Mozilla removes sensitive options from Firefox's preference window

Martin Brinkmann
Apr 11, 2013

Mozilla employee Alex Limi published an interesting article in March 2013 about an analysis that he conducted about several preferences of the Firefox web browser that were publicly available. Checkboxes that kill your product highlighted several issues that were caused by modifying preferences in the browser including some that rendered the browser unusable.

Limi's conclusion was that Mozilla needed to take a close look at the preferences currently listed in Firefox's settings dialog to decide on a per-preference basis whether it made sense to remove it from that dialog.

Lets take a look at the options that Limi mentioned in his analysis:

  • Load images automatically - Found to make websites less usable, Google's search form for instance is not highlighted anymore so that it can't be seen on the page.
  • Enable JavaScript - This disables functionality on many sites. NoScript users can probably relate to that best as the extension is blocking JavaScript and other scripts on all sites they visit for the first time by default.
  • Turning off the navigational toolbar - Removing the navigational toolbar from standard Firefox installations removes the means to interact with the browser as it removes the only toolbar available in the browser.
  • Turning off SSL and TLS - The majority of secure websites and services will fail if one or both of the options are turned off.
  • The certificate manager - Removing the wrong certificate can result in many security related issues.
  • Override automatic cache management - According to Limi a way to slow down the Firefox web browser.

While changes to some of these preferences may have an effect on the browsing experience and usability, I'd prefer them to stay available in the browser. For me, it is like saying "our users can't be trusted with making decisions on their own, therefore we need to make decisions for them". While I never touched the SSL or TSL setting, I'd like other options to remain accessible in the browser. Lets take overriding cache management as an example. While it may slow down the browser, it also provides users with an option to prevent the browser from saving files to the cache. While there are other ways to achieve the same goal, running the browser in private browsing mode, using a RAM disk as the cache location or clearing the browser's history on exit, I think it is something that users should be able to decide on their own.

If you are using the latest Nightly version of the Firefox web browser, which is at version 23 right now, you may have noticed that Mozilla has started to remove some of the preferences mentioned above from the browser.

Take a look at the following preference screenshots and see if you can spot the settings that Mozilla removed in the browser.

firefox no javascript images

firefox remove tabbar

The first image shows that the options to disable the loading of images and the loading of JavaScript have been removed, the second screenshot shows that the option to hide the tabbar has been removed as well.

Some of these options are still available on a per-site basis. You can right-click and select View Page Info, and there permissions to allow or block images for example.

Some of the settings are also available when you open the about:config dialog. To disable JavaScript for example, simply search for javascript.enabled and double-click the preference to set it to false.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Not Applicable said on September 12, 2013 at 6:58 am

    Who the hell is Alex Limi, and what the hell has he ever contributed to exert any amount of influence in the development of Firefox?
    “Most of these options exist for historical reasons” – no it isn’t dickface! people actually have use for them. “Boohoo, it’s so hard to troubleshoot bug reports if people keep turning things off in their browser”
    We need to google bomb this prick so that whenever somebody searches “stupid fucking idiot,” Alex Limi comes up first.

    Although, it could be the case that this is all a ploy for something else more malicious.
    It’s just interesting that this comes at a time when the feds have been discovered to be using a zero day exploit in Firefox’s javascript implementation. And surprise! – Firefox suddenly limits the user’s ability to disable javascript.

    Either way Alex Limi, go fuck yourself.

  2. rennia said on August 8, 2013 at 10:46 pm

    Here’s something funny:
    Go to and look at the page’s Description tag.

    “Mozilla Firefox, free web browser, is created by a global non-profit dedicated to ***putting individuals in control*** & shaping the future of the web for the public good.”

    Maybe that needs to be changed to

    “Mozilla Firefox, free web browser, is created by a global non-profit dedicated to removing user choice & shaping the future of the web for the mindless masses.”

  3. Peter said on April 13, 2013 at 4:50 am

    I regular disable SSL and TLS .
    I need to grab some info for video to download it and it is encrypted by TLS when enabled ( but in clear text if not )

  4. GK said on April 12, 2013 at 7:03 am

    Firefox has gone the way of Windows 8 – dumbed down hand holding shit.

  5. Uhtred said on April 12, 2013 at 4:35 am

    In the classroom you have to make sure you work to the common denominator of abilities… so that everyone understands… and I would hope Firefox are doing the same by making these changes in response to reported user difficulties. But for the brighter sparks in the class, it’s important not to hold them back or discourage them, and an advanced mode should give them every opportunity to develop and innovate.

  6. Jo-Jo said on April 12, 2013 at 2:09 am

    I’m using Opera mostly because there I can easily place
    “Enable JavaScript”, “Cookies” and such options onto toolbar.
    Firefox goes down and down the other way.
    And there is little hope after Opera started to ‘blink’.

  7. Jeremy Garnett said on April 11, 2013 at 8:55 pm

    The solution will likely be another add-on with all such options contained. I believe there is already one for advanced features in about:config, however, I can’t remember what it is called.To turn javascript on and off, try ‘Click to play switch’, which literally switches the about:config entry

  8. mazling said on April 11, 2013 at 8:28 pm

    The “enable javascript” option is questionably useful, but moving it to advanced would be thing rather than hiding it altogether, also the three “advanced” options via the nearby button are really useful at times.
    Move them, don’t bury them – let people learn about and control their browser properly.

  9. Karl J. Gephart said on April 11, 2013 at 6:32 pm

    Mozilla removing controls from Firefox like this is absurd. The about:config warning is there – if people sabotage their browser because they screw up their settings, that’s their fault. That’s like Microsoft removing some access to regedit because some Windows users will screw up their registries. So, the rest of us who want access to advanced controls have to suffer?

  10. Don said on April 11, 2013 at 3:10 pm

    How will I manage my Exceptions for “Load images automatically”?

    1. Martin Brinkmann said on April 11, 2013 at 3:34 pm

      That’s a good question. You can access the data when you right-click on the page and select View Page Info, but that is not an overview of all exceptions though. Not sure if it will be made available in form of an internal page, extension or not at all.

  11. Compuitguy said on April 11, 2013 at 1:57 pm

    have no problem accessing these settings through about:config

  12. bastik said on April 11, 2013 at 1:42 pm

    I want an “Advanced-Mode”.

    The certificate manager is an essential part of the browser. Breached CAs can be a problem, why wait for an update of FF, when you can disable it.

    Some people dislike NoScript, because they have to configure it. They prefer toggling JavaScript (enable it when you need it). I don’t miss it, but what I miss is the control about what JS is allowed to do. There was a button and you could disallow JavaScript to replace the right-click menu, for example.

    Depending on what you want overriding the cache can be useful.

    I disabled SSL, so Firefox would pick TLS. I never saw a warning, because I disabled SSL, most services should support TLS. Sadly FF still does not support TLS 1.1 and 1.2. Obviously I can control encryption settings via about:config

    They should improve the browser in other ways. About:config is scary to some people and removing options from the interface makes FF dull.

    For example:
    “The option to hide the tabbar has been removed as well”
    Why?! Doesn’t break anything, is just personal taste and should work without entering about:config

  13. Nebulus said on April 11, 2013 at 12:48 pm

    Ridiculous path taken by more and more companies, who consider that users are stupid and they can’t be trusted to click a button. Mozilla, it’s easy: the user should be able to do ANYTHING! It’s not your choice, it’s the user’s choice.

  14. tuna said on April 11, 2013 at 12:10 pm

    Applied Behavior Analysis strikes back!
    The trend appears to be to hide controls and dumb down the interface in end-user products,.. Browsers, OSes, Office suites(ribbons, ribbons everywhere!). So much easier to modify habits and enclose in a walled garden or proprietary cloud than to embrace empowering choices.

    Easier=profitable for the app store pusher and subscription entrapment loving status quo.

    Please Mozilla, please buck the trend. Engage and empower your users, don’t force feed me your disappearing controls and ‘tabs on top’ agenda. If I wanted IE I would use it, it is available in every single windows installation, after all..

    1. Transcontinental said on April 11, 2013 at 12:33 pm

      You said it, tuna, in a more complete and educated way. Approved !

  15. Transcontinental said on April 11, 2013 at 12:00 pm

    As others have stated, as long as preferences removed from Options panel are accessible with about:config then why not : if you know the most you know the least.
    But should some preferences be definitely unaccessible that I’d switch to Opera.
    Generally speaking I sometimes have the feeling there are people at Mozilla who decide things in a world so free there seems to be no head.

  16. Guest said on April 11, 2013 at 10:44 am

    They could reorganize the ‘Options’ portion to bury those particular options where advanced users get a list of those checkboxes with one-click.

    They could push all of those options into the ‘Advanced’ category (that is what it’s for), and put a warning header about how it can affect the browser.

    Wouldn’t it make more sense to reorganize and communicate how crucial these options are, instead of completely removing them from sight in the options portion?

    Then again I could say the same for some of the other preferences located in the ‘about:config’ list.

    Oh Mozilla… :(

  17. FREEMAN said on April 11, 2013 at 10:32 am

    I hate the path this world is taking !

    We have to “dumb-down” anything for people who dont know-don’t care- don’t want to know/learn ?

    If you re a noob, then why the hell you wanna mess with settings you have no idea what they do ?

    Instead of trying to make these kind of people learn more, be smarter, we do the opposite !

  18. Swapnil said on April 11, 2013 at 10:19 am

    I think all of the preferences in the Settings dialog are available from about:config in Firefox. So, if I am right, what Mozilla is doing is good. There are a lot of people who accidentally disable things like JavaScript and the navigation bar and tab bar. They do not know how to enable them, even worse they don’t even know what that disabled component is called. These are people having low knowledge about computers – the same ones who don’t care what browser they are using, for them web browser equals Internet Explorer.

    However, if it’s not the case already, I completely support adding those preferences to about:config, so that the geeks have options.

    1. tommy said on April 23, 2013 at 12:33 pm

      So I am going to suffer and have my features removed just because there are some idiots out there who randomly check/uncheck tickboxes?

      Why does everything have to be dumbed down these days? This was never ever a problem in the past.

    2. Simon said on April 11, 2013 at 2:24 pm

      Some of these are alright, but really, you gotta be a special kind of incompetent do accidentally wander in an fuck up the certificates.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.