How to deploy Firefox with locked about:config settings

Автор: | 15.03.2018

firefoxhero.jpg

Image: Mozilla

Since the release of Firefox Quantum, have you made the change to Firefox in your company? If that’s the case, are you concerned about users making changes to the browser that might go against company policy, or pose security risks? Although the average user might not know the about:config feature exists, there will be some that do. Even though completely disabling about:config isn’t really an option, you can always lock down certain settings within about:config, and then deploy that newly configured browser.

I’m going to walk you through the process of doing just that. I’ll demonstrate on the Linux platform (using Ubuntu 17.10 and Firefox 59). The process is similar on both Windows and macOS, although the specifics on file locations will vary.

You will need to download the latest version of Firefox from Mozilla and uninstall the version of Firefox that was included either via the default operating system installation or from with the OS package manager. You will also need to use the terminal window. Download the latest version of Firefox into the ~/Downloads directory.

Once you have everything ready, let’s get to work.

Unpacking the file

The first thing we must do is unpack the downloaded file. Open up your terminal and change into the ~/Downloads directory with the command cd ~/Downloads. Unpack the file with the command tar xvfj firefox-*.bz2. This will create a new folder called firefox-XX (where XX is the release number). Within that folder is the sub-folder, firefox. Let’s move that out of the parent folder with the following commands:

cd firefox-XX (where XX is the release number)
mv firefox ../
cd ../

You should now see a folder named firefox. Change into that folder with the command cd firefox.

We are now ready to configure.

Configuring Firefox

The first thing we must do is create a new file called mozilla.cfg. Issue the command nano mozilla.cfg. Within that file we’re going to lock down the about:config preferences we don’t want the users to be able to change. The first line of this file is always ignored, so we’re going to simply add an empty comment, like so:

//

The next lines in the file will contain all of the configuration options. To lock a preference in about:config, a line will start with lockPref. Let’s say, for example, we want to set the default homepage to the TechRepublic site. The configuration option for this would be:

lockPref("browser.startup.homepage"), "http://www.techrepublic.com");

To find out what other preferences you can set in this file, all you have to do is open up the about:config page. For example, you could lock down app.update.enabled (which would disable application updates) with this line:

lockPref("app.update.enabled", false); 

You could also lock down the default browser check with this line:

lockPref("browser.shell.checkDefaultBrowser", false);

Once you’ve added all of your configuration options, save and close that file.

Next issue the command (from within the current firefox directory) nano default/pref/autoconfig.js. Within that file, add the following contents:

//
pref("general.config.obscure_value", 0);
pref("general.config.filename", "mozilla.cfg");

Save and close that file.

Test your configurations

Open Firefox with the command ./firefox. When the browser opens, you should be able to see your configurations in place. You can check to make sure they’ve been locked by opening the about:config page (enter about:config into the address bar and hit Enter). Search for one of the options you’ve configured and it should appear as locked (Figure A).

Figure A

Figure A

Our newly locked options.

Deploying the configured Firefox

Because this is Linux, the process is actually pretty easy. What we’re going to do is move the firefox folder to /opt with the command sudo mv firefox /opt. Next we’ll create a symbolic link to /usr/bin with the command ln -s /opt/firefox/firefox /usr/bin/firefox. At this point, a user can issue the command firefox from the command line to start up our newly configured (and locked down) version of Firefox. Once it starts, lock the icon to the desktop panel and you’re good to go. Depending upon your Desktop Environment, you might have to manually create a desktop entry. To do that, open a terminal window and issue the command nano ~/.local/share/applications/firefox.desktop and add the following contents:

[Desktop Entry]
Version=1.0
Name=Firefox
GenericName=Firefox
Comment=Firefox
Exec=/usr/bin/firefox
Terminal=false
Icon=/opt/firefox/browser/chrome/icons/default/default48.png
Type=Application
Categories=Network;WebBrowser;
MimeType=text/html;

Save and close that file. The newly created launcher should appear on your desktop or your GNOME Launcher.

And that’s all there is to deploying a version of Firefox that includes locked down options within about:config. If you’re looking to keep your users from tampering with Firefox, this might be your best route until Firefox for Enterprise is released.

Also See

Source

Добавить комментарий