Customizing the Firefox Installer on Windows

One of the questions I get asked a lot is how to customize the Firefox installer on Windows and how to bundle extensions with it. I’ve spent the past few days learning a great deal about this subject, so I thought I would take this opportunity to provide a refresher on working with the Firefox installer on Windows. I’m going to do it as a Q&A so hopefully folks will get answers to the common questions they have.

Standard disclaimer: Under no circumstances should you use this information to create a custom Firefox install and redistribute it to anyone outside your organization. If you want more information, you can consult the Mozilla Foundation Trademark Policy.

What tools do I need to work with the Firefox installer?

The primary tool you need is 7-Zip. I install the MozillaBuild package which gives me all the tools I need. Even though the Firefox Installer is NSIS based, we will not need to use NSIS for most customizations. I’ll talk a little bit about the end about what kinds of things you would need NSIS to do.

How do I unpack the Firefox installer?

The Firefox installer is created using 7-Zip. So you can grab any of the Windows installers that end in EXE and unpack them. Any of the Windows installers on the Firefox download page will work. Once you’ve downloaded the EXE, create a temporary directory and type:

7z x "Firefox Setup 3.6.3.exe"

This will unpack the contents of the installer so we can modify it.

How do I bundle my extension with the Firefox installer?

Bundling your extension with the Firefox installer is just a matter of putting it in the right place. Then when we package up the installer at the end, it will get installed along with Firefox. For most extensions, the right place is nonlocalized/extensions. Inside that directory, create a subdirectory that corresponds to the ID of the extension you want to preinstall with Firefox. Then unzip the XPI into that directory. You can find the ID by looking at the install.rdf file inside the XPI. You can add as many extensions as you want into the installer.

What are some useful extensions I can bundle with Firefox

I’ve created two extensions that create interesting things to bundle with Firefox. The first is the CCK Wizard. The CCK Wizard can be used to change various defaults in Firefox so that you can customize it for deployment in your organization. The second is Rebrand. Rebrand allows you to change the internal branding used in Firefox.

Can I change the names used in the installer?

Yes, you can change the names used in the installer. To do this, you need to create a directory called distribution inside the localized directory that was created when you unpacked the installer. Create a file called setup.ini in this directory. Here’s what it looks like:

BrandFullName=Mike's Browser

BrandFullName will be used to replace “Mozilla Firefox” and BrandShortName will be used to replace “Firefox”.

Can I change the images used in the installer?

Yes, you can change the images used in the installer. In that same directory where you put the setup.ini, you can put two files, modern-wizard.bmp and modern-header.bmp. The first images corresponds to the large image on the first page of the installer. The second image corresponds to the small image that is used on later pages of the installer. You can use the linked images as a reference to know what size to make these images.

How do I repackage the installer?

To repackage the installer, first you need to zip up the changes that you made. Type:

7z a -r -t7z app.7z -mx -m0=BCJ2 -m1=LZMA:d24 -m2=LZMA:d19 -m3=LZMA:d19 -mb0:1 -mb0s1:2 -mb0s2:3

This will create a file called app.7z that has all the changes we made. Now we need to package that file with some other files to create the final EXE. We’ll need the file 7zSD.sfx which you can download from Mozilla. And we’ll need a file called app.tag which you can create. It looks like this:

Title="Mozilla Firefox"

Once we have these files, we can run the command:

copy /B 7zSD.sfx+app.tag+app.7z our_new_installer.exe

to package them all as an EXE. Don’t forget the /B. It indicates that the files are binary so Windows won’t put an EOF marker on them.

Can I change the defaults that are set in the installer like the install directory or the checkboxes?

At this time, there is no way to change the defaults in the installer without rebuilding the installer. There’s a bug open on this with a patch, so hopefully this will be fixed for Firefox 4.

Can I make my totally rebranded Firefox coexist nicely with an existing Firefox?

There are a couple ways to do this. The easiest way is to use the -no-remote parameter when you start Firefox. This causes the Firefox you are starting to not connect to the Firefox that is currently running. When you do this, you have to specify a different profile using the -P parameter. Alternatively, you can change the internal identifiers that Firefox uses. Then it will be considered to be a completely different browser. If you choose to do this, you should be aware that you will not receive updates and there will be other side effects. This is not a decision that should be taken lightly. Also, your profiles will be stored in different locations as well. If you want to do this, check out the file application.ini in the nonlocalized directory. The variables you want to change are Vendor and Name. Again, you do this at your own risk.

What can I do if I’m willing to rebuild the installer with NSIS?

If you are willing to rebuild the installer, you can change things like the name of the entry in the Add/Remove programs list, as well as the install directory and other defaults. This is a nontrivial exercise because some of the required files are built as part of the Mozilla build proces and are not available in the build tree. If you’re really interested in doing this, you can contact Kaply Consulting and we can talk about it.

I hope this answered some questions folks have. If anyone has any more questions, please don’t hesistate to ask.

POSTing Multipart/Form-Data from an XMLHttpRequest

I’m working on an add-on where I have a need to POST JSON data to the server. Unfortunately that JSON contains ampersands, so in order to use POST, I would have to encode the data in some way that the server could decode. This seemed like extra unnecessary work to me. I decided to use the “multipart/form-data” header which would allow me to send the data unmodified. Unfortunately, documentation on this was lacking. So this post is just to put up sample code on how to do this in case someone else needs it. In this case, I am simply passing data=foo where foo is the JSON.

var xhr = Components.classes[";1"].createInstance(Components.interfaces.nsIXMLHttpRequest);"POST", url, true);

var boundary = '---------------------------';
boundary += Math.floor(Math.random()*32768);
boundary += Math.floor(Math.random()*32768);
boundary += Math.floor(Math.random()*32768);
xhr.setRequestHeader("Content-Type", 'multipart/form-data; boundary=' + boundary);
var body = '';
body += '--' + boundary + '\r\n' + 'Content-Disposition: form-data; name="';
body += "data";
body += '"\r\n\r\n';
body += JSON.stringify(JAVASCRIPT OBJECT);
body += '\r\n'
body += '--' + boundary + '--';
xhr.setRequestHeader('Content-length', body.length);
xhr.onload = function() {

There were no server changes required at all. The PHP handled the data the same way it would have if it was an “application/x-www-form-urlencoded” POST.

Belorussian provided by Patricia

Submitting a DMCA Takedown for a Persona

Update: I did eventually find the terms of service. You have to be logged in to in order to see them. Also, the DMCA information is linked at the bottom of as “Legal Notices”.

Although I couldn’t find the terms of service for submitting a Persona to, the FAQs indicates that you must agree to the following:

  1. You either own all the elements of your design OR you are authorized worldwide to reproduce and distribute them (and allow others to do so) by the owner or the law.
  2. Your design does not contain provocative, offensive, or sexual content (i.e., it is G or PG-rated).
  3. Your design does not include identifiable elements of any non-celebrity person(s) other than yourself or individuals who have given you permission to do so.
  4. Your design does not depict violence or Nazi imagery, nor is it discriminatory or hateful.
  5. Your design does not relate to gambling.
  6. Your design does not violate any applicable law or regulation or the rights of any person or entity.

    It’s pretty clear from through the Personas inventory, that a lot of people are simply ignoring these restrictions, and Mozilla doesn’t have the volunteer capacity to enforce them.

    So if you discover an image that is a violation of your trademark or copyright, you must submit a DMCA takedown notice in order to get it removed. I was unable to find this information on, but I did find it on the main Mozilla website, so I wanted to share it with anyone who needs it.

    Be aware, though, that based on the information at the end of that section, Mozilla might post your DMCA request to the Chilling Effects website.

    New CCK Wizard on AMO

    My latest CCK Wizard is now officially available on AMO.

    As noted in previous posts, this version primarily focused on coexistence of multiple CCKs, as well as updating the proxy configuration to match Firefox 3.6. I also added some usability enhancements, including the ability to open an existing configuration.

    The most interesting feature I brought back is the ability to hide a CCK so that it can’t be uninstalled. Here’s some background.

    With Firefox 3.5 and previous, there were two options you could add to your extension that only affected it if it was installed in the same directory as the EXE – hidden and locked. Locked preventing the extension from being uninstalled (but it could still be disabled – so kind of useless) and hidden preventing it from being seen at all (which of course prevented it from being disabled or locked). Mozilla removed hidden for Firefox 3.6 but left locked behind. What I’ve done is made it so that if you specify locked, it means hidden. This was the easiest way to make this work and has the nice side effect that if in your deployment, you need to hide other extensions, just mark them as locked.

    Support for the CCK Wizard is provided through Google Code.


    Do you need to do even more customization of Firefox for your organization? That’s what we do. Contact Kaply Consulting.

    Weather Boom by Brand Thunder

    I’m really excited about the latest thing we’ve built at Brand Thunder. It’s an interactive browser theme that changes based on the weather.

    We’ve partnered with WeatherBug to give you all the weather information you could ever want. Forecasts, severe weather alerts, current conditions.

    We even use geolocation to try to figure out where you are.

    Give it a try – I think you’ll like it.

    Hiding the CCK

    In previous versions of the CCK, I provided the ability to hide and or/lock the CCK that is generated. Locking prevents the user from uninstalling the add-on, but it is rather useless since the user can still disable it. Hiding preventing the user from disabling or uninstalling.

    Unfortunately Mozilla removed the ability for an add-on to hide itself in Firefox 3.6.

    Luckily working around this is very easy and will be included in the next version of the CCK Wizard. In order to make this work, I’m going to provide one option that hides the add-on. Lock and hide will no longer be separate. This seems rather logical since the lock option is pretty useless by itself.

    Note that none of these options work unless the add-on is installed in the same directory where the Firefox executable is located.

    CCK Wizard Update and FAQs

    I’ve updated the CCK Wizard for Firefox 3.6. It’s available here. It will be on AMO once the translations are done and if no one finds any major issues. Here’s a summary of the changes:

    • Updated for new Firefox 3.6 proxy panel
    • Two CCKs can now coexist (Company Identifiers must be unique to each CCK)
    • Bundling XPIs and JARs no longer uses XPI bundles – they are explicitly installed upon first run of the CCK (please test this if you bundle multple XPIs)
    • All translated CCK Wizards should now be working
    • First run screen added to CCK Wizard install
    • A few bugs fixed

    Some other items of note:

    As I mentioned before, I’ve moved CCK Wizard development to Google Code. Please feel free to open up bugs there.

    Going forward, I’m going to add the ability to do more locking down of functionality in Firefox. If you have specific needs, please open bugs in Google Code.

    To close this post out, I want to answer a couple questions about CCK Wizard that are asked a lot.

    What is the right way to install the CCK?

    There are multiple ways the CCK can be installed based on your needs. I’ll go through all those ways.

    Standard install – The XPI that is created by the CCK Wizard is just a Firefox extension, so as such it can be placed on a web page and users can simply click to install. You can get more information on how to do this from the Mozilla developer center.

    In the Firefox directory – Extensions can be installed directly into the Firefox directory. Inside of the directory where the Firefox executable is located, there is a directory called extensions. Inside this directory, you can create a directory with the same ID as your CCK and then unzip your CCK into that directory. This is the only location where you can hide the add-on.

    As part of a Firefox install – I’ve previously documented how to bundle the CCK in the installer and how to package the installer on Windows. These instructions still hold true.

    Globally – There are designated locations in different operating systems where extensions can be installed and they are picked up by Firefox. You can get more information on these locations at the Mozilla Developer Center. This involves unzipping the CCK package in a specific location on the users hard drive into a directory that is named the same as the ID of the CCK. Using this method, you can manage the CCK package centrally and the user cannot uninstall the CCK from Firefox.

    Via the Windows Registry – If you are on Windows, extensions can be installed via the Windows registry. This is documented at the Mozilla Developer Center. This involves unzipping the CCK package that you created to a central location and then adding a registry key that tells Firefox where to find the CCK. Using this method, you can manage the CCK package centrally and the user cannot uninstall the CCK from Firefox.

    What do the options “Do not show this extension in the extension manager” and “Prevent the uninstall of this extension” do? They don’t seem to work for me.

    These options only work if your CCK is located in the extensions directory where the Firefox executable is located.

    If you have any more questions, feel free to ask in the comments.

    Do you need to do even more customization of Firefox for your organization? That’s what we do. Contact Kaply Consulting.

    Be Intentional

    Last Friday was the one year anniversary of when I was laid off from IBM so I decided to take a day to unplug and reflect on the past year. As I was sifting through my thoughts about the previous year, one thing kept coming to mind:

    Be intentional!

    I realized that I spent too much of the past year simply going with the flow and hoping things would work out. As a result, I was wasting a lot of time and energy. I was just letting life happen to me.

    You can’t live life like it’s one big accident. You have to live your life on purpose.

    Lots of speakers describe this concept. Stephen Covey says to “Be proactive.” Zig Ziglar says “If you aim at nothing, you will hit it every time.” Dave Ramsey says “Things don’t move unless you move them.”

    But here’s what I discovered. Deciding what to do isn’t enough. You also have to decide what NOT to do.

    You see, I can decide to work on something, but if at the same time, I don’t decide NOT to surf the web, or NOT to get distracted by Twitter and Facebook, I can end up thinking I’m working but in reality I’m just wasting time.

    Or I sit down at the TV to watch one show and three hours later I’m still sitting there because I didn’t decide NOT to watch anything after I finished the one show.

    When you are self employed or running a small business (or any business for that matter), you’ve got to be intentional. You’ve got to aim at something. You’ve go to be proactive. And you’ve got to move something. And you’ve got to eliminate the stuff that simply isn’t important.

    If you don’t, either nothing will happen or lots of stuff will happen, but none of it will really matter.

    So I moved things that I’ve been needing to move since I was laid off. I created a basic business plan. I created some revenue goals. And I created a mission statement.

    To delight my clients by creating Firefox extensions that meet or exceed their needs.

    So now I just have to make sure that every day I’m being intentional. For me, that means setting aside specific block of times to focus on specific tasks, including ALL my Firefox extensions. It means not checking my email every five minutes. It means using tools like SelfControl to make sure I’m not distracted. It means I need to stop saying “I should do this” and either do it or don’t do it.

    It means making sure that everything I do has purpose.

    Every time I sit at my computer or the TV or the XBox 360 need to make sure I do it intentionally. Or I’ll simply waste my time. I’ve got to have boundaries. It’s ok to spend some time on Facebook. An hour on Facebook? Probably not so much.

    So what are you doing to be intentional?

    Thanks to Steve Rowe – I had come up with a lot of this myself, but his blog post really solidified it.

    Addoncon Userpoints Idea

    At Addoncon, there was a lot of talk about how to compensate Firefox add-on developers. One of the ideas mentioned was some sort of user point system where points could be allocated to add-on developers by users and also based on usage and then the add-on developers could either donate it to a cause, turn it into merchandise, or turn it into real money.

    What this does is provide a way to compensate add-on developers for the contributions they are making to the overall Firefox brand equity.

    I have a longer summary of this idea on the Addoncon blog and would love to get feedback.

    CCK Wizard Status

    With the release of Firefox 3.6, people are already asking me about a new CCK Wizard. I am working on an update. You can get a beta of that here. Primary changes are more information on the proxy page, ability to open an existing CCK and better coexistence of multiple CCKs.

    Most interesting news on the CCK front is that I’ve decided to move it to Google Code instead of maintaining in the Mozilla trees. The URL is My primary reason for doing this is honestly that I’m not really contributing to Mozilla/Firefox proper anymore and messing with Mercurial isn’t worth it for me (I know, lame excuse.) It has some other advantages, though, like having my own bug reporting system and not having to get any reviews/approvals for checkins.

    So if you have ideas/suggestions/bugs for the CCK Wizard, please open them in Google Code.

    Also note that CCK Wizard is something I do on the side, so my time is limited. Contributions help. I know there are a lot of folks who depend on this for the business. Any and all love is appreciated.