Firefox

From Gentoo Wiki
Jump to: navigation, search

Firefox is Mozilla's solution to the web browser. It is not the same thing as Firefox OS, which was a full operating system.

Aurora is the "unbranded" version of Mozilla's Firefox.

Installation

USE flags

USE flags for www-client/firefox Firefox Web Browser

bindist Disable official Firefox branding (icons, name) which are not binary-redistributable according to upstream. local
clang Use Clang compiler instead of GCC local
custom-optimization Build with user-specified compiler optimizations (-Os, -O0, -O1, -O2, -O3) from CFLAGS (unsupported) local
dbus Enable dbus support for anything that needs it (gpsd, gnomemeeting, etc) global
eme-free Disable EME (DRM plugin) cabability at build time local
geckodriver Enable WebDriver support local
gmp-autoupdate Allow Gecko Media Plugins (binary blobs) to be automatically downloaded and kept up-to-date in user profiles local
hwaccel Force-enable hardware-accelerated rendering (Mozilla bug 594876) local
lto Enable Link Time Optimization (LTO). Requires Gold linker when using GCC or LDD linker when using Clang local
neon Enable optimization support for ARM NEON processors global
screenshot Allow to disable screenshot extension in global profile local
startup-notification Enable application startup event feedback mechanism global
system-harfbuzz Use the system-wide media-libs/harfbuzz and media-gfx/graphite2 instead of bundled. local
system-icu Use the system-wide dev-libs/icu instead of bundled. local
system-jpeg Use the system-wide media-libs/libjpeg-turbo instead of bundled. local
system-libevent Use the system-wide dev-libs/libevent instead of bundled. local
system-libvpx Use the system-wide media-libs/libvpx instead of bundled. local
system-sqlite Use the system-wide dev-db/sqlite installation with secure-delete enabled local
wifi Enable wireless network functions global

The above list of USE flag is not comprehensive. Use equery (part of app-portage/gentoolkit) for a full list:

user $equery uses www-client/firefox

Emerge

To compile the source version of Firefox ESR, issue:

root #emerge --ask www-client/firefox

Be aware that non-ESR versions are not getting stabilized.

Emerging the source version of Firefox can be a long process; a pre-compiled (binary) version does exist in the Gentoo repository, however users of the pre-built package should note the warning below and this message. To emerge the Firefox binary, issue:

root #emerge --ask www-client/firefox-bin
Important
The disadvantage of using pre-compiled www-client/firefox-bin package is that almost all of the USE flags in the list above cannot be set. Be aware that setting these flags while using this package will not alter the binary.

Configuration

Enabling multitouch

Xinput2 scrolling

This brings touch scrolling and multitouch support for Firefox:

MOZ_USE_XINPUT2 environment variable has to be set to a value of 1 in /etc/env.d/80firefox, or just before launching firefox in a shell. for example:

user $MOZ_USE_XINPUT2="1" firefox

This also eliminates the predefined scroll step size for touchpad scrolling! All scrolling will be really smooth.

Wacom tablets/touchscreens may need extra configuration so they emit true touch events for X.

Multitouch zoom

This only works when the multitouch events reach Firefox, therefore the Xinput2 activation above has to be done first.

Description about:config option Value
Multitouch activation gestures.enable_single_finger_input False
Zoom in browser.gesture.pinch.in cmd_fullZoomReduce
Zoom out browser.gesture.pinch.out cmd_fullZoomEnlarge

Middle mouse scroll (autoscroll)

Traditionally in Linux, the middle mouse button is used to paste the currently selected (highlighted) text into a text field. On Windows systems, the middle mouse button in Firefox is used for click-and-drag scrolling up and down the page. This functionality can be enabled in Firefox by opening about:config and setting the following value[1]:

  • general.autoScroll = true

Middle click-and-drag scrolling should now be enabled.

Although not necessary, sometimes it is desirable to disable all other middle-click functionality within Firefox when using click-and-drap scrolling. Open about:config and set the following values to disable middle-click functionality:

  • middlemouse.contentLoadURL = false
  • middlemouse.openNewWindow = false
  • middlemouse.paste = false

Threads

Firefox >= 54 has 4 threads enabled by default. Theads can be adjusted by modifying the following in the about:config interface:

Description about:config option Value
Increase the threads dom.ipc.processCount N

Where N is a integer number.

Disabling percent-encoding

Normally, URLs that are copied from the address bar get percent-encoded. This may cause an annoyance when certain non-Latin symbols (such as Cyrillic) get encoded, as they become unreadable to humans.

To disable percent-encoding when copying from the address bar, set the about:config option network.standard-url.escape-utf8 to false.

Note
Unfortunately Firefox does not support non-Latin symbols in anchors, those remain encoded (not percent-encoded, though).

Disable enforced digital signatures verification in Firefox >=48

This concerns mandatory add-ons signature in Firefox and can lead to security issues.

Method 1

Create this file:

FILE /usr/lib/firefox/config.js
//
try {
  Components.utils.import("resource://gre/modules/addons/XPIProvider.jsm", {})
    .eval("SIGNED_TYPES.clear()");
}
catch(ex) {}
END

Then insert this:

FILE /usr/lib/firefox/defaults/pref/channel-prefs.js
pref("general.config.obscure_value", 0);
pref("general.config.filename", "config.js");

Method 2

https://gist.github.com/anonymous/a661949550a26b9522f79095f8ae2d94

Method 3

This patch works for both firefox 49 and firefox 51, and seems to be robust to changes.

FILE /etc/portage/patches/www-client/firefox/no-signature-force-check.patch
--- a/build/mozconfig.common.override 2017-02-06 14:26:05.891721140 +0900
+++ b/build/mozconfig.common.override 2017-02-06 14:25:41.115763755 +0900
@@ -9,3 +9,4 @@
 # to override anything done previously.
 #
 # The common expected usage is for try builds with nondefault options.
+MOZ_REQUIRE_SIGNING=0

The following patch also works for firefox 49.

FILE /etc/portage/patches/www-client/firefox-49.0/no-signature-force-check.patch
diff --git a/browser/confvars.sh.old b/browser/confvars.sh
index 7637236..2264bf5 100755
--- a/browser/confvars.sh.old
+++ b/browser/confvars.sh
@@ -27,7 +27,16 @@ fi
 # Enable building ./signmar and running libmar signature tests
 MOZ_ENABLE_SIGNMAR=1
 
-MOZ_SAFE_BROWSING=1
+# Disable 'safe' browsing
+MOZ_SAFE_BROWSING=0
+# Disable checking that add-ons are signed by the trusted root
+# https://github.com/mozilla/positron/blob/master/build/mozconfig.common
+MOZ_ADDON_SIGNING=0
+# Disable enforcing that add-ons are signed by the trusted root
+MOZ_REQUIRE_SIGNING=0
+# https://dxr.mozilla.org/mozilla-central/rev/5cf4d2f7f2f2b3df2f1edd31b8bdce7882f3875c/browser/confvars.sh
+# https://dxr.mozilla.org/mozilla-central/source/browser/confvars.sh
+
 MOZ_APP_VERSION=$FIREFOX_VERSION
 MOZ_APP_VERSION_DISPLAY=$FIREFOX_VERSION_DISPLAY
 MOZ_EXTENSIONS_DEFAULT=" gio"

Then set xpinstall.signatures.required to false.

Special URLs

Firefox includes a few dozen special URLs that can be helpful in determining more information about various Firefox settings. These URLs can be entered into the Super Bar (via copy and paste) to view the special pages. A few of the more significant ones include:

  • about:addons
  • about:buildconfig
  • about:config
  • about:crashes
  • about:memory
  • about:networking
  • about:plugins
  • about:support
  • about:telemetry

Finally, about:about will display the whole list of Firefox' “about” pages. A description for each page is available at Firefox and the "about" protocol.

See also Firefox chrome:// document URLs.

XDG integration

In order to make Firefox use XDG file associations set Content Type's Action to /usr/bin/xdg-open

To ensure Firefox is being used by other applications for handling HTTP and HTTPS links, run the following commands:

user $xdg-mime default firefox.desktop x-scheme-handler/http
user $xdg-mime default firefox.desktop x-scheme-handler/https
user $xdg-mime default firefox.desktop text/html

Security

Running in sandbox

The Simple sandbox article explains why »Sandboxing Firefox is mandatory«.

SSL/TLS Security Enhancements

Some about:config SSL/TLS security options which are not defaults (as of Firefox 52.2.0) that increase the security of your https connections are listed below. Two of them rarely break access to websites.

Description about:config option Value
Minimal TLS version set to 1.1. Default is 1 meaning TLS 1.0, unsecure. May break access to some badly configured websites. security.tls.version.min 2
Avoiding old SSL/TLS version. May break access to some badly configured websites. security.ssl.require_safe_negotiation true
Inform user about insecure SSL/TLS negociation (broken padlock). security.ssl.treat_unsafe_negotiation_as_broken true
Require Online Certificate Status Protocol. Introduces some latency. security.OCSP.require true
Strict Certificate Pinning. security.cert_pinning.enforcement_level 2
Don't use DES. security.ssl3.rsa_des_ede3_sha false
Don't use RC4. security.ssl3.rsa_rc4_128_md5 (if present) false
Don't use RC4. security.ssl3.rsa_rc4_128_sha (if present) false
No Google SSL False Start. security.ssl.enable_false_start false

Safer browsing with Add-ons

Firefox has a massive community behind it and a result many Add-ons have been created to aid with specific interests of users. Many users are concerned about their privacy (tracking, bubbling, targeting, etc) while web browsing. Installing Add-ons can aid in adding an extra level of privacy to their browsing.

The Add-on menu can be accessed by navigating the following menus: Hamburger button (top right under the X) → Add-ons

uBlock Origin

A new ad blocker with lower resource usage, using same lists as Adblock. Very versatile and configurable.

Mozilla Add-ons page: https://addons.mozilla.org/en/firefox/addon/ublock-origin/

GitHub: https://github.com/gorhill/uBlock

Wikipedia: https://en.wikipedia.org/wiki/UBlock

NoScript

NoScript blocks JavaScript that is normally enabled by default. It can keep users safe and speed up web browsing.

Mozilla Add-ons page: https://addons.mozilla.org/en-US/firefox/addon/noscript/

Homepage: https://noscript.net/

uMatrix

Point and click to forbid/allow any class of requests made by your browser. Use it to block scripts, iframes, ads, Facebook, etc. uMatrix can also be used for spoofing HTTP referrer, spoofing User Agent strings, blocking hyperlink auditing and forcing strict HTTPS. Note, uMatrix can break many websites and most websites need configuration changes to work correctly.

Mozilla Add-ons page: https://addons.mozilla.org/en-US/firefox/addon/umatrix/

GitHub: https://github.com/gorhill/uMatrix

Troubleshooting

gtk+:3 pulls in DBUS

Since version ≥53.0 Firefox has dropped gtk+:2 support urging Larry to use gtk+:3. This however by default pulls-in annoyances like DBUS. This can be avoided by using a patch from BSD available in bug #669234 or mv overlay.

Crashes

If Firefox crashes for no apparent reason every few minutes with an error message like ABORT: X_GLXDestroyContext: GLXBadContext; 15 requests ago it might help to add the Firefox user(s) to the video group:

root #gpasswd -a <username> video

Latest adobe-flash-23 does not work

It is possible to use PPAPI NPAPI plugin adapter. For more info read here

root #emerge freshplayerplugin

Lack of sound (www-client/firefox)

If Firefox built with the gstreamer USE flag does not play sounds, and some web sites tell you to install Flash to play music, make sure that the necessary codecs are installed:

root #emerge gst-plugins-meta:1.0

Lack of sound (www-client/firefox-bin)

www-client/firefox-bin expects PulseAudio. Alsa-only systems might work around this limitation by using media-sound/apulse. For this to work you'll need to modify Firefox sandbox settings by going to about:config and adding "/dev/snd/" (note the trailing slash) to "security.sandbox.content.write_path_whitelist" option.

If you're storing ALSA settings in /home, also, be sure to add "/home/<username>/.asoundrc" to the "security.sandbox.content.write_path_whitelist" option. Whitelist path could be separated by comma.

Since around Firefox 58 there is additional modification needed to work around seccomp sandbox: security.sandbox.content.syscall_whitelist = 16

Now you can go ahead and create alias for running firefox through apulse:

user $alias firefox='apulse firefox-bin'

Screen tearing / stuttering smooth scrolling

Build www-client/firefox with USE flag hwaccel. See the mentioned Mozilla bug for background information.

Note
This doesn't work with www-client/firefox-bin as the USE flag is not available.

See also

External resources

References