAD the tuned configuration file user.js ] 4 kB


In recent years, web browsers are increasingly changing, from static page viewers like the old PostScript viewers, to dynamic execution environments like the Java virtual machine. Thus the source code is becoming bigger and complex, hiding security flaws that may need some time to be found by security experts. This challenges the security of every web surfing session.

To mitigate these problems, the developers are trying to sandbox the most critical parts of the running code, but nothing is perfect. The user can further improve the security disabling some features that are too risky or not so useful to him. Here a brief list:


Disabling javascript make a big performance improvement, with nearly instant page loading, but there are other areas to work on:


The greater interaction achieved by the web ecosystem means also that more data travels out from your computer. This challenges the user's privacy, but as usual we can modify the behavior of Firefox to satisfy our needs.


Firefox is really simple and usable, but there are configurations for nostalgic people too:

practical usage

These limitations are too stringent for you? A practical way to apply them is to have two or more different profiles, one really safe for general browsing and another with the default configuration for the really cool world of web applications.

A special note for trusted sites that may need unsafe configurations, like your work/homebanking account: you can create a specific profile that you use to surf only this site, reducing the cross-site scripting (XSS) vulnerabilities possible impact.

Last update: 2017-03-15