Configure an instance of old versions of Java and Firefox

Everyday is harder to manage old hardware or access outdated intranet websites because the browser security is tighter with every release. Many appliances use unsigned Java applets or insecure ciphers and protocols.

My first solution to this problem was to have a Windows VM in my laptop with old versions of everything: Firefox, Java, Flash… but running the VM in my underpowered laptop was too slow and made the system sluggish.

Here I describe how to run an old Firefox instance with an old Java.

Create a new user called sandbox

Download an old Firefox from the Mozilla archive and uncompress in /opt/old-firefox

https://ftp.mozilla.org/pub/firefox/releases/

Download an old JDK version from Oracle and umcompress in /opt:

http://www.oracle.com/technetwork/java/javase/downloads/java-archive-downloads-javase7-521261.html

Comment out these lines in the JDK /opt/jdk1.7.0_80/jre/lib/security/java.security

#jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
#jdk.tls.disabledAlgorithms=SSLv3

Set these variables for the sandbox user: ~sandbox/.bash_profile

export JAVA_HOME="/opt/jdk1.7.0_80"
export JRE_HOME="$JAVA_HOME/jre"
export PATH="$JAVA_HOME/bin:$PATH"

Link the needed plugins in the sandbox Firefox profile:

$ pwd
/home/sandbox/.mozilla/plugins

$ ls -la
total 8
drwxrwxr-x. 2 sandbox sandbox 4096 mar 23 11:53 .
drwx------. 5 sandbox sandbox 4096 mar 22 14:35 ..
lrwxrwxrwx. 1 sandbox sandbox   41 mar 22 14:36 libflashplayer.so -> /usr/lib64/flash-plugin/libflashplayer.so
lrwxrwxrwx. 1 sandbox sandbox   42 mar 23 11:53 libnpjp2.so -> /opt/jdk1.7.0_80/jre/lib/amd64/libnpjp2.so

With javaws -viewer you can manage the downloaded jnlp files and access the Java control panel to lower the security to the minimum.

Java security

Java advanced security

I give me permissions in /etc/sudoers.d/sandbox:

juan     ALL=(sandbox) NOPASSWD: ALL

And create this script to launch Firefox ~/bin/oldff:

#!/bin/bash
xhost SI:localuser:sandbox
sudo -i -u sandbox /opt/old-firefox/firefox "$@"
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s