Although this is technically a blog, it's primary content is a series of articles on how to get Firefox working in a corporate Windows environment. Later ones build on earlier ones, so you might want to use the Table of Contents on the right to read through it chronologically instead of reading straight down from here.

Upgrading to Firefox 48, Part 2

Me again.  Now the instructions are complete for moving to Firefox 48 and beyond.  I have a write up on how to get your customized extensions signed and I updated the instructions for editing IE Tab v2 and XMarks.  I've pushed them both out along with Firefox 49.0.1 at my organization and everything is running smoothly.

Autoconfiguring XMarks for the Logged In User

Last updated October 2016

Set up a WebDAV Server

If you've already done this and are just upgrading Firefox and XMarks, you can skip this section.  If you're just joining us, read on.

You need a server for XMarks to sync to, and it supports both WebDAV and FTP.  They recommend WebDAV so that's what we're using.

I originally set this up on a Windows Server 2003 machine, so the rest of the instructions in this section are for IIS 6.  You can use Apache or whatever else you want but you're on your own.  This page might help though.

Add IIS and WebDAV to the server if they're not already installed.  Go to Control Panel > Add or Remove Programs > Add/Remove Windows Components > Application Server > Internet Information Services (IIS) > World Wide Web Service and check off Word Wide Web Service and WebDAV Publishing.

Now go to Administrative Tools > Internet Information Services (IIS) Manager, find your web site (Default Web Site or one you created if you already had it installed) and go into its Properties.

I personally changed the TCP port to 8082 and made a DNS alias "FirefoxBookmarks" to the server so I can move it around if need be, but that's not required.

Go to the Home Directory tab and make sure Read and Write are checked off.  You also want to go to the folder it shows under Local Path and make sure Everyone has read and write NTFS permissions on them (right click the folder in Explorer > Properties > Security.)

Go to the HTTP Headers tab and click MIME Types.  Add .json as text/css.

You should be all set on this part.  Make sure syncing works with a manually installed and configured copy of XMarks before continuing.

Pushing Out the Configuration

This also hasn't changed since my last post, so if you're just upgrading Firefox and XMarks you can skip this.  Otherwise, read on.

Hey, remember the script from this post?  Yeah, go get that.  Change the webDAVURL variable to point to the server you just set up.  You can run it manually on your own computer until you're sure it's working correctly, but when you roll this out you want it to be a login script in Active Directory.

These are the settings it creates for you in user.js:
  • extensions.xmarks.syncOnShutdown = 1
  • extensions.xmarks.syncOnShutdownAsk = false
    Remember how I like things to Just Work™?  Well part of that is not risking the server's copy going out of date so they're wondering where their new bookmarks are, so I force the shutdown sync.  It only takes a second or two, and this way they don't have an unnecessary popup asking them about it either.
  • extensions.xmarks.useOwnServer = true
  • extensions.xmarks.url-bookmarks = "[webDAVURL]/[username]-bookmarks.json"
    This is where their bookmarks are going to be saved.
  • extensions.xmarks.url-passwords = "[webDAVURL]/[username]-passwords.json"
    This is where their passwords will be saved if they set it up.  I didn't bother trying to make it happen automatically.
  • extensions.xmarks.username = "[username]"
    Don't know if it's strictly necessary, but we want XMarks to think it's fully configured so it doesn't open the setup window.
We still have the little problem of the password.  It isn't stored in user.js so we can't push it out that way.  It isn't required by WebDAV so we don't even need it, but XMarks thinks it does and will pop up the setup window without it.  Grr.

So it's time to hack XMarks.

Editing XMarks

Go get the XMarks XPI and unpack it as described in the beginning of this article.  Then prepare it for editing with the instructions at the beginning of this article.  Yes, we must go through all that for signing if we want our edited copy to work with Firefox 48 and later.  The edits below are all based on XMarks 4.3.19 so let me know if they stop working on newer versions and I need to update these instructions.

Open modules\settings.jsm.  Search for "get passwordNoPrompt(){".  Immediately after the brace add:

return "ignore";

This makes XMarks think it always has a password.  However, this still isn't enough to make it not pop up that "almost done" notification so we have to take that out too.  Open chrome\content\foxmarks-overlay.js, search for "NewUserPopup", and delete this whole section:


Now it's configured and quiet, but XMarks doesn't sync as soon as it starts up.  We want it to do that so that when someone signs in to a new computer, their bookmarks are there quickly.  While still in chrome\content\foxmarks-overlay.js, search for "xm.tabs.Changed();" and right after that add:


Be mindful of capitalization here.  It's Xmarks, not XMarks.

This syncs XMarks eight seconds after it starts up.  Why don't we just call XMarks.fms.synchronize() directly instead of using a timeout?  I did this previously but I've found that sometimes it fires before Firefox has fully loaded the bookmarks, leading XMarks to pop up a conflict message to the user about having xxx bookmarks on the server and x bookmarks in the browser.  I'm hoping this avoids that.

We're almost done, but XMarks annoyingly wants to open a tab of release notes every time it's updated.  We don't want to bug our users with this, so since we're editing the code anyway it's easier to just disable it.  Open modules\service.jsm, search for "firefox/upgrade", and delete everything from "Xmarks.OpenInNewTab" before it to "FoxmarksBuildPostData(num_bookmarks));" after it.

That's all our changes.  You can now package up your edited copy of XMarks and get it signed with the rest of the instructions here.  Then you can package your signed extension as an MSI using the rest of the instructions here.  When making a new package in Active Directory, make sure you select the Advanced deployment method and set it to replace your previous XMarks packages on the Upgrade tab.  That will cause the old version to be uninstalled before installing this one.

Hey, couldn't I have just done all this for you and let you download the pre-hacked MSI?  No.  XMarks isn't open source, so I can't redistribute it.  I can just give you instructions on how to do it yourself.

Previous versions of this post:

Editing and Signing Extensions

Starting with Firefox 48 unsigned extensions are no longer allowed.  Before we could stave off this requirement by setting "xpinstall.signatures.required" to false in the login script, but that's no longer the case.  Extensions need to be signed now.

If we want to push out unaltered extensions as MSIs these instructions are still fine.  Downloading the signed XPIs and converting them to MSIs does not affect the signature at all and Firefox will happily accept them.  However, for the next couple of articles we're going to be making some changes which would invalidate the signature.  Fortunately we can get around this by getting our edited versions signed while still keeping them private.

Preparing the Code

Once you've downloaded and extracted the contents of the XPI you want to change (see the instructions at the beginning of this article) delete the META-INF folder if there is one.  These are the signature files for signed extensions.  They're not going to be valid after we make any changes and we're going to get new ones anyway so let's clear the old ones out.

Next see if there are any JAR files in the code.  If there are we have to extract their contents.  Like XPI files, JAR files are just ZIP files with a different extension.  You just need to change the extension and then you can unzip it.

Now open install.rdf in a text editor.  You want to copy the value of the first <em:id> tag somewhere.

Next we have to change it to something else.  We need to get the extension signed by and they won't accept an ID that's already registered with them.  The new ID must be either a GUID or in the form of an e-mail address like  It doesn't have to be a real e-mail address, it's just an identifier, though it should be something no one else will use so use your own domain if you have one.

Now we need to do a global search and replace to replace the original ID with your new one in case it's referenced in the code anywhere.  Most programmer's editors should be able to do this across a folder and all its subfolders.  I like EditPlus but many programs should have this functionality.

Note that you'll have to search all file types, since text files in the code can have one of several different extensions.  For example, in XMarks I found references to the original ID in JS, JSM, and PROPERTIES files.

Make Your Changes

At this point you're ready to make any changes you want to the code.  Come back to this article and follow the rest of the instructions when you're done.

Packaging and Signing

Now that you've made your changes, pack everything back up.  If there were any JAR files update them with the changed files and change their file extensions from ZIP back to JAR.  When you're done with the entire project put everything into a ZIP file and change the extension to XPI.  This is your edited but unsigned extension.

Now we need to sign it.  First get an account at  It's free.

Once you have that you can start the submission process by going hereMake sure to check "Do not list my add-on on this site".  Your edited add-on is for private use only, you're not distributing it through  Upload your edited XPI.

The rest of the submission process is straightforward.  There may be some code warnings but you can just ignore them.  The approval and signing process is automated so you'll get a link to the signed version almost immediately.  You can download that and then follow the rest of the instructions here to turn it into a MSI to be pushed out through Active Directory.

Upgrading to Firefox 48, Part 1

Hey, remember me?  I'm still around, but the instructions on this site have held up over the years so there was no need to update them.  That changes now with Firefox 48.  Starting with this version, extension signing is enforced with no way to turn it off in user.js (well, at least in the Firefox-branded release and beta channels anyway.)  Earlier versions would let you off with just a warning if you set xpinstall.signatures.required to false, but that option is ignored now.

I updated the extension to MSI instructions, and the only significant change was not to alter <maxversion> in install.rdf anymore.  Firefox now assumes extensions are compatible with future releases by default so there's no need to.  More importantly, changing install.rdf would probably invalidate the signature (I haven't tested it though) so we can't do that anymore.  Fortunately, repackaging the XPI as a MSI does not.  I've successfully installed both Flashblock and IE Tab v2 this way and Firefox still recognizes them as signed.

This is a Part 1 because I still have to work on instructions for getting an altered version of XMarks to work.  If it's possible, it will involve creating an unlisted extension at so it can be signed.  Stay tuned.

Upgrading to Firefox 19

I'm still here, but I'm not going to post an update for every Firefox release.  I have been keeping up with them, but many don't require changes to the instructions on this blog so I'm only going to post when there's something you should be aware of.

Speaking of which, Firefox 19 introduced a built-in PDF viewer that's enabled by default.  If this works for you, great!  One less thing to manage and one less attack vector.  However, the people at my organization frequently use fillable PDF forms and so they need Adobe Reader proper.  I updated the Additional Useful Settings page with the line you need to add to my script to disable it.

Upgrading to Firefox 16

I forgot to make a post for this.  Know why?  Because nothing needs to be done at all if you were on 15Download, tweak, push out.  I took the opportunity to upgrade XMarks to 4.1.3 as well, and the instructions for editing that are exactly the same as the previous version.  Hopefully most future updates will be this easy.

Upgrading to Firefox 15

If you already upgraded to Firefox 14, upgrading to 15 is painless.  Download the new MSI, tweak it if you want, and push it out.  Thanks to the improved extension handling in recent versions nothing else needs to be done.

Firefox 15 introduces silent updates, though it's disabled in the MSIs because FrontMotion rightfully assumes that if you're doing it this way you want to handle pushing them out yourself.  You don't have to do anything to turn it off.

Using silent updates would mean you wouldn't have to worry about keeping up with each new version of Firefox, you can just install it on your image and it will take care of updating itself, like Chrome.  It's also beneficial in that new versions will be applied whenever Firefox restarts and not the entire computer.  However, you'd lose the ability to roll out updates in a controlled manner and to do compatibility testing beforehand.  I'm going to stick with the MSIs for now, but if I didn't have to rely on extensions for things like IE-specific sites I would consider this.

Firefox also has extended support releases if you'd prefer the upgrade treadmill not move so fast.  FrontMotion provides MSIs for them too.  I'm sticking with the standard releases for now because I wanted all the memory use improvements that have been landing in recent versions, and the improved extension handling has made upgrading less of a burden.  However, switching to ESR would mean you would only face a major upgrade once a year while still getting security fixes, so it might be an attractive option for some of you.