Configure an instance of old versions of Java and Firefox

Everyday is harder to manage old hardware or access outdated intranet websites because the browser security is tighter with every release. Many appliances use unsigned Java applets or insecure ciphers and protocols.

My first solution to this problem was to have a Windows VM in my laptop with old versions of everything: Firefox, Java, Flash… but running the VM in my underpowered laptop was too slow and made the system sluggish.

Here I describe how to run an old Firefox instance with an old Java.

Create a new user called sandbox

Download an old Firefox from the Mozilla archive and uncompress in /opt/old-firefox

Download an old JDK version from Oracle and umcompress in /opt:

Comment out these lines in the JDK /opt/jdk1.7.0_80/jre/lib/security/

#jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

Set these variables for the sandbox user: ~sandbox/.bash_profile

export JAVA_HOME="/opt/jdk1.7.0_80"
export JRE_HOME="$JAVA_HOME/jre"
export PATH="$JAVA_HOME/bin:$PATH"

Link the needed plugins in the sandbox Firefox profile:

$ pwd

$ ls -la
total 8
drwxrwxr-x. 2 sandbox sandbox 4096 mar 23 11:53 .
drwx------. 5 sandbox sandbox 4096 mar 22 14:35 ..
lrwxrwxrwx. 1 sandbox sandbox   41 mar 22 14:36 -> /usr/lib64/flash-plugin/
lrwxrwxrwx. 1 sandbox sandbox   42 mar 23 11:53 -> /opt/jdk1.7.0_80/jre/lib/amd64/

With javaws -viewer you can manage the downloaded jnlp files and access the Java control panel to lower the security to the minimum.

Java security

Java advanced security

I give me permissions in /etc/sudoers.d/sandbox:

juan     ALL=(sandbox) NOPASSWD: ALL

And create this script to launch Firefox ~/bin/oldff:

xhost SI:localuser:sandbox
sudo -i -u sandbox /opt/old-firefox/firefox "$@"

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s