Firefox 60 was released today with support for enterprise policies, including Windows Group Policy. If you’ve followed me or my blog for any length of time, you know that advocating for Firefox in the enterprise has been something that I’ve been doing a very long time.

My first post about Firefox in the enterprise was published on March 15, 2007 and was about Firefox 2.

The first version of the CCK Wizard was released on May 11, 2006 and was for Firefox 1.5

So, to say that I’m happy about this particular release would be an understatement. I’m absolutely ecstatic that Mozilla decided that adding support for enterprise features was important.

But I have to admit something; over the years in my zeal to get enterprise support into Firefox, I’ve encouraged just about every method possible to get customizations into Firefox. As a result, I know there are many installations of Firefox that use methods that are definitely not recommended anymore, especially now that we have real policy support. So, I want to take a moment to encourage everyone:

Please investigate using the new policy manager to replace any method you’ve used in the past, including the distribution directory, AutoConfig and CCK2. If you find things that you are not able to do with the policy engine, please let us know. There’s a possibility that some of these methods might not work in the future, so we’d like to find out now what we need to do to make things working.

If you find bugs or have feature requests, please report them on Github or in Bugzilla.

A couple other notes that might be useful:

1. Updates to the policy code and additional policies are being allowed on the ESR. You will not be stuck with the existing implementation until the next major ESR. As we implement policies, they will be uplifted into the next minor ESR update.
2. We are continuing to update the policy code to bring it as close as we can to CCK2 functionality.
3. We are working on better support for macOS and Linux. We are investigating Managed Preferences on macOS and we are looking into reading the policies.json file from a different location on Linux (etc/opt/firefox).
4. MSI is on our radar, but we’re not making any commitments at this time.

So now, let’s address the elephant in the room – CCK2.

First off, to support Firefox 60, I released a new version of the CCK2 yesterday. It’s not perfect, but it fixes some of the major issues (bookmarks and error popups). You should get automatically updated to this release. You’ll need repackage your configurations to get these fixes.

But what about the future?

CCK2 uses AutoConfig as the underlying technology to customize Firefox. We currently have plans to sandbox AutoConfig on Rapid Release starting with Firefox 62. This will mean the CCK2 will definitely not work with Rapid Release starting with Firefox 62.

On the ESR, I plan to keep CCK2 working, but I will not be implementing any new features except as they relate to making it easier to migrate to the policy manager. One example of that is providing the ability to remove all bookmarks added by CCK2. Once Firefox 52 is out of support, I will probably migrate CCK2 to use the policy manager internally. To enable that, we are investigating allow policies to be specified via AutoConfig as JSON files.

I always knew there would come a time when the CCK2 would not work anymore. My biggest concern was that there wouldn’t be a replacement. But I’m confident with the policy management support that we’ve implemented that we can make things even better.

I appreciate the support and encouragement folks have given me over the years with regards to the CCK2. I’m glad that the work that I’ve done will live on in the new policy manager on Firefox.

One final note. You will start to see a lot of my older blog posts disappear. This because I don’t want to recommend people use those methods anymore. The official place to get documentation and support is support.mozilla.org.

Last year, Mozilla ran a survey to find out top enterprise requirements for Firefox. Policy management (especially Windows Group Policy) was at the top of that list.

For the past few months we’ve been working to build that support into Firefox in the form of a policy engine. The policy engine adds desktop configuration and customization features for enterprise users to Firefox. It works with any tool that wants to set policies including Windows Group Policy.

I’m excited to announce that our work on the policy engine has reached a major milestone and is available in the latest Firefox 60 beta.

We’d really like for folks to take a look at what we’ve done and provide feedback. We would especially like to know what kinds of things folks are doing that require AutoConfig, so we can investigate adding those things to the policy engine. This is important because we are planning to sandbox AutoConfig to only its original API in Rapid Release, probably in version 62. You can get more detail about that in bug 1455601.

We’ve set up a survey to get a lot more details about requirements. Click here for that. (Yes, I know we’ve been doing lots of surveys. We appreciate your help as we define requirements.)

If you run into specific problems you can opens bugs Github or in Bugzilla.

For a detailed list of all the policies that are available and how to use them in a policies.json file, you can check out the README.

It also includes information on which policies only work on the ESR.

If you’re using Windows, you can download the ADMX templates.

We’re currently in the process of standing up more documentation and a support forum on support.mozilla.org.

In the meantime, we have some initial documentation.

Folks are also asking what this means for the future of CCK2. I’m planning to make as much CCK2 functionality as I can available for Firefox 60. I’ll be doing another blog post soon about that.

Folks are asking me about Firefox Quantum and CCK2. Here are the answers to the most common questions.

The CCK2 Wizard is not working on Firefox Quantum. When are you going to update it?

The CCK2 Wizard is a legacy extension and as such will not work beyond Firefox 56. In order to use it, you’ll need to keep a copy of the Firefox 52 ESR around. The CCK2 Wizard does lots of interesting things (reading prefs, reading search engines, reading files, writing files, etc.) that are not possible in a WebExtension. Because the wizard itself is something that is used rarely (only to setup or modify a configuration), I don’t foresee a problem with this decision.

My CCK2 configuration is not working on Firefox Quantum. I get the message “Failed to read the configuration file. Please contact your system administrator.”

I updated the CCK2 Wizard to support Firefox Quantum on October 12. Those changes require that you push out an update to the CCK2 to your clients. The only files that need to be updated are the files in the cck2/modules directory. I recommend pushing out an update to cck2.cfg as well because I record the version of the CCK2 Wizard used to generate the config in that file. This makes it easier to debug things.

Going forward, when I update the CCK2 Wizard, I will display a web page letting folks know that they need to update their client configurations. I will also put on the CCK2 Wizard’s main page.

Can I still generate an extension with the CCK2 Wizard?

Starting with Firefox Quantum, AutoConfig is the only mechanism that will work with Firefox since the CCK2 Wizard generates legacy extensions. I have been recommending AutoConfig as the preferred method for a while now. I do not plan to remove the ability to create an extension, but I will be putting a warning around it.

Are you going to continue to update the CCK2?

Yes. I will continue to update the CCK2 for the foreseeable future. There are a few small issues with Firefox Quantum that were found as well as issues with Firefox 58. I plan to release an update to address these in the next week.

Where do I report problems with CCK2?

If you are simply reporting bugs, use Github. If you have a general question or have paid support, you can use Freshdesk.

Mozilla is currently doing a survey of Firefox enterprise users (and folks that might use Firefox in the enterprise if it had more stuff). If you haven’t already, please let Mozilla know your thoughts.

It’s time for the 2017 Firefox Enterprise Survey!

Firefox changes coming in 2017 have the potential to affect how you
customize and deploy Firefox and we want to make sure we know the impact.

Please take a minute to fill out this quick survey. It will help us decide how many people are affected and where we can make a difference.

*Peter Dolanjski & Romain Testard*
*Product Managers, Firefox*
*Mozilla*

Version 2.2.3 of the CCK2 Wizard is now available.

The main thing I’ve done with this version is (hopefully) finally solved the duplicate bookmarks problem. I’ve done this via two changes.

1. If a bookmark being added exactly matches another bookmark in the same location, it is removed
2. I’ve added a new option to do the same thing if the title of the bookmark is the same (so you can change URLs).

Another new feature is the ability to prevent add-ons from being hidden or disabled based on their ID. You can add these IDs on the add-ons page in the CCK2 Wizard. To find out the ID of an add-on, you can unzip the add-on’s XPI file and look in the file install.rdf.

As far as bug fixes go, they are:

• Prevent installation of XPIs in about:addons via drag/drop.
• Mark CCK2 and generated XPIs as multiprocess compatible (because they are).
• Stop using a sync XHR for certificate overrides at startup. (This was causing startup hangs.)
• Add extra validation to the config name so we don’t end up with bad characters.
• Ignore errors when there is no crash reporter so the CCK2 works on Linux with the crash reporter disabled.
• Workaround bug 1338154 by adding text at the beginning of resource paths.
• Remove an unused function to prevent a warning error.
• Turned off the upgrade page

You can click here for more details about the release and to download it.

Last year, Mozilla announced that support for NPAPI plugins (except for Flash) would be ending in March 2017. That date is approaching fast, so I wanted to give folks more information about what’s happening. If you subscribe to my newsletter, this is the same information I gave there.

In short, Firefox 51 (which was released last week) is the last release of mainline Firefox that will support NPAPI plugins (except for Flash). Starting with Firefox 52, the only version of Firefox that will support plugins is the ESR. Firefox 52 WILL NOT have plugin support (except for Flash). Firefox 52 ESR WILL have plugin support.

That means that if your users are currently on Firefox 51 and you need plugin support, you need to switch Firefox so that it gets updates from the ESR channel. To do this, you need to change two files, channel-prefs.js and update-settings.ini.

In defaults/prefs/channel-prefs.js, change:

pref("app.update.channel", "release");

to

pref("app.update.channel", "esr");

In update-settings.ini, change:

ACCEPTED_MAR_CHANNEL_IDS=firefox-mozilla-release

to

ACCEPTED_MAR_CHANNEL_IDS=firefox-mozilla-esr

It is important that you make this change as close as possible to the release of Firefox 52 ESR (March 7, 2017), otherwise security updates to Firefox 51 will not be applied.

Plugin support will continue in the 52 ESR line only, meaning Firefox 59 will not have plugin support.

Some folks may ask why both Mozilla didn’t wait until Firefox 53 to deprecate plugins so that both versions of Firefox 52 would have the same capabilities. If they had done that, users who needed plugins would have had to downgrade to Firefox 52 ESR and that could cause incompatibilities with profiles. It made more sense to encourage people to switch to the same version (52 to 52 ESR).

Effective immediately, I am switching CCK2 support from a subscription to a single purchase for lifetime support. I am also raising the price to $999 USD effective February 1, 2017.

Anyone with an active subscription on January 31, 2017 will be automatically upgraded to lifetime support.

What exactly does lifetime support mean?
My goal is to support the CCK2 as long as is practically possible, and I believe that will be for at least the next couple years.

Why am I making this change?
When I originally setup the CCK2 support subscription, I intended it to be recurring income for my consulting business. That didn’t really happen. There wasn’t enough consistent income to make a large impact and I spent a great deal of time chasing down renewals (many of which didn’t happen). The best use of my time and energy is working on the CCK2, not trying to get folks to renew.

Will the level of support be changing?
At this time, there will be no changes to the level of support as indicated here.

Does this mean you are reducing your commitment to the CCK2?
Quite the contrary, it will allow more focus more on the development side of the CCK2 instead of the business side.

How can I purchase CCK2 Lifetime Support?
If you want to purchase CCK2 support at the current price ($499 USD), you can use the button below or click here.

[stripe payment_button_label=”Purchase Lifetime CCK2 Premium Support ($499 USD)” name=”Kaply Consulting” description=”CCK2 Premium Support” enable_remember=”false” amount=”49900″]

Thank you for your continued support.

I get a lot of questions about debugging AutoConfig issues, so I thought I would document what I do to try to track them down.

If Firefox starts, go to about:config and search for general.config. Make sure there are values for general.config.filename and general.config.obscure_value. If they are not there, your defaults/prefs/autoconfig.js file is not being read. The most common reason this happens is permissions or you’ve placed it in the wrong directory.

If both the general.config values are present, the next step is to check if your cfg file is being read. I usually make a very simple cfg file:

// First line is always a comment
lockPref("a.b.c.d", "e.f.g.h");

Then I go to about:config and verify that the a.b.c.d preference is there (it will be at the top). If the preference is not there, then something must be very wrong. I check the browser console to see if there are any errors. If the preference is there, AutoConfig is working correctly. I then start adding it the parts of my AutoConfig file a piece at a time, leaving the setting of the a.b.c.d pref at the end of the file. Then I check about:config each time and see which line is breaking the AutoConfig file.

If the browser doesn’t start at all, the first thing I do is put all my AutoConfig code in a try/catch block like this:

// First line is always a comment
try {
  // My AutoConfig code.
} catch (e) {
  Components.utils.reportError(e);
}

If the browser then starts, I look in the browser console to see what the error was. If the browser still doesn’t start, I start removing pieces of my AutoConfig until it does.

The most common problem in the past with AutoConfig was the use of let instead of var. This was fixed in Firefox 42 and should no longer be an issue. Some other common problems were around the use of international characters, in particular saving AutoConfig files as UTF-8 versus ASCII. This should also be fixed. All AutoConfig files should be saved as UTF-8.

In general, as long as you don’t have JavaScript syntax errors in your AutoConfig file, they should just work. That’s been my experience, and I’ve written some pretty complicated AutoConfig files.