The IronFox program

IronFox is firefox in a sandbox, or more correctly, an application shell script wrapper that starts firefox in a sandbox. The policy is bundled within the app, should there be any desire to inspect the policy before use.

The goal of the policy is to let the user browse the web without interfering, but still protect the users privacy and system integrity from vulnerabilities that may exist in firefox or its plugins. The only restrictions that Ironfox gives the user is that downloads and uploads may only recide in the users download directory, and that ironfox itself can not launch any other applications.

Our design philosophies behind the IronSuite tools

Ironfox is but one of the tools we have developed sandbox policies for. We have developed profiles for Adium, Thunderbird, Tweetdeck, Ventrilo, etc. To better describe how we have approached this, and what is going on behind the scenes, we have written a IronSuite Design philosophy document that we urge you as a user to read.

IronFox only works with Firefox 3.6 and MacOSX 10.6 and 10.5. Version 0.8 introduced beta support for 10.5 . 10.4 does not support the kernel features required, therefor there will never be an ironfox release for tiger.

Installation instructions

Doubleclick the dmg file and drag IronFox to the Application folder. Please note - Firefox needs to be installed in /Applications otherwise it won't work. No Firefox binaries are shipped as part of the ironfox bundle.

Configuration instructions

As ironfox now is possible to config by users, a new page with configuration instructions is available. See Config

Releases and download instructions

downloads are also available over https.

IronFox-0.8.1.dmg

	prompt$ shasum -a 512 IronFox-0.8.1.dmg 
901c4a22a8bfb52d9c32b103a5fbcb05584f3e8504c4fd0c69a908f91d068f8f6bf5e9217ea6ada7318114bcc162f735c9d60f40e35c2ccd6e9024de82426352  IronFox-0.8.1.dmg

New features in the 0.8.1 version

• Fixed a logic error that prevented startup on MacOSX 10.5 leopard

IronFox-0.8.0.dmg

	prompt$ shasum -a 512 IronFox-0.8.0.dmg 
3ab15998a56566c82cc61ada407156430eff6bb55de83832f6da792a8989a9886fdbd7a57fee947d303c526c339c2b42ff1550fdf496b3d09e9c3e304c7efc7f  IronFox-0.8.0.dmg 

New features in the 0.8.0 version

• unbreak flash (latest flash uses adobe instead of macromedia in some paths)
• Rewritten startup in perl. should be faster
• Added writeable_dirs_file to config file to allow users to whitelist their own directories.
• Added initial support for MacOSX 10.5 Leopard - Testers wanted!
• Added initial plugin support for MacOSX 10.5 Leopard - Testers wanted!
• Added function for friendly errors.
• Added blacklist for certain dirs, trying to help users from shooting themselfs in the foot.
• 10.6 compability fix for 10.5

IronFox-0.7.1.dmg and GPG signature file IronFox-0.7.1.dmg.sig

	prompt$ shasum -a 512 IronFox-0.7.1.dmg
c26f29fafa6f4d36ee17b28f8f657f273828124ea54e45d24e37b7c82bf6b9ad75577823fffdff5e6ee8889fd62a2efb90e2a88044f28e4b603bdf10ff1bcb74  IronFox-0.7.1.dmg

This release includes several fixes and features from earlier internal releases.

New features in the 0.7.1 version

• Added support for drag and drop of objects to and from ff via plugin
• FF will now only load whitelisted plugin
• Added support for Userconfig. Users non-specified entries will be disabled
• updated myyesno function to also take $i, for more sensible error messages.
• Making certain font info user modifiable
• Added plugin for colorprofiles
• Added plugin for MDS
• debug now allows crashreporter to run (still very restricted)
• IronFox have a proper installer now
• Updated error handling to actually exit when things go wrong

New features added in the 0.7 version

• Addition of an IronFox.config in /Applications/IronFox.app/Contents/Resources changes to that file can turn on/off features for the user
• Lots of more checks for a more stable execution
• Rewrote startup to support plugins
• download dir, flash, java, debug and kerberos are now easy to config
• renamed readme.txt and changelog.txt to be consistent with IronAdium distribution

New features added in the 0.6.3 version

• Fixed a bug in the kerberos module that made kerberos non-functional

ironfox-0.6.2.tar.gz and GPG signature file ironfox-0.6.2.tar.gz.sig

	promt$ shasum -a 512 ironfox-0.6.2.tar.gz
6234300f7118230f7b3b9be6360dac49f25dcc3f5b47358f312b995b506a94547413eba14cad15d35da1a6b638a21d4f22e6543d1c85c3b850665fee57668b1d  ironfox-0.6.2.tar.gz

Looking for older stuff? See the historical page.

Release information / Changelog

New features in the 0.6.2 release

• First release signed with ROMAB software signing GPG key
• Fixed some log in vain issues
• hopefully fixed an issue with /var/folders

New features in the 0.6.1 release

• it works.

New features in the 0.6 release

changes from 0.6

• Policy is cleaned up. ( 172 policy lines from 214)
• Netstat is allowed execution from policy. Likely a bug in NSS. See https://bugzilla.mozilla.org/show_bug.cgi?id=444359, http://mxr.mozilla.org/security/source/security/nss/lib/freebl/unix_rand.c#981
• Color profiles are now allowed. btw - thnx to impact.
• Log messages for file-read-metadata have been silenced
• License header now in place for all files. (Two clause BSD, yayh! )
• Improved documentation

New features in the 0.5 release

-IronFox support for kerberos/spnego
-IronFox support for the propriatry 1passwd plugin
-No more double icons (ie, no longer both ff and ironfox)
-IronFox now shutsdown when ff-ironfox is shutdown
-The new release will clean up in the /var/folder directory after it has started

Bug reports, questions, comments, shoutouts, etc

We would appretiate any feedback. Please contact us by sending e-mail to: ironsuite AT romab.com