oh boy, have I had fun with this kinda thing:
https://bugzilla.mozilla.org/show_bug.cgi?id=1703903
this is what I'm doing to try and deal with idiotic popups at present:
sub disable_firefox_studies {
# create a config file that disables Firefox's dumb 'shield
# studies' so they don't break tests:
# https://bugzilla.mozilla.org/show_bug.cgi?id=1529626
# and also disables the password manager stuff so that doesn't
# break password entry:
# https://bugzilla.mozilla.org/show_bug.cgi?id=1635833
# and *also* tries to disable "first run pages", though this
# doesn't seem to be working yet:
# https://bugzilla.mozilla.org/show_bug.cgi?id=1703903
assert_script_run 'mkdir -p $(rpm --eval %_libdir)/firefox/distribution';
assert_script_run 'printf \'{"policies": {"DisableFirefoxStudies": true, "OfferToSaveLogins": false, "OverrideFirstRunPage": "", "OverridePostUpdatePage": ""}}\' > $(rpm --eval %_libdir)/firefox/distribution/policies.json';
# Now create a preferences override file that disables the
# quicksuggest and total cookie protection onboarding screens
# see https://support.mozilla.org/en-US/kb/customizing-firefox-using-autoconfig
# for why this wacky pair of files with required values is needed
# and https://bugzilla.mozilla.org/show_bug.cgi?id=1703903 again
# for the actual values
assert_script_run 'mkdir -p $(rpm --eval %_libdir)/firefox/browser/defaults/preferences';
assert_script_run 'printf "// required comment\npref(\'general.config.filename\', \'openqa-overrides.cfg\');\npref(\'general.config.obscure_value\', 0);\n" > $(rpm --eval %_libdir)/firefox/browser/defaults/preferences/openqa-overrides.js';
assert_script_run 'printf "// required comment\npref(\'browser.urlbar.quicksuggest.shouldShowOnboardingDialog\', false);\npref(\'privacy.restrict3rdpartystorage.rollout.enabledByDefault\', false);\n" > $(rpm --eval %_libdir)/firefox/openqa-overrides.cfg';
}
The problem I see with trying to use a user.js is, it's supposed to go in the Firefox profile directory...which doesn't exist until you've run Firefox. So you'd have to run it, quit, write the file (using wildcards or something to find the right path as it gets random elements in its name), then run it again.
My approach is using a mechanism Firefox calls "autoconfig" to set prefs: https://support.mozilla.org/en-US/kb/customizing-firefox-using-autoconfig
It's weirdly baroque (I have no idea why they thought this "you have to make one file that points to another file and has a weird magic setting in it" mechanism was a good idea), but it does work if you do it right.
Setting privacy.restrict3rdpartystorage.rollout.enabledByDefault false gets rid of that Total Cookie Protection thing (per Ed Lee on the upstream bug), setting browser.urlbar.quicksuggest.shouldShowOnboardingDialog false deals with a 'quicksuggest' one I was seeing a few weeks ago. Upstream (Mike Kaply) suggested just browser.aboutwelcome.enabled might deal with both, but I haven't tried that yet.
There is also the Policies mechanism - https://support.mozilla.org/en-US/kb/customizing-firefox-using-policiesjson - which is easier to use, but only has a limited range of policies. Upstream thought that setting the OverrideFirstRunPage policy to "" should get rid of both the total cookie protection and quicksuggest popups, but in my testing it does not seem to, I don't know why not.