With adoption of Firefox on the increase, enterprise IT shops face a challenge: how to provide Firefox to their users while keeping a handle on security. To address this, we suggest creating a customized Firefox installer preconfigured with the extensions and settings approved by your IT department. This tutorial takes you through that process.
Before You Start
Before customizing Firefox, avoid headaches by looking carefully at which extensions best suit your needs. You, or your IT team, should also thoroughly research the Firefox settings and create a list of those you wish to include.
Extensions
One of Firefox’s greatest strengths is its diverse collection of extensions. Extensions such as NoScript or CookieSafe can be used to secure Firefox, while AdBlock or one of its variants could help reduce unwanted traffic to ad servers. Before building a customized installer, you will need to decide which extensions best meet your needs and the needs of your users. With an eye toward security policies and customer requests, browse the Firefox Add-on Repository and download the (Firefox 3-compatible) add-ons that best meet your needs.
Settings
Firefox offers a large number of settings, many of which aren’t accessible through the standard preferences/options dialog window. To see the available options, enter “about:config” in Firefox’s location bar. This will display a list of all settings. While the list is intimidating, Mozilla publishes a reference to all of the settings. Review the options and collect a list of settings for which you’d either like to set a custom default value or completely lock down to a specific value.
What You Will Need
Once you’ve decided what extensions and settings you’d like in your spiffy custom installer, there are a few components you’ll need.
For a custom Windows installer, grab
- A current, standard Firefox 3 installer for Windows.
- A current app.tag file from Mozilla’s site (copy the appropriate text from http://lxr.mozilla.org/mozilla/source/browser/installer/windows/app.tag into a text file called app.tag).
- A 7zSD.sfx file from Mozilla’s site (download this from http://lxr.mozilla.org/mozilla/source/other-licenses/7zstub/firefox/7zSD.sfx?raw=1).
- The 7zip command line utility (currently at http://downloads.sourceforge.net/sevenzip/7za457.zip).
For a custom Linux installer,you’ll need to
- Grab a current standard Firefox 3 binary for Linux.
- Have familiarity with tar and gzip.
You’ll also need copies of each extension you wish to include in the installer (the xpi files), and the list of settings and values.
Note for Mac users: I’m working on a version of this article for Firefox 3 on the Mac, but I’m still sorting out the details of repackaging a dmg file.
Meat & Potatoes
Creating Your Settings File
The settings file I’m going to describe is basically just a Javascript file with a set of calls to two Firefox-defined JS functions, defaultPref and lockPref. Unsurprisingly, the defaultPref function can be used to specify a default value for a setting and lockPref sets the value for the setting so that it cannot be changed by the user. Each has similar arguments:
function defaultPref(prefName, value)
function lockPref(prefName, value)
so, for example, you could set the default home page using
defaultPref("browser.startup.homepage","http://www.mycompany.com/portal");
or, you could require that the browser always check for updates
lockPref("app.update.enabled",true);
You can find additional information about these and other preference Javascript functions for Firefox in “MCD, Mission Control Desktop AKA AutoConfig” at the Mozilla Developer Center.
Use the list of settings you prepared to build a settings file. For the rest of the article, I’ll refer to this file as “firefox.cfg”, although you can use any name you prefer.
Note: Since the settings file is a Javascript file, there are many sophisticated and clever javascript tricks you can include, but I’m not going to cover any of them.
Making Your Extensions Manually Installable
The next step is to prepare your chosen extensions to be manually installed. For each extension,
- Unzip the xpi file (using 7zip, WinZip, Zip-Info or your preferred tool). You’ll end up with a folder probably with the same name as the extension (for example, NoScript)
- In the folder, find the file called install.rdf, open it in a text editor and find the <em:id> tag under the <Description> tag. This is the unique ID of the extension ({73a6fe31-595d-460b-a920-fcc0f8843232} for NoScript)
- Change the name of the extension folder to the extension’s ID (e.g. Change the “NoScript” folder to “{73a6fe31-595d-460b-a920-fcc0f8843232}”)
On to the Installer
Now we’re ready to rebuild the installer.
Windows Installer
Let’s walk through the process for the Windows installer and then I’ll describe the somewhat simpler process on Linux.
- The Firefox installer is basically a self-extracting 7zip archive. You can open the 3.0.3 installer into a directory called “firefox-win” using
7za x -ofirefox-win "Firefox Setup 3.0.3.exe" - Copy each of the renamed extension folders into
firefox-win\nonlocalized\extensions\(assuming Windows path style). That’s all that needs to be done for a generic extension installations. If the extensions add new settings, the installer will use the default values for those settings. Those settings could also be added to the firefox.cfg file, if you needed to change them, but I won’t go into details here. - Create a file called firefox.cfg in firefox-win\nonlocalized\ where the firefox.exe file is located. Here’s an example firefox.cfg which provides some basic security settings (note that everything in the example config file is commented out so it can be tested without affecting any settings at all; uncomment the settings you’d like to try).
- Open firefox-win\nonlocalized\greprefs\all.js in a text editor and add the following lines
- Build a new exe installer from the firefox-win folder: cd into firefox-win and execute the following commands
7za a -t7z ..\custom.7zcd ..copy /b 7zSD.sfx+app.tag+custom.7z FirefoxCustomInstall.exe
pref('general.config.obscure_value', 0);
pref('general.config.filename', 'firefox.cfg');
This causes Firefox 3 to load the settings in the firefox.cfg file.
Linux Installer
When you download Firefox for Linux, instead of an installer, you’ll just have a tarball. This means you can untar it, walk through steps 2-4 in the Windows process and re-archive the directory.
Finishing Up
Distribute your newly created .exe to users and you’re set!
[...] licenses. Our engineers contributed tips and tutorials on a range of topics including working with Firefox and installing Apache on AIX. Rod Cope reported the results of some experimentation with open [...]
Is it possible to build the custom installer with silent switch so we can push it out with a deployment tool? Thanks.
MY: There are a couple of built-in switches for the installer that you may find useful: /S runs the installer silently; /D=[path] allows you to specify a customer installation directory and /INI=[path to ini] allows you to pick an alternate configuration ini file. For older versions of the installer, you could also use -ms instead of /S, but that’s deprecated in the Firefox 3 installer.
Thanks for the article! This is a project I’m working on right now, so I appreciate the time you’ve put into it.
Two questions:
1) In one of the early steps you say to download an “app.tag file”. What is this for?
2) You mention that you’ve attached a sample firefox.cfg file using settings from Firefox 2. Am I missing the attachment, or was that not meant for this audience?
Thanks again!
David
David,
Good questions for which I have some semi-helpful answers.
1) The installer executable for FF is a self-extracting archive. In order to make it a proper installer, the self extracting code needs to run an executable after the extraction. The app.tag file tells the self extractor which application from the archive to run once the archive has been expanded. In FF, setup.exe is what does the conventional installation tasks.
2) The curse of copy and paste combined with bad author proofreading. This is a holdover from an early draft, but since it is handy to see a sample config file, I’ll add it to the article. Thanks for catching the mistake.
Glen