Showing questions tagged: Show all questions
  • Solved
  • Archived

ExtensionSettings does not show up as a GPO setting with the latest ADMX files

the settings ExtessionSettings does not show up to be able to modify even tho it is on the ADMX file (5.11)? Should I use the older Extensions policies? I want to install… (read more)

the settings ExtessionSettings does not show up to be able to modify even tho it is on the ADMX file (5.11)? Should I use the older Extensions policies? I want to install and pin an extension from the store.

Asked by Christopher Roble 7 months ago

Answered by Mike Kaply 7 months ago

  • Solved
  • Archived

Remove extensions button from toolbar

I need to be able to hide the Extensions button from the toolbar. Is there a way to do that outside of the user.js or prefs.js? Preferably I'd like to do this though the … (read more)

I need to be able to hide the Extensions button from the toolbar. Is there a way to do that outside of the user.js or prefs.js? Preferably I'd like to do this though the policies.json file though I could not find any options for this.

Asked by patrick.hinckley 9 months ago

Answered by Mike Kaply 9 months ago

  • Solved
  • Archived

Subscriptions for security advisory alerts for Firefox enterprise

I'm a security analyst. I would like to get email notifications on security advisories, alerts and vulnerability information regarding Firefox to stay up to date. Please … (read more)

I'm a security analyst. I would like to get email notifications on security advisories, alerts and vulnerability information regarding Firefox to stay up to date. Please help on how I can get the subscription?

Asked by nandini.vempati 11 months ago

Answered by Mike Kaply 11 months ago

  • Solved
  • Archived

Firefox ESR (Windows) Policy Wildcards - Is it possible?

Good afternoon, We're currently trying to set up a Hardening Guide for Firefox ESR but are struggling with a few policies and setting wildcards. For example, we're tr… (read more)

Good afternoon,

We're currently trying to set up a Hardening Guide for Firefox ESR but are struggling with a few policies and setting wildcards.

For example, we're trying to set an origin in Cookies > Block Settings to something like "*", and we get the error "Ignoring parameter "*" - not a valid origin."

In Chrome / Edge you can set a wildcard like this: [*.]google.com for example - we receive the same error message for this.

Can you do such a thing for Firefox ESR without having to list every site you want to block?

ESR Version: 115.6.0esr (64-bit)

Kind Regards, Ethan Jerrum

Asked by ethan.jerrum 11 months ago

Answered by Mike Kaply 11 months ago

  • Solved
  • Archived

HTTPs Only Mode

Hello, I have a problem with setting up HTTPs only Mode in my Organization, I read a lot about that, but I dont see the "dom.security.https_only_mode" switch in GPO, we h… (read more)

Hello, I have a problem with setting up HTTPs only Mode in my Organization, I read a lot about that, but I dont see the "dom.security.https_only_mode" switch in GPO, we have the newest admx for Firefox. We need that to specific container, but still I dont know how to set it up, even via regedit, or preferences. Can someone describe me when can I set it up ? It could be using json file (which exactly file and how?), registry or just gpo. Regards, M.

Asked by marcin.markiewicz 11 months ago

Answered by Mike Kaply 11 months ago

  • Solved
  • Archived

Extension GPO help

Hello, I am trying to create a deny all & white list only gpo for Firefox extensions. I am using the gpo; Computer Configuration/Policies/Administrative Templates/M… (read more)

Hello, I am trying to create a deny all & white list only gpo for Firefox extensions.

I am using the gpo; Computer Configuration/Policies/Administrative Templates/Mozilla/Firefox/Extensions/Extension Management

I started out simple using a template which worked.

{ "*": { "blocked_install_message": "Your Company Blocked Message", "installation_mode": "blocked" }, "uBlock0@raymondhill.net": { "installation_mode": "allowed" } }

However, when I tried to add in more allowed extensions it now longer worked and was able to install any extension.

{ "*": { "blocked_install_message": "Your Company Blocked Message", "installation_mode": "blocked" }, "uBlock0@raymondhill.net": { "installation_mode": "allowed" }, "querymoid@kaply.com": { "installation_mode": "allowed" } }

Asked by zick.rockco 1 year ago

Answered by zick.rockco 1 year ago

  • Solved
  • Archived

Do we have GPO setting for this preference "network.captive-portal-service.enabled" ?

In my environment, we have Firefox version 117. Users get this pop up "You must log in to this network before you can access the Internet" (see snip 1) when they launch f… (read more)

In my environment, we have Firefox version 117. Users get this pop up "You must log in to this network before you can access the Internet" (see snip 1) when they launch firefox. In order to get rid of we can toggle this preference setting to TRUE ""network.captive-portal-service.enabled" in the user's browser, which works fine. But i want to control this setting from GPO. I'm unable to find the GPO for the same in the GPO hive for FF. See snip 2 for 'Preferences' related GPOs.

Asked by pivashis 1 year ago

Answered by Mike Kaply 1 year ago

  • Locked
  • Archived

Do we have GPO setting for this preference "network.captive-portal-service.enabled" ?

Locking this thread.Please continue here: [/questions/1430409] In my environment, we have Firefox version 117. Users get this pop up "You must log in to this network befo… (read more)

Locking this thread.
Please continue here: [/questions/1430409]
In my environment, we have Firefox version 117. Users get this pop up "You must log in to this network before you can access the Internet" (see snip 1) when they launch firefox. In order to get rid of we can toggle this preference setting to TRUE ""network.captive-portal-service.enabled" in the user's browser, which works fine. But i want to control this setting from GPO. I'm unable to find the GPO for the same in the GPO hive for FF. See snip 2 for 'Preferences' related GPOs.

Asked by pivashis 1 year ago

Last reply by Mike Kaply 1 year ago

  • Solved
  • Archived

Extensions policy allowed not working (Intune ADMX)

Hi! Using Intune, we are setting some settings in Firefox. One that is a bit troublesome is the ExtensionSettings Currently looks like this: { "*": { "blocked_ins… (read more)

Hi!

Using Intune, we are setting some settings in Firefox. One that is a bit troublesome is the ExtensionSettings

Currently looks like this:

{

 "*": {
   "blocked_install_message": "Blocked.",
   "installation_mode": "blocked"
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "allowed"
 },
 "addon@darkreader.org": {
   "installation_mode": "allowed"
 },
 "@react-devtools": {
   "installation_mode": "allowed"
 }

}

I get the Blocked message if I try any of the allowed extentions like uBlock, Dark Reader or React Dev Tools.

I can add that uBlock had "force_installed" (With URL since that is required for force) and that worked fine.

Asked by janfredrik 1 year ago

Answered by janfredrik 1 year ago

  • Solved
  • Archived

Problem with ExtensionSettings

Hello I have installed german Firefox Version 117.0 (Build-ID 20230824132758) on Windows 10. The following ExtensionSettings policy works as expected. The addons ublock … (read more)

Hello I have installed german Firefox Version 117.0 (Build-ID 20230824132758) on Windows 10.

The following ExtensionSettings policy works as expected. The addons ublock and TreeTabs are both installed automatically.


{

 "*": {
   "blocked_install_message": "My Message",
   "install_sources": ["https://addons.mozilla.org/"],
   "installation_mode": "blocked",
   "allowed_types": ["locale", "extension"]
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi",
   "default_area": "navbar"
 },
 "TreeTabs@jagiello.it": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/tree-tabs/latest.xpi"
 }

}


But I don't want TreeTabs to be installed automatically on all workstations. So I want to change installation_mode to allowed.


{

 "*": {
   "blocked_install_message": "My Message",
   "install_sources": ["https://addons.mozilla.org/"],
   "installation_mode": "blocked",
   "allowed_types": ["locale", "extension"]
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi",
   "default_area": "navbar"
 },
 "TreeTabs@jagiello.it": {
   "installation_mode": "allowed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/tree-tabs/latest.xpi"
 }

}


But with this setting I'm unable to install it manually from https://addons.mozilla.org/de/firefox/addon/tree-tabs/ The message "An unexpected error occurred during installation." and a popup with the "blocked_install_message" "My Message" is displayed.

The same error occurs without the line (and the comma) "install_url": "https://addons.mozilla.org/firefox/downloads/latest/tree-tabs/latest.xpi"

I don't know why this does not work. Please help. Thank you.

Asked by ewomy 1 year ago

Answered by Mike Kaply 1 year ago

  • Solved
  • Archived

Site not loading when using ESR due to CSP

One of our vendors websites does not load under Firefox ESR, with errors in the console pointing to CSP. Error is: Content Security Policy: The page's settings blocked th… (read more)

One of our vendors websites does not load under Firefox ESR, with errors in the console pointing to CSP. Error is: Content Security Policy: The page's settings blocked the loading of a resource at inline ("default-src")

However if I load the site under the normal Firefox release, it displays correctly. When looking at errors in console, it is showing 3 errors for CSP, however it does not stop the site from working correctly. Content-Security-Policy: The page's settings blocked the loading of a resources at https://..... ("connect-src") or ("img-src")

The site is https://app.approvalmax.com If you get the login screen then the site is working otherwise just getting a green background when it is not working.

I am unsure why ESR and RR versions are behaving differently in this case. Using the latest versions of each.

Asked by chris.foster1 1 year ago

Answered by Mike Kaply 1 year ago

  • Solved
  • Archived

I can’t change the min and max TLS versions with either policies.json or mozilla.cfg

I need to set the max TLS version to 1.3 and the min version to 1.2 on my shstems. The max and min TLS versions are set to 4 and 3 by default in about:config. If I use lo… (read more)

I need to set the max TLS version to 1.3 and the min version to 1.2 on my shstems. The max and min TLS versions are set to 4 and 3 by default in about:config. If I use lockPref(“security.tls.version.max”,”3”), it is still 4 in about:config for some reason. If I set the min version to 2, it is still 3. This also doesn’t work if I use “SSLVersionMin”: “tls1.2” how can I fix this issue? Thank you in advance!

Asked by Terwassolam21434 1 year ago

Answered by jscher2000 - Support Volunteer 1 year ago

  • Solved
  • Archived

Unable to set multiple ExtensionSettings through imported admx

I am using the intune preview feature which allows you to import admx/adml instead of using the custom injection method. Everything works far better then with the inject… (read more)

I am using the intune preview feature which allows you to import admx/adml instead of using the custom injection method. Everything works far better then with the injection method, except for one settings:

ExtensionSettings this setting is working when I have only one setting set (ex):

{"someplugin@test.com": { "installation_mode" : "allowed" }}

If I add a second line to the entry:

{"someotherplugin@test.com":{ "installation_mode" : "allowed"}}

I understand this is a new feature, but if I had the correct format that would work for HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\ExtensionSettings to allow two plugins to work I belive I shouldn't have any issue getting the admx feature to do this, I even tried manually editing the registry setting and it breaks whenever I add the second line to it.

Asked by robert.deed 1 year ago

Answered by robert.deed 1 year ago

  • Solved
  • Archived

Firefox Extension Management

Hi All, I have recently been enhaciing our security posture and have started sorting out our browser extensions, however I seem to be having errors allowing 2 extensions… (read more)

Hi All,

I have recently been enhaciing our security posture and have started sorting out our browser extensions, however I seem to be having errors allowing 2 extensions

  • 1Password; and
  • Firefox Multi Containers.

This is my json:

{ "*": { "blocked_install_message": "version 0.4 - Addon or Extension is not approved. Please submit a ticket to Help Desk if you need access to this extension.", "install_sources": ["https://addons.mozilla.org/"], "installation_mode": "blocked" }, "{bc8367b6-d946-484e-8da6-37691f23ee64}": { "installation_mode": "allowed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/1password-x-password-manager/latest.xpi" }, "{2a28e7e4-64c9-4e7f-81fb-0475af840c0f}": { "installation_mode": "allowed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/multi-account-containers/latest.xpi" } }

I have tried the obvious and removed the {} from both extensions, however still having troubles.

Is someone able to point me in the right direction?

Asked by andrew219 1 year ago

Answered by andrew219 1 year ago

  • Solved
  • Archived

Dragging and Dropping email attachments into a formula not working

Version: Firefox ESR 102.9.0 (64-bit) - Windows 10 Enterprise 22H2 Customers have been complaining for about 6 months that they can no longer drag and drop email attach… (read more)

Version: Firefox ESR 102.9.0 (64-bit) - Windows 10 Enterprise 22H2

Customers have been complaining for about 6 months that they can no longer drag and drop email attachments from Outlook (Microsoft Office Professional Plus 2019 - Exchange) into a Help Desk formula. I tested dragging from Outlook desktop and from the web version.

Drag and Drop works when using Edge and Chrome.

This is not a major issue, since customers can use the other browsers, but since they would prefer to use Firefox, a fix would really be appreciated.  :-)

Asked by fischer404 1 year ago

Answered by Mike Kaply 1 year ago

  • Solved
  • Archived

Allowed Extension is getting removed.

Hello, I am trying to manage Firefox Extension using "Extension Setting" via Intune. Source: https://github.com/mozilla/policy-templates/blob/master/README.md#extensions… (read more)

Hello, I am trying to manage Firefox Extension using "Extension Setting" via Intune. Source: https://github.com/mozilla/policy-templates/blob/master/README.md#extensionsettings I am testing below JSON for testing. <enabled/> <data id="ExtensionSettings" value=' {

 "*": {
   "blocked_install_message": "Not Allowed contact HelpDesk.",
   "install_sources": ["https://www.example.com/*"],
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
 },
   "https-everywhere@eff.org": {
   "installation_mode": "allowed"
 },
 "jetpack-extension@dashlane.com": {
   "installation_mode": "allowed",
   "install_url": "https://prod.extensions.dashlane.com/downloads/firefox/dashlane-latest-fx.xpi"
 }

}'/>


When deployed to test devices, all extension previously installed get removed and Ublock get installed, seem like working as intended but when I try to install any "Allowed" I get the block installed message. I see no error in "about:policies". I don't know where else to look for why its getting blocked?

Any help will be much appreciated.

Asked by bluekind12 1 year ago

Answered by Mike Kaply 1 year ago

  • Solved
  • Archived

Firefox 102.3.0 ESR, installs extension without permission

Hello, I am managing Firefox for a very large organization. We have several extension that we deploy using registry keys and we don't allow users to install additional a… (read more)

Hello,

I am managing Firefox for a very large organization. We have several extension that we deploy using registry keys and we don't allow users to install additional addons. However, since version 102.3 I noticed some extensions that are present on the machine as .xpi files, but should not install unless a specific application is also present, are also being activated. They are enabled in the add-on manager, the information is present in the "extensions.json" and "extension-preferences.json" files. This should not happen. Is there any way to prevent the activation of these files?

Thank you!

Asked by antoniu-laurentiu.imbrea 2 years ago

Answered by antoniu-laurentiu.imbrea 1 year ago