Firefox ESR Only Changes

There are a few changes that are coming for Firefox that will be major headaches for enterprise, educational, government and other institutional deployments. These include the removal of the distribution/bundles directory as well as the requirement for all add-ons to be signed by Mozilla.

Given that these two changes are not needed for enterprise, there has been some discussion of not putting these changes into the Firefox ESR.

So I’m curious: besides these two changes, what other things do you think should be different between regular Firefox and the Firefox ESR? I’m not talking about creating new features for the ESR, I’m only talking about enabling and/or disabling features.

Put your suggestions in the comments. I’ll put mine there as well.

CCK2 2.0.21 released

I’ve released new version of the CCK. New features include:

  • Setting a lightweight theme
  • Clearing preferences
  • Setting user preference values (versus default or locking)
  • More control over the CA trust string
  • Security devices are loaded at startup and fail gracefully (so multiple platforms can be specified)
  • Redesign of security devices dialog
  • Distribution info on about dialog is no longer bolded
  • Proxy information can be set in the preference page (if you want user values, not default/locked)
  • Better migration of bookmarks between versions
  • Better errors for cert download failures

Bugs fixed include:

  • International characters not working properly
  • CA trust string not being used
  • Unable to set the plugin.disable_full_page_plugin_for_types
  • Bookmarks not deleted when migrating from CCK Wizard

If you find bugs, please report them at

Priority support is given to folks with support subscriptions. If the CCK2 is important to your company, please consider purchasing one.

Major Update to Keyword Search

I’ve released a major update to Keyword Search that resolves ALL coexistence problems with Tab Mix Plus. It should also fix all the strange behaviors people were seeing with regards to searches happening in incorrect tabs.

I’ve also added support for setting a separate search engine for the context menu, as well as fixed some visual problems on about:home.

You can get it here, or you will be automatically updated.

CCK2 New Features

I’ve had some feature requests from subscribers to my premium support package, so everyone will see the benefits in the next release.

The first request was to be able to add a lightweight theme via the CCK2. That ability will be in the next CCK2. You simply give the CCK2 the URL for a theme on AMO and the CCK2 will do the rest.

The second request was for the ability to set the user value of preference versus the default value or locking the preference (the pref() function in Autoconfig). I’ve added that functionality.

The third request was for better support for software security devices on multiple platforms. I’ve updated the code so it checks to see if the device is there before trying to add it allowing you to mix multiple platform paths. In addition, I try to add the device at every startup so that if the device is added after the CCK2 is installed, it will still get added to Firefox.

Do you wish that the CCK2 has a feature? Purchasing a support package can make it happen.

Membership has its privileges.

What I Do

One of the trickier things about being self-employed, especially around an open source project like Firefox, is knowing where to draw the line between giving out free advice and asking people to pay for my services. I’m always hopeful that answering a question here and there will one day lead to folks hiring me or purchasing CCK2 support. That’s why I try to be as helpful as I can.

That being said, I’m still surprised at the number of times a month I get an email from someone requesting that I completely customize Firefox to their requirements and deliver it to them for free. Or write an add-on for them. Or diagnose the problem they are having with Firefox.

While I appreciate their faith in me, somehow I think it’s gotten lost somewhere that this is what I do for a living.

So I just wanted to take a moment and let people know that you can hire me. If you need help with customizing and deploying Firefox, or building Firefox add-ons or building a site-specific browser, that’s what I do. And I’d be more than happy to help you do that.

But if all you have is a question, that’s great too. The best place to ask is on my support site at

CCK2 2.0.20 Available

I’ve just made version 2.0.20 of the CCK2 available. It contains the following changes:

  • Multiple CCK2s can now coexist
  • Rework of how Hidden UI works, including hiding UI on chrome pages (about:addons)
  • Can completely disable Firefox Health Report
  • Add the ability to disable the extension compatibility check at startup
  • Add support for adding security devices
  • Add the ability to disable search plugin installs from web pages and the search menu
  • Add a tooltip to the menu that shows the ID and version of a config
  • Disable the Firefox Refresh button on webpages
  • Bug Fix: Hiding help menu items didn’t remove them from the help popup in the Firefox menu
  • Bug Fix: Autoconfig only, sometimes extensions wouldn’t install
  • Bug Fix: Sometimes telemetry prefs didn’t migrate correctly from old CCK
  • Bug Fix: Default browser error on Mac OS X Yosemite
  • Bug Fix: CCK2 Wizard didn’t work on Firefox menu
  • Bug Fix: Adding Extensions with international characters in their install.rdf didn’t work

If you find bugs, please report them at

Priority support is given to folks with support subscriptions. If the CCK2 is important to your company, please consider purchasing one.

Installing Certificates Into Firefox

UPDATE: Due to various bugs around accessing the certDB too early, I’ve updated the code to update the certDB on a delay.

There are lots of organizations that use their own certificate authority to issue certificates for their internal servers. Unfortunately since Firefox does not use the Windows certificate store[1], these have to be manually added into Firefox. This post will cover how to get those CAs into Firefox.


The easiest way to get your CAs into Firefox is to use CCK2. CCK2 allows certificate authorities and server certificates to be installed into the browser. It supports PEM, DER and text. It also allows you to designate certificate overrides (sites where certificate errors are ignored). Just go to the certificate page and point to either a URL or a local file where the certificate is contained.

AutoConfig via JavaScript

If you’re using AutoConfig without CCK2, you can still use the API that the CCK2 uses to install certificate authorities. Here’s what it looks like to install the root certificate:

var observer = {
  observe: function observe(aSubject, aTopic, aData) {
    var certdb = Components.classes[";1"].getService(Components.interfaces.nsIX509CertDB);
    var certdb2 = certdb;
    try {
      certdb2 = Components.classes[";1"].getService(Components.interfaces.nsIX509CertDB2);
    } catch (e) {}
    cert = "MIIHPT...zTMVD"; // This should be the certificate content with no line breaks at all.
    certdb2.addCertFromBase64(cert, "C,C,C", "");
Services.obs.addObserver(observer, "profile-after-change", false);

The three Cs mean to trust the certficate for servers, email and objects. The third parameter is the name, but it is ignored. If you want to install binary certificates, things get more complicated. In that case, I’d definitely recommend the CCK2.


PolicyPak supports adding certificate authorites to Firefox via Group Policy.

Preload the certificate databases

Some people create a new profile in Firefox, install the certificates they need, and then distribute the various db files (cert8.db, key3.db and secmod.db) into new profiles using this method. I don’t recommend this method (and it only works for new profiles).


If you’re a real diehard, you can use certutil to update the Firefox certificate databases from the command line.

Hopefully one of these methods will work for you. Did I miss a method? Let me know in the comments.

[1] See: bug 432802 and bug 472113

What About Firefox Deployment?

You might have noticed that I spend most of my resources around configuring Firefox and not around deploying Firefox. There are a couple reasons for that:

  1. There really isn’t a “one size fits all” solution for Firefox deployment because there are so many products that can be used to deploy software within different organizations.
  2. Most discussions around deployment devolve into a “I wish Mozilla would do a Firefox MSI” discussion.

That being said, there are some things I can recommend around deploying Firefox on Windows.

If you want to modify the Firefox installer, I’ve done a few posts on this in the past:

If you need to integrate add-ons into that install, I’ve posted about that as well:

You could also consider asking on the Enterprise Working Group mailing list. There’s probably someone that’s already figured it out for your software deployment solution.

If you really need an MSI, check out FrontMotion. They’ve been doing MSI work for quite a while.

And if you really want Firefox to have an official MSI, consider working on bug 598647. That’s where an MSI implementation got started but never finished.

I Used the CCK2 Wizard – What Now?

One of the most common questions I get asked is what to do with the result that the CCK2 Wizard produces. This post will address that question.

After you’ve completed your customizations using the CCK2 Wizard, you have two choices: create an extension or use AutoConfig.

Let’s start with AutoConfig (which is what I recommend.) AutoConfig is the tried and true method of customizing Firefox that’s been around forever. You can read an old post about it here. I’m also working on an AutoConfig eBook that I hope to have out soon.

With AutoConfig, things are quite simple (at least on Windows and Linux). The output of the CCK2 Wizard is a zip file that can be unzipped in the same directory where the Firefox executable is located. It puts all the necessary files in the right places and you can immediately start Firefox and see your customizations. Things are not so good on Mac starting with Firefox 34. AutoConfig is broke right now due to the new Apple signing requirements. We’re investigating the best way to fix that.

Your other option with the CCK2 is to generate an extension. This produces an XPI file which can simply be installed in Firefox the same way any other extensions is installed – by dragging and dropping it onto the browser. If you want to deploy the extension you’ve created, I’ve documented a number of the different ways you can integrate an extension into Firefox. Each of these methods has positives and negatives – it’s up to you to decide what to do for your situation.

Some people might wonder why I don’t just have the CCK2 generate a new installer. In my experience, there are so many different ways that people deploy applications that it would not be worth it. In the past, I have documented how to bundle your changes with the Windows installer if you are so inclined.

Hopefully this gets most folks started with the CCK2. Please let me know if I’ve missed something.

Keyword Search for Christmas

I just wanted to say thanks to Mozilla for selecting Keyword Search as one of the best add-ons of 2014.

To celebrate, I’ve finally updated Keyword Search to work better with the search changes in Firefox 34. You can specify separate search engines for about:home and the new tab page and you get images that match the search you are using.

I also added a new feature for international users that allows to be used regardless of the country you are in. This became an issue recently when Google started forcing all searches to country searches even if you start them on

You can download the latest version here.

Happy holidays!