Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Firefox (v27/v28) - How to lock down History and Add-Ons?

Firefox lockdown

  • Please log in to reply

#1
brantb

brantb

    Member

  • Member
  • PipPip
  • 11 posts

Hello,

 

I am familiar with the general technique of locking down various features of Firefox (using the "lockpref" directive in the "mozilla.cfg" file, and setting up a "local-settings.js" file).  Through various searches, and also some before/after observation of values in about:config, I have been able to determine how to lock down most of the settings I am interested in, and those are all working quite well.

 

However, two areas really seem to be eluding me - namely, always forcing Firefox to "Remember history", and also, making sure that access to the Add-Ons feature is locked out.  It would be ideal if the Tools -> Add-Ons menu item were just grayed out (inaccessible), but even if it can't easily be taken that far, I just want to make sure that no one mucks around with the Add-Ons (ie. no adding new ones, or updating - or even deleting - existing ones).

 

I will be managing the Firefox installation, and will keep the Add-Ons up-to-date once I have regression tested them.

 

If anyone knows the about:config values for these things, I would be most appreciative.  Or, if someone knows of a comprehensive listing of which about:config values correspond to what UI elements, that would be great too/instead.  Trial and error works, but it is very tedious :-).  And, I find it difficult to keep up with which config values are (still) active in any given version, and which ones no longer have any effect.

 

By the way - this happens to be for Firefox v27.  If you have info about v28, that would be fine too (upgrading to v28 is an option).  I'm not interested in v29/v30 though, as I have tried using the Australis interface and I have to say that I am not a fan of that look-n-feel.

 

Cheers!

 


  • 0

Advertisements


#2
SpywareDr

SpywareDr

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,771 posts

Tip: CVE-2014-1533

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 ... allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • 0

#3
brantb

brantb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Thanks SpywareDr - it never occurred to me that my problem of how to lock down some specific areas of Firefox would be solved simply by upgrading to version 30, in order to plug all previously-known Firefox vulnerabilities.  What a revelation.  Not.

 

I'm sorry to get sarcastic here (it is quite out of character for me), but this one has really pushed my button.

 

A few things to consider here ...

 

First of all, software companies (and communities) should ratchet down the development pace a bit, so that they can actually focus (more) on QA and vulnerability testing in the first place, rather than putting most of their energies into glitz and sizzle.  (In the case of Firefox, they have put a lot of effort into looking like Chrome.  If I wanted Chrome, I would have got Chrome - pretty simple formula.)

 

Secondly, version 30 is already vulnerable - we just don't know (exactly) to what extent yet, until v31 is released ... and then 32, and so on.  There should have been a serious fork in the Firefox development - or, an "about:config" way to revert to the previous UI (without having to employ 3rd party add-ons, etc. - which introduce an unnecessary layer of complexity, potential interactions, not to mention their own vulnerability points).  That way, vulnerabilities could have been addressed (so that the user community could continue do the responsible thing and stay updated) without ramming an unwanted (by many) UI paradigm down our throats.

 

Can you imagine the carnage if auto manufacturers constantly - and rapidly - changed where the steering wheel is, swapped the positions of the various pedals (or heck, took some away entirely), change the order of the gear shift, and so on?

 

Thirdly - your answer has absolutely nothing to do with the question I asked.  I did not ask a security/safety question - but thanks for contributing to the community through your Evangelism.

 

<echem...>

 

Now then, does anyone (else) have anything useful to contribute to the original topic?

 

Cheers!


  • 0

#4
SpywareDr

SpywareDr

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,771 posts

Sorry Gramps, but seat belts save lives. ;)


Edited by SpywareDr, 26 June 2014 - 04:20 PM.

  • 0






Similar Topics


Also tagged with one or more of these keywords: Firefox, lockdown

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP