Instantly share code, notes, and snippets.

Embed
What would you like to do?
Disaster Plans for Firefox XUL Sunset

Disaster Plans for Firefox XUL Sunset

Public URL:Github Gist
Status: Incomplete
Last Updated:2018-07-07 12:48 EDT

Threat Summary

In their November blog post, Add-ons in 2017, Mozilla announced an aggressive plan to deprecate XUL APIs without having assured a porting path for existing APIs.

Most significantly, this will kill off the Classic Theme Restorer extension which I rely on to keep the UI suitably comfortable, as the Australis theme has elements (eg. the "toolbar in a panel" hamburger menu) which are even more unappealing to me than Google Chrome's crippled design.

As such, this document tracks my plans to investigate alternatives to my current Firefox extension load-out, both within Firefox (possibly with custom source patches) and on other browsers.

(The latter case will be necessary as a plan B in case addon ports are planned but their developers or the developers of APIs they depend on miss the Firefox 57 deadline.)

UPDATE 2018-02-03: Thanks to the continued availability of userChrome.css, Classic Theme Restorer is no longer my biggest concern. Instead, it's extensions such as DownThemAll! and Tiddlyfox.

Timeline [1]

January 23rd, 2017 Firefox 52.0b1 enters beta channel
March 7th, 2017 Firefox 52 enters ESR channel.
April 18th, 2017 No new XUL addons will be signed by AMO
April 22nd, 2017 Switch to Firefox ESR builds when 53.0a2 enters Ubuntu Aurora PPA
June 12th, 2017 Firefox 57.0a1 moves XUL behind a pref in nightly channel
August 7th, 2017 Firefox 57.0a2 moves XUL behind a pref in aurora channel
October 2nd, 2017 Firefox 57.0b1 removes XUL from beta channel
November 14th, 2017 Firefox 57.0 removes XUL support from stable channel
August 28th, 2018 Firefox 52 ESR is replaced with Firefox 60 ESR
TBD Migrate off Firefox if extension support is insufficient

High-level Tasks

Tasks

Possible Immediately, No Urgent Deadlines

☑ Do I need to compile my own Firefox ESRs to disable signing enforcement? (No.)
☐ Investigate SeaMonkey's future plans
☐ Investigate compatibility between my extensions and SeaMonkey
☐ Investigate compatibility between my extensions and Pale Moon
☐ Investigate compatibility between my extensions and Waterfox
☐ Investigate options for setting up a forced transparent DNS proxy to work
around Google pinning the DNS for YouTube ads in Chromium.
☐ Complete extension/feature porting matrices
☑ Decide whether to stick with Tree Style Tab now that e10s should be keeping things snappy or go back to my old workflow. (Yes.)

Time-Specific

☑ Follow Firefox 52 ESR to avoid a 56.0->52 ESR downgrade when 57 comes out.

Persistent Data Stores to Be Made Browser-Agnostic

☑ Passwords (KeePass)
☐ Saved Session/Open Tabs
☐ Bookmarks
ScrapBook storage
☐ Extension preferences:
├─☐ Greasemonkey scripts & script data stores
├─☐ HistoryBlock blacklist
├─☑ HTTPS Everywhere preferences and custom rules (N/A [2])
├─☑ NoScript settings (N/A [14])
├─☑ RefControl settings & whitelist (N/A [14])
├─☐ Stylish styles
├─☐ uBlock Origin settings
└─☐ uMatrix settings and whitelist

Solutions Under Consideration

  • Turn off Firefox updates:

    • Migrate high-risks tasks (eg. banking, PayPal, etc.) to Chromium
    • Install the last XUL-capable ESR release of Firefox.
    • Set up an aggressive Firejail sandbox, including the X11 SECURITY extension. (May require upgrading off Kubuntu 14.04 LTS to fix PulseAudio support)
  • Find an equivalent set of extensions for Pale Moon, SeaMonkey, or Chromium.

  • Migrate security extensions to an HTTP proxy, completely independent of any specific browser.

  • Convert most of TiddlyFox's functionality into a local HTTP daemon which re-creates the old XULConnect APIs as HTTP APIs which trigger prompt dialogs.

    • If I can think of a good design for a mechanism for extensions to securely prompt to be added to the extension manifest's allowed origins, this might actually do better as a generic "extended capabilities" host for the native messaging API, which any extension can make use of if installed.

      The downside being, since Firefox doesn't have a way to opt out of extensions signing in all builds, I may have to stick to an HTTPS CORS API to get anything even remotely signable.

      (Either way, I'd want to use Rust, do a lot of fuzzing, and iterate a lot on the design of the permissions prompts and extra protections like a blacklist/whitelist for what filesystem permissions can be requested without a power user pre-emptively adjusting the configuration file.)

about:config Tweaks

✓ = Equivalent functionality is built into Chromium or available as an addon
✗ = Must implement replacement myself
Key Firefox Chrome Solution
beacon.enabled false  
browser.download.lastDir.savePerSite true [3]
browser.link.open_newwindow 1  
browser.link.open_newwindow.override.external 3  
browser.link.open_newwindow.restriction 0  
browser.newtabpage.enabled false  
browser.send_pings.require_same_host true  
browser.sessionstore.privacy_level 2  
browser.showQuitWarning true  
browser.startup.page -11[4]  
browser.urlbar.doubleClickSelectsAll false  
browser.urlbar.maxRichResults 12  
browser.urlbar.trimURLs false ✗ (Requires Source Patch)
dom.disable_window_open_feature.minimizable true  
dom.disable_window_open_feature.titlebar true  
dom.disable_window_open_feature.toolbar true  
dom.serviceWorkers.enabled false [5]
gecko.smoothScroll false  
image.animation_mode none [6]  
media.autoplay.enabled false  
media.eme.apiVisible false  
media.eme.enabled false  
middlemouse.contentLoadURL false  
network.cookie.cookieBehaviour 1  
network.cookie.lifetimePolicy 2  
network.dns.disablePrefetch true  
network.http.pipelining true  
network.http.pipelining.aggressive true  
network.http.pipelining.max-optimistic-requests 8  
network.http.proxy.pipelining true  
network.http.speculative-parallel-limit 0  
network.IDN_show_punycode true ✓ [7]
network.prefetch-next false  
nglayout.enable_drag_images false  
offline-apps.allow_by_default false  
privacy.clearOnShutdown.cache true  
privacy.clearOnShutdown.cookies false  
privacy.clearOnShutdown.downloads true  
privacy.clearOnShutdown.extensions-dta true  
privacy.clearOnShutdown.formdata false  
privacy.clearOnShutdown.history false  
privacy.clearOnShutdown.offlineApps false  
privacy.clearOnShutdown.openWindows false  
privacy.clearOnShutdown.sessions true?  
privacy.clearOnShutdown.siteSettings false  
privacy.cpd.cache true  
privacy.cpd.cookies false  
privacy.cpd.downloads false  
privacy.cpd.extensions-dta false  
privacy.cpd.extensions-sessionmanager false  
privacy.cpd.formdata false  
privacy.cpd.history false  
privacy.cpd.offlineApps false  
privacy.cpd.openWindows false  
privacy.cpd.passwords false  
privacy.cpd.sessions false  
privacy.cpd.siteSettings false  
privacy.donottrackheader.enabled true  
privacy.sanitize.sanitizeOnShutdown true  
privacy.trackingprotection.enabled true  
social.toast-notifications.enabled false  
spellchecker.dictionary en-CA  
xpinstall.signatures.required false ✓ --enable-easy-off-store-extension-install

Extensions

Legend
Port or direct equivalent available (or planned to be available on time)
~ Low confidence in developer's plans (ie. expect disruption with Fx 60)
Waiting for an acceptably concrete response from the developer(s)
Must implement replacement myself
N/A Addition or removal of a browser feature renders replacement unnecessary

Always Enabled

Extension Firefox WebExtension Chrome
BetterPrivacy N/A [8]  
Classic Theme Restorer See List See List
Decentraleyes ✓ (Issue 124) ✓ Local CDN
Disable Ctrl-Q Shortcut ✗ (Bug 1325692) [9]  
Download Panel Tweaker N/A (Bug 1269957) N/A
DownThemAll ~ [10] / ~ Download Star [11]
Greasemonkey [12] ✓ Tampermonkey
Google search link fix
HistoryBlock ✓ (Bug 1334266)  
HTTPS Everywhere ✓ (Issue 7389)
InlineDisposition InlineDisposition Reloaded ✓ Undisposition
No Flash N/A (Issue 39)  
NoScript [13] N/A [14]  
Pure URL [16]  
RefControl N/A [14] ~ [15]
ScrapBook [17]
Self-Destructing Cookies Self Destroying Cookies Tab Cookies
Session Manager … (Bug 1427928)  
Shift + Scroll N/A (built-in) N/A (built-in)
Show Keyword N/A? [18] N/A
Stylish Stylus [19]
Suspend Tab Auto Tab Discard  
Tab Counter Tab Count [20]
Tab Tree Tree Style Tab  
Tab Wheel Scroll [21] [34] N/A (built-in)
TiddlyFox File Backups
Toggle Animated GIFs ~ (Issue 43) [22]
uBlock Origin ✓ (Bug 1309926) ✓ + uBO-Extra
uMatrix
withExEditor ✓ (Issue 23) Multiple [23]

Optional or Situational

Extension Firefox Solution Chrome Solution
Automatic Save Folder N/A [24] [25]
Beef Taco [26] N/A  
Cookie Time N/A [14]  
Cookies Export/Import cookies.txt  
DOM Inspector [27] N/A [28]
Fangs ✓ WAVE Accessibility Tool  
FindBar Tweak N/A (built-in) N/A
Flattr  
Form History Control  
InspectorWidget [27] N/A [28]
JSONView JSONovich [29]
Live HTTP Headers HTTP Header Live  
Password Exporter firefox_decrypt  
Private Tab N/A [35] N/A [35]
Reddit Enhancement Suite  
restartFox [30] chrome://restart [31]
Save Text To File ✓ (See Issue 85)  
StumbleUpon N/A [32]  
Stylish Sync N/A  
User Agent Switcher [33]  
Video DownloadHelper ✓ (Bug 1310316)  

Classic Theme Restorer Tweaks

Tweak Firefox Solution Chrome Solution
Hamburger button on left end N/A
Hide 'all tabs' button userChrome.css [34] N/A
Limit AutoCompl to AddrBar Width userChrome.css [34]
Private: mask in tabs instead N/A [35] N/A [35]
Remove page context menu icons userChrome.css [34]  
RSS icon in Awesomebar Awesome RSS  
Square Tabs N/A (built-in)
Stop/Reload button in address bar Reload in address bar
Truly blank about:newtab userContent.css [36]

XUL Userstyles

Extension Status
Classic Theme Restorer - Misc. Fixes See sub-features
  Hide private browsing badge (use menu button color) userChrome.css if necessary.
Restore pre-Australis narrow buttons in tab bar ✓ built-in
DownloadHelper - Hide Inactive, Compact Active userChrome.css if necessary.
DownThemAll - Remove 3.x GUI Clutter userContent.css if necessary.
Firefox - Un-cluttered, Chrome-like Context Menu userChrome.css [34]
Firefox 43 - Revert stop/go/reload button size Reload in address bar is fine as-is
InspectorWidget - Hide Context Menu Entries ✓ Obsolete without InspectorWidget
Remove the newbie footer from Stylish ✓ Obsolete with the switch to Stylus
StumbleUpon - Hide Context Menu Entries N/A StumbleUpon extension is now garbage beyond my ability to fix it.
StumbleUpon - Hide Facebook/Twitter in Share Menu
StumbleUpon - Ultra-Compact Toolbar
StumbleUpon - Undo "always show referred count"

DownThemAll Successor

TODO: Explore options for integrating an external download manager with suitably comfortable support for selecting extracted URLs and sharing cookies (How's FlashGot's future looking?)

Candidates so far:

Footnotes

[1]

Sources:

[2]I now operate on the default settings.
[3]

Chrome doesn't provide this internally and the extension API disallows this level of control, but it can be hacked around by some combination of the following:

  • Setting the Download directory to the filesystem root
  • Using an inotify-based watcher to move files out of the download directory once they finish downloading.
  • Using an extension like Downloads Router to give the inotify helper more information about where the downloads came from.
  • Just replacing the browser's built-in download support with an integration extension for an external download manager with routing support. (See DownThemAll Successor)
[4]browser.startup.page: -11 means "Prompt for session to load" and is provided by the Session Manager extension.
[5]Chrome apparently has no way to disable service workers outright, but chrome://serviceworker-internals/ can be used to manage them.
[6]image.animation_mode: none is just used to enforce the starting state by the Toggle Animated GIFs extension. It's insufficient alone.
[7]Chrome has a different mitigation.
[8]

With Flash being click-to-play and so ridiculously rare to legitimately need outside of old Flash games these days, expiring LSOs while the browser is still running is unnecessary.

Apparently it's possible for addons to flush them, but the Clear Service Worker extension has an ominous "Added Analytics Plugin" message in its description, so I'll have to write my own flusher. (Which may be better anyway, since it'd let me implement the behaviour I desire, which is more akin to what Self-Destructing Cookies does for cookies.)

I'm assuming it has something to do with service workers counting as cookies/site data.

[9]I have written a Python proof-of-concept for this which is available at https://github.com/ssokolow/firefox_ctrlq_fix
[10]

The author of DownThemAll! is working on a necessarily crippled "DownThemAll! Lite" which may still satisfy my immediate needs for batch-downloading of images without attaching a helper app as a backend. However, it's running behind schedule.

That status update includes a comment on how to workaround potential hiccups in getting classic DTA installed into Waterfox. (grab an old Firefox 56 installer, install in a fresh profile, then import that profile into Waterfox.)

Download Star currently lacks features like automatic naming.

[11]

By design, the Chrome extension API doesn't give extensions sufficient disk access to implement things like resume, piecewise downloading, and writing to arbitrary filesystem locations, so DTA! can only be replaced by an integration shim for an external download manager:

[12]

Greasemonkey status is tracked in the following bugs and threads:

[13]

NoScript is used only for the following features:

  • Click-to-play for embeddings, audio/video tags, and WebGL
  • Forbid <a ping...>
  • Forbid meta redirections inside <noscript> elements.
  • Forbid XSLT
  • Attempt to fix JavaScript links
  • XSS Filter
  • Automatic Secure Cookies Management
  • ABE (Application Boundaries Enforcer)
  • ClearClick protection
[14](1, 2, 3, 4, 5) The requisite functionality has been swallowed up by uMatrix to a degree which makes having a whole extension for the remaining scraps not worth the CPU time.
[15]

Multiple options, none very good:

[16]

The author has plans similar to mine with regards to Firefox ESR and responded as follows:

It is possible to port Pure URL to WebExtensions, and I'd like to do it someday. But it requires time, and currently I'm planning to stay on Firefox 52 ESR for 1.5 years at least. So, I don't know when I'll port this extension. Unfortunately, I can't promise that I'll do it before Firefox 57 release.
[17]

Two successor extensions:

  • ScrapbookQ tries to replicate the experience of the original more faithfully using a native messaging helper, but I couldn't get it working.
  • Web ScrapBook lacks the sidebar and automatic indexing, but I was able to configure it for the effortless saving I'm used to.
[18]

I remember people wanting to kill off bookmark keywords in the process of unifying the search integration.

TODO: Determine what the current plans are. (Will I have to create fake search engines which don't actually search to preserve my keywords?)

[19]Stylis has gone snoopy. Stylus is the ethical replacement.
[20]https://chrome.google.com/webstore/detail/tab-counter/feeoiklfggbaibpdhkkngbpkppdmcjal
[21]

Tab Wheel Scroll progress was tracked in issue 19 but bug bug 1246706 which would provide the necessary API was declared WONTFIX, so the only non-hacky option is to implement it in Firefox itself, which is tracked in bug 1285812 and has an uncertain future.

However, userChrome.css can be used to implement it.

[22]

Multiple "Toggle Animated GIFs" extensions available:

[23]

Multiple withExEditor-like Chrome extensions are available:

[24]Automatic Save Folder is no longer be necessary, since using it temporarily toggled a hidden setting to enable remembering the previous save folder on a by-origin basis and that covers all of the uses where I wouldn't have to write my own extension anyway due to the nature of the filter rules I'd want to write.
[25]The Chrome extension API is too crippled to implement this functionality, so I'll need to use an external download manager, an inotify-based sorter for the downloads folder, or both. (In the latter case, possibly with a helper like Downloads Router to translate things like source domains into paths the inotify code can see.)
[26]Beef Taco is incompatible with Self-Destructing Cookies but may come into use again if the latter is completely impossible to port.
[27](1, 2) DOM Inspector and InspectorWidget are used to inspect XUL in order to produce XUL Userstyles.
[28](1, 2) The functionality I used to use the DOM inspector for is now available as part of Firefox's built-in debugging tools. See either of these URLs for instructions:
[29]JSONView for Chrome exists as a 3rd-party port, but, because of the same Chrome API limitations, which cripple it, Ben Hollis never produced an official Chrome port and he is no longer working on JSONView for Firefox either.
[30]

Restarting Firefox like this currently requires an external helper (unless there's some kind of userChrome+bindings hack possible?) and the only extension which currently offers it charges for the Windows-specific helper.

(That alone is a bit of an affront to me, so I might take advantage of the MPL license on the extension itself and write a free, cross-platform helper to go with it.)

[31]

Add chrome://restart to the bookmarks toolbar for a suitable analogue to restartFox.

[32]Official addon has become garbage. Devs apparently don't care.
[33]

Multiple choices depending on desired functionality:

[34](1, 2, 3, 4, 5)

Apply the following fixes via userChrome.css:

/* Remove distracting/unappealing icons from addon menu items */
#contentAreaContextMenu .menu-iconic-left {
    visibility: hidden !important;
}

/* Remove pointless thumbnail in the Bookmark popup */
#editBookmarkPanelImage, #editBookmarkPanelFaviconContainer {
    display: none !important;
}

/* Restore scroll-wheel tab switching */
.tabbrowser-arrowscrollbox > .arrowscrollbox-scrollbox {
    /* Place bindings.xml in the same folder as userChrome.css */
    -moz-binding: url("bindings.xml#tabs-scroll") !important;
}

/* Ensure unwanted cruft can't appear in content-area context menus
 * (eg. I access Screenshots via the page action instead)
 * BUG: https://bugzilla.mozilla.org/show_bug.cgi?id=1146394 */
#context-back, #context-forward, #context-bookmarkpage,
#context-pocket, #context-savelinktopocket,
#context-sendimage, #context-setDesktopBackground,
#screenshots_mozilla_org_create-screenshot,
#contentAreaContextMenu menu[label="Tree Style Tab"],
#ublock0_raymondhill_net_uBlock0-blockElement {
    display: none !important;
}

/* De-iconify stop/reload entries in the context menu */
#context-navigation * { max-height: 1ex; }
#context-reload::after { content: " Reload"; }
#context-stop::after { content: " Stop"; }
#context-reload, #context-stop {
   list-style-image: none !important;
   -moz-box-align: start !important;
   -moz-box-pack: start !important;
}

/* Hide unwanted page actions in overflow menu
 * BUG: https://bugzilla.mozilla.org/show_bug.cgi?id=1407972 */
#pageAction-panel-emailLink {
    display: none !important;
}

/* Pin "Reload in address bar" extension's page action to the right edge
 * BUG: https://bugzilla.mozilla.org/show_bug.cgi?id=1407972 */
image[aria-label="Reload page"], image[aria-label="Stop"] {
  -moz-box-ordinal-group: 2 !important;
}

/* Hide unwanted "All Tabs" button
 * WONTFIX'D: https://bugzilla.mozilla.org/show_bug.cgi?id=1435229 */
#alltabs-button {
    display: none !important;
}

/* Compact sidebar header to match my compact toolbars
 * BUG: https://bugzilla.mozilla.org/show_bug.cgi?id=1435184 */
#sidebar-header {
  height: 32px !important;
  padding: 0 !important;
  font-size: 12px !important;
}

/* Narrow the address bar dropdown to something more in line with system-native
 * widget styling. */
#PopupAutoCompleteRichResult {
  margin-left: 0px !important;
  max-width: 1087px !important;
}
[35](1, 2, 3, 4) Firefox Quantum resolved the "opening a new window is a horrendously heavy operation" problem which was my primary reason for wanting private tabs in the same window. For the rest, container tabs.
[36]

Apply the following fixes via userContent.css:

/* Truly blank new tab page
 * Adapted from https://superuser.com/a/1289224
 * BUG: https://bugzilla.mozilla.org/show_bug.cgi?id=1179593 */
@-moz-document url("about:newtab") {
    body { background-color: #ffffff !important; }
    body * { display: none !important; }
}

/* Fix rendering glitch-esque default style in uMatrix scope selector
 * WONTFIX'd: https://github.com/gorhill/uMatrix/issues/936 */
@-moz-document url-prefix("moz-extension://19c6955d-eec7-44a2-a3da-c58f4daa2329/") {
    body .toolbar #specificScope {
      padding: 0 !important;
      border: 0 !important;
    }

    body .toolbar #specificScope > span {
      padding-right: 3px !important;
      padding-left: 3px !important;
      border-left: 1px dotted #77f !important;
    }

    body .toolbar #specificScope > span:first-of-type {
      border-left: none !important;
    }

    /* ...and fix text contrast on deselected scope buttons for readability */
    body .toolbar .scope:not(.on),
    body .toolbar #specificScope > span:not(.on) {
        background-color: #aaa !important;
        border-color: #aaa !important;
    }
}
@KarelWintersky

This comment has been minimized.

KarelWintersky commented May 30, 2017

Новое расширение TiddlyFox 2.0.1 (от января сего года) тупо не выполняет свою задачу ни на какой версии ФФ. На любой версии оно предлагает сохранить новую версию файла. Ну и естественно, даже если мы её сохраняем - изменений в новом файле нет.

Версия 1.0alpha18.1 такой херни лишена.

@ssokolow

This comment has been minimized.

Owner

ssokolow commented Sep 12, 2017

Новое расширение TiddlyFox 2.0.1 (от января сего года) тупо не выполняет свою задачу ни на какой версии ФФ. На любой версии оно предлагает сохранить новую версию файла. Ну и естественно, даже если мы её сохраняем - изменений в новом файле нет.

Версия 1.0alpha18.1 такой херни лишена.

TiddlyFox 2.0.1 работает для меня с Firefox 52 ESR и TiddlyWiki Classic. (Я прошу прощения за то, что я полагаюсь на Google Translate.)

@taazz

This comment has been minimized.

taazz commented Apr 13, 2018

try umatrix and downloadstar on new firefox

@gitbugged

This comment has been minimized.

gitbugged commented Jul 10, 2018

My disaster plan is to use Basilisk, it will continue supporting XUL extensions and receives frequent security updates. Mozilla has gone too far.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment