Everyday is harder to manage old hardware or access outdated intranet websites because the browser security is tighter with every release. Many appliances use unsigned Java applets or insecure ciphers and protocols.
My first solution to this problem was to have a Windows VM in my laptop with old versions of everything: Firefox, Java, Flash… but running the VM in my underpowered laptop was too slow and made the system sluggish.
Here I describe how to run an old Firefox instance with an old Java.
Create a new user called sandbox
Download an old Firefox from the Mozilla archive and uncompress in /opt/old-firefox
https://ftp.mozilla.org/pub/firefox/releases/
Download an old JDK version from Oracle and umcompress in /opt:
http://www.oracle.com/technetwork/java/javase/downloads/java-archive-downloads-javase7-521261.html
Comment out these lines in the JDK /opt/jdk1.7.0_80/jre/lib/security/java.security
#jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
#jdk.tls.disabledAlgorithms=SSLv3
Set these variables for the sandbox user: ~sandbox/.bash_profile
export JAVA_HOME="/opt/jdk1.7.0_80"
export JRE_HOME="$JAVA_HOME/jre"
export PATH="$JAVA_HOME/bin:$PATH"
Link the needed plugins in the sandbox Firefox profile:
$ pwd
/home/sandbox/.mozilla/plugins
$ ls -la
total 8
drwxrwxr-x. 2 sandbox sandbox 4096 mar 23 11:53 .
drwx------. 5 sandbox sandbox 4096 mar 22 14:35 ..
lrwxrwxrwx. 1 sandbox sandbox 41 mar 22 14:36 libflashplayer.so -> /usr/lib64/flash-plugin/libflashplayer.so
lrwxrwxrwx. 1 sandbox sandbox 42 mar 23 11:53 libnpjp2.so -> /opt/jdk1.7.0_80/jre/lib/amd64/libnpjp2.so
With javaws -viewer you can manage the downloaded jnlp files and access the Java control panel to lower the security to the minimum.
I give me permissions in /etc/sudoers.d/sandbox:
juan ALL=(sandbox) NOPASSWD: ALL
And create this script to launch Firefox ~/bin/oldff:
#!/bin/bash
xhost SI:localuser:sandbox
sudo -i -u sandbox /opt/old-firefox/firefox "$@"