Just upgraded to Firefox 17ESR on my RHEL workstation at home. More below.
[NOTE: After 24 hours of testing various solutions, I’ve come to the conclusion that US CERT’s original advice to completely disable (or uninstall) the Java plugin is the safest course at this point. Firefox’s Click to Play and other options are simply not practical.]
Drill down to the version, architecture and language for the build you’re looking for. In my case 17.0.2esr, linux-x86-64, en-US.
The binary package will be a .tar.bz2 file. For me today that would be firefox-17.0.2esr.tar.bz2.
Notice the filename itself does not indicate its architecture.
Extract the file (“tar xjf firefox*”), and you’ll get a “firefox” directory. I renamed this to “firefox-esr” and copies into /opt/ so that the full path for execution would be /opt/firefox-esr/firefox.
Since I still run Gnome 2 for my RHEL desktop I created a “firefox-esr.desktop” file (a clone of the official “mozilla-firefox.desktop file) and copied it to /usr/share/applications so that it would appear in my Applications… Internet menu. Here’s the text of that firefox-esr.desktop file:
[Desktop Entry] Version=1.0 Encoding=UTF-8 Name=Firefox ESR GenericName=WWW Browser Comment=Browse the Web Exec=/opt/firefox-esr/firefox %u Icon=firefox Terminal=false Type=Application StartupWMClass=Firefox-bin MimeType=text/html;text/xml;application/xhtml+xml;application/vnd.mozilla.xul+xml;text/mml; StartupNotify=true X-Desktop-File-Install-Version=0.15 Categories=Network;WebBrowser;
To make all my already installed 64-bit plugins available I created a symlink from where they’re installed to /opt/firefox-esr/plugins. In my case:
ln -s /usr/lib64/mozilla/plugins /opt/firefox-esr/plugins
Finally, I added the “Firefox ESR” icon to my top panel so it will be close at hand.
If you follow these instructions on a standard RHEL Gnome desktop the first time you launch Firefox ESR you’ll be asked if you want Firefox to be your default browser. Answer yes and Gnome will automatically update System… Preferences… Preferred Applications… Internet… Web Browser with the path to this Custom installation.
One other thing, for those who are doing all this so they can use the new “Click to Play” feature: by default Click to Play will be disabled. To enable go to “about:config” and search on “click”. Then double-click “plugin.click_to_play” in order to change from “false” to “true”.
[I do not endorse Click to Play as an interim solution for the current 0-day Java exploit, in fact as stated in the note above the only practical solution for that as of now is to completely disable the Java plugin.]