Site-specific Browsers and XULRunner

Lately, I’ve had a few requests to build site-specific browsers (SSBs). SSBs provide some great advantages for companies that have web applications that simply work better on Firefox.

  1. They can deliver their application to companies that don’t use Firefox.
  2. They can reduce support costs because the user can’t do anything to their browser that will break the application.
  3. They can ensure that their users are at a specific Firefox level.
  4. They can ensure that their users have any specific plugins or plugin versions needed for their application.

In the past, Mozilla had some technology around this like Prism and Chromeless, but decided that this avenue wasn’t worth pursuing. There is currently some work around building a web application runtime that will hopefully make this easier, but in the meantime, I’ve chosen to build my SSBs using XULRunner.

XULRunner is a runtime provided by Mozilla that allows developers to create rich applications like work just like Firefox and Thunderbird. Lots of companies have used it to build some great applications.

If you’re using XULRunner or have thought about XULRunner, you should be aware that Mozilla has plans to terminate the XULRunner build and encourage developers to use Firefox as a runtime. See this discussion on

I’ve done some testing and I don’t see this affecting any work I’m doing around SSBs because the “Firefox runtime” should provide the exact same functionality that XULRunner does. In addition, because SSBs do not connect to the external web, they are not updated as often and can safely stay on an older version of XULRunner if necessary.

Do you use any site-specific browsers or other XULRunner applications? Do you think this change by Mozilla will affect you?

Can Firefox do this?

A lot of what I’ve learned about customizing Firefox came from many different people asking me a question like – “Can you do this in Firefox?”

For instance:

  • Can you remove the Set as Background Image menuitem?
  • Can you easily change the Firefox branding?
  • Can you turn off private browsing?
  • Can you block access to local files?
  • Can you disable safe mode?

Through the research I did into these types of questions, I learned a lot about how Firefox works and how to modify it to meet the needs of various people and organizations. And a lot of what I learned ended up in the new CCK2.

Have you ever asked the question “Can you do this in Firefox?”

CCK2 is here

I just uploaded version 1.0 of the CCK2 to AMO. Until it is approved, you can get it here.

I decided that while I was getting some feedback, I’d get more if I just released it. It’s not a polished as I wanted, but it’s working in all my testing.

The main feature that didn’t make it is preventing click to play for individual plugins. I did add a feature that allows you to enable all plugins for a given domain, even in current versions of Firefox.

Please let me know what you think. I feel like I’ve addressed a lot of the feedback I’ve received over the years.

Thanks for your support.

Changing Focus

I was watching an interview with Robert D. Smith the other day, and he said something that really struck me. He said you should be generous with things that aren’t your primary income source, but you shouldn’t feel bad charging for your core business. His example was that a heart surgeon might gives speeches or advice for free, but generally doesn’t do heart surgery for free.

When it comes to customizing and deploying Firefox, I’ve been giving lots of help and advice with the expectation that folks would hire me as a consultant to help with their business needs. That hasn’t really happened though, so enterprise really doesn’t provide much income for me at all. My primary business is building add-ons for Firefox, Chrome and Safari and I’ve been successful at doing that.

At the same time, the CCK Wizard has been downloaded almost 100,000 times. Thousands of people use the tools that I build and look to my blog for information about customizing Firefox.

I love helping people with Firefox, but my time is limited. So I’ve decided to leverage my 15+ years of Firefox experience and create a consulting service around enterprise Firefox.

Here’s my plan.

As of January 1, 2014, I am introducing paid support for the CCK2 and the CCK Wizard.

There will be three support levels: free, basic and premium. (The CCK2 and CCK Wizard software will remain free.)

For free and basic support levels, all issues will come through Premium support subscribers will have the additional ability to submit confidential issues to me directly. Anyone will be able to open defects or participate in discussions, but the only way to guarantee any level of support is to purchase a support package.

My goal is for enterprise Firefox to become the primary focus of my business and maybe even my full time business. I hope you’ll support me in this endeavor.

You can get full details at the CCK2 Support Page.

Firefox 17 ESR EOL Today

Firefox 24 ESR should be officially released today which means Firefox 17 ESR users will be automatically upgraded to Firefox 24 ESR. I want to take this opportunity to remind everyone of a major change that happened in Firefox 21 that will impact everyone upgrading to Firefox 24 ESR.

The location of a number of important files that are used to customize Firefox has changed. Here’s the list:

  • defaults/preferences -> browser/defaults/preferences
  • defaults/profile -> browser/defaults/profile
  • extensions -> browser/extensions
  • searchplugins -> browser/searchplugins
  • plugins -> browser/plugins
  • override.ini -> browser/override.ini

If you find that anything you’ve customized is not working anymore, these changes are probably the reason.

Early CCK2 is here

I’ve made an early version of the CCK2 available for testing. I made an earlier version available to my newsletter subscribers last week, so I’ve already fixed quite a few bugs and addressed some issues.

I’m looking for feedback on general functionality and on import. Also, I’d love some feedback on how to best organize the stuff in the Services and User Interface panels. I’m having trouble coming up with ideas.

Do NOT use this for deployment purposes yet. It is for testing.

Problems should be reported at

My planned release for this is before the end of the year.

What’s new with CCK2?

While the video of the new CCK2 Wizard shows a lot of changes to the UI, the biggest changes are under the hood.

Previously, the CCK Wizard generated an extension on the fly, with all of the various modifications cobbled together. With the new CCK2, I’ve created a core Firefox modification module that can either be preinstalled into a Firefox distribution or bundled into an extension.

That means that if you preinstall the module into Firefox, you can then customize Firefox from an AutoConfig file. That’s right, ALL of the customizations that were previously only available by using an extension built by the CCK Wizard are now available via AutoConfig.

And because a JSON file is used to configure all the modifications, it opens up the possibility of using other tools besides the CCK2 Wizard or AutoConfig.

But don’t worry! You can still use the CCK2 Wizard just like you did in the past – to create a standalone extension.

It’s everything you had before, and more.

I’m making great progress, hoping to have an alpha this week. Stay tuned.

Subscribers to my newsletter got this info early, and they’ll also be the first to get an alpha build of the CCK2.

The Java Debacle

In case you weren’t aware, last week, on Friday October 18, all versions of Java were marked as unsafe in Firefox 24. You can see the details in bug 914690.

When Monday rolled around reports of problems started coming in. Companies unable to use their software. People unable to do their banking. Citizens unable to access government sites. Hundreds of millions of users affected.

It took three days for the decision to be made to remove the block, and since the blocklist is cached, even more for users to see the results.

Looking back, I’m surprised out how lightly this change was taken. Marking Java as unsafe is a major change that affects millions of users; it should have been handled much better. Here are some of the things that were wrong with this decision:

  • The decision was made without involving the major stakeholder (Oracle). The change took them completely by surprise.
  • The decision was made out of band. There had just been an upgrade to Firefox 24 with no problems. Then all of a sudden Java stopped working.
  • The decision was made with no communication. There were some articles a few months ago (none official from Mozilla), but there was no discussion or notification of this specific change. (And please don’t call the platform newsgroup communication.)
  • The change was made without proper testing. After it was rolled out, it became pretty clear that there were quite a few cases where users were not being notified about the block. People were also having trouble navigating the UI when it appeared.
    • The saddest part about this entire change is that the latest version of Java IS click to play! Oracle already has warnings that are better than what Firefox displays.

      I understand the need to protect users, but when major decisions like this are made, developers need to think about ALL of the implications. Otherwise, the fallout can be disastrous.

Mozilla Summit – Reframing the Enterprise Discussion

Recently, hundreds of Mozillians from all over the world gathered in three different locations for the Mozilla Summit. I had the opportunity to attend the summit in Toronto.

While I was there, I attended a couple sessions where the Firefox UX team talked about Firefox User Types in North America. The UX team did an incredible job framing the various types of Firefox users. It made me realize that the same thing is important to do for the types of people that need an “enterprise Firefox.”

When I say “enterprise Firefox,” the only use case that most people think about is big companies limiting what end-users can do. But there are very valid reasons why someone would need to configure Firefox in a very specific way.

Sometimes the reason is physical safety. Think about a browser on medical equipment or a factory floor.

Sometimes the reason is online safety. Think about a browser at an elementary school or shared by members of a family with different ages.

Sometimes the reason is legal or regulatory. Think about a browser at a bank or a securities firm.

Sometimes the reason is simply that the computer is shared by a lot of people. Think about a browser at a library or a nursing home or a web cafe or a homeless shelter.

I think for a lot of us, we tend to see other computer users exactly like ourselves. We need to realize that people (and organizations) use computers in completely different ways, ways that most of us don’t even know about. As long as we build software primarily for ourselves, we’re going to completely miss out on opportunities for Firefox.

Sometimes the user of Firefox is not the end-user. It’s the administrator or company that wants to deploy Firefox to their end-users. We need to make sure that Firefox is a great browser for them as well.

We need to balance end-user desires with administrator constraints.

Maybe what we need here is a new word? Enterprise doesn’t really capture the spirit of what I’m trying to do. Anyone have any ideas?