Deploying Public Fox

[Strewth]

Is anyone using the Firefox addon: Public Fox?
It's a very simple way to lockdown various settings.
However, I'm having problems deploying it for multiple users.
Firstly, I don't want it deployed across the entire network - just to a select number of staff.
When you download and install it on a single PC it works fine but if you use a command line to install it for all users of the PC it errors out with: 'Not compatable with FF version 3.5.3'
As an admin it's then possible to update the addon from within FF such that it is compatable. Unfortunately, other users cannot do this update due to our account restrictions.
Any ideas?

[Arthur]

You could edit the add-on to make it compatible. For PublicFox, you would need to change the maxVersion value in the Install.rdf file from '3.2a1pre' to '3.5.*'. I think the PublicFox author must have made a typo, because the AMO website states it is compatible with all Firefox versions up to 3.6a1pre which would obviously include v3.5.3.

After you have done the above you should be able to re-install it for the users that need it using the command below e.g. via a script.

Code:

"%ProgramFiles%\Mozilla Firefox\Firefox.exe" -install-global-extension "X:\Path\To\Add-on\public_fox-1.06-fx.xpi"

If PublicFox still doesn't work after doing this, there are several other methods of locking down Firefox that you might want to try.

1) If you have a proxy server you can add the file-types you don't want people to download (exe, vbs etc.) to a blacklist.

2) To block about:config you can copy a file called 'disableAboutConfig.js' from the CCK Wizard add-on to: "%ProgramFiles%\Mozilla Firefox\Components".

3) Add '<em:hidden>true</em:hidden>' and '<em:locked>true</em:locked>' to the install.rdf of each add-on you don't want people to uninstall/disable. This only works for add-ons which are installed as global extensions, plus the 'hidden' property will be removed in Firefox v3.6 so you will only be able to prevent add-ons from being disabled. This shouldn't be a problem though, as it's possible to achieve the same result using the CSS below in your userChrome.css file.

Code:

/* Hide ALL extensions */
#extensionsManager extension, #extensionsManager richlistitem { 
display: none !important; 
}

4) Hide various parts of the UI using the userChrome.css file (as Michael has done with his Firefox package). Example...

Code:

/* File Menu */
menuitem#menu_sendLink, 
#menu_import, 
#menu_import + menuseparator, 
#goOfflineMenuitem { display: none !important; }

/* View Menu */
#viewToolbarsMenu, 
#menu_bookmarksSidebar, 
#charsetMenu { display: none !important; }

/* History Menu */
#menu_showAllHistory { display: none !important; }

/* Bookmarks Menu (and Sidebar) */
#bookmarksMenu, 
#bookmarksPanel { display: none !important; }

/* Tools Menu */
#menu_search, 
#browserToolsSeparator, 
#menu_openAddons, 
#devToolsSeparator, 
#javascriptConsole, 
#sanitizeSeparator, 
#privateBrowsingItem, 
#sanitizeItem { display: none !important; }

/* Help Menu */
#menu_openHelp, menuitem[label="For Internet Explorer Users"], 
#releaseNotes, 
#menu_HelpPopup_reportertoolmenu, 
#menu_HelpPopup_reportPhishingtoolmenu, 
#menu_HelpPopup_reportPhishingErrortoolmenu, 
#checkForUpdates { display: none !important; }

/* Hide all Help menu separators */
menu[label="Help"] menuSeparator { display: none !important; }

/* Remove bookmarks toolbar */
#PersonalToolbar { display: none !important; }

5) Prevent file-system browsing (via the file:// protocol) by adding the code below to your userContent.css file. This stop users from typing C:\ (or any other drive letter) into the address bar and viewing the contents of your hard drives/mapped network drives.

Code:

@-moz-document url-prefix(file://) {
 html > body { visibility: hidden !important; 
}

I'm currently working on an extremely locked-down Firefox package for my school. However, it won't be ready until after Firefox v3.6 is released in November. I'll make sure I post details on EduGeek on what I did when that's done though.

[Edu-IT]

Have you tried the Firefox version that Michael (?) has already created? It seems to work well and comes locked down already. Have a search on here.

[Arthur]

Have you tried the Firefox version that Michael (?) has already created? It seems to work well and comes locked down already. Have a search on here.

For a link to Michael's Firefox package see item 4 in my post above. It's worth bearing in mind that his version isn't completely locked down though.

[Michael]

For clarification pretty much all settings on the Options menu are greyed out and access to the about:config option is disabled thanks to Arthur's contribution. I have also removed the Bookmarks menu and included a Favourites add-on which dynamically reads Internet Explorer's favourites. I designed the package to work transparently with IE and testing has shown to be very successful with both confident and not so confident users browsing the web.

I'm pretty confident my efforts are sufficiently tamper proof, but I welcome Arthur's efforts to go one step further than I have. I suppose technically a 100% locked down version of FF would involve locking down every single option on the about:config menu. There are quite a few I assure you

[Edu-IT]

For a link to Michael's Firefox package see item 4 in my post above. It's worth bearing in mind that his version isn't completely locked down though.

Sorry, didn't see that.

[Fruity]

Also worth checking out is the Frontmotion Firefox edition.

Amongst other things it is deployable via AD and is configurable via Group Policy.

Works well for me.

FrontMotion Firefox Community Edition

[Michael]

My latest version is locked down, customisable and deployable. You can check out details here