I find myself installing Firefox on almost every computer I administer. Here are the things I do to make it more useful and secure.
On Linux, use your distribution’s package manager to fetch and install Firefox. Couldn’t be easier.
On Windows, download either the regular or ESR version. The Mozilla project strongly recommends the former, but many users more interested in productivity than in UI churn just as strongly prefer the latter. Double click to install. There is no official MSI installer for Firefox, not even for ESR. If you are you getting the feeling that Mozilla really really doesn’t want their browser used by organizations, I wouldn’t argue with you. However, FrontMotion provides well-regarded unofficial MSIs.
To economize on browser space, I disable the bookmarks toolbar (right click in the blank space to the right of the “open a new tab” button, then disable).
Open Preferences (Menu Button – Preferences) and tweak as desired. I usually set:
- General – Startup – When Firefox starts: As desired. For personal use, I prefer a blank page. For public kiosk use, typically this is set this to the home page, and the home page is set per institutional policy.
- General – Downloads: Usually I set this to the platform’s default download directory. Public kiosk users can’t seem to find anything that’s not in their face, so in that case I save to the desktop.
- Tabs: I have new pages to be opened in new tabs, not new windows.
- Content: I enable “Block pop-up windows”. I press the exceptions button to see if some web sites are allowed to open pop-up windows, and delete any sites that seem suspicious.
- Privacy: In Tracking, I enable “Tell web sites I do not want to be tracked”, not that it does any good. In History, I set “Use custom settings for history”; this is needed in order to customize cookies. I disable acceptance of third-party cookies. Then I open the Exceptions button to the right of it and manually add any needed exceptions. I press the Show Cookies button and delete unneeded ones.
- Security: I enable warnings when sites try to install add-ons, and set addons.mozilla.org as an exception. I enable being told if a site is a suspected attack site or forgery.
- Sync: I set up sync with my Firefox account so I have the same browsing experience across my devices. I sync everything except my passwords, which are taken care of by a third party password manager.
- Advanced – General – Browsing: I enable spell checking. Below we will install needed dictionaries.
- Advanced – General – System Defaults (Windows only): If desired, confirm on startup that Firefox is the default browser.
Incurable tinkerers like myself might enjoy playing with the advanced options. Open a new tab and enter about:config in its address bar. Press Enter to make it so. Non-default options I like are:
- browser.preferences.inContent: true opens the preferences in a tab rather than a modal window
- browser.tabs.closeWindowWithLastTab: false causes Firefox to remain open if you close the last tab
- browser.tabs.warnOnClose: false suppresses Firefox’s “are you sure?” nag dialog when you try to close a tab
- browser.tabs.warnOnCloseOtherTabs: false suppresses Firefox’s “are you sure?” nag dialog when you try to close the other open tabs
ADD-ONS AND PLUGINS
Add-ons extend Firefox’s functionality, making it one of the most extensible browsers available. To select and install them, see the add-on notes.
To select and install particular plugins, see the browser plugins notes.
Some packagers, thinking themselves helpful, ship Firefox pre-bloated with plugins you might not need or want. View your current plugins by typing about:plugins in the URL field and disable or remove all unneeded plugins. Optionally, by checking the “Details” box you can use the additional information that appears to remove the executable of any plugin manually.
KEEPING UP TO DATE
Updates to Firefox, add-ons, and plugins are continually being released as security vulnerabilities are discovered and corrected. Properly configured, Firefox will automatically check for updates for itself and for add-ons, and such updates should normally be accepted. So this leaves you with checking for updates to your plugins.
On Linux, plugins you installed via your distribution’s package manager will be automatically checked for updates. If you installed plugins using other means, then you will have to periodically do a manual check. One easy way to do this is by setting the Firefox startup page to Mozilla’s plugin check. Another way is to subscribe to security alerts from US-CERT. Their alerts cover most major Firefox plugins, including Flash and Java.
On Windows, install Secunia PSI, which will automatically check for updates not just for Firefox plugins but for all software on the computer.
This article was last revised 24 October 2014 in reference to Firefox 31.1 ESR with the Australis interface.