Skip to the content of the web site.

Linux | FirefoxLockdown

Firefox was chosen as the kiosk browser because of the extensions available for it and the ease with which it's user interface can be manipulated. Three extensions were installed autohide, inactivity reset, and single window. These extensions allow mozilla to open in fullscreen mode, clear user information, and to only use one window. It was still necessary to lockdown the browser interface itself. Firefox exposes the the filesystem through the file:// URI, the configuration through the about:config URI, and finally it exposes the file system through resource://. Others have experienced similiar problems locking down firefox. Fortunately, the solution to this is a bit of javascript that uses regular expression to block URI types that are unwanted. This should be placed in the browser.js file which can be extracted from firefox's browser.jar archive.
  if (location.match(/^file:/) || 
    location.match(/^\//) || 
    location.match(/^chrome:/) ||
    location.match(/^resource:/) ||
    (!location.match(/^about:blank/) &&
    location.match(/^about:/))) {
    loadURI("about:blank");
    } 

Specifics on where in the file this should be placed can be found at Andrew Mutch's website. He has encountered some of the issues I had when setting up a kiosk browser and has also provided a guide for editing firefox's browser.xul file in order to remove interface elements. An indepth guide can be found here, his site also contained several interesting articles on securing firefox in general. Several user interface elements may be disabled by editing the file userChrome.css located in the guest user's firefox chrome configuration directory. Examples of this can be found on the mozilla website. The original copy of the browser.jar archive was kept so that it is possible for firefox to revert to its orginial state. The scripts lock.sh and unlock.sh are two simple scripts that move the archive browser.jar and browser.jar.orig.

It is also possible to disable other unwanted protocols by adding the following lines to prefs.js

user_pref("network.protocol-handler.external.snews", false);
user_pref("network.protocol-handler.external.news", false);
user_pref("network.protocol-handler.external.irc", false);
user_pref("network.protocol-handler.external.mail", false);
user_pref("network.protocol-handler.external.mailto", false); 

In order to completely disable the filepicker I edited the file filepicker.xul and commented out all the lines contained in the dialog tag. This was needed in order to ensure that users could not see the filesystem when picking a helper application or if they tried to run javascript from a website. A good example of this is the attachment button in most webmail applications. With these lines commented out only a blank window will be shown.

A CustomChrome was written using the userChrome.css file. Further modifications of the browser behaviour were needed so the file browser.xul was modified to comment out commands, such as open file, that should not be run. The format of brower.xul changes from version to version of firefox so I tried to avoid heavy modification. If the guide by Andrew Mutch is read the first part describes the steps I took to disable certain commandsets that were undesirable.

Further steps were required to lockdown firefox. The prefs.js, userChrome.css and history.dat files were made read-only and owned by root to prevent users from changing preferences in the event they somehow got access to those files. Making history.dat read-only prevents any history from being saved and ensures that features like URL saving in the URL entry bar are disabled permanently.

Finally, a few tweaks were made to the prefs.js file these are outlined below. Note these only include tweaks that were made directly using about:config other changes were made in the graphical configuration. Typeahead, cache, history, etc... were disabled. The homepage was set, etc...

user_pref("accessibility.typeaheadfind.autostart", false); 
user_pref("applications.rlogin", ""); 
user_pref("applications.rlogin_with_user", ""); 
user_pref("applications.telnet", ""); 
user_pref("applications.tmp_dir, "");
user_pref("applications.tn3270", ""); 
user_pref("browser.cache.disk.enable", false); 
user_pref("browser.cache.memory.enable", false); 
user_pref("browser.throbber.url", "http://www.uwaterloo.ca"); 
user_pref("network.cookie.enableForCurrentSessionOnly", true);
user_pref("security.warn_entering_secure", false);
user_pref("security.warn_entering_secure.show_once", false);
user_pref("security.warn_entering_weak", false);
user_pref("security.warn_entering_weak.show_once", false);
user_pref("security.warn_leaving_secure", false);
user_pref("security.warn_leaving_secure.show_once", false);
user_pref("security.warn_submit_insecure", false);
user_pref("security.warn_submit_insecure.show_once", false);
user_pref("security.warn_viewing_mixed", false);
user_pref("security.warn_viewing_mixed.show-once", false);
user_pref("update_notifications.enabled", false);
user_pref("browser.urlbar.autocomplete.enabled", false);
user_pref("browser.urlbar.showPopup", false);
user_pref("browser.urlbar.showSearch", false);
user_pref("extensions.kioskreset.inactivity.seconds", 600);

-- DavidCollie - 15 Nov 2004