diff --git a/hosts/common/programs/firefox/user.js b/hosts/common/programs/firefox/user.js
index 377e30baf..b7a00631d 100644
--- a/hosts/common/programs/firefox/user.js
+++ b/hosts/common/programs/firefox/user.js
@@ -19,15 +19,25 @@
// browser.sessionstore.privacy_level: 0, 1, 2
// 0: persist partially-filled forms to disk, across browser restarts
defaultPref("browser.sessionstore.privacy_level", 0);
-// enable 0-round-trip TLS resumption, at the expense that MITM can replay the client's first packet.
-defaultPref("security.tls.enable_0rtt_data", true);
+//
+// `enable_0rtt_data=true`: enable 0-round-trip TLS resumption, at the expense that MITM can replay the client's first packet.
+// defaultPref("security.tls.enable_0rtt_data", true);
+//
+// `require_safe_negotiation=false`: allow TLS 1.2 connections even to servers potentially vulnerable to CVE-2009-3555.
+// this allows a MITM attacker to prefix arbitrary data to my request.
+// as of 2025-07-20: 99.9% of sites support safe negotiation. 0.1% do not;
+// google-chrome, epiphany, and stock firefox (not arkenfox) do not enforce safe negotiation.
+// -
+// defaultPref("security.ssl.require_safe_negotiation", false);
+//
// OCSP queries SSL cert revocation status on every connect; that means letting a 3rd party know every site you visit.
// disable that, how in hell is that good for privacy.
// N.B.: i'm pretty sure this keeps CRlite enabled, which is the better implementation of cert revocation (i.e. performed locally).
// see:
defaultPref("security.OCSP.enabled", 0);
-// if we can't query the revocation status of a SSL cert because the issuer is offline,
-// treat it as unrevoked.
+//
+// `security.OCSP.require=false`: if we can't query the revocation status of a SSL cert because
+// the issuer is offline, treat it as unrevoked.
// see:
defaultPref("security.OCSP.require", false);
defaultPref("browser.display.use_system_colors", true);