Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Firefox (v27/v28) - How to lock down History and Add-Ons?

Started by brantb , Jun 20 2014 10:04 AM
Firefox lockdown

  • Please log in to reply

#1
brantb
Posted 20 June 2014 - 10:04 AM

brantb

    Member

  • Member
  • PipPip
  • 11 posts

Hello,

 

I am familiar with the general technique of locking down various features of Firefox (using the "lockpref" directive in the "mozilla.cfg" file, and setting up a "local-settings.js" file).  Through various searches, and also some before/after observation of values in about:config, I have been able to determine how to lock down most of the settings I am interested in, and those are all working quite well.

 

However, two areas really seem to be eluding me - namely, always forcing Firefox to "Remember history", and also, making sure that access to the Add-Ons feature is locked out.  It would be ideal if the Tools -> Add-Ons menu item were just grayed out (inaccessible), but even if it can't easily be taken that far, I just want to make sure that no one mucks around with the Add-Ons (ie. no adding new ones, or updating - or even deleting - existing ones).

 

I will be managing the Firefox installation, and will keep the Add-Ons up-to-date once I have regression tested them.

 

If anyone knows the about:config values for these things, I would be most appreciative.  Or, if someone knows of a comprehensive listing of which about:config values correspond to what UI elements, that would be great too/instead.  Trial and error works, but it is very tedious :-).  And, I find it difficult to keep up with which config values are (still) active in any given version, and which ones no longer have any effect.

 

By the way - this happens to be for Firefox v27.  If you have info about v28, that would be fine too (upgrading to v28 is an option).  I'm not interested in v29/v30 though, as I have tried using the Australis interface and I have to say that I am not a fan of that look-n-feel.

 

Cheers!

 


  • 0

Advertisements

#2
SpywareDr
Posted 21 June 2014 - 12:32 PM

SpywareDr

    Member 3k

  • Member
  • PipPipPipPipPipPip
  • 3,996 posts

Tip: CVE-2014-1533

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 ... allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • 0

#3
brantb
Posted 26 June 2014 - 01:04 PM

brantb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Thanks SpywareDr - it never occurred to me that my problem of how to lock down some specific areas of Firefox would be solved simply by upgrading to version 30, in order to plug all previously-known Firefox vulnerabilities.  What a revelation.  Not.

 

I'm sorry to get sarcastic here (it is quite out of character for me), but this one has really pushed my button.

 

A few things to consider here ...

 

First of all, software companies (and communities) should ratchet down the development pace a bit, so that they can actually focus (more) on QA and vulnerability testing in the first place, rather than putting most of their energies into glitz and sizzle.  (In the case of Firefox, they have put a lot of effort into looking like Chrome.  If I wanted Chrome, I would have got Chrome - pretty simple formula.)

 

Secondly, version 30 is already vulnerable - we just don't know (exactly) to what extent yet, until v31 is released ... and then 32, and so on.  There should have been a serious fork in the Firefox development - or, an "about:config" way to revert to the previous UI (without having to employ 3rd party add-ons, etc. - which introduce an unnecessary layer of complexity, potential interactions, not to mention their own vulnerability points).  That way, vulnerabilities could have been addressed (so that the user community could continue do the responsible thing and stay updated) without ramming an unwanted (by many) UI paradigm down our throats.

 

Can you imagine the carnage if auto manufacturers constantly - and rapidly - changed where the steering wheel is, swapped the positions of the various pedals (or heck, took some away entirely), change the order of the gear shift, and so on?

 

Thirdly - your answer has absolutely nothing to do with the question I asked.  I did not ask a security/safety question - but thanks for contributing to the community through your Evangelism.

 

<echem...>

 

Now then, does anyone (else) have anything useful to contribute to the original topic?

 

Cheers!


  • 0

#4
SpywareDr
Posted 26 June 2014 - 04:19 PM

SpywareDr

    Member 3k

  • Member
  • PipPipPipPipPipPip
  • 3,996 posts

Sorry Gramps, but seat belts save lives. ;)


Edited by SpywareDr, 26 June 2014 - 04:20 PM.

  • 0
Back to Web Browsers and Email · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: Firefox, lockdown

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Software
  3. Web Browsers and Email

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP