I think librewolf works out of box these days, but if not:

cp -r ~/.mozilla/native-messaging-hosts ~/.librewolf/

dark mode, time zones.
i know, i know, the point of this is to allow you to blend in with everyone else. so configuring it is precisely how you get fingerprinted, i know.
but.
I need my goddamn dark mode.

https://bitwilli.com/enable-dark-theme-in-librewolf

tl;dr:

privacy.resistFingerprinting = false
privacy.fingerprintingProtection = true
privacy.fingerprintingProtection.overrides = +AllTargets,-CSSPrefersColorScheme

i believe:

1. +AllTargets is “turn everything on”, there's “RFP targets”.
2. -CSSPrefersColorScheme is that horrid light mode. they should have started with “librewolf is dark mode”, tbh. light mode users only do it because it's the default, they can be dragged to dark mode.
3. -JSDateTimeUTC is telling everyone your timezone is UTC. This is generally only annoying in nextcloud, but nextcloud's calendar dashboard widget is convinced I live in UTC and will not hear otherwise - there's a plugin to spoof timezone, doesn't help. I can turn the protection off and rawdog it, doesn't help. It's some dumbassery on nextcloud's side.

fix these in about:config

• browser.sessionstore.resume_from_crash = false when killed unexpectedly (read: crashes), attempts to restore its old (read: probably crash-causing) state.
• browser.link.open_newwindow = 1. (there's 0-3. i forget what each value is but all the others are stupid). when clicking a regular-ass a href link, rather than opening the link correctly, it pops open a new tab
• keyword.enabled = false in the address bar (a.k.a., not the search bar), it searches. this will, of course, also take that keyword feature with it. rip to that, acceptable collateral damage.
• permissions.default.shortcuts = 2 when typing a program shortcut (e.g., ctrl+k to go to the search bar), a website is allowed to steal that from you. src