We used to protect this - added in FF100 Bug 1756280 but unfortunately it got ripped out (without consultation AFAIK) when everything moved to RFPTargets - and it has been on my list of (many) things to tighten that users like to change that hurt the Tor Browser crowd [1]. Whilst we can't _ultimately_ protect against user changes, we can and should harden against common misconceptions (or causes on entropy in studies), the UI, and make about:config have a per-session-sticky warning. [1] It's in most scripts [2] It's listed in many "hardening" guides - e.g. use a dedicated pdf with no JS yada yada yada nfi piero for backport to TB, unless someone wants to backport to ESR
Bug 1999126 Comment 13 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
We used to protect this - added in FF100 Bug 1756280 but unfortunately it got ripped out (without consultation AFAIK - edit: It was removed in FF116 in Bug 1838415) when everything moved to RFPTargets - and it has been on my list of (many) things to tighten that users like to change that hurt the Tor Browser crowd [1]. Whilst we can't _ultimately_ protect against user changes, we can and should harden against common misconceptions (or causes on entropy in studies), the UI, and make about:config have a per-session-sticky warning. [1] It's in most scripts [2] It's listed in many "hardening" guides - e.g. use a dedicated pdf with no JS yada yada yada nfi piero for backport to TB, unless someone wants to backport to ESR