PolicyPak Will Soon Only Support Firefox ESR
We are all used to having a choice in so many things. The grocery store offers paper or plastic, the gourmet restaurant offers red or white wine, and Mozilla Firefox offers both the Rapid Release (RR) and Extended Support Release (ESR) versions of their popular browser.
Many admins do not even realize there is a choice in Firefox browsers.
This blog will help you become aware of the two choices and better understand PolicyPak’s commitment to supporting them in the future.
The difference between the two browser versions is negligible and the variance in functionality is minimal at best. A summary of the two versions is as follows.
Firefox Rapid Release (RR)
Firefox Rapid Release, or RR, is known as the standard release of Firefox and the one that is readily available for download. This is likely the version you have on your home PC, and the one that your non-IT friend might download as well.
Years ago, Mozilla had a reputation for dragging out the time between new browser releases, which resulted in frustration and challenges for its user base. That all changed with the introduction of RR, which came with a commitment to a release schedule with six-week intervals.
RR is the right choice for normal non-IT users in most circumstances.
RR provides the necessary up-to-date features, performance enhancements and technologies.
And this is especially true for personal users who do not concern themselves with compatibility issues caused by perpetual updates. In order to stick to their six-week release cycle, Mozilla requires users to update their browser every six weeks as well. There are also some limitations concerning RR, including the fact that releases are only supported up until the next major release. Thus, Firefox 60 reaches end-of-life (EOL) once Firefox 61 is released.
Firefox Extended Service Release (ESR)
In terms of Firefox releases, ESR is the more conservative choice, which is why most enterprises prefer it. As its name implies, each release of Firefox ESR has an extended support cycle compared to its RR counterpart. Firefox ESR only receives major updates every 42 weeks, supplemented by minor updates every six weeks for crash fixes, security fixes and policy updates.
On top of that, Mozilla allows a 12-week overlap in between releases and each major release of ESR has a life cycle of over a year. For organizations that utilize Firefox extensions or utilize software that pairs with Firefox, the extended service release can amount to real time savings as IT support personnel do not have to perpetually test and deploy every six weeks.
While there is an occasion in which a feature may be disabled in ESR, those instances are rare. Differences between the regular release and ESR are documented in the release notes of the first ESR release of the cycle. Also, enterprises that centrally manage Firefox settings have a few more options with ESR.
Why PolicyPak customers must use or transition to Firefox ESR
While the outward-looking disparity between RR and ESR may be slight, PolicyPak customers have enjoyed the freedom of choice concerning the Firefox browser – until now. For better or worse, starting with the Firefox 62 Release (where it will be an optional switch), or likely the Firefox 63 release (depending on timing), the inner guts of Firefox RR will be closed off to outsiders.
Moving forward, PolicyPak will only work in conjunction with ESR. You can read more about this in the 62 Beta release notes. This is not in any way a decision by PolicyPak, as we would prefer to continue allowing our customers to granularly manage and secure whichever Firefox environment they choose.
Unfortunately, this limitation is based in security concerns by Firefox to sandbox the AutoConfig file. AutoConfig files can be used to set and lock preferences that are not covered by Firefox’s policy engine, which is the method we use to automate how PolicyPak Application Manager works.
Again: Firefox ESR is not affected, and PolicyPak Application Manager will keep working just fine with Firefox ESR.
In addition, please note that PolicyPak Browser Router may or may not work with Firefox RR, and as such, we plan only to test and support both PolicyPak Application Manager and PolicyPak Browser Router with Firefox ESR going forward.
The reason for the change is because Firefox has discovered instances since Firefox 57 that indicate AutoConfig has been used by malicious perpetrators. Two examples of documented cases include bug 1292444 and bug 1431934. Therefore, as of RR version 62, the functionality of AutoConfig will be drastically reduced. You can read the official explanation from Mozilla here.
The loss of PolicyPak compatibility with Firefox RR is not necessarily a bad thing. As outlined in the above summaries, Firefox ESR is more suited to IT / enterprise environments anyway, as it delivers greater predictability and reliability. And, no changes to the AutoConfig compatibility.
For those organizations who have been rampantly keeping pace with the six-week life cycle of Firefox RR, ESR may present a welcome change. You can easily download Firefox ESR in your preferred language here.
A note about general.config.sandbox_enabled
So in the Firefox 62 release notes you might see reference to a setting called general.config.sandbox_enabled which could tell Firefox 62 and later to keep using the AutoConfig style items. That being said, Firefox RR and PolicyPak may or may not work when this flag is configured. If it happens to work, it is still not supported.
Said another way, only Firefox ESR will be supported by PolicyPak, even when the general.config.sandbox_enabled is set to TRUE in Firefox RR.
To learn more about how PolicyPak works with Firefox, download this white paper.