How to Enable Java in Firefox: 3 Methods for Running Legacy Java Content

Java applets are no longer supported in any modern web browser, including Mozilla Firefox. Mozilla permanently dropped NPAPI plugin support — the architecture that made Java applets possible — starting with Firefox 52 in 2017. If you need to run a legacy Java-based web application today, you cannot simply toggle a setting in a current Firefox release; you must use one of three deliberate workarounds, each with distinct security and operational trade-offs.

This guide covers every viable method in precise technical detail, including the risks most tutorials omit.

Why Java No Longer Works in Modern Firefox

Understanding the root cause prevents wasted troubleshooting time. Java applets in browsers depended on NPAPI (Netscape Plugin Application Programming Interface), a plugin architecture dating back to the mid-1990s. NPAPI granted plugins near-unrestricted access to the host system, which made it a persistent attack surface for remote code execution exploits.

The deprecation timeline unfolded as follows:

• 2015: Google Chrome dropped NPAPI support entirely.
• 2016: Mozilla began blocking NPAPI plugins by default in Firefox.
• March 2017: Firefox 52 became the last release to support NPAPI. Firefox ESR 52 extended that support until mid-2018.
• 2018–present: All Firefox releases ship with zero NPAPI support. No extension, flag, or about:config tweak can restore it in a modern build.

Oracle itself deprecated the Java browser plugin in JDK 9 (2017) and removed it entirely in JDK 11. This means even if Firefox still accepted NPAPI plugins, the plugin itself no longer ships with modern Java distributions.

The practical implication: any method that claims to "enable Java in Firefox" on a current release is either misleading or involves running a separate, older browser engine underneath.

Comparison of the Three Methods

Method 1: Use Firefox ESR 52 with NPAPI Java Plugin

Firefox ESR (Extended Support Release) 52 was the final branch to include NPAPI support. Installing it alongside a matching JRE gives you a functional Java applet environment, though one that carries serious security exposure.

Step 1: Download Firefox ESR 52

Mozilla's official FTP archive hosts every historical release. Navigate to:

https://ftp.mozilla.org/pub/firefox/releases/52.9.0esr/

Select the subdirectory matching your operating system (win32, win64, linux-x86_64, mac) and your locale. Download the installer directly — avoid third-party mirror sites, which may bundle adware or tampered binaries.

Step 2: Install Firefox ESR 52 in an Isolated Profile

Do not install this over your current Firefox. On Windows, use a custom installation path such as C:FirefoxESR52. On Linux, extract the tarball to a separate directory:

tar -xjf firefox-52.9.0esr.tar.bz2 -C ~/firefox-esr52/

Launch it with a dedicated profile to prevent any cross-contamination with your primary browser data:

~/firefox-esr52/firefox/firefox --profile ~/.mozilla/firefox-esr52-profile --no-remote

Step 3: Disable Automatic Updates

After first launch, navigate to Options > General > Firefox Updates and select "Check for updates but let you choose to install them." Better still, block Firefox's update service at the network level or via a hosts file entry if this browser will be used on an ongoing basis.

Step 4: Install a Compatible Java Runtime Environment

Oracle's JRE 8 Update 161 was the last build to ship the NPAPI browser plugin before Oracle quietly removed it from later 8u releases. Download JRE 8u161 from Oracle's archived releases (requires a free Oracle account) or from a trusted OpenJDK distribution that still packages the plugin.

Verify the plugin file exists after installation. On Windows, look for:

C:Program FilesJavajre1.8.0_161binplugin2npjp2.dll

On Linux:

find /usr/lib/jvm/ -name "libnpjp2.so"

Step 5: Enable Java in Firefox ESR 52

1. Open Firefox ESR 52 and type about:addons in the address bar.
2. Click Plugins in the left sidebar.
3. Locate Java(TM) Platform SE (or similar).
4. Set the dropdown to Always Activate.

If the plugin does not appear, Firefox is not finding the plugin directory. Manually set the plugin path by creating or editing the pluginreg.dat file, or by setting the MOZ_PLUGIN_PATH environment variable before launching:

export MOZ_PLUGIN_PATH=/usr/lib/jvm/jre1.8.0_161/lib/amd64/
~/firefox-esr52/firefox/firefox --no-remote

Critical Security Warning

Firefox ESR 52 has hundreds of unpatched CVEs accumulated since 2018. Never use it as a general-purpose browser. Never store passwords, cookies, or session tokens in it. Treat it as a single-purpose tool for a specific internal application, and run it on a machine that is not exposed to the open internet if at all possible.

Method 2: Use an IE Tab Extension or Chromium-Based IE Emulator

This method works by embedding the Internet Explorer (Trident) or legacy Edge rendering engine inside a browser tab. Because IE natively supported Java via ActiveX/NPAPI on Windows, this approach can run Java applets without modifying your primary Firefox installation.

Important Clarification on Browser Support

The IE Tab extension is officially supported on Google Chrome and Chromium-based browsers (Edge, Brave, Vivaldi). A Firefox port exists but is not officially maintained and has limited functionality. For this method to work reliably, use Chrome or Microsoft Edge with the IE Tab extension.

If your workflow is Firefox-centric, this method requires a parallel Chrome installation for Java-specific tasks — a reasonable trade-off for users who cannot use a full VM.

Step 1: Install IE Tab on Chrome

Install IE Tab from the Chrome Web Store. The extension requires a small native messaging host component to be installed on Windows, which it prompts you to download on first use. This component is what actually invokes the IE engine.

This method only works on Windows. The IE rendering engine (Trident/mshtml.dll) does not exist on macOS or Linux.

Step 2: Configure Java in Internet Explorer

Before using IE Tab, ensure Java is properly configured in IE itself:

1. Open Internet Explorer (still present on Windows 10 as a legacy application).
2. Go to Tools > Internet Options > Security.
3. Select the Internet or Trusted Sites zone and click Custom Level.
4. Scroll to Scripting of Java applets and set it to Enable.
5. Ensure the Java plugin is listed and enabled under Tools > Manage Add-ons > Toolbars and Extensions.

Step 3: Load the Java Site via IE Tab

1. Navigate to the target URL in Chrome.
2. Click the IE Tab icon in the toolbar (or right-click and select Open in IE Tab).
3. The page reloads inside the IE engine embedded in the Chrome tab.
4. Java applets should initialize as they would in a standalone IE session.

Limitations and Edge Cases

• Windows 11 caveat: Microsoft removed Internet Explorer from Windows 11 as a standalone application. The underlying mshtml.dll engine still exists for legacy compatibility, but its behavior with Java plugins is inconsistent. Test thoroughly before relying on this in a Windows 11 environment.
• Java security prompts: IE's Java security dialogs may appear behind the Chrome window. Alt-tab to find them if the applet appears to hang.
• ActiveX vs. NPAPI: IE uses ActiveX for Java, not NPAPI. The Java plugin for IE is a separate component (jp2iexp.dll) from the Firefox NPAPI plugin. Ensure the correct plugin is installed.

Method 3: Virtual Machine with a Legacy Browser

A virtual machine provides the strongest isolation and is the recommended approach for any environment where Java applet access is a recurring operational requirement. The legacy browser and its attack surface are fully contained within the VM boundary.

Step 1: Choose and Install Virtualization Software

VirtualBox (free, open-source, cross-platform) and VMware Workstation Player (free for personal use) are the two primary options.

# Install VirtualBox on Ubuntu/Debian
sudo apt update && sudo apt install virtualbox virtualbox-ext-pack -y

For Windows hosts, download the VirtualBox installer from virtualbox.org and run it with default settings.

Step 2: Create the Virtual Machine

For Java applet compatibility, Windows 7 32-bit or Windows 7 64-bit inside the VM provides the most reliable environment. Windows 7 has native IE 11 support and broad Java plugin compatibility. Alternatively, a lightweight Linux distribution with Firefox ESR 52 works well and has a smaller storage footprint.

Recommended VM resource allocation for this use case:

• RAM: 2 GB minimum (4 GB recommended for Windows 7)
• Disk: 40 GB dynamically allocated
• CPU: 2 virtual cores
• Network: NAT (restricts VM network access to outbound-only through the host)

Step 3: Install the Legacy Browser and JRE Inside the VM

Follow the same steps as Method 1, but execute them entirely within the VM. The key advantage: even if a malicious Java applet exploits a vulnerability in the browser or JRE, the damage is contained to the VM snapshot. You can revert to a clean snapshot in seconds.

Snapshot discipline is critical. Take a clean snapshot immediately after configuring the browser and JRE, before ever loading any external content. Name it clearly:

Snapshot: Clean Java Environment - [date]

Step 4: Configure VM Networking for Least Privilege

If the Java application only needs to communicate with a specific internal server or IP range, configure the VM's network adapter to use Host-Only networking and set up a static route on the host. This prevents the VM from reaching the broader internet:

# On the host, add a route so the VM can only reach the target server
# Example: VM is on 192.168.56.0/24, target server is 10.0.0.50
sudo ip route add 10.0.0.50/32 via 192.168.56.1

Step 5: Access Java Content

Launch the VM, open the legacy browser, and navigate to the Java application. For frequently accessed applications, create a desktop shortcut or startup script on the host that launches the VM and opens the browser to the target URL automatically using VirtualBox's --startvm and guest control features.

Why This Method Is Architecturally Superior

Running outdated software in a VM is standard practice in enterprise environments for maintaining access to legacy line-of-business applications. The VM acts as a security boundary: the host OS, your primary browser, and all other applications remain unaffected regardless of what happens inside the VM. This is the same principle used in browser isolation products and secure access service edge (SASE) architectures.

If you are running server-side Java applications rather than browser applets — for instance, a Java-based web application on a VPS — the browser plugin problem is irrelevant. Modern Java web frameworks (Spring Boot, Quarkus, Micronaut) run entirely server-side. A properly configured VPS Hosting environment handles these without any browser plugin dependency.

Alternatives to Java Applets Worth Considering

If you have any influence over the application requiring Java, migrating away from applets is the correct long-term solution. The browser plugin ecosystem has moved on decisively.

Replacement technologies by use case:

• Interactive UI / data visualization: JavaScript with Canvas API, WebGL, D3.js, or Three.js
• Real-time communication: WebSockets, WebRTC
• High-performance computation in the browser: WebAssembly (WASM) — can run compiled C, C++, and Rust at near-native speed
• Desktop-like application delivery: Progressive Web Apps (PWAs) or Electron-based desktop apps
• Server-side Java logic: Expose it as a REST or GraphQL API consumed by a modern frontend

For organizations running Java-based server applications that need reliable hosting, a Dedicated Server provides the raw resources and full root access needed to run Java application servers (Tomcat, WildFly, GlassFish) at scale without resource contention.

If your legacy Java application is web-hosted and you need a secure connection to it, pairing your hosting with a valid SSL Certificate ensures encrypted transport even for older application stacks.

Practical Decision Matrix

Use this checklist to select the right method for your situation:

Use Method 1 (Firefox ESR 52) if:

• You need one-time or very infrequent access
• You are on a machine with no internet connectivity or strict firewall rules
• You cannot install virtualization software due to hardware or policy constraints

Use Method 2 (IE Tab / IE Emulator) if:

• You are on Windows 10 with IE still available
• The Java application is an internal corporate tool on a trusted network
• You need the simplest possible setup with minimal overhead

Use Method 3 (Virtual Machine) if:

• You need regular, ongoing access to Java applet content
• Security and isolation are organizational requirements
• You want the ability to snapshot and roll back the environment
• Multiple users need the same Java environment (export and distribute the VM image)

Consider migrating away from Java applets entirely if:

• You control or can influence the application's development
• The application is customer-facing or exposed to the internet
• The Java functionality can be replicated with WebAssembly or a modern JavaScript framework

For teams managing multiple web properties or client environments, VPS Control Panels can simplify the administration of server-side Java applications without requiring direct command-line access for every operation.

If your use case involves hosting a web application that previously relied on Java applets for file management or email functionality, modern Email Hosting and Shared Web Hosting solutions handle those workflows natively through web interfaces that require no browser plugins whatsoever.

FAQ

Can I re-enable Java in the current version of Firefox by changing about:config settings?

No. There is no about:config flag, hidden preference, or extension that restores NPAPI plugin support in Firefox 53 or later. The NPAPI subsystem was removed from the codebase entirely, not just disabled. The only way to run Java applets in a Firefox-branded browser is to use an archived build of Firefox ESR 52 or earlier.

Which JRE version is compatible with the Firefox NPAPI Java plugin?

JRE 8 Update 161 (8u161) is the last widely available build that includes the NPAPI plugin (npjp2.dll on Windows, libnpjp2.so on Linux). Later 8u releases quietly dropped the plugin. JRE 9, 11, and all subsequent LTS releases do not include a browser plugin at all.

Is it safe to run Firefox ESR 52 on a machine connected to the internet?

No. Firefox ESR 52 has not received security patches since mid-2018 and is vulnerable to hundreds of documented exploits. If you must use it, do so on a machine behind a strict firewall, with no general browsing, and ideally with network access restricted to only the specific server the Java application runs on.

Does the IE Tab method work on macOS or Linux?

No. IE Tab relies on the Windows Internet Explorer rendering engine (mshtml.dll), which only exists on Windows. On macOS and Linux, the extension either does not install or falls back to a standard browser engine that has no Java support. For non-Windows systems, Method 1 or Method 3 are the only viable options.

What is the difference between a Java applet and a Java Web Start application?

A Java applet runs embedded inside a browser page via the NPAPI plugin. Java Web Start (JNLP) launches a standalone Java application from a browser link without embedding it in the page — it uses the javaws launcher. Java Web Start was also deprecated in JDK 9 and removed in JDK 11, but OpenWebStart (an open-source reimplementation) can still run JNLP applications on modern systems without any browser plugin dependency, making it a more viable path than applets for legacy Java application delivery.