How we lock down Firefox
JavaScript CSS HTML Makefile
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

Webconverger addon for Firefox

Curated by Mike Kaply @mikekaply

The common idea is to limit the Firefox browser to functions for kiosk style (non-personal) browsing. Limit most Firefox features to convey simplicity, familiarity and principle of least astonishment.

Used in "Enterprise" deployments, schools, libraries, signs, shops and banks! shows how it is used in the Webconverger Linux distribution.

For developing you might need to set xpinstall.signatures.required to false, like so:

cat /usr/lib/firefox/browser/defaults/preferences/webc.js
pref("xpinstall.signatures.required", false);


Found a way to circumvent the extension? Please let us know!

Many thanks to security researcher and "kiosk hacker" Paul Craig for his review.

Mozilla addons listing

Testing on Archlinux

Copy preferences to /usr/lib/firefox/browser/defaults/preferences/webc.js.

Webconverger preferences

  • extensions.webconverger.showprintbutton - boolean whether to show clickable icon to print page (alternative is ctrl+p), see
  • extensions.webconverger.nobrand - boolean, see new logo blog
  • extensions.webconverger.whitelist - comma separated domains see for details
  • extensions.webconverger.tabswitchinterval - seconds between switching tabs (TODO: integrate with Neon)
  • extensions.webconverger.kioskresetstation - UNUSED re-implementation of
  • extensions.webconverger.forcesafesearch - boolean to force searches to be safe, basically avoiding the case whereby someone searches for "boobs" on Image search
  • extensions.webconverger.themeURL, for example: pref("extensions.webconverger.themeURL", ""); ### Basic Proxy authentication

When used together:

  • extensions.webconverger.proxyusername
  • extensions.webconverger.proxypassword

Neon bg.png when network lost

Ensure the symlink is present:

/etc/webc/extensions/neon/content/bg.png -> /home/webc/bg.png

Debug tips

Add to your /usr/lib/firefox/browser/defaults/preferences/webc.js:

pref("browser.dom.window.dump.enabled", true);

Then in your JS, use dump() to print to stderr after running firefox upon a terminal.


The annoying Choose What I Share dialog is disabled in