MozillaZine

How to disable the 'Check for updates' button on FX 52.9 ESR

User Help for Mozilla Firefox
c627627

User avatar
 
Posts: 548
Joined: April 3rd, 2005, 12:58 pm
Location: Kansas

Post Posted June 5th, 2018, 11:05 am

I didn't get any hits when I CTRL+F on that forum page so it took me a while to find it, it was in a link that forum in turn linked to, but for others who like me didn't know:

You create file autoconfig.js not inside your profile, but inside
C:\Program Files (x86)\Mozilla Firefox\defaults\pref
(for the example of 32-Bit Fiorefox.)


Now in it, I am not sure what you would place exactly?

Surely just placing

app.update.auto
app.update.enabled
app.update.service.enabled

in it would not flip them to FALSE?

(Sorry for asking for your time to spell it out.)
Open the pod bay doors, Cortana.

therube

User avatar
 
Posts: 18679
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted June 9th, 2018, 5:50 am

You create file autoconfig.js not inside your profile, but inside
C:\Program Files (x86)\Mozilla Firefox\defaults\pref
(for the example of 32-Bit Fiorefox.)

That seems correct.
Now in it, I am not sure what you would place exactly?

I'm thinking, only this:
Code: Select all
// autoconfig.js file needs to start with a comment

pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0);

(It says the "name" can be what you want. So here, it reads "mozilla.cfg", on SUMO they've named it "firefox.cfg.)

Then it seems, if I'm understanding (& I've always had trouble understanding anything posted on SUMO), you add your wanted changed prefs (or JavaScript code) into mozilla.cfg (which goes into FF's instalDir).

"Prefs" are formatted similar to the way they show up in prefs.js.

So seemingly mozilla.cfg would be:
Code: Select all
pref("app.update.auto", false);
pref("app.update.enabled", false);
pref("app.update.service.enabled", false);

Maybe? Is that right?

Anyhow, plug it in & try it.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

LoveMyFoxy

User avatar
 
Posts: 2050
Joined: December 11th, 2009, 11:23 am
Location: USA

Post Posted June 9th, 2018, 4:56 pm

The Tinsmith wrote:
...
Maybe you are experienced enough to remember when some websites would not let you on if your browser was 'out of date'? Or not an IE version?

I work online, and occasionally I lose out on a task because my 52ESR is not "up-to-date.
Desktop--Win 7 Ult. 64-bit, 6GB RAM /FF 52ESR 64/ Thunderbird 52 / MS Sec. Essent./ Windows firewall / Verizon FIOS

The Tinsmith
 
Posts: 816
Joined: December 24th, 2011, 10:29 am

Post Posted June 9th, 2018, 6:33 pm

LoveMyFoxy wrote:
The Tinsmith wrote:
...
Maybe you are experienced enough to remember when some websites would not let you on if your browser was 'out of date'? Or not an IE version?

I work online, and occasionally I lose out on a task because my 52ESR is not "up-to-date.



I am not in anyway an expert here but that sounds really, really incorrect. I would report that to Mozilla.

c627627

User avatar
 
Posts: 548
Joined: April 3rd, 2005, 12:58 pm
Location: Kansas

Post Posted June 9th, 2018, 7:59 pm

Yes, ESR 52 was updated yesterday so it's technically the most secure browser there is, which web page won't take it? It takes a long time after end of life, for a Firefox version to be blocked.
Paypal still takes Firefox released four years ago (!) This means we may be looking at 2022/2023 range at least for (not yet even released) ESR 52.9.


therube, I guess this is complicated enough for majority of people to not know how to implement.
I would be glad to test it. Could you tell me what exactly is a successful result of the test, I do have multiple Firefox profiles...

You click on the Update button and nothing happens?
Or do I have to have a previous Firefox version installed, so that there actually IS an update to download and then I test to see if it will download?
Open the pod bay doors, Cortana.

James
Moderator

User avatar
 
Posts: 27312
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Post Posted June 9th, 2018, 8:59 pm

c627627 wrote:Yes, ESR 52 was updated yesterday so it's technically the most secure browser there is, which web page won't take it? It takes a long time after end of life, for a Firefox version to be blocked.
Paypal still takes Firefox released four years ago (!) This means we may be looking at 2022/2023 range at least for (not yet even released) ESR 52.9.

The most secure web browser option for WinXP/Vista yes but not overall. ESR is all about stability so this means not all security fixes that goes in Releases will necessarily go in ESR channel builds.

Paypal will be looking for Firefox 49.0 (released September 20, 2016) or later versions so not quite over four years ago. https://www.paypal.com/us/smarthelp/article/how-do-i-check-and-update-my-web-browser-faq3893

LoveMyFoxy

User avatar
 
Posts: 2050
Joined: December 11th, 2009, 11:23 am
Location: USA

Post Posted June 9th, 2018, 10:07 pm

The Tinsmith wrote:I am not in anyway an expert here but that sounds really, really incorrect. I would report that to Mozilla.



Mozilla isn't the problem, the site I work for is, and they see it's 52. I switched to Chrome just for that one site. I hold my nose and scrub the machine with bleach after each use. ;-)
Desktop--Win 7 Ult. 64-bit, 6GB RAM /FF 52ESR 64/ Thunderbird 52 / MS Sec. Essent./ Windows firewall / Verizon FIOS

Benjamin Markson

User avatar
 
Posts: 353
Joined: November 19th, 2011, 3:57 am
Location: en-GB

Post Posted June 10th, 2018, 1:08 am

LoveMyFoxy wrote:Mozilla isn't the problem, the site I work for is, and they see it's 52. I switched to Chrome just for that one site. I hold my nose and scrub the machine with bleach after each use. ;-)

You might look at these two add-ons. They allow you to decide the User Agent version you present to each web site you visit.

https://addons.mozilla.org/en-GB/firefo ... /uacontrol
https://addons.mozilla.org/en-GB/firefo ... t-js-fixer

The most picky sites I've come across so far are mozilla.net and mozilla.org ...go figure.

Ben.
XUL is dead. Long live the Google Chrome Clones.

Brummelchen
 
Posts: 3464
Joined: March 19th, 2005, 10:51 am

Post Posted June 10th, 2018, 2:29 am

there is nothing wrong with the IA from 52esr. waste of ressources to fake this. and if paypal restricts access due ssl/tls no UA can help out because firefox cant handle it.

therube

User avatar
 
Posts: 18679
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted June 10th, 2018, 5:24 am

Could you tell me what exactly is a successful result of the test

I would suppose that on opening a new Profile, going into about:config, those Prefs should be at non-default settings, should show as 'false'.
And assuming that to be the case, you would expect updates to not occur.

On an existing Profile, not sure?
In existing, leave or set the Prefs to 'true'.
Close FF & reopen.

True or false?
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

therube

User avatar
 
Posts: 18679
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted June 10th, 2018, 5:27 am

ESR is all about stability so this means not all security fixes that goes in Releases will necessarily go in ESR channel builds.

I'm not sure that is correct.
AFAIK, all appropriate security fixes from releases get backported.
(If an security fix from release does not apply to ESR, like because a particular feature was never implemented in ESR, then in a case like that, there is nothing to backport to.)
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

Frank Lion

User avatar
 
Posts: 19946
Joined: April 23rd, 2004, 6:59 pm
Location: ... The Exorcist....United Kingdom

Post Posted June 10th, 2018, 6:39 am

Brummelchen wrote:there is nothing wrong with the IA from 52esr. waste of ressources to fake this. and if paypal restricts access due ssl/tls no UA can help out because firefox cant handle it.

How are PayPal going to restrict access when PayPal will only require TLS 1.1 and SeaMonkey 2.49.3 and Firefox 52 already support TLS 1.3?
Metal Lion latest SeaMonkey & Thunderbird Themes - Sea Monkey and Silver Sea Monkey
"The only thing necessary for the triumph of evil, is for good men to do nothing." - Edmund Burke (attrib.)

c627627

User avatar
 
Posts: 548
Joined: April 3rd, 2005, 12:58 pm
Location: Kansas

Post Posted June 10th, 2018, 7:00 am

Also, we had many emergency Firefox security updates which were not issued for ESR _because_ ESR was not affected, technically meaning Firefox ESR was _more_ secure than Firefox regular? In other words if you were using (most updated) ESR all that time you were fine, but if you were using Firefox regular, you were at risk.

the rube, this did NOT work, we need more help, this is a difficult thing to figure out:

1. You create file autoconfig.js not inside your profile, but inside
C:\Program Files (x86)\Mozilla Firefox\defaults\pref
(for the example of 32-Bit Firefox.)

2. Contents of autoconfig.js are:

// autoconfig.js file needs to start with a comment

pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0);

3. You create a mozilla.cfg file inside
C:\Program Files (x86)\Mozilla Firefox
(for the example of 32-Bit Firefox.)

4. Contents of mozilla.cfg file are:
pref("app.update.auto", false);
pref("app.update.enabled", false);
pref("app.update.service.enabled", false);

5. RESTART Firefox

Now this still UPDATED Firefox 52.8.0 to 52.8.1
even though about:config clearly shows all these values to be FALSE:

app.update.auto
app.update.enabled
app.update.service.enabled


We need more help on what to do differently to disable not just the existence of the 'check for updates button' which we can do.
But its functionality as well since it can be run from another profile where this button was not removed.
I am standing ready to test anything else anyone suggests.
Open the pod bay doors, Cortana.

therube

User avatar
 
Posts: 18679
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted June 10th, 2018, 7:07 am

In the dslreports thread, above Frodo's post is my link to my thread here, which others frown upon, which IMO is very simple method, that seems to work :-).
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

therube

User avatar
 
Posts: 18679
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted June 10th, 2018, 8:31 am

technically meaning Firefox ESR was _more_ secure than Firefox regular?

No, all you can say is that ESR was not susceptible to particular security exploits that did affect later versions.

There have been plenty of exploits against Windows OS > XP, but hat does not mean that XP is more secure then later OS.
(And yes, I use XP. And Win7.)
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

Return to Firefox Support


Who is online

Users browsing this forum: No registered users and 11 guests