I just learned that Firefox 31 contains a new Certificate Verification Library.
If you are running into certificate errors with Firefox 31 that were not happening before, it is important that you report them as soon as possible.
It's also important that you test your infrastructure as soon as possible.
More information about this change can be found in this blog post and this Wiki article.
More information about testing can be found in this Wiki article.
If you run into problems you can change the preference security.use_mozillapkix_verification to false and this will turn off the new verification.
This is not recommended, though, because the old code will be removed in Firefox 33, so we need to make sure we get any problems worked out.
In my previous post about the Firefox 31 ESR, I missed one other big change; most plugins will be click-to-play by default. You can read more about things in this blog post, but the gist is that click-to-play will be the default for plugins except for Flash and plug-ins that have been accepted onto the whitelist. You can view the current whitelist here.
If you have a plugin that you use within your organization and you need to make sure is enabled, you have a few choices.
- Change the plugin.default.state preference back to 2 so that the default is not click-to-play.
- Add a preference specific to your plugin that makes it enabled by default. The format is plugin.state.FILENAME where FILENAME is the filename of the plugin, lowercased with no extension and trailing numbers removed. So for instance, on Windows, the preference for Adobe Acrobat is plugin.state.nppdf and should be set to 2. The preference name will be different for different operating systems.
- Use the CCK2 to enable your plugin for a specific domain.
- Use the Click-to-Play Manager extension to enable your plugin for a specific domain.
Firefox 30 will be released tomorrow (June 10, 2014). That means the Firefox 31 ESR is only six weeks away (July 22, 2014). There will 12 weeks of overlap where both the Firefox 24 ESR and the Firefox 31 ESR are supported to allow for qualification. Support for the Firefox 24 ESR will official end with the release of Firefox 33 on October 14, 2014.
So what should you expect in the Firefox 31 ESR?
The biggest change is Australis. It's a completely revamped UI for Firefox. Besides changing the overall look and feel of Firefox, it also removed the add-on bar, as well as the ability to put the browser tabs on the bottom. Because of these changes, I will be deprecating my ancient add-on that tries to make things look more like Firefox 3.6. If you really want to make Firefox look like it was before Australis, you can use the Classic Theme Restorer add-on.
The Firefox 31 ESR also contains a completely rewritten version of Sync that uses Firefox Accounts. The current plan is to retire sync as soon as Firefox 31 comes out, so if you are using the old Sync in your organization, you should have your users migrate as soon as possible.
Another big change in the Firefox 31 ESR is the removal of Configurable security policies. These were actually removed in Firefox 29 by bug 913734. It was determined that the inability to link local files from web pages had a major impact on enterprises, so it was added back in bug 995943 (thanks Bobby Holley), but all other policies including clipboard access have been removed. I am working on an extension that will restore the clipboard policy, and I will probably add this to the CCK2 as well. If you need additional security policies, please comment on this post and I will investigate adding them.
If you're interested in finding out about other changes in the Firefox 31 ESR, you can read the end user release notes for the various releases (24.0, 25.0, 26.0, 27.0, 28.0, 29.0, 30.0). You can also read the developer notes for versions 25 through 31 for more detailed information.
If you're using CCK2, the latest version CCK2 already contains support for Australis. If you're not using it, you should be. It's the easiest way to customize Firefox for your organization.
I realize it's been quite a while since I've posted any updates. I've been heads down on some projects, as well as dealing with some personal issues.
I have been working on the CCK2, though, and I have a new version to share.
I've also changed the versioning to make it clear that this version is newer than the CCK Wizard.
My plan is to deprecate and remove the old CCK Wizard in the next few weeks, so please take some time to make sure the new CCK2 works for you.
And if the CCK2 is useful to your organization, please consider purchasing a support plan.
Lately, I've had a few requests to build site-specific browsers (SSBs). SSBs provide some great advantages for companies that have web applications that simply work better on Firefox.
- They can deliver their application to companies that don't use Firefox.
- They can reduce support costs because the user can't do anything to their browser that will break the application.
- They can ensure that their users are at a specific Firefox level.
- They can ensure that their users have any specific plugins or plugin versions needed for their application.
In the past, Mozilla had some technology around this like Prism and Chromeless, but decided that this avenue wasn't worth pursuing. There is currently some work around building a web application runtime that will hopefully make this easier, but in the meantime, I've chosen to build my SSBs using XULRunner.
XULRunner is a runtime provided by Mozilla that allows developers to create rich applications like work just like Firefox and Thunderbird. Lots of companies have used it to build some great applications.
If you're using XULRunner or have thought about XULRunner, you should be aware that Mozilla has plans to terminate the XULRunner build and encourage developers to use Firefox as a runtime. See this discussion on mozilla.dev.platform.
I've done some testing and I don't see this affecting any work I'm doing around SSBs because the "Firefox runtime" should provide the exact same functionality that XULRunner does. In addition, because SSBs do not connect to the external web, they are not updated as often and can safely stay on an older version of XULRunner if necessary.
Do you use any site-specific browsers or other XULRunner applications? Do you think this change by Mozilla will affect you?
A lot of what I've learned about customizing Firefox came from many different people asking me a question like - "Can you do this in Firefox?"
- Can you remove the Set as Background Image menuitem?
- Can you easily change the Firefox branding?
- Can you turn off private browsing?
- Can you block access to local files?
- Can you disable safe mode?
Through the research I did into these types of questions, I learned a lot about how Firefox works and how to modify it to meet the needs of various people and organizations. And a lot of what I learned ended up in the new CCK2.
Have you ever asked the question "Can you do this in Firefox?"
What did you want to do?
I just uploaded version 1.0 of the CCK2 to AMO. Until it is approved, you can get it here.
I decided that while I was getting some feedback, I'd get more if I just released it. It's not a polished as I wanted, but it's working in all my testing.
The main feature that didn't make it is preventing click to play for individual plugins. I did add a feature that allows you to enable all plugins for a given domain, even in current versions of Firefox.
Please let me know what you think. I feel like I've addressed a lot of the feedback I've received over the years.
Thanks for your support.
I was watching an interview with Robert D. Smith the other day, and he said something that really struck me. He said you should be generous with things that aren't your primary income source, but you shouldn't feel bad charging for your core business. His example was that a heart surgeon might gives speeches or advice for free, but generally doesn't do heart surgery for free.
When it comes to customizing and deploying Firefox, I've been giving lots of help and advice with the expectation that folks would hire me as a consultant to help with their business needs. That hasn't really happened though, so enterprise really doesn't provide much income for me at all. My primary business is building add-ons for Firefox, Chrome and Safari and I've been successful at doing that.
At the same time, the CCK Wizard has been downloaded almost 100,000 times. Thousands of people use the tools that I build and look to my blog for information about customizing Firefox.
I love helping people with Firefox, but my time is limited. So I've decided to leverage my 15+ years of Firefox experience and create a consulting service around enterprise Firefox.
Here's my plan.
As of January 1, 2014, I am introducing paid support for the CCK2 and the CCK Wizard.
There will be three support levels: free, basic and premium. (The CCK2 and CCK Wizard software will remain free.)
For free and basic support levels, all issues will come through cck2.freshdesk.com. Premium support subscribers will have the additional ability to submit confidential issues to me directly. Anyone will be able to open defects or participate in discussions, but the only way to guarantee any level of support is to purchase a support package.
My goal is for enterprise Firefox to become the primary focus of my business and maybe even my full time business. I hope you'll support me in this endeavor.
You can get full details at the CCK2 Support Page.
Firefox 24 ESR should be officially released today which means Firefox 17 ESR users will be automatically upgraded to Firefox 24 ESR. I want to take this opportunity to remind everyone of a major change that happened in Firefox 21 that will impact everyone upgrading to Firefox 24 ESR.
The location of a number of important files that are used to customize Firefox has changed. Here's the list:
- defaults/preferences -> browser/defaults/preferences
- defaults/profile -> browser/defaults/profile
- extensions -> browser/extensions
- searchplugins -> browser/searchplugins
- plugins -> browser/plugins
- override.ini -> browser/override.ini
If you find that anything you've customized is not working anymore, these changes are probably the reason.
I've made an early version of the CCK2 available for testing. I made an earlier version available to my newsletter subscribers last week, so I've already fixed quite a few bugs and addressed some issues.
I'm looking for feedback on general functionality and on import. Also, I'd love some feedback on how to best organize the stuff in the Services and User Interface panels. I'm having trouble coming up with ideas.
Do NOT use this for deployment purposes yet. It is for testing.
Problems should be reported at cck2.freshdesk.com.
My planned release for this is before the end of the year.