Firefox Lockdown settings issue

Posted on

So I have to set some settings system wide for the Firefox browser in order to comply with a STIG that I'm required to do. I've followed the example at http://kb.mozillazine.org/Locking_preferences without any luck, namely I edited the /usr/lib64/firefox/default/preferences/all-redhat.js file and added:

pref("general.config.obscure_value", 0);
pref("general.config.filename", "mozilla.cfg");

and then created the mozilla.cfg in the same directory, chmod it to 644 and inserted the following:

//
lockPref("browser.startup.homepage", "https://www.us.army.mil/suite/page/429668");
lockPref("browser.download.dir", "N:");
lockPref("browser.download.downloadDir", "N:");
lockPref("app.update.enabled", false);
lockPref("extensions.update.enabled", false);
lockPref("browser.shell.checkDefaultBrowser", false);
lockPref("browser.search.update", false);
lockPref("browser.formfill.enable", false);
lockPref("signon.prefillForms", false);
lockPref("dom.disable_open_during_load", true);
lockPref("dom.disable_window_move_resize", true);
lockPref("dom.event.contextmenu.enabled", false);
lockPref("dom.disable_window_status_change", true);
lockPref("dom.disable_window_flip", true);
lockPref("dom.disable_window_open_feature.status", true);
lockPref("security.warn_leaving_secure", true);
lockPref("privacy.sanitize.promptOnSanitize", false);
lockPref("privacy.sanitize.sanitizeOnShutdown", true);
lockPref("security.default_personal_cert", "Ask Every Time");
lockPref("signon.rememberSignons", false);
lockPref("xpinstall.whitelist.required", true);
lockPref(“network.protocol-handler.external.shell”,false);
lockPref(“security.enable_ssl3”,true);
lockPref(“security.enable_ssl2”,false);
lockPref(“security.enable_tls”,true);
lockPref("plugin.disable_full_page_plugin_for_types", "application/pdf,application/doc,application/xls,application/bat,application/ppt,application/mdb,application/mde,application/fdf,application/xfdf,application/lsl,application/lso,application/lss,application/iqy,application/rqy,application/xlk,application/pot,application/pps,application/dot,application/wbk,application/ps,application/eps,application/wch,application/wcm,application/wbi,application/wb1,application/wb3,application/rtf,application/wch,application/wcm,application/ad,application/adp,application/xlt, application/dos, application/wks");
lockPref("privacy.item.history", false)

Initially, when starting, firefox would complain that my config file could not be read, and that I should contact my admin. So I did, and I had no answer for myself.

Reading forums brought me to the conclusion that I should reinstall firefox. So I did. Same issue. I then deleted all of the mozilla and firefox associated files, and then reinstalled.

As to be expected, the third time was the charm. No errors. Except one. It never loaded, nor locked my preferences.

Now I brought this up to the people over at mozilla and they're quite convinced it's not their problem as Red Hat folk have modified their precious code.

Anyone who has had similar issues on the net and have posted in forums have also met my same fate.

Thoughts or solutions?

~Matt

MC

Responses