Mike Petersen

Network Admin, Programmer, Technical Writer, SuSE Linux Fan, etc.

Kixtart Scripts

Firefox Lockdown Instructions

This page shows how to easily lock-down Mozilla Firefox's Settings before you deploy the app with my Deployment Utility. These instructions are based on Chris LLias's Blog entry about Locking Down Firefox.

1. Edit the file "Mozilla Firefox\greprefs\all.js" and add the following to the end of it:

pref("general.config.filename", "mozilla.cfg");

2. Create a new file called "mozilla.txt" and add any lockdown settings you want, an example is:

//
lockPref("app.update.enabled", false);
lockPref("network.proxy.type", 0);
lockPref("browser.startup.page", 1);
lockPref("browser.startup.homepage", "http://www.google.com/");

You can find more options to lockdown below, or you can browse the "about:config" page to find more settings to lockdown.

3. Now, you must "encode" the "mozilla.txt" file into a "mozilla.cfg" file. To do this use the application located here, or even easier is the online converter located at:
   http://www.alain.knaff.lu/%7Eaknaff/howto/MozillaCustomization/cgi/byteshf.cgi.
4. Finally, put the new "mozilla.cfg" file into the "Mozilla Firefox" directory. Now you are ready to deploy Firefox with the appropriate settings "Locked-Down".

Firefox Lockdown Settings

There are many ways to find various settings you can lock down within firefox. The most thorough way is to simply browse through the "about:config" page within Firefox. A few settings not readily apparent is the ability to disable extensions and themes, you can do this by setting the following:

lockPref("config.lockdown.disable_extensions", true);
lockPref("config.lockdown.disable_themes", true);

Also, if you want to disable the ability to access the "about:config" page you must copy this file into the "Mozilla Firefox\components\" directory.

To lock down basic settings, here is a list of the settings available through the "Options" Dialog (Current with Firefox 2.0.0.6). Remember, there are quite a few more available through the "about:config" Firefox page, but these should get you started.

Main Tab

• Startup - "When Firefox Starts:"

lockPref("browser.startup.page", 0);

Where:

0 = "Show a blank page"
1 = "Show my home page"
3 = "Show my windows and tabs from last time"

• Startup - "Home Page"

lockPref("browser.startup.homepage", "http://www.google.com/");

• Downloads - "Show the Downloads window when downloading a file"

lockPref("browser.download.manager.showWhenStarting", false);

• Downloads - "Close it when all downloads are finished"

lockPref("browser.download.manager.closeWhenDone", true);

• Downloads - "Save files to:" (All must be set)

lockPref("browser.download.useDownloadDir", true);
lockPref("browser.download.dir", "C:\\Downloads");
lockPref("browser.download.downloadDir", "C:\\Downloads");
lockPref("browser.download.folderList", 2);

• Downloads - "Always ask me where to save files"

lockPref("browser.download.useDownloadDir", false);

• System Defaults - Always check to see if Firefox is the default browser on startup:

lockPref("browser.shell.checkDefaultBrowser", false);

Tabs Tab

• New pages should be opened in: a new window

lockPref("browser.link.open_external", 2);
lockPref("browser.link.open_newwindow", 2);

• New pages should be opened in: a new tab

lockPref("browser.link.open_external", 1);
lockPref("browser.link.open_newwindow", 1);

• Warn me when closing multiple tabs

lockPref("browser.tabs.warnOnClose", false);

• Warn me when opening multiple tabs might slow down Firefox

lockPref("browser.tabs.warnOnOpen", false);

• Always show the tab bar

lockPref("browser.tabs.autoHide", false);

• When I open a link in a new tab, switch to it immediately

lockPref("browser.tabs.loadInBackground", false);

Content Tab

• Block pop-up windows

lockPref("dom.disable_open_during_load", false);

Note that exceptions are added to the hostperm.1 file in the user's Firefox profile.

• Load images automatically

lockPref("permissions.default.image", 2);

Where (1) is checked and (2) is unchecked.

Note that exceptions are added to the hostperm.1 file in the user's Firefox profile.

• Enable JavaScript

lockPref("javascript.enabled", false);

Advanced JavaScript Settings

• To disable the Advanced button

lockPref("pref.advanced.javascript.disable_button.advanced", true);

• Move or resize existing windows

lockPref("dom.disable_window_move_resize", true);

• Raise or lower windows

lockPref("dom.disable_window_flip", false);

• Disable or replace context menus

lockPref("dom.event.contextmenu.enabled", false);

• Hide the status bar

lockPref("dom.disable_window_open_feature.status", false);

• Change status bar text

lockPref("dom.disable_window_status_change", false);

• Enable Java

lockPref("security.enable_java", false);

• Fonts & Colors

You could lock down these settings, but not recommended as each user utilizes their own preferences

• File Types

The app that opens each type of file is written to the "mimeTypes.rdf" file in the user's profile. However, you can disable the apps "browser plugin" by adding something similar to the following, forcing the user to "save the file" to disk:

lockPref("plugin.disable_full_page_plugin_for_types", "audio/x-ms-wma,application/pdf");

Privacy Tab

• History - Remember visted pages for the last _ days

lockPref("browser.history_expire_days", 4);
lockPref("browser.history_expire_days.mirror", 4);

Set "browser.history_expire_days" to "0" to disable History completely

• History - Remember what I enter in forms and the search bar

lockPref("browser.formfill.enable", false);

• History - Remember what I've Downloaded

lockPref("browser.download.manager.retention", 0);

Set to "2" to enable

• Cookies - Accept cookies from sites

lockPref("network.cookie.cookieBehavior", 2);

Where "0" is enabled, "2" is disable cookies

• Cookies - Keep until:

lockPref("network.cookie.lifetimePolicy", 2);

Where "0" is "they expire" - "1" is "ask me every time" - "2" is "I close Firefox"

• Cookies - Exceptions (disable the button)

lockPref("pref.privacy.disable_button.cookie_exceptions", false);

Note that Cookie exceptions are added to the hostperm.1 file in the user's Firefox profile.

• Private Data - Always clear my private data when I close Firefox

lockPref("privacy.sanitize.sanitizeOnShutdown", true);

Clear Private Data Settings

• Browsing History

lockPref("privacy.item.history", true);

• Download History

lockPref("privacy.item.downloads", true);

• Saved Form Information

lockPref("privacy.item.formdata", true);

• Cache

lockPref("privacy.item.cache", true);

• Cookies

lockPref("privacy.item.cookies", false);

• Saved Passwords

lockPref("privacy.item.passwords", false);

• Authenticated Sessions

lockPref("privacy.item.sessions", true);

• Private Data - Ask me before clearing private data

lockPref("privacy.sanitize.promptOnSanitize", false);

Security Tab

• Warn me when sites try to install add-ons

lockPref("xpinstall.whitelist.required", true);

Note that "Add-ons" exceptions are added to the hostperm.1 file in the user's Firefox profile.

• Tell me if the site I'm visiting is a suspected forgery

lockPref("browser.safebrowsing.enabled", true);

Note: To utilize "Google" to check for web forgeries the user must Accept an EULA.

• Passwords - Remember passwords for sites

lockPref("signon.rememberSignons", true);

• Passwords - Use a master password

The user must enter a master password when enabling, thus you cannot enforce this setting

• Passwords - Disable the "Show Passwords" Button

lockPref("pref.privacy.disable_button.view_passwords", true);

• Warning Messages
• I am about to view an encrypted page

lockPref("security.warn_entering_secure", false);

• I am about to view a page that uses low-grade encryption

lockPref("security.warn_entering_weak", false);

• I leave an encrypted page for one that isn't encrypted

lockPref("security.warn_leaving_secure", false);

• I submit information that's not encrypted

lockPref("security.warn_submit_insecure", false);

• I am about to view an encrypted page that contains some unencrypted information

lockPref("security.warn_viewing_mixed", false);

Advanced Tab

• General - Accessibility - Always use the cursor keys to navigate within pages

lockPref("accessibility.browsewithcaret", true);

• General - Accessibility - Search for text when I start typing

lockPref("accessibility.typeaheadfind", true);

• General - Browsing - Use autoscrolling

lockPref("general.autoScroll", false);

• General - Browsing - Use smooth scrolling

lockPref("general.smoothScroll", true);

• General - Browsing - Check my spelling as I type

lockPref("layout.spellcheckDefault", 1);

Where "0" is no spell checking and "1" is spell checking enabled

• Network - Connection - Configure how Firefox connects to the Internet

lockPref("network.proxy.type", 0);

Where

• "0" is "Direct connection to the Internet"
• "1" is "Manual proxy configuration"

You must also set the following:

lockPref("network.proxy.http", "firewall.private.lan");
lockPref("network.proxy.http_port", 3128);
lockPref("network.proxy.ssl", "firewall.private.lan");
lockPref("network.proxy.ssl_port", 3128);
lockPref("network.proxy.ftp", "firewall.private.lan");
lockPref("network.proxy.ftp_port", 3128);
lockPref("network.proxy.gopher", "firewall.private.lan");
lockPref("network.proxy.gopher_port", 3128);
lockPref("network.proxy.socks", "firewall.private.lan");
lockPref("network.proxy.socks_port", 3128);

You can also list addresses that you do not want to use the proxy for:

lockPref("network.proxy.no_proxies_on", "localhost, 127.0.0.1, www.mozilla.com");

• "2" is "Automatic proxy configuration URL"

You can also set the following setting for the correct autoconfig URL

lockPref("network.proxy.autoconfig_url", "http://mysite.com/");

• "4" is "Auto-Detect proxy settings for this network"
• Network - Cache - Size (Use up to _ MB of space for the cache)

lockPref("browser.cache.disk.capacity", 5000);

Where 5000 is 5MB, etc.

• Update - Automatically Check For Updates to: Firefox

lockPref("app.update.enabled", false);

• Update - Automatically Check For Updates to: Installed Add-ons

lockPref("extensions.update.enabled", true);

• Update - Automatically Check For Updates to: Search Engines

lockPref("browser.search.update", true);

• Update - When Updates to Firefox are found:

lockPref("app.update.auto", false);

Will set the checkbox to "Ask me what I want to do, While

lockPref("app.update.mode", 0);

Set to "0" will set to Automatically download and install the update and not check the "Warn me if this will disable any of my add-ons", Set to "1" will check both the Automatically download/install as well as the warn about disabling add-ons.

• Encryption - Protocols - Use SSL 3.0

lockPref("security.enable_ssl3", true);

• Encryption - Protocols - Use TLS 1.0

lockPref("security.enable_tls", true);

• Encryption - Certificates - When a web site requires a certificate

lockPref("security.default_personal_cert", "Ask Every Time");

Back to Kixtart Scripts Home