How To Stop Firefox Updates
So we have this helpdesk system at work called Remedy (I make no bones about it, it should be called Malady at least in the form my company has implemented it) but it's what we've got, I can't change that. I typically use Chrome to create changes in Remedy but I need to use Firefox to create work orders because Chrome doesn't handle Remedy's drop-down menus very well.
Now Firefox, which is my browser of choice in all other circumstances, doesn't work well with Remedy (I'm not convinced anything does) and when it updates, currently at version 39.xx, it stops working with Remedy ... something to do with Diffe-Hellman encryption. I can solve this by reinstalling v38.05 but then it updates and goes pear-shaped. So I uninstall and reinstall and it works again ... until it updates.
The solutions I have tried are as follows (each time preceded by an uninstall of version 39.x and reinstall of v38.05):
1. In Firefox Options / Advanced ensured that "Never check for updates (not recommended: security risk)" was selected.
2. Custom install Firefox v 38.05 with no maintenance service (the above, Options / Advanced, settings appear to be maintained throughout the uninstall/reinstall).
3. Custom install Firefox v 38.05 with no maintenance service and make all executables and DLLs read only. Again all above is the same.
4. Custom install Firefox v 38.05 with no maintenance service, deleted the files maintenanceservice.exe and maintenanceservice_installer.exe from the Mozilla Firefox folder and renamed updater.exe to updater.old. Went into Help / About Firefox and deliberately actioned an update. This "installed" but, upon browser restart, brought up a dialog saying there was an issue (I can't remember the message). Allowed the browser to download the complete new version which forced a second reboot and error dialog which I then closed.
5. Restart Firefox having created a user.js file in profile folder containing: // turn off application updates: user_pref("app.update.enabled", false);
6. Checked about:config is disabled for automatic updating: app.update.auto - false app.update.enabled - false app.update.silent - false
That's it ... all of these absolutely fail to prevent Firefox updates and, as far as I can tell, I have done just about everything humanly possible to prevent Firefox updating apart from ditching it completely (which I definitely do not want to do) but there seems to be no way I can stop Firefox updating.
I'm sure it is BMC Remedy's "fault" but I can't change what the company does, I'm just a small cog in a large machine but I can (or should be able to) change stuff on my own system. I just can't when it comes to Firefox which, quite apart from being frustrating, makes no sense ... why would the Mozilla team create a product with options to stop updates that the application simply ignores?
Keke
Modified
الحل المُختار
Okay, hold on, it sounds as though the real problem is that the server is trying to use an obsolete encryption cipher which is vulnerable to the Logjam attack that was in the news earlier this year.
What does that mean?
Even though you trust the server, a "Logjam" attack compromises the security of your individual connection to the server, lowering the protection normally provided by SSL to a level that is easily cracked and read by others on the network. That is why Firefox protects you from making this connection.
What can you do now?
The very best solution is to update the server. Please request that for everyone's protection! However, I suspect that is beyond your control and might not happen soon. As a workaround, you can try disabling these old ciphers in your Firefox, which hopefully will force the server to try some more secure ciphers when connecting with you. Here's how:
(1) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.
(2) In the search box above the list, type or paste dhe and pause while the list is filtered
(3) Double-click the security.ssl3.dhe_rsa_aes_128_sha preference to switch it from true to false (disable Firefox from using this cipher)
(4) Double-click the security.ssl3.dhe_rsa_aes_256_sha preference to switch it from true to false (disable Firefox from using this cipher)
Then try the server again; you might have to reload the page using Ctrl+Shift+r to bypass cached information.
Success?
Read this answer in context 👍 1All Replies (4)
You should NOT be using old versions of Firefox, a serious security hole was just discovered and you should be using 39.0.3 or later ONLY. Use Firefox for your regular browsing, and use another browser to access that system if necessary, but do not use old versions.
Try using the Firefox Portable 38.0.5 application for that Remedy program - only. http://portableapps.com/apps/internet/firefox_portable It's not prone to auto-updating itself.
Firefox Portable 38.0.5 is available here Install it to your hard drive. It will install and run independent of the current Firefox installation. The "down side" is that they won't run at the same time.
Just make sure that you don't use it for anywhere except for Remedy, as it lacks the major security fix for DHE which is probably causing that issue with Remedy.
الحل المُختار
Okay, hold on, it sounds as though the real problem is that the server is trying to use an obsolete encryption cipher which is vulnerable to the Logjam attack that was in the news earlier this year.
What does that mean?
Even though you trust the server, a "Logjam" attack compromises the security of your individual connection to the server, lowering the protection normally provided by SSL to a level that is easily cracked and read by others on the network. That is why Firefox protects you from making this connection.
What can you do now?
The very best solution is to update the server. Please request that for everyone's protection! However, I suspect that is beyond your control and might not happen soon. As a workaround, you can try disabling these old ciphers in your Firefox, which hopefully will force the server to try some more secure ciphers when connecting with you. Here's how:
(1) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.
(2) In the search box above the list, type or paste dhe and pause while the list is filtered
(3) Double-click the security.ssl3.dhe_rsa_aes_128_sha preference to switch it from true to false (disable Firefox from using this cipher)
(4) Double-click the security.ssl3.dhe_rsa_aes_256_sha preference to switch it from true to false (disable Firefox from using this cipher)
Then try the server again; you might have to reload the page using Ctrl+Shift+r to bypass cached information.
Success?
Hi Jefferson,
Thanks a lot for that ... it solved the problem immediately. I am most grateful as is one of my colleagues :)
Thx also to the other guys who came up with helpful suggestions.
Keke