Disaster Plans for Firefox XUL Sunset

firefox_migration.rst

Disaster Plans for Firefox XUL Sunset

Public URL:	Github Gist
Status:	Incomplete
Last Updated:	2018-08-23 04:10 EDT

Threat Summary

In their November blog post, Add-ons in 2017, Mozilla announced an aggressive plan to deprecate XUL APIs without having assured a porting path for existing APIs.

Most significantly, this will kill off the Classic Theme Restorer extension which I rely on to keep the UI suitably comfortable, as the Australis theme has elements (eg. the "toolbar in a panel" hamburger menu) which are even more unappealing to me than Google Chrome's crippled design.

As such, this document tracks my plans to investigate alternatives to my current Firefox extension load-out, both within Firefox (possibly with custom source patches) and on other browsers.

(The latter case will be necessary as a plan B in case addon ports are planned but their developers or the developers of APIs they depend on miss the Firefox 57 deadline.)

UPDATE 2018-02-03: Thanks to the continued availability of userChrome.css, Classic Theme Restorer is no longer my biggest concern. Instead, it's extensions such as DownThemAll! and Tiddlyfox.

Timeline [1]

—	January 23rd, 2017	Firefox 52.0b1 enters beta channel
—	March 7th, 2017	Firefox 52 enters ESR channel.
—	April 18th, 2017	No new XUL addons will be signed by AMO
☑	April 22nd, 2017	Switch to Firefox ESR builds when 53.0a2 enters Ubuntu Aurora PPA
—	June 12th, 2017	Firefox 57.0a1 moves XUL behind a pref in nightly channel
—	August 7th, 2017	Firefox 57.0a2 moves XUL behind a pref in aurora channel
—	October 2nd, 2017	Firefox 57.0b1 removes XUL from beta channel
—	November 14th, 2017	Firefox 57.0 removes XUL support from stable channel
—	August 28th, 2018	Firefox 52 ESR is replaced with Firefox 60 ESR
☐	TBD	Migrate off Firefox if extension support is insufficient

High-level Tasks

Tasks

Possible Immediately, No Urgent Deadlines

☑ Do I need to compile my own Firefox ESRs to disable signing enforcement? (No.)

☐ Investigate SeaMonkey's future plans

☐ Investigate compatibility between my extensions and SeaMonkey

☐ Investigate compatibility between my extensions and Pale Moon

☐ Investigate compatibility between my extensions and Waterfox

☐ Investigate options for setting up a forced transparent DNS proxy to work

around Google pinning the DNS for YouTube ads in Chromium.

☐ Complete extension/feature porting matrices

☑ Decide whether to stick with Tree Style Tab now that e10s should be keeping things snappy or go back to my old workflow. (Yes.)

Time-Specific

☑ Follow Firefox 52 ESR to avoid a 56.0->52 ESR downgrade when 57 comes out.

Persistent Data Stores to Be Made Browser-Agnostic

☑ Passwords (KeePass)

☐ Saved Session/Open Tabs

☐ Bookmarks

☐ ScrapBook storage

☐ Extension preferences:

├─☐ Greasemonkey scripts & script data stores

├─☐ HistoryBlock blacklist

├─☑ HTTPS Everywhere preferences and custom rules (N/A [2])

├─☑ NoScript settings (N/A [14])

├─☑ RefControl settings & whitelist (N/A [14])

├─☐ Stylish styles

├─☐ uBlock Origin settings

└─☐ uMatrix settings and whitelist

Solutions Under Consideration

• Turn off Firefox updates:

  • Migrate high-risks tasks (eg. banking, PayPal, etc.) to Chromium
  • Install the last XUL-capable ESR release of Firefox.
  • Set up an aggressive Firejail sandbox, including the X11 SECURITY extension. (May require upgrading off Kubuntu 14.04 LTS to fix PulseAudio support)

• Find an equivalent set of extensions for Pale Moon, SeaMonkey, or Chromium.

• Migrate security extensions to an HTTP proxy, completely independent of any specific browser.

• Convert most of TiddlyFox's functionality into a local HTTP daemon which re-creates the old XULConnect APIs as HTTP APIs which trigger prompt dialogs.

  • If I can think of a good design for a mechanism for extensions to securely prompt to be added to the extension manifest's allowed origins, this might actually do better as a generic "extended capabilities" host for the native messaging API, which any extension can make use of if installed.

    The downside being, since Firefox doesn't have a way to opt out of extensions signing in all builds, I may have to stick to an HTTPS CORS API to get anything even remotely signable.

    (Either way, I'd want to use Rust, do a lot of fuzzing, and iterate a lot on the design of the permissions prompts and extra protections like a blacklist/whitelist for what filesystem permissions can be requested without a power user pre-emptively adjusting the configuration file.)

about:config Tweaks

✓ = Equivalent functionality is built into Chromium or available as an addon

✗ = Must implement replacement myself

Key	Firefox	Chrome Solution
beacon.enabled	false
browser.download.lastDir.savePerSite	true	✗ [3]
browser.link.open_newwindow	1
browser.link.open_newwindow.override.external	3
browser.link.open_newwindow.restriction	0
browser.newtabpage.enabled	false
browser.send_pings.require_same_host	true
browser.sessionstore.privacy_level	2
browser.showQuitWarning	true
browser.startup.page	-11 ✗ [4]
browser.urlbar.doubleClickSelectsAll	false
browser.urlbar.maxRichResults	12
browser.urlbar.trimURLs	false	✗ (Requires Source Patch)
dom.disable_window_open_feature.minimizable	true
dom.disable_window_open_feature.titlebar	true
dom.disable_window_open_feature.toolbar	true
dom.serviceWorkers.enabled	false	✗ [5]
gecko.smoothScroll	false
image.animation_mode	none [6]
media.autoplay.enabled	false
media.eme.apiVisible	false
media.eme.enabled	false
middlemouse.contentLoadURL	false
network.cookie.cookieBehaviour	1
network.cookie.lifetimePolicy	2
network.dns.disablePrefetch	true
network.http.pipelining	true
network.http.pipelining.aggressive	true
network.http.pipelining.max-optimistic-requests	8
network.http.proxy.pipelining	true
network.http.speculative-parallel-limit	0
network.IDN_show_punycode	true	✓ [7]
network.prefetch-next	false
nglayout.enable_drag_images	false
offline-apps.allow_by_default	false
privacy.clearOnShutdown.cache	true
privacy.clearOnShutdown.cookies	false
privacy.clearOnShutdown.downloads	true
privacy.clearOnShutdown.extensions-dta	true
privacy.clearOnShutdown.formdata	false
privacy.clearOnShutdown.history	false
privacy.clearOnShutdown.offlineApps	false
privacy.clearOnShutdown.openWindows	false
privacy.clearOnShutdown.sessions	true?
privacy.clearOnShutdown.siteSettings	false
privacy.cpd.cache	true
privacy.cpd.cookies	false
privacy.cpd.downloads	false
privacy.cpd.extensions-dta	false
privacy.cpd.extensions-sessionmanager	false
privacy.cpd.formdata	false
privacy.cpd.history	false
privacy.cpd.offlineApps	false
privacy.cpd.openWindows	false
privacy.cpd.passwords	false
privacy.cpd.sessions	false
privacy.cpd.siteSettings	false
privacy.donottrackheader.enabled	true
privacy.sanitize.sanitizeOnShutdown	true
privacy.trackingprotection.enabled	true
social.toast-notifications.enabled	false
spellchecker.dictionary	en-CA
xpinstall.signatures.required	false	✓ --enable-easy-off-store-extension-install

Extensions

Legend
✓	Port or direct equivalent available (or planned to be available on time)
~	Low confidence in developer's plans (ie. expect disruption with Fx 60)
…	Waiting for an acceptably concrete response from the developer(s)
✗	Must implement replacement myself
N/A	Addition or removal of a browser feature renders replacement unnecessary

Always Enabled

Extension	Firefox WebExtension	Chrome
BetterPrivacy	N/A [8]
Classic Theme Restorer	See List	See List
Decentraleyes	✓ (Issue 124)	✓ Local CDN
Disable Ctrl-Q Shortcut	✗ (Bug 1325692) [9]
Download Panel Tweaker	N/A (Bug 1269957)	N/A
DownThemAll	~ [10] / ~ Download Star	✗ [11]
Greasemonkey	✓ [12]	✓ Tampermonkey
Google search link fix	✓	✓
HistoryBlock	✓ (Bug 1334266)
HTTPS Everywhere	✓ (Issue 7389)	✓
InlineDisposition	✓ InlineDisposition Reloaded	✓ Undisposition
No Flash	N/A (Issue 39)
NoScript [13]	N/A [14]
Pure URL	✓ [16]
RefControl	N/A [14]	~ [15]
ScrapBook	✓ [17]	✗
Self-Destructing Cookies	✓ Cookie AutoDelete	Tab Cookies
Session Manager	… (Bug 1427928)
Shift + Scroll	N/A (built-in)	N/A (built-in)
Show Keyword	N/A? [18]	N/A
Stylish	✓ Stylus [19]	✓
Suspend Tab	✓ Auto Tab Discard
Tab Counter	Tab Count	✓ [20]
Tab Tree	Tree Style Tab
Tab Wheel Scroll	✓ [21] [34]	N/A (built-in)
TiddlyFox	✓ File Backups	✗
Toggle Animated GIFs	~ (Issue 43)	✓ [22]
uBlock Origin	✓ (Bug 1309926)	✓ + uBO-Extra
uMatrix	✓	✓
withExEditor	✓ (Issue 23)	Multiple [23]

Optional or Situational

Extension	Firefox Solution	Chrome Solution
Automatic Save Folder	N/A [24]	✗ [25]
Beef Taco [26]	N/A
Cookie Time	N/A [14]
Cookies Export/Import	✓ cookies.txt
DOM Inspector [27]	N/A [28]	✗
Fangs	✓ WAVE Accessibility Tool
FindBar Tweak	N/A (built-in)	N/A
Flattr	✓
Form History Control	✓
InspectorWidget [27]	N/A [28]	✗
JSONView	✓ JSONovich	✓ [29]
Live HTTP Headers	✓ HTTP Header Live
Password Exporter	✓ firefox_decrypt
Private Tab	N/A [35]	N/A [35]
Reddit Enhancement Suite	✓
restartFox	✗ [30]	✓ chrome://restart [31]
Save Text To File	✓ (See Issue 85)
StumbleUpon	N/A [32]
Stylish Sync	N/A
User Agent Switcher	✓ [33]
Video DownloadHelper	✓ (Bug 1310316)

Classic Theme Restorer Tweaks

Tweak	Firefox Solution	Chrome Solution
Hamburger button on left end	N/A	✗
Hide 'all tabs' button	✓ userChrome.css [34]	N/A
Limit AutoCompl to AddrBar Width	✓ userChrome.css [34]	✗
Private: mask in tabs instead	N/A [35]	N/A [35]
Remove page context menu icons	✓ userChrome.css [34]
RSS icon in Awesomebar	✓ Awesome RSS
Square Tabs	N/A (built-in)	✗
Stop/Reload button in address bar	✓ Reload in address bar	✗
Truly blank about:newtab	✓ userContent.css [36]	✓

XUL Userstyles

Extension		Status
Classic Theme Restorer - Misc. Fixes		✓ See sub-features
	Hide private browsing badge (use menu button color)	✓ userChrome.css if necessary.
	Restore pre-Australis narrow buttons in tab bar	✓ built-in
DownloadHelper - Hide Inactive, Compact Active		✓ userChrome.css if necessary.
DownThemAll - Remove 3.x GUI Clutter		✓ userContent.css if necessary.
Firefox - Un-cluttered, Chrome-like Context Menu		✓ userChrome.css [34]
Firefox 43 - Revert stop/go/reload button size		✓ Reload in address bar is fine as-is
InspectorWidget - Hide Context Menu Entries		✓ Obsolete without InspectorWidget
Remove the newbie footer from Stylish		✓ Obsolete with the switch to Stylus
StumbleUpon - Hide Context Menu Entries		N/A StumbleUpon extension is now garbage beyond my ability to fix it.
StumbleUpon - Hide Facebook/Twitter in Share Menu
StumbleUpon - Ultra-Compact Toolbar
StumbleUpon - Undo "always show referred count"

DownThemAll Successor

TODO: Explore options for integrating an external download manager with suitably comfortable support for selecting extracted URLs and sharing cookies (How's FlashGot's future looking?)

Candidates so far:

• JDownloader (I need to keep a copy around anyway for file lockers) [JD Extension]
• KGet
• FatRat
• GWGET
• uGet
• Aria
• Steadyflow
• wxDownload Fast
• Xtreme Download Manager [XDM Extension]

Footnotes

[1]	Sources: The Road to Firefox 57 - Compatibility Milestones Mozilla Wiki: Rapid Release Calendar A conversation in irc://irc.mozilla.org/firefox to clarify the sunset point for non-stable channels. Add-ons/Firefox57 - MozillaWiki

[2]	I now operate on the default settings.

[3]

Chrome doesn't provide this internally and the extension API disallows this level of control, but it can be hacked around by some combination of the following: Setting the Download directory to the filesystem root Using an inotify-based watcher to move files out of the download directory once they finish downloading. Using an extension like Downloads Router to give the inotify helper more information about where the downloads came from. Just replacing the browser's built-in download support with an integration extension for an external download manager with routing support. (See DownThemAll Successor)

[4]	browser.startup.page: -11 means "Prompt for session to load" and is provided by the Session Manager extension.

[5]	Chrome apparently has no way to disable service workers outright, but chrome://serviceworker-internals/ can be used to manage them.

[6]	image.animation_mode: none is just used to enforce the starting state by the Toggle Animated GIFs extension. It's insufficient alone.

[7]	Chrome has a different mitigation.

[8]

With Flash being click-to-play and so ridiculously rare to legitimately need outside of old Flash games these days, expiring LSOs while the browser is still running is unnecessary. Apparently it's possible for addons to flush them, but the Clear Service Worker extension has an ominous "Added Analytics Plugin" message in its description, so I'll have to write my own flusher. (Which may be better anyway, since it'd let me implement the behaviour I desire, which is more akin to what Self-Destructing Cookies does for cookies.) I'm assuming it has something to do with service workers counting as cookies/site data.

[9]	I have written a Python proof-of-concept for this which is available at https://github.com/ssokolow/firefox_ctrlq_fix

[10]

The author of DownThemAll! is working on a necessarily crippled "DownThemAll! Lite" which may still satisfy my immediate needs for batch-downloading of images without attaching a helper app as a backend. However, it's running behind schedule. That status update includes a comment on how to workaround potential hiccups in getting classic DTA installed into Waterfox. (grab an old Firefox 56 installer, install in a fresh profile, then import that profile into Waterfox.) Download Star currently lacks features like automatic naming.

[11]

By design, the Chrome extension API doesn't give extensions sufficient disk access to implement things like resume, piecewise downloading, and writing to arbitrary filesystem locations, so DTA! can only be replaced by an integration shim for an external download manager: DownThemAll - No Google Chrome support Quora - Is there any Chrome extension similar to Firefox's DownThemAll? superuser - A DownThemAll equivalent for Chrome

[12]	Greasemonkey status is tracked in the following bugs and threads: Design Doc: Greasemonkey as a WebExtension - Google Groups Bug 1334174: Enable Greasemonkey to be a WebExtension Bug 1323433: Implement a declarative content script API

[13]

NoScript is used only for the following features: Click-to-play for embeddings, audio/video tags, and WebGL Forbid <a ping...> Forbid meta redirections inside <noscript> elements. Forbid XSLT Attempt to fix JavaScript links XSS Filter Automatic Secure Cookies Management ABE (Application Boundaries Enforcer) ClearClick protection

[14]	(1, 2, 3, 4, 5) The requisite functionality has been swallowed up by uMatrix to a degree which makes having a whole extension for the remaining scraps not worth the CPU time.

[15]	Multiple options, none very good: https://chrome.google.com/webstore/detail/referer-control/acehenlbileblompmkkoimgobmcdkgeb?hl=en https://chrome.google.com/webstore/detail/negotiator/lfopjlendebbnfddpgpoaahmpbgmffii?hl=en

[16]

The author has plans similar to mine with regards to Firefox ESR and responded as follows: It is possible to port Pure URL to WebExtensions, and I'd like to do it someday. But it requires time, and currently I'm planning to stay on Firefox 52 ESR for 1.5 years at least. So, I don't know when I'll port this extension. Unfortunately, I can't promise that I'll do it before Firefox 57 release.

[17]	Two successor extensions: ScrapbookQ tries to replicate the experience of the original more faithfully using a native messaging helper, but I couldn't get it working. Web ScrapBook lacks the sidebar and automatic indexing, but I was able to configure it for the effortless saving I'm used to.

[18]	I remember people wanting to kill off bookmark keywords in the process of unifying the search integration. TODO: Determine what the current plans are. (Will I have to create fake search engines which don't actually search to preserve my keywords?)

[19]	Stylis has gone snoopy. Stylus is the ethical replacement.

[20]	https://chrome.google.com/webstore/detail/tab-counter/feeoiklfggbaibpdhkkngbpkppdmcjal

[21]

Tab Wheel Scroll progress was tracked in issue 19 but bug bug 1246706 which would provide the necessary API was declared WONTFIX, so the only non-hacky option is to implement it in Firefox itself, which is tracked in bug 1285812 and has an uncertain future. However, userChrome.css can be used to implement it.

[22]	Multiple "Toggle Animated GIFs" extensions available: Gif Jam (Animation Stopper) Animation Policy (Works on all formats. License uncertain.) GIF Blocker (License uncertain. Can't re-stop after starting.)

[23]	Multiple withExEditor-like Chrome extensions are available: superuser: It's All Text for Chrome? superuser: Chrome: Edit html with external editor Browser's external editor

[24]

Automatic Save Folder is no longer be necessary, since using it temporarily toggled a hidden setting to enable remembering the previous save folder on a by-origin basis and that covers all of the uses where I wouldn't have to write my own extension anyway due to the nature of the filter rules I'd want to write.

[25]

The Chrome extension API is too crippled to implement this functionality, so I'll need to use an external download manager, an inotify-based sorter for the downloads folder, or both. (In the latter case, possibly with a helper like Downloads Router to translate things like source domains into paths the inotify code can see.)

[26]	Beef Taco is incompatible with Self-Destructing Cookies but may come into use again if the latter is completely impossible to port.

[27]	(1, 2) DOM Inspector and InspectorWidget are used to inspect XUL in order to produce XUL Userstyles.

[28]	(1, 2) The functionality I used to use the DOM inspector for is now available as part of Firefox's built-in debugging tools. See either of these URLs for instructions:

[29]	JSONView for Chrome exists as a 3rd-party port, but, because of the same Chrome API limitations, which cripple it, Ben Hollis never produced an official Chrome port and he is no longer working on JSONView for Firefox either.

[30]

Restarting Firefox like this currently requires an external helper (unless there's some kind of userChrome+bindings hack possible?) and the only extension which currently offers it charges for the Windows-specific helper. (That alone is a bit of an affront to me, so I might take advantage of the MPL license on the extension itself and write a free, cross-platform helper to go with it.)

[31]	Add chrome://restart to the bookmarks toolbar for a suitable analogue to restartFox. /r/firefox - Guide How To Edit Your Context Menu CustomCSSforFx - How to find item ids and attributes?

[32]	Official addon has become garbage. Devs apparently don't care.

[33]

Multiple choices depending on desired functionality: Random User-Agent ("Set it and forget it" randomization based on picking OS+Browser combos to include) User Agent Switcher by Alexander Schlarb (supports randomization and setting a specific UA, but it looks like you have to keep the list updated yourself. Closest in use to the original extension of that name.) User-Agent Switcher by RayLo (Appears to have the nicest UI for working with large numbers of choices.) User-Agent Switcher by Linder (Provides a tablet-friendly way to pick from 26 different UA strings)

[34]

(1, 2, 3, 4, 5) Apply the following fixes via userChrome.css: /* Remove distracting/unappealing icons from addon menu items */ #contentAreaContextMenu .menu-iconic-left { visibility: hidden !important; } /* Remove pointless thumbnail in the Bookmark popup */ #editBookmarkPanelImage, #editBookmarkPanelFaviconContainer { display: none !important; } /* Restore scroll-wheel tab switching */ .tabbrowser-arrowscrollbox > .arrowscrollbox-scrollbox { /* Place bindings.xml in the same folder as userChrome.css */ -moz-binding: url("bindings.xml#tabs-scroll") !important; } /* Ensure unwanted cruft can't appear in content-area context menus * (eg. I access Screenshots via the page action instead) * BUG: https://bugzilla.mozilla.org/show_bug.cgi?id=1146394 */ #context-back, #context-forward, #context-bookmarkpage, #context-pocket, #context-savelinktopocket, #context-sendimage, #context-setDesktopBackground, #screenshots_mozilla_org_create-screenshot, #contentAreaContextMenu menu[label="Tree Style Tab"], #ublock0_raymondhill_net_uBlock0-blockElement { display: none !important; } /* De-iconify stop/reload entries in the context menu */ #context-navigation * { max-height: 1ex; } #context-reload::after { content: " Reload"; } #context-stop::after { content: " Stop"; } #context-reload, #context-stop { list-style-image: none !important; -moz-box-align: start !important; -moz-box-pack: start !important; } /* Hide unwanted page actions in overflow menu * BUG: https://bugzilla.mozilla.org/show_bug.cgi?id=1407972 */ #pageAction-panel-emailLink { display: none !important; } /* Pin "Reload in address bar" extension's page action to the right edge * BUG: https://bugzilla.mozilla.org/show_bug.cgi?id=1407972 */ image[aria-label="Reload page"], image[aria-label="Stop"] { -moz-box-ordinal-group: 2 !important; } /* Hide unwanted "All Tabs" button * WONTFIX'D: https://bugzilla.mozilla.org/show_bug.cgi?id=1435229 */ #alltabs-button { display: none !important; } /* Compact sidebar header to match my compact toolbars * BUG: https://bugzilla.mozilla.org/show_bug.cgi?id=1435184 */ #sidebar-header { height: 32px !important; padding: 0 !important; font-size: 12px !important; } /* Narrow the address bar dropdown to something more in line with system-native * widget styling. */ #PopupAutoCompleteRichResult { margin-left: 0px !important; max-width: 1087px !important; }

[35]	(1, 2, 3, 4) Firefox Quantum resolved the "opening a new window is a horrendously heavy operation" problem which was my primary reason for wanting private tabs in the same window. For the rest, container tabs.

[36]

Apply the following fixes via userContent.css: /* Truly blank new tab page * Adapted from https://superuser.com/a/1289224 * BUG: https://bugzilla.mozilla.org/show_bug.cgi?id=1179593 */ @-moz-document url("about:newtab") { body { background-color: #ffffff !important; } body * { display: none !important; } } /* Fix rendering glitch-esque default style in uMatrix scope selector * WONTFIX'd: https://github.com/gorhill/uMatrix/issues/936 */ @-moz-document url-prefix("moz-extension://19c6955d-eec7-44a2-a3da-c58f4daa2329/") { body .toolbar #specificScope { padding: 0 !important; border: 0 !important; } body .toolbar #specificScope > span { padding-right: 3px !important; padding-left: 3px !important; border-left: 1px dotted #77f !important; } body .toolbar #specificScope > span:first-of-type { border-left: none !important; } /* ...and fix text contrast on deselected scope buttons for readability */ body .toolbar .scope:not(.on), body .toolbar #specificScope > span:not(.on) { background-color: #aaa !important; border-color: #aaa !important; } }

Новое расширение TiddlyFox 2.0.1 (от января сего года) тупо не выполняет свою задачу ни на какой версии ФФ. На любой версии оно предлагает сохранить новую версию файла. Ну и естественно, даже если мы её сохраняем - изменений в новом файле нет.

Версия 1.0alpha18.1 такой херни лишена.

Новое расширение TiddlyFox 2.0.1 (от января сего года) тупо не выполняет свою задачу ни на какой версии ФФ. На любой версии оно предлагает сохранить новую версию файла. Ну и естественно, даже если мы её сохраняем - изменений в новом файле нет.

Версия 1.0alpha18.1 такой херни лишена.

TiddlyFox 2.0.1 работает для меня с Firefox 52 ESR и TiddlyWiki Classic. (Я прошу прощения за то, что я полагаюсь на Google Translate.)

try umatrix and downloadstar on new firefox

My disaster plan is to use Basilisk, it will continue supporting XUL extensions and receives frequent security updates. Mozilla has gone too far.