Firefox 17 ESR x86_64

Just upgraded to Firefox 17ESR on my RHEL workstation at home. More below.

[NOTE: After 24 hours of testing various solutions, I’ve come to the conclusion that US CERT’s original advice to completely disable (or uninstall) the Java plugin is the safest course at this point. Firefox’s Click to Play and other options are simply not practical.]

To get the binary you need to bypass the main ESR download page and go to the release ftp server. for the latest 64-bit builds.

Drill down to the version, architecture and language for the build you’re looking for. In my case 17.0.2esr, linux-x86-64, en-US.

The binary package will be a .tar.bz2 file. For me today that would be firefox-17.0.2esr.tar.bz2.

Notice the filename itself does not indicate its architecture.

Extract the file (“tar xjf firefox*”), and you’ll get a “firefox” directory. I renamed this to “firefox-esr” and copies into /opt/ so that the full path for execution would be /opt/firefox-esr/firefox.

Since I still run Gnome 2 for my RHEL desktop I created a “firefox-esr.desktop” file (a clone of the official “mozilla-firefox.desktop file) and copied it to /usr/share/applications so that it would appear in my Applications… Internet menu. Here’s the text of that firefox-esr.desktop file:

[Desktop Entry]
Name=Firefox ESR
GenericName=WWW Browser
Comment=Browse the Web
Exec=/opt/firefox-esr/firefox %u

To make all my already installed 64-bit plugins available I created a symlink from where they’re installed to /opt/firefox-esr/plugins. In my case:

ln -s /usr/lib64/mozilla/plugins /opt/firefox-esr/plugins

Finally, I added the “Firefox ESR” icon to my top panel so it will be close at hand.

If you follow these instructions on a standard RHEL Gnome desktop the first time you launch Firefox ESR you’ll be asked if you want Firefox to be your default browser. Answer yes and Gnome will automatically update System… Preferences… Preferred Applications… Internet… Web Browser with the path to this Custom installation.

One other thing, for those who are doing all this so they can use the new “Click to Play” feature: by default Click to Play will be disabled. To enable go to “about:config” and search on “click”. Then double-click “plugin.click_to_play” in order to change from “false” to “true”.

[I do not endorse Click to Play as an interim solution for the current 0-day Java exploit, in fact as stated in the note above the only practical solution for that as of now is to completely disable the Java plugin.]