Firefox ESR Only Changes

There are a few changes that are coming for Firefox that will be major headaches for enterprise, educational, government and other institutional deployments. These include the removal of the distribution/bundles directory as well as the requirement for all add-ons to be signed by Mozilla.

Given that these two changes are not needed for enterprise, there has been some discussion of not putting these changes into the Firefox ESR.

So I’m curious: besides these two changes, what other things do you think should be different between regular Firefox and the Firefox ESR? I’m not talking about creating new features for the ESR, I’m only talking about enabling and/or disabling features.

Put your suggestions in the comments. I’ll put mine there as well.

Please note: I reserve the right to delete comments that are offensive or off-topic.

Leave a Reply

Your email address will not be published. Required fields are marked *

21 thoughts on “Firefox ESR Only Changes

  1. I think that for the ESR, we should go back to requiring that a firefox.cfg file be present. Then enterprise users wouldn’t have to add preferences to point to the config file, they would simply have to drop a firefox.cfg file into the root directory to replace the default one (which will probably be 0 length or something similar.)

  2. Actually, I’m not sure I agree that those changes are “not needed” in an enterprise context. Unless you have some setup where computers are automatically reimaged every night, or only have access to the intranet but no Internet access, malware is still a risk. So the pros of those two changes apply similarly to enterprises, just the cons are much more significant for us.

    That said I like your suggestions, and I think that for major changes like this, the option to undo it with a preference should remain for some time.

    On the other hand, I can see why Mozilla wouldn’t want ESR to diverge that much, but I think the solution to that is to implement proper enterprise support in the regular version so we wouldn’t have to. 🙂

    • Unfortunately preferences won’t work. Malware can simply flip the preference.

      Hence the need to bake them into a build.

      The problem that Mozilla is trying to solve is a lot of “drive by” installation of extra software. I would be that’s more of a problem in consumer than enterprise. I hope 🙂

      • Alas, no, it’s very much a problem for certain orgs at least.

        So once again we see the need for preferences to be set in a way that is easier for sysadmins than malware *cough*GPO*cough*.

  3. I think it is a bad idea to have ESR diverge from the mainline product. All of these features should be configurable in a straight-forward way for enterprise deployments. Some people require features sooner than they arrive in ESR, so customize the standard browser.

    • If a company has sensitive or confidential add-ons, they shouldn’t have to submit them to Mozilla for approval.

    • I have a redesign of the CCK2 that doesn’t rely on distribution bundles, and I also have code that can allow distribution/bundles to continue to work.

  4. I wish they would separate out the different types of block on the blocklist. Malware vs legitimate products that had a security update (eg. Flash Player).

  5. I think it’s bad timing for such a question. Probably most ESR users don’t yet know what has all been added since the last ESR. It would be great as a start to have such a list, and each item should include the info if it is possible to undo that change, and if so how.

  6. I would like to see every setting easily turned on or off by using a .cfg file. Or if there isn’t a way to easily turn an item on or off, then make it an install option. For example the sync feature. If I don’t want it in my environment, then I should have the option of installing FF without it. FF ESR was originally so easy to config, now it is a pain to have to figure out each new setting in ESR and then try to figure out how to turn it on/off.

    I would agree with Klaus, FF should put out a list of the changes/additions with each release and how to enable/disable them. Or how to install FF without that component if it isn’t desired in an environment.