Firefox 23 has made it impossible to run our product. How do we roll back to version 22?
We have a product that uses a java applet to run it. Until Firefox 22 (and for all previous versions), we could depend on the Firefox to work with our product, even when no other browser would. We need to be able to remove FF 23 and re-install FF 22. I've tried all the recommendations to fix the problem, but nothing works. Our Apple customers are the ones who are most affected because neither Safari 6, Chrome nor Firefox will run our product. Our PC customers can run IE.
How do I download Firefox 22? I have a saved copy of the FF 21 installer for PC but not for Mac.
I know that this goes against Firefox advice, but I'm instructing my company and my customers to turn off automatic updates for Firefox until such time that we can use future versions.
選ばれた解決策
By default, web pages are limited to loading files in the same directory and subdirectories. To relax that restriction, you can toggle a setting in about:config. This isn't new, but in case this setting now affects your application in some new way, do you want to try it?
The about:config method should work for about:newtab, but extensions can override it (and a user.js file can revert it at the next startup).
(1) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.
(2) In the search box above the list, type or paste file and pause while the list is filtered
(3) Assuming it is set to its default value of true, double-click the security.fileuri.strict_origin_policy preference to toggle it to false.
Any difference?
この回答をすべて読む 👍 1すべての返信 (20)
I'd rather help you fix whatever it is that is causing issues than have you use Old versions of Firefox and telling your customers to use old versions. That leaves you and all your customers at serious security risks.
Can you give a link and maybe describe what issue you are seeing? Are you running into Mixed Content Blocking? Mixed content blocking in Firefox
Does Java start at all?
Can you open the Java Console to check for error messages?
Just a note that if the problem is created by the available Java runtime being added to the blocklist, rather than a feature change or bug in Firefox 23, that will affect all versions of Firefox. See: Add-ons that cause stability or security issues are put on a blocklist.
Tyler,
This is not a mixed content issue. The message that mixed content was blocked isn't being displayed. In fact, I found the toggle for disabling mixed content blocking and set it to false, but it doesn't matter.
Our product is offline content that requires a web browser, thus I cannot provide a link.
I have ensured that Java 7U25 is installed, verified, and activated. It and all previous versions of Java have worked in all previous versions of Firefox until now.
Now the java applet required by our product never starts. When the product is launched, the following message is displayed:
Loading Java applet...
Then, the following error message is displayed:
The Java Applet required for this viewer has not loaded. Please ensure that you have enabled or allowed the applet to load or verify you have Java installed http://www.java.com
I don't know if this is a Firefox message or if it's coming from our product, but in either case, Java is being blocked, and the only thing that has changed is FF22 -> FF23.
If I cannot make FF 23 work, I have no choice but to advise my company and customers to disable the auto update feature of FF for versions < 23.
FFDJP
No, Java isn't starting at all.
I have installed, verified, and enabled Java 7U25.
This worked without problems for all previous versions of FF and Java.
Are there any errors in the Web Console (Firefox/Tools > Web Developer;Ctrl+Shift+K) related to Java?
If content is missing or otherwise not working when a secure https connection is used then check if there is a shield icon to the left of the "Site Identity Button" (globe/padlock) on the location bar indicating that content is blocked.
Blocklist of the JRE isn't the issue.
HTTPS is not the issue. This is an offline product, not an SSL secured website.
Sorry, missed your questions about the Web Console.
The answer is No. I see no Java related errors or warnings.
I'm not sure what you mean by offline. Are any file:// paths involved?
Yes, by offline, I mean that the product is installed on the PC or Mac hard drive, so you will something like the following in the address field:
Windows: file:///C:/MyFolder/MySubFolder/index.html
Mac: file:///MyFolder/MySubFolder/index.html
Any luck with (temporarily) changing the Java security settings?
What are the settings for the Java plugin in "Firefox/Tools > Add-ons > Plugins"?
選ばれた解決策
By default, web pages are limited to loading files in the same directory and subdirectories. To relax that restriction, you can toggle a setting in about:config. This isn't new, but in case this setting now affects your application in some new way, do you want to try it?
The about:config method should work for about:newtab, but extensions can override it (and a user.js file can revert it at the next startup).
(1) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.
(2) In the search box above the list, type or paste file and pause while the list is filtered
(3) Assuming it is set to its default value of true, double-click the security.fileuri.strict_origin_policy preference to toggle it to false.
Any difference?
Java security is set to Medium which is as far as I can set it...in other words, I don't see a setting of Low or Off.
The plugin is set to Always Activate. The only other setting is Never Activate.
Changing the configuration to False fixed the problem.
Thank you very much.
I would consider this to be a temporary workaround, because there is some security risk in enabling access to directories outside the root directory of the application.
If you can relocate your paths so that everything is in the MySubFolder directory or a subdirectory thereof, then your users could use the default setting. I realize that is inconvenient and may require duplication of files in multiple folders, but it's worth considering to close this security gap you would be asking customers to open...
Or... if it turns out that your page and your applet are not asking Firefox to access content located in parent/sibling folders, this could be a new bug that should be filed in Bugzilla.
Our installer creates a folder as follows:
PC - C:\MyFolder Mac - /MyFolder
Each product installs as a subfolder, thus...
PC - C:\Folder\ProdX Mac - /MyFolder/ProdX
We don't have any choice in how this works because we use a third party product, and their development cycle is much longer and slower than Mozilla's. Also, the last several versions of FF were released in the months leading up to their coming release of a new version. None of those versions will be supported until a future service pack of our vendor's product.
Furthermore, our customer base isn't very tech or Internet savvy, and a significant number of them still demand an offline solution, because they either have no access to broadband or they travel a lot and want to work offline when they're on a plane, train, or mass transit.
Our online solution works without problems on all the current browsers and versions, including FF23, and we advise all our customers to use the online format of the product whenever they can. Most do, but a number don't, won't, or can't.
Bottom line, it may open them up to other issues, but I will not be showing them what you showed me. We'll remote in and make the change. I'm also concerned that they might accidentally affect a different FF config if I let them do it.
Question: Can we package FF for delivery with the fileuri already set to False?
I think it is now that I've set the fileuri to false.
I'm re-sending the top part of my last reply because it wrapped and made no sense.
Our installer creates a folder as follows:
PC - C:\MyFolder
Mac - /MyFolder
Each product installs as a subfolder, thus...
PC - C:\Folder\ProdX
Mac - /MyFolder/ProdX