FireFox install/update script

bmack99
Contributor III

Can anyone tell me if there is an updated version of this script floating around?

https://www.jamf.com/jamf-nation/third-party-products/files/764/firefox-installupdate

This has worked for quite awhile in our environment, and still works for updating Firefox, however if it is run on a machine that does NOT have Firefox installed it fails and does not install.

Alternatively, if there is a better solution out there for installing/updating Firefox I would love to see it too :)

Thanks all

29 REPLIES 29

mickgrant
Contributor III

I use the script found here for almost all software installs.
and then I'm using patch management to keep firefox updated

larry_barrett
Valued Contributor

In before someone invariably points out the vulnerability of using curl in 2019.

I use the same script as @mickgrant for Chrome, Firefox and Adobe Reader. It works great, just make sure you test early & often and leverage smart groups to keep it neat & tidy.

endor-moon
Contributor II

I've been using this script for ages and I am starting to see errors on some machines:

Latest Version is: 
Current installed version is: 70.0.1
/Library/AdminToolBox/firefox_update.sh: line 52: [: =: unary operator expected
Latest version of the URL is: https://download-installer.cdn.mozilla.net/pub/firefox/releases//mac/en-US/Firefox%20.dmg
ditto: can't get real path for source '/Volumes/Firefox/Firefox.app'

I renamed the script firefox_update.sh as it will install or update. From what I can see, line 52 is perfectly ordinary:

echo "Latest Version is: $latestver"

The author is Joe Farage and his last activity on JAMF Nation seems to be in February of 2017. In my case the script seems to work most of the time, both for updating and installing. I usually call it from Apple Remote Desktop. I would also like to see a similar script for installing or updating Google Chrome.

RalfH
New Contributor II

Having the same error with the firefox script. :-(
Apparently the variable for the latest version can not be set >> ../releases//mac/....
For Google Chrome I use the script by @cainehorr as mentioned above. Works great.

leonwun
Contributor

Does anyone have an update on how to update Firefox? It does not even work with Patch Management for me (just loops the policy without any effect)

AdamCraig
Contributor III

I just set up the script in the original post above and it worked great on my first few test machines for either installing or upgrading firefox.

SoundCloud
New Contributor II

Nice

leonwun
Contributor

On my test machines it does not work. It logs the following:

Executing Policy Update Firefox
Running script Update Firefox...
Script exit code: 1
Script result: Latest Version is: 73.0
Current installed version is: 70.0.1
Latest version of the URL is: https://download-installer.cdn.mozilla.net/pub/firefox/releases/73.0/mac/en-US/Firefox%2073.0.dmg
Error running script: return code was 1.

The local log does not contain any further information.

nathanmeir
New Contributor

How are you guys executing this? I have loaded the script into scripts and applied that to a policy. All of our Mac's are intel - however, the script fails on all machines. I have been only able to execute this script locally and not through deploying. The JAMF log show "Firefox Update / Install executed" and when I check for the local log files the script creates at "/Library/Logs/firefox*" they don't exist.

chris_hansen
Contributor

Line 52 has in if statement in square brackets, so I started there.
I have tried changing the single square brackets to double square brackets in most "If" lines, such as line 52, based on this stackOverflow discussion of “unary operator expected” error in Bash if condition. https://stackoverflow.com/questions/13617843/unary-operator-expected-error-in-bash-if-condition

if  [ ${latestver} = ${currentinstalledver} ]; then

becomes

if [[ ${latestver} = ${currentinstalledver} ]]; then

All of my unary fails have stopped failing. although I'm seeing an occasional

Latest version of the URL is: https://download-installer.cdn.mozilla.net/pub/firefox/releases//mac/en-US/Firefox%20.dmg
ditto: can't get real path for source '/Volumes/Firefox/Firefox.app'
Error running script: return code was 1.

my current version that is giving me much higher success is this:

#!/bin/sh
#####################################################################################################
#
# ABOUT THIS PROGRAM
#
# NAME
#   FirefoxInstall.sh -- Installs or updates Firefox
#
# SYNOPSIS
#   sudo FirefoxInstall.sh
#
####################################################################################################
#
# HISTORY
#
#   Version: 1.0
#
#   - Joe Farage, 18.03.2015
#   - Chris Hansen, 14.05.2020 Some square brackets change to double square brackets
#
####################################################################################################
# Script to download and install Firefox.
# Only works on Intel systems.
#
# choose language (en-US, fr, de)
lang=""
# CHECK TO SEE IF A VALUE WAS PASSED IN PARAMETER 1 AND, IF SO, ASSIGN TO "lang"
if [[ "$4" != "" ]] && [[ "$lang" == "" ]]; then
    lang=$4
else 
    lang="en-US"
fi

dmgfile="FF.dmg"
logfile="/Library/Logs/FirefoxInstallScript.log"

# Are we running on Intel?
if [ '`/usr/bin/uname -p`'="i386" -o '`/usr/bin/uname -p`'="x86_64" ]; then
    ## Get OS version and adjust for use with the URL string
    OSvers_URL=$( sw_vers -productVersion | sed 's/[.]/_/g' )

    ## Set the User Agent string for use with curl
    userAgent="Mozilla/5.0 (Macintosh; Intel Mac OS X ${OSvers_URL}) AppleWebKit/535.6.2 (KHTML, like Gecko) Version/5.2 Safari/535.6.2"

    # Get the latest version of Reader available from Firefox page.
    latestver=`/usr/bin/curl -s -A "$userAgent" https://www.mozilla.org/${lang}/firefox/new/ | grep 'data-latest-firefox' | sed -e 's/.* data-latest-firefox="(.*)".*/1/' -e 's/"//' | /usr/bin/awk '{print $1}'`
    echo "Latest Version is: $latestver"

    # Get the version number of the currently-installed FF, if any.
    if [[ -e "/Applications/Firefox.app" ]]; then
        currentinstalledver=`/usr/bin/defaults read /Applications/Firefox.app/Contents/Info CFBundleShortVersionString`
        echo "Current installed version is: $currentinstalledver"
        if [[ ${latestver} = ${currentinstalledver} ]]; then
            echo "Firefox is current. Exiting"
            exit 0
        fi
    else
        currentinstalledver="none"
        echo "Firefox is not installed"
    fi

    url="https://download-installer.cdn.mozilla.net/pub/firefox/releases/${latestver}/mac/${lang}/Firefox%20${latestver}.dmg"

    echo "Latest version of the URL is: $url"
    echo "`date`: Download URL: $url" >> ${logfile}

    # Compare the two versions, if they are different or Firefox is not present then download and install the new version.
    if [[ "${currentinstalledver}" != "${latestver}" ]]; then
        /bin/echo "`date`: Current Firefox version: ${currentinstalledver}" >> ${logfile}
        /bin/echo "`date`: Available Firefox version: ${latestver}" >> ${logfile}
        /bin/echo "`date`: Downloading newer version." >> ${logfile}
        /usr/bin/curl -s -o /tmp/${dmgfile} ${url}
        /bin/echo "`date`: Mounting installer disk image." >> ${logfile}
        /usr/bin/hdiutil attach /tmp/${dmgfile} -nobrowse -quiet
        /bin/echo "`date`: Installing..." >> ${logfile}
        ditto -rsrc "/Volumes/Firefox/Firefox.app" "/Applications/Firefox.app"

        /bin/sleep 10
        /bin/echo "`date`: Unmounting installer disk image." >> ${logfile}
        /usr/bin/hdiutil detach $(/bin/df | /usr/bin/grep Firefox | awk '{print $1}') -quiet
        /bin/sleep 10
        /bin/echo "`date`: Deleting disk image." >> ${logfile}
        /bin/rm /tmp/${dmgfile}

        #double check to see if the new version got updated
        newlyinstalledver=`/usr/bin/defaults read /Applications/Firefox.app/Contents/Info CFBundleShortVersionString`
        if [[ "${latestver}" = "${newlyinstalledver}" ]]; then
            /bin/echo "`date`: SUCCESS: Firefox has been updated to version ${newlyinstalledver}" >> ${logfile}
       # /Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType hud -title "Firefox Installed" -description "Firefox has been updated." &
        else
            /bin/echo "`date`: ERROR: Firefox update unsuccessful, version remains at ${currentinstalledver}." >> ${logfile}
            /bin/echo "--" >> ${logfile}
            exit 1
        fi

    # If Firefox is up to date already, just log it and exit.       
    else
        /bin/echo "`date`: Firefox is already up to date, running ${currentinstalledver}." >> ${logfile}
        /bin/echo "--" >> ${logfile}
    fi  
else
    /bin/echo "`date`: ERROR: This script is for Intel Macs only." >> ${logfile}
fi

exit 0

janselmi3953
New Contributor III

I replaced the download URL with this and then it started working. Thanks @chris.hansen !:
https://download-installer.cdn.mozilla.net/pub/firefox/releases/${latestver}/mac/en-US/Firefox%20${latestver}.dmg

panagiotis_f
New Contributor II

Hi everyone,

I'm still having trouble after trying "chris.hansen" script. The firefox script is running as below:

  • Fails with the below message when having to update from prior to latest version
  • Sometime Fails when user is not having Firefox Installed with the same error (ditto: can't get real path for source...)
  • Success when Firefox is updated and no action is needed (Firefox can update itself, we just need to verify all users are uptodate.)

If anyone can help with this please let me know, I can provide feedback/logs or anything!

601596045c474665801fe64f00ce717b

panagiotis_f
New Contributor II

Sorry double-post

AdamCraig
Contributor III

@panagiotis.f it's failing to mount the DMG because it's getting the wrong download URL. here is the URL from a log someone in my Jamf instance ran today Latest version of the URL is: https://download-installer.cdn.mozilla.net/pub/firefox/releases/79.0/mac/en-US/Firefox%2079.0.dmg

the URL ends with Firefox%20${latestver}.dmg" so your log is failing at checking the latest version and getting the wrong URL because of it. It honestly could be a firewall or network connection issue if you didn't change the script.

cbrewer
Valued Contributor II

As of recently there are better URL's to use.

https://download.mozilla.org/?product=firefox-esr-next-pkg-latest-ssl&os=osx&lang=en-US will get you the latest ESR and when there is an overlap between an last year's ESR and this year's ESR, it'll get the latest.

https://download.mozilla.org/?product=firefox-esr-pkg-latest-ssl&os=osx&lang=en-US will get you the oldest currently supported ESR. So right now it would still get 68 even though 78 is out.

Also, consider using mktemp -d to create a temp directory in these kinds of scripts, versus creating something static in /tmp.

panagiotis_f
New Contributor II

Indeed, download link was not working in the initial script version but this is still not the problem.
I'm using this link to download the latest Firefox version.

url="https://download.mozilla.org/?product=firefox-latest&os=osx&lang=en-US"

Logs still show that there is a problem, ditto command isn't working. 3e683decd8394c19b835bd4cfb51e481

Note that:

  • Script runs successfully if current Firefox Version is the latest one and exits with code 0.
  • If a Firefox.dmg is already mounted it outputs just an exit code 1 (failed)

In all the above cases I'm having Firefox quitted. FirefoxInstallScript.log at Library/Logs outputs this:

Tue Aug  4 12:49:07 EEST 2020: Download URL: https://download.mozilla.org/?product=firefox-latest&os=osx&lang=en-US
Tue Aug  4 12:49:07 EEST 2020: Current Firefox version: 70.0.1
Tue Aug  4 12:49:07 EEST 2020: Available Firefox version: 79.0
Tue Aug  4 12:49:07 EEST 2020: Downloading newer version.
Tue Aug  4 12:49:08 EEST 2020: Mounting installer disk image.
Tue Aug  4 12:49:08 EEST 2020: Installing...
Tue Aug  4 12:49:18 EEST 2020: Unmounting installer disk image.
Tue Aug  4 12:49:29 EEST 2020: Deleting disk image.
Tue Aug  4 12:49:29 EEST 2020: ERROR: Firefox update unsuccessful, version remains at 70.0.1.

Seems again like a mount issue? Can it be fixed with any alternative commands like mktemp -d ?

Current Script I have is here. . Running on Catalina but I think I've seen these errors on Mojave as well.

AdamCraig
Contributor III

@panagiotis.f the link https://download.mozilla.org/?product=firefox-esr-pkg-latest-ssl&os=osx&lang=en-US that @cbrewer downloads a .pkg not a .dmg so the install script you are using will not work with that link.

You'll need to modify the install script to use that link, instead of mounting the .dmg file and dittoing the app out of it, you'll need to run installer targeting the .pkg I don't know the exact syntax for that off the top of my head but that's the problem.

panagiotis_f
New Contributor II

@strayer Correct but as I said I'm using this link instead:

url="https://download.mozilla.org/?product=firefox-latest&os=osx&lang=en-US"

which should be the latest english language .dmg :)

AdamCraig
Contributor III

@panagiotis.f I shouldn't respond to things before I have coffee. Up that looks like the latest DMG.
Not sure why you're getting that error then. I'd say try each line of your script individually locally and see where it's breaking.

RyanDahl
New Contributor II

It's reliably at the above link, but I experienced the same error. It's also available via FTP, so https://ftp.mozilla.org/pub/firefox/releases/80.0.1/mac/en-US/ lead to a dmg and a package. Should be able to substitute in the version check for the releases folder, but I just hardcoded mine.

cbrewer
Valued Contributor II

Here is a link to my own Firefox install script. It's quite a bit different than the one listed above in this post. I'm using the pkg installer. I also check to see if firefox is running before forcing an install. Feel free to use it or use ideas from it.

https://github.com/cwmcbrewster/Jamf_Scripts/blob/master/Install_FirefoxESR.sh

jttavares
New Contributor III

@cbrewer Hi, I used that script and it downloaded an older version of of FF. Did I do something wrong?

echave
New Contributor III

No, @cbrewer has the script downloading the Extended Support Release. I think you'd want to use the canonical download url of "https://download.mozilla.org/?product=firefox-pkg-latest-ssl&os=osx"

mgeorgecv
New Contributor III

I altered a VLC script and created a script for the Extension Attribute here: https://community.jamf.com/t5/jamf-pro/install-update-vlc/td-p/194385

I then took those scripts and altered them for Firefox ESR installation:

 

#!/bin/bash
mkdir /tmp/downloads
cd /tmp/downloads

#Installing Firefox ESR
curl -L -o Firefox.dmg "https://download.mozilla.org/?product=firefox-esr-latest-ssl&os=osx&lang=en-US"

hdiutil mount -nobrowse Firefox.dmg -mountpoint /Volumes/Firefox
rsync -vaz /Volumes/Firefox/Firefox.app/ /Applications/Firefox.app
sleep 20
hdiutil unmount "/Volumes/Firefox"

rm -rf /tmp/downloads*

And the Extension Attribute:

 

#!/bin/bash

CurrentFirefox=$(curl "https://ftp.mozilla.org/pub/firefox/releases/" | grep "esr" | tail -n2 | head -n1 | /usr/bin/sed -e 's/<[^>][^>]*>//g' | /usr/bin/awk '{print $1}' | tr -d '[a-z]' | sed 's/.$//')
if [ -d /Applications/Firefox.app ]; then
FirefoxVersion=$( sudo defaults read /Applications/Firefox.app/Contents/Info CFBundleShortVersionString )
FirefoxCheck=$FirefoxVersion
else
FirefoxCheck="Notinstalled"
fi
if [ "$FirefoxCheck" == "$CurrentFirefox" ]; then #Is Firefox up to date?
result="FirefoxUpToDate"
else result="FirefoxNotUpToDate"
fi
echo "<result>$result</result>"

mgeorgecv
New Contributor III

PS.

I then created a Smart Computer Group: 

2021-12-21 08_14_05-Edit Smart Computer Group Firefox needs updating__.png

using the Smart Computer Group as the scope I set the Policy with the installation script to run Ongoing.

mgeorgecv
New Contributor III

I know I could have set the script to check if Firefox was running, but I was not worried about it installing underneath.  I have not had problems with it, just like Firefox and Chrome install the newest version while the program is still running and then just ask you to restart.  Our users mainly use Chrome and just use Firefox for testing issues occasionally.  You can have the policy prompt the user to restart Firefox when the policy is finished running.

dvasquez
Valued Contributor

Fantastic work!  

Thank you Sir!

 

mgeorgecv
New Contributor III

I was getting Firefox saying it wasn't up to date today even after running the script.  So I did some troubleshooting.  I found that the site I was pulling the version from, to compare to the version installed, has the version of ESR being released tomorrow.

So I updated the Extension Attribute:

 

#!/bin/bash

CurrentFirefox=$(curl -L https://www.mozilla.org/en-US/firefox/organizations/notes/ | grep "Firefox ESR" | sed -n 1p | sed 's/<[^>][^>]*>//g' | tr -d '[a-z, A-Z]')
if [ -d /Applications/Firefox.app ]; then
FirefoxVersion=$( sudo defaults read /Applications/Firefox.app/Contents/Info CFBundleShortVersionString )
FirefoxCheck=$FirefoxVersion
else
FirefoxCheck="Notinstalled"
fi
if [ "$FirefoxCheck" == "$CurrentFirefox" ]; then #Is Firefox up to date?
    result="FirefoxUpToDate"
else result="FirefoxNotUpToDate"
fi
echo "<result>$result</result>"

 

 

MattF-TX
New Contributor II

mgeorgecv - thanks for posting that.  Your script is the only one that I've found that works perfectly for remotely updating Firefox.  You're a UNIX scripting Jedi in my book! 👍