How can I Remove Firefox Hello in a high-security environment?
After a recent Firefox update in a test environment for a high-security environment (I'm not at liberty to disclose the nature of this environment, sorry. Let's just say we have to disable Firefox from contacting Mozilla's servers and further disable Google's "Safe Browsing" due to possibility of inadvertent unauthorized disclosure) We have noticed a feature: "Firefox Hello", this feature causes Firefox to violate strict policy as it transforms it from being classified as strictly a "Web Browser" (which is permitted) to a "Chat Application", all of which are completely banned. Simply disabling Hello is not a sufficient option as Firefox still contains the code to run Hello, which still constitutes it a "Chat Application" as per policy. We have the capability to edit out unauthorized code from open source software internally, but we don't know where to start to remove this code from the Firefox codebase as Hello seems pretty well integrated.
Currently I only have two options, both of which do not please me as for me personally, (I really like Firefox and have fought to include it in any environment I can):
1. Discontinue permanent use of Firefox.
2. Discontinue updating Firefox permanently or until Hello is removed as a non-modular element. This is unacceptable as it'd mean we can't keep it secure, which causes us to fall back to (1).
I would graciously like any third option. Internet Explorer seems to be the only browser that provides sufficient enterprise-level control without extraneous features at the moment with the addition of Hello to Firefox. We have banned Chrome from our environment due to how tightly bound it is with Google's "Cloud" services and hope that Firefox isn't becoming a "Cloud" browser for Mozilla, Sync has already placed Firefox under the microscope as it is.
Modified by ZRXXX
Additional System Details
- User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:37.0) Gecko/20100101 Firefox/37.0
Are you not concerned about WebRTC in general in this situation? This is part of Firefox, Chrome and a few other browsers. Visiting a simple website would turn the browser into a "Chat Application" (e.g. https://talky.io/).
There's various ways you can turn off parts of Firefox, in a way that if properly configured, the user wouldn't be able to turn them back on, even though the code is there. Here's the starting link for how to set up those configuration options:
You'd want to turn off various prefs, for webrtc I think you'd be looking at:
For Firefox Hello, its:
If disabling them in the way described isn't enough, then you'll probably need to modify the source and maintain it.
There's a --disable-webrtc build option. Hello itself doesn't have a build option, it only has the preference. The main part of the code for it lives in brower/components/loop.
You can set loop.enabled to false and possibly loop.server to an empty String.
// lockPref("loop.enabled", false); lockPref("loop.server", "");
You can use a mozilla.cfg file in the Firefox program folder to lock prefs or specify new (default) values.
Place a local-settings.js file in the defaults\pref folder where also the channel-prefs.js file is located to specify using mozilla.cfg.
pref("general.config.filename", "mozilla.cfg"); pref("general.config.obscure_value", 0);
These functions can be used in the mozilla.cfg file:
defaultPref(); // set new default value pref(); // set pref, allow changes in current session lockPref(); // lock pref, disallow changes
We have WebRTC traffic blocked (We have a setup that audits SSL traffic before it leaves or enters the network).
Our primary issue with Hello is that policy classifies the actual code used to run it as being very much like an Easter Egg, code that was inserted that goes beyond the spec of being a web browser and thus difficult to audit. It's easy to block services in general, but when an a single unauthorized service becomes a core feature and has code strapped to the browser, that throws up red flags that Mozilla is moving Firefox away from being a organization-managable browser and more toward an exclusively mozilla-managed "Cloud" browser, where there is a possibility that Mozilla will seek more control over user experience that will increase attack surface.
It's reasons like this we decline to install Chrome into our environment, because Google has several services built-in to the core of their browser and do not leverage their extensions capabilities, but rather mandates that these features "must be installed" and that users can only toggle them off.
It's easy to uninstall an extension or to recompile with a flag, but it's hard when a vendor makes decisions for you and tells you "This is good for you, you must embrace it" irrespective of policy of organizations or even individual users wishes.
Thank you all for this information, it will help our future audits and help determine if Firefox is right for our needs.
Unfortunately I can't mark this thread as "Solved" since the root issue is still not solved (Mozilla's development practices making something that should be an extension, a core aspect of the browser), so marking it solved would be a lie. But thank you both nonetheless.
Modified by ZRXXX