Firefox

Resources

Firefox is Mozilla's solution to the web browser. It is not the same thing as Firefox OS, which was a full operating system.

Aurora is the "unbranded" version of Mozilla's Firefox.

Installation

USE flags

USE flags for www-client/firefox Firefox Web Browser

`+X`	Add support for X11
`+clang`	Use Clang compiler instead of GCC
`+gmp-autoupdate`	Allow Gecko Media Plugins (binary blobs) to be automatically downloaded and kept up-to-date in user profiles
`+jumbo-build`	Enable unified build - combines source files to speed up build process, but requires more memory
`+system-av1`	Use the system-wide media-libs/dav1d and media-libs/libaom library instead of bundled
`+system-harfbuzz`	Use the system-wide media-libs/harfbuzz instead of bundled and media-gfx/graphite2 in most cases
`+system-icu`	Use the system-wide dev-libs/icu instead of bundled
`+system-jpeg`	Use the system-wide media-libs/libjpeg-turbo instead of bundled
`+system-libevent`	Use the system-wide dev-libs/libevent instead of bundled
`+system-libvpx`	Use the system-wide media-libs/libvpx instead of bundled
`+system-webp`	Use the system-wide media-libs/libwebp instead of bundled
`+telemetry`	Send anonymized usage information to upstream so they can better understand our users
`dbus`	Enable dbus support for anything that needs it (gpsd, gnomemeeting, etc)
`debug`	Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see https://wiki.gentoo.org/wiki/Project:Quality_Assurance/Backtraces
`eme-free`	Disable EME (DRM plugin) capability at build time
`geckodriver`	Enable WebDriver support
`gnome-shell`	Integrate with gnome-base/gnome-shell search
`hardened`	Activate default security enhancements for toolchain (gcc, glibc, binutils)
`hwaccel`	Force-enable hardware-accelerated rendering (Mozilla bug 594876)
`jack`	Add support for the JACK Audio Connection Kit
`libproxy`	Enable libproxy support
`lto`	Enable Link-Time Optimization (LTO) to optimize the build
`openh264`	Use media-libs/openh264 for H264 support instead of downloading binary blob from Mozilla at runtime
`pgo`	Add support for profile-guided optimization for faster binaries - this option will double the compile time
`pulseaudio`	Add sound server support via media-libs/libpulse (may be PulseAudio or Pipewire, or apulse if installed)
`screencast`	Enable support for remote desktop and screen cast using PipeWire
`selinux`	!!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
`sndio`	Enable support for the media-sound/sndio backend
`system-png`	Use the system-wide media-libs/libpng instead of bundled (requires APNG patches)
`system-python-libs`	Use system's python site instead of bundled python libraries
`valgrind`	Enable annotations for accuracy. May slow down runtime slightly. Safe to use even if not currently using dev-debug/valgrind
`wasm`	Sandbox certain third-party libraries through WebAssembly using RLBox
`wayland`	Enable dev-libs/wayland backend
`wifi`	Enable necko-wifi for NetworkManager integration, and access point MAC address scanning for better precision with opt-in geolocation services

Data provided by the Gentoo Package Database · Last update: 2024-11-17 06:15 More information about USE flags

The above list of USE flag is not comprehensive. Use equery (part of app-portage/gentoolkit) for a full list:

user $equery uses www-client/firefox

Emerge

To compile the source version of Firefox ESR, issue:

root #emerge --ask www-client/firefox

Be aware that non-ESR versions are not getting stabilized.

Emerging the source version of Firefox can be a long process; a pre-compiled (binary) version does exist in the Gentoo repository, however users of the pre-built package should note the warning below and this message. To emerge the Firefox binary, issue:

root #emerge --ask www-client/firefox-bin

Important
The disadvantage of using pre-compiled www-client/firefox-bin package is that almost all of the USE flags in the list above cannot be set. Be aware that setting these flags while using this package will not alter the binary.

Configuration

Enabling multitouch

Xinput2 scrolling

This brings touch scrolling and multitouch support for Firefox:

MOZ_USE_XINPUT2 environment variable has to be set to a value of 1 in /etc/env.d/80firefox, or just before launching firefox in a shell. for example:

user $MOZ_USE_XINPUT2="1" firefox

This also eliminates the predefined scroll step size for touchpad scrolling! All scrolling will be really smooth.

Wacom tablets/touchscreens may need extra configuration so they emit true touch events for X.

Multitouch zoom

This only works when the multitouch events reach Firefox, therefore the Xinput2 activation above has to be done first.

Description	about:config option	Value
Multitouch activation	`gestures.enable_single_finger_input`	`False`
Zoom in	`browser.gesture.pinch.in`	`cmd_fullZoomReduce`
Zoom out	`browser.gesture.pinch.out`	`cmd_fullZoomEnlarge`

Middle mouse scroll (autoscroll)

Traditionally in Linux, the middle mouse button is used to paste the currently selected (highlighted) text into a text field. On Windows systems, the middle mouse button in Firefox is used for click-and-drag scrolling up and down the page. This functionality can be enabled in Firefox by opening about:config and setting the following value^[1]:

general.autoScroll = true

Middle click-and-drag scrolling should now be enabled.

Although not necessary, sometimes it is desirable to disable all other middle-click functionality within Firefox when using click-and-drap scrolling. Open about:config and set the following values to disable middle-click functionality:

middlemouse.contentLoadURL = false
middlemouse.openNewWindow = false
middlemouse.paste = false

Threads

Firefox >= 54 has 4 threads enabled by default. Theads can be adjusted by modifying the following in the about:config interface:

Description	about:config option	Value
Increase the threads	`dom.ipc.processCount`	`N`

Where N is a integer number.

Disabling percent-encoding

Normally, URLs that are copied from the address bar get percent-encoded. This may cause an annoyance when certain non-Latin symbols (such as Cyrillic) get encoded, as they become unreadable to humans.

To disable percent-encoding when copying from the address bar, set the about:config option network.standard-url.escape-utf8 to false.

Note
Unfortunately Firefox does not support non-Latin symbols in anchors, those remain encoded (not percent-encoded, though).

Disable enforced digital signatures verification in Firefox >=48

This concerns mandatory add-ons signature in Firefox and can lead to security issues.

Method 1

Create this file:

FILE /usr/lib/firefox/config.js

//
try {
  Components.utils.import("resource://gre/modules/addons/XPIProvider.jsm", {})
    .eval("SIGNED_TYPES.clear()");
}
catch(ex) {}
END

Then insert this:

FILE /usr/lib/firefox/defaults/pref/channel-prefs.js

pref("general.config.obscure_value", 0);
pref("general.config.filename", "config.js");

Method 2

https://gist.github.com/anonymous/a661949550a26b9522f79095f8ae2d94

Method 3

This patch works for both firefox 49 and firefox 51, and seems to be robust to changes.

FILE /etc/portage/patches/www-client/firefox/no-signature-force-check.patch

--- a/build/mozconfig.common.override 2017-02-06 14:26:05.891721140 +0900
+++ b/build/mozconfig.common.override 2017-02-06 14:25:41.115763755 +0900
@@ -9,3 +9,4 @@
 # to override anything done previously.
 #
 # The common expected usage is for try builds with nondefault options.
+MOZ_REQUIRE_SIGNING=0

The following patch also works for firefox 49.

FILE /etc/portage/patches/www-client/firefox-49.0/no-signature-force-check.patch

diff --git a/browser/confvars.sh.old b/browser/confvars.sh
index 7637236..2264bf5 100755
--- a/browser/confvars.sh.old
+++ b/browser/confvars.sh
@@ -27,7 +27,16 @@ fi
 # Enable building ./signmar and running libmar signature tests
 MOZ_ENABLE_SIGNMAR=1
 
-MOZ_SAFE_BROWSING=1
+# Disable 'safe' browsing
+MOZ_SAFE_BROWSING=0
+# Disable checking that add-ons are signed by the trusted root
+# https://github.com/mozilla/positron/blob/master/build/mozconfig.common
+MOZ_ADDON_SIGNING=0
+# Disable enforcing that add-ons are signed by the trusted root
+MOZ_REQUIRE_SIGNING=0
+# https://dxr.mozilla.org/mozilla-central/rev/5cf4d2f7f2f2b3df2f1edd31b8bdce7882f3875c/browser/confvars.sh
+# https://dxr.mozilla.org/mozilla-central/source/browser/confvars.sh
+
 MOZ_APP_VERSION=$FIREFOX_VERSION
 MOZ_APP_VERSION_DISPLAY=$FIREFOX_VERSION_DISPLAY
 MOZ_EXTENSIONS_DEFAULT=" gio"

Then set xpinstall.signatures.required to false.

Special URLs

Firefox includes a few dozen special URLs that can be helpful in determining more information about various Firefox settings. These URLs can be entered into the Super Bar (via copy and paste) to view the special pages. A few of the more significant ones include:

about:addons
about:buildconfig
about:config
about:crashes
about:memory
about:networking
about:plugins
about:support
about:telemetry

Finally, about:about will display the whole list of Firefox' “about” pages. A description for each page is available at Firefox and the "about" protocol.

XDG integration

In order to make Firefox use XDG file associations set Content Type's Action to /usr/bin/xdg-open

Firefox file associations

To ensure Firefox is being used by other applications for handling HTTP and HTTPS links, run the following commands:

user $

xdg-mime default firefox.desktop x-scheme-handler/http

user $

xdg-mime default firefox.desktop x-scheme-handler/https

user $xdg-mime default firefox.desktop text/html

Security

Running in sandbox

The Simple sandbox article explains why »Sandboxing Firefox is mandatory«.

SSL/TLS Security Enhancements

Some about:config SSL/TLS security options which are not defaults (as of Firefox 52.2.0) that increase the security of your https connections are listed below. Two of them rarely break access to websites.

Description	about:config option	Value
Minimal TLS version set to 1.1. Default is `1` meaning TLS 1.0, unsecure. May break access to some badly configured websites.	`security.tls.version.min`	`2`
Avoiding old SSL/TLS version. May break access to some badly configured websites.	`security.ssl.require_safe_negotiation`	`true`
Inform user about insecure SSL/TLS negociation (broken padlock).	`security.ssl.treat_unsafe_negotiation_as_broken`	`true`
Require Online Certificate Status Protocol. Introduces some latency.	`security.OCSP.require`	`true`
Strict Certificate Pinning.	`security.cert_pinning.enforcement_level`	`2`
Don't use DES.	`security.ssl3.rsa_des_ede3_sha`	`false`
Don't use RC4.	`security.ssl3.rsa_rc4_128_md5` (if present)	`false`
Don't use RC4.	`security.ssl3.rsa_rc4_128_sha` (if present)	`false`
No Google SSL False Start.	`security.ssl.enable_false_start`	`false`

Safer browsing with Add-ons

Firefox has a massive community behind it and a result many Add-ons have been created to aid with specific interests of users. Many users are concerned about their privacy (tracking, bubbling, targeting, etc) while web browsing. Installing Add-ons can aid in adding an extra level of privacy to their browsing.

The Add-on menu can be accessed by navigating the following menus: Hamburger button (top right under the X) → Add-ons

uBlock Origin

A new ad blocker with lower resource usage, using same lists as Adblock. Very versatile and configurable.

Mozilla Add-ons page: https://addons.mozilla.org/en/firefox/addon/ublock-origin/

GitHub: https://github.com/gorhill/uBlock

Wikipedia: https://en.wikipedia.org/wiki/UBlock

NoScript

NoScript blocks JavaScript that is normally enabled by default. It can keep users safe and speed up web browsing.

Mozilla Add-ons page: https://addons.mozilla.org/en-US/firefox/addon/noscript/

Homepage: https://noscript.net/

uMatrix

Point and click to forbid/allow any class of requests made by your browser. Use it to block scripts, iframes, ads, Facebook, etc. uMatrix can also be used for spoofing HTTP referrer, spoofing User Agent strings, blocking hyperlink auditing and forcing strict HTTPS. Note, uMatrix can break many websites and most websites need configuration changes to work correctly.

Mozilla Add-ons page: https://addons.mozilla.org/en-US/firefox/addon/umatrix/

GitHub: https://github.com/gorhill/uMatrix

Troubleshooting

gtk+:3 pulls in DBUS

Since version ≥53.0 Firefox has dropped gtk+:2 support urging Larry to use gtk+:3. This however by default pulls-in annoyances like DBUS. This can be avoided by using a patch from BSD available in bug #669234 or mv overlay.

Crashes

If Firefox crashes for no apparent reason every few minutes with an error message like ABORT: X_GLXDestroyContext: GLXBadContext; 15 requests ago it might help to add the Firefox user(s) to the video group:

root #gpasswd -a <username> video

Latest adobe-flash-23 does not work

It is possible to use PPAPI NPAPI plugin adapter. For more info read here

root #emerge freshplayerplugin

Lack of sound (www-client/firefox)

If Firefox built with the gstreamer USE flag does not play sounds, and some web sites tell you to install Flash to play music, make sure that the necessary codecs are installed:

root #emerge gst-plugins-meta:1.0

Lack of sound (www-client/firefox-bin)

www-client/firefox-bin expects PulseAudio. Alsa-only systems might work around this limitation by using media-sound/apulse. For this to work you'll need to modify Firefox sandbox settings by going to about:config and adding "/dev/snd/" (note the trailing slash) to "security.sandbox.content.write_path_whitelist" option.

If you're storing ALSA settings in /home, also, be sure to add "/home/<username>/.asoundrc" to the "security.sandbox.content.write_path_whitelist" option. Whitelist path could be separated by comma.

Since around Firefox 58 there is additional modification needed to work around seccomp sandbox: security.sandbox.content.syscall_whitelist = 16

Now you can go ahead and create alias for running firefox through apulse:

user $alias firefox='apulse firefox-bin'

Screen tearing / stuttering smooth scrolling

Build www-client/firefox with USE flag hwaccel. See the mentioned Mozilla bug for background information.

Note
This doesn't work with www-client/firefox-bin as the USE flag is not available.

External resources

References

↑ https://askubuntu.com/a/95333

[1] ttps://askubuntu.com/a/95333

[1]