back to article Mozilla offers sysadmins a Policy Engine for roll-your-own Firefox installs

Mozilla’s announced it will add a “policy engine” to the next extended support (ESR) release of its Firefox browser. ESRs are supported for at least a year and give users the chance to settle on a browser for a while, rather than having to keep up with the faster release cadence offered to consumers. The next ESR release will …

  1. Paratrooping Parrot

    I hope I can disable

    Tab warming. I have over 100 tabs open on Firefox. I usually hover my mouse over the tab to check the title, if I need it now. I have a feeling that it will mean a lot of tabs will be loading up in the background.

    1. sabroni Silver badge

      Re: I hope I can disable

      If they're not testing it in exactly that configuration then they're doing it wrong. Let's see....

    2. Pascal Monett Silver badge

      Re: I hope I can disable

      I'd rather they spend my CPU time loading the tab instead of spending it on finding out whether my mouse is "close enough".

      1. joed

        Re: I hope I can disable

        I believe that related about:config setting is already there - browser.tabs.remote.warmup.enabled - for now set to false (and this is the way I'll keep it).

  2. Chris Hills

    MSI Package?

    Does this mean they are finally going to provide an MSI package?

  3. TonyJ Silver badge

    Not sure what they mean here as you can already do the things listed with config files and although it's been a while since I was doing it, I seem to recall at least one of those files were JSON. Happy to be corrected on that though.

    I know, Mozilla - how about actually providing a mechanism to manage FF from AD Group Policies?

    I'd suggest anyone thinking of deploying FF in any kind of commercial/production environment get a hold of CCK2 to do it.

  4. Tim Brown 1


    when the last Firefox release I'm ever going to use is 56

    1. iron Silver badge

      Re: Irrelevant...

      Yup still can't get new versions of extensions I use every day so stuck with v56.

    2. phuzz Silver badge

      Re: Irrelevant...

      Well, the one extension I need that's not been updated is purely to lock down the browser into something like a kiosk mode, so if this policy engine allows whitelisting allowed URLs and removing access to preferences then I can happily move all my clients up to quantum.

  5. Anonymous Coward
    Big Brother

    Tab warming sounds potentially nasty

    It sounds like it means that if I hover over a tab without ever opening it, Firefox will do (some of?) what is needed to paint it. But at least some of what is needed to paint it includes making network requests and running random bits of JS and so on. That stuff can't be unwound in general. I don't think I want a browser which does that when I have not even opened a tab. Perhaps it will be clever enough to do only those things it is sure it can do without talking to the network or running JS?

    1. ThatOne Silver badge

      Re: Tab warming sounds potentially nasty

      > Perhaps it will be clever enough

      Good one!...

      Seriously, it will probably just load and execute everything and then flush and start again, which means that if for some reason your mouse cursor moves accidentally over a dozen tabs your computer will stuff all pages into the download pipeline, wait for them, execute dozens of JavaScripts, cancel them and purge memory. Depending on your computer you'll experience a timeout of one to several seconds.

      And all that to load a page a couple milliseconds faster... Now that's literally a killer feature!

      (That all been said, knowing Mozilla there will most likely be some about:config setting to disable that nonsense.)

  6. Triumphantape


    I've often wondered if it were possible to compile your own browser minus all the things that irritate.

    This is as close as I've seen, but not quite there yet.

  7. John Crisp


    system.Quantum.shite.disable.entirely = true

  8. elhvb

    Yay, control!

    Policy engine. Nice. Just 10 years late.

  9. slartyfartbast

    Group Policy

    Hopefully this is them slowly working towards some form of group policy management so that it can actually be properly deployed and managed within an organisation, it's made me cry over the years that the only real alternative to IE if you want easy central management is google.

  10. Jaap Aap

    Quite a few of these "new controls" have been available through autoconfig for years. But they apparently forgot, since autoconfig isn't that easy to implement. Look at the comments on the site of Mike Kaply, the creator of CCK2. Since ESR52 one has to jump through various hoops to get everything to work on a new profile.

  11. Anonymous Coward
    Anonymous Coward

    Sounds like

    it could provide an easy way of keeping the thing configured across upgrades, so I'll possibly give it a try.

    Incidentally, a month or two ago, as I was about to deinstall Firefox on account of unacceptable performance and as I therefore had nothing to lose, I went into the config and enabled multi-process.

    Night and day. It works impressively well now and, having learned over the years how to lock it down properly, I decided against getting rid of it.

    In other news, there is something called Firefox Klar on F-Droid that everyone who minimally cares about privacy should consider installing. It is basically a *very* Spartan Firefox that goes back to a pristine state as soon as you close it.

    From my experience over the last 15 years, on the whole I don't have many nice things to say about Mozilla, but credit due where it's due.

  12. Greg D

    ADMX files or go home.

    As title suggests. If this isnt working with AD Group Policy, whats the point?

    1. Anonymous Coward
      Anonymous Coward

      Re: ADMX files or go home.

      > If this isnt working with AD Group Policy, whats the point?

      1. Firefox is a cross-platform browser.

      2. It is not a particularly onerous task to integrate policy files with / into your LDAP system, whatever schemata you use.

      3. One gets the impression you are whingeing about something you do not have to pay for and likely were not going to use anyway.


      1. TonyJ Silver badge

        Re: ADMX files or go home.

        1. Firefox is a cross-platform browser.

        > Yes indeed but most corporations run Windows clients connected to an AD and it would be nice to have native controls from the actual software vendor

        2. It is not a particularly onerous task to integrate policy files with / into your LDAP system, whatever schemata you use.

        > It really is. First you have to know which files to target, as FF uses quite the mix to configure your settings. Then you have the massive issue of how do you actually target the correct FF user profile, since when you create a new one, it creates a randomised folder name to drop them it.

        3. One gets the impression you are whingeing about something you do not have to pay for and likely were not going to use anyway.

        > Well it wasn't me whinging but it's nice to have choice. Not everyone wants to use IE, Edge or Chrome but these are the browsers you are limited to right now if you want to manage via GPO. And trust me - I had to deliver FF into a high secure gov environment last year. It's a PITA


        > Yep not bad but in some environments such as the one above you have to be able to have full transparency of all software and add-ons. That's being able to trace right back to whom and where they originate from etc and that's not always easy.

        Plus you run the risk of a new version of FF breaking third party tools (same as anything).

        It was only recently that FF included the ability to utilise the Windows certificate store on a client machine. Before that, you had to package every certificate you wanted into FF (again, CCK2 becomes a godsend here) but then if you change one of them, you had to repackage it and then blow away users' FF all their personalisations would be lost.

        Ultimately, FF is simply not enterprise ready. Nor would I ever expect it to be.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022