How to block new add-on or plugin installations in Firefox
One of the things in Firefox that Mozilla has been criticized for in the past is that plugins get picked up by the browser automatically when they are installed. This was also the case for third party add-ons but that at least has been changed by the company so that Firefox users are asked whether they want to use a newly installed third party extension or not.
Mozilla is preparing to implement the very same feature for plugins in the future so that Firefox users will be asked whether they want to enable a new plugin or not. For now though, that feature does exist only on paper.
So what can you do, to protect your Firefox version from third party installations of plugins? What can you do to prevent the installation of add-ons by users who work with the PC?
Update: Mozilla changed the way extension installations are set in Firefox. The organization added a policy system to Firefox that Enterprise admins and home users may utilize. One of the easier options is to use the Firefox Policy Generator add-on to generate the policies, but it is also possible to configure the policy manually. The policy in question is
Policies can be specified using a policies.json file which needs to be placed in the distribution folder (create it) of the Firefox installation.
Here is an example policy file:
"Default": [true|false] /* If this is set to false, add-ons cannot be installed by the user */
Old information that does not apply to current versions of Firefox
The answer is right here. There is a hidden switch in Firefox that does that. When enabled, it will block all future installations of plugins and extensions, no matter how someone tries to install them in the browser.
Lets take a look at how you can set up that switch in your version of Firefox:
- Type about:config into the address bar and tap on the enter key. This loads Firefox's advanced configuration screen.
- If this is your first time here, state that you will be careful.
- The parameter needs to be created in Firefox. To do so right-click the main pane and select New > Boolean from the context menu.
- When asked for a name, type xpinstall.enabled
- When asked for a value, select false
Once set, installations of plugins and extensions will be prevented in the browser. Should you at any time in the future need that feature again, for instance to install a new exciting add-on or plugin, you can switch the parameter to true again in the option to do so, or simply wait for the prompt that you see on the screenshot above to appear to enable it from there for the time being.
Since a prompt is shown, the parameter is more or less only useful in situations where you want to be in total control of new plugin or extension installations in Firefox. It cannot be used to prevent other users from installing add-ons or enabling plugins, as it displays the prompt that allows them to bypass the protection.
Plugins that are picked up by Firefox are still displayed in the browser but disabled by default.
Second option for browser add-ons
You can block extensions that are loaded from specific locations. This is doing using the extensions.enabledScopes preference which you can only add via an autoconfig file. Here is how that is done.
- Open the Firefox program directory on your system. Windows users find it under C:\Program Files (x86)\Firefox or C:\Program Files\Firefox.
- If you are running a different channel, you may find it named differently, for instance Nightly instead of Firefox.
- Open defaults in the folder, and add a new folder preferences to it if it does not exist.
- Place the file firefox.js into it. You can create it as a text document and rename it afterwards. If you cannot create it directly in the folder, create it in a different folder and move it in there.
- Add the line pref("extensions.enabledScopes", 14); to it and save it.
The preference extensions.enabledScopes can be assigned the sum of the following values or 0 to disable it.
- 0 disables it
- 1 will block installations of add-ons from the user's profile directory.
- 2 will block installations referenced by the current user's Registry entry or add-ons that are in the user's extensions directory.
- 4 will block extensions that are in the extension directory of the Firefox installation.
- 8 will block any add-on from being loaded in Firefox if it is referenced by System Registry entries, or add-ons that are in the system's extension directory if it exists.
Add all values and use it as the value in the preference file. The 14 used above will block all extensions except for those that are placed in the user's profile directory.Advertisement