Firefox for Enterprise Support Forum

on GitHub the commands are all based on Java https://github.com/mozilla/policy-templates#preferences

Is there a list of all available registry settings? Or where do these Java options come from, where can I read them out?

Hello

I am looking for a way to disable the QUIC protocol in Firefox by GPO. I got your latest AMDX templates but I don't see the option to modify network.http.http3.enabled.

Either an AMDX template with this option or a Registry will do the trick

Thanks

Hi,

I'm blocked because for my company i have to make a GPO that will setup the default handler for pdf files. I picked up different codes on internet but it went the same way for all of them, it didn't work. Im pretty sure that's not a GPO application issue because actually all the others setings are working perfectly.

The json code was paste on the Handlers settings as u can see in the attachement.

Hopefully that i will find help there.

Cordially.

Hi Team, I'm using the Zscaler in my network, when I use the Firefox, appear the error:

"Software is Preventing Firefox From Safely Connecting to This Site

www.googleadservices.com is most likely a safe site, but a secure connection could not be established. This issue is caused by Zscaler Root CA, which is either software on your computer or your network.

What can you do about it?

www.googleadservices.com has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely...." Picture 1

I have root certificate in path: /usr/share/ca-certificates/mozilla$ Picture 2

I run the command for updates CA but it doesn't work: sudo update-ca-certificates

Errors keep popping up.

The certificate not appear in the Certificate manager > Authorities Picture 3

But if I open the firefox > Settings > Privacy & Security> Certifcates > View Certificates > Import And I import the certificate ZscalerRoot.crt and I mark the option "trust this CA to identify websites" the firefox works, and I can open the site without error message.

Picture 4

And the certificate appear in the manager certificate: Picture 5

How can I put the command terminal certificate, which I have on hundreds of machines?

Note: I need to put the certificate only for internet access.

Hi, Background: a few months ago I had to redeploy the CA for a network I manage. I was able to do so and publish the new intermediate CA's cert via Active Directory. Since then, I've updated certs on webhosts with certs from the new CA. Whenever a user uses FF (version 91.12.0) to browse to a site with the newly signed cert, I get an error stating "sec_error_ocsp_old". I've been able to temporarily advise users to disable OCSP Validation in FF security settings, but I'd REALLY like to fix this.

Other browsers (Edge, Chrome, Opera) all load the sites without issue.

Using this the below article, I double checked the time settings on the CA, Webserver, and clients: https://support.mozilla.org/en-US/kb/troubleshoot-time-errors-secure-websites

All the machines/VMs in question show the same time source, time, time zone, and sync interval.

I'm at a loss for what is happening. Any help would be greatly appreciated.

Hi,

I've been tasked to make some changes to the way users deal with logins and passwords in the office. So, in short, one of the issues is this: is there ANY way to disable (I'd say "hide" is more accurate) the about:logins page on Firefox?

• pref.privacy.disable_button.view_passwords (with a lock pref) in autoconfig only disables the "View saved logins" button in Settings.

As for policies:

• a few policies for blocking about: pages do exist - BlockAboutAddons/Config/Profiles/Support, but can't find one, say, "BlockAboutLogins" or something like that.
• PasswordManagerEnabled set to false disables the password manager completely, including about:logins, password autofill is disabled as well - not what I need.
• WebsiteFilter, as expected, doesn't treat about: as a protocol, so it can't be done there either.

Any help is appreciated. Thanks in advance!

I am an administrator at a university and we use Blackboard and Zoom as a couple of the tools at our university. We install Firefox on all of our PCs across campus. After a recent update, when our instructors try to launch Zoom using the integration setup in Blackboard, the meeting fails to launch. We have found that disabling Enhanced Protection fixes this issue. Is there a way to add this exception to an install file that can be sent across many PCs on our campus? We have hundreds of PCs and going from one to another to install this exception would not be practical.

Do you have any suggestions? Justin

Some users in my organization have been complaining about FireFox location protection since the update to 103.0.2. We would like an option to completely disable this "feature". Our users are complaining about having to individually make exceptions via the shield icon and selecting custom and unchecking all boxes does not work for our use case scenario. Is there any option to disable this completely or are there plans in future releases to allow us a disable feature (like you used to have) or is the only solution to switch our users to Chrome? Thanks

We have a customer using our SaaS solution running through Firefox 91.12.0 ESR. The web application we provide requires access to the camera on the local machine so we can capture a photo. We give them instructions and they configure their instance of Firefox to ALLOW access to the camera, along with several other adjustments (like allowing pop-ups, and no autofill).

However, whenever they restart Firefox the camera permission reverts back to the DEFAULT of Always Ask. The other settings adjustments we make, like pop-ups and no autofill stick around, but not the camera setting.

We've checked the PREF.js file in the Profile folder and that doesn't appear to be a problem. On our in-house machines we are running the same version of Windows and Firefox and cannot reproduce the problem.

The customer has recently applied the upgrade from an earlier version of Firefox ESR to 91.12.0. The customer has also imaged the PC and copied over to a large number of additional machines for use around their organization. This problem is causing a serious disruption to their deployment of the updated PC's as we work with them to try and troubleshoot the problem.

Any ideas on what to try would be appreciated.

I am struggling to find the right policy for disabling "basic authentication" in Firefox using GPO or Intune policy. For other chromium browser like Chrome and Edge Chromium is very straightforward.

Been struggling to find right config or policies. Non of about:config or about:policy seems to work.

Please suggest.

Regards, Rakesh

I am looking for a method to be able to programmatically load CA certificates system wide as opposed to a per user method. We made a modification policies.json to install a certificate but it's not working, we followed the documentation on Github

https://github.com/mozilla/policy-templates/blob/master/README.md

Attached is the screenshot of the section we used.

Hello Team,

We are trying to disable DoH option in firefox, but i am still not able to disable it using plist file. If anyone can help with the plist file and location to put the file in MacOS it would be a great help.

I am using the below plist file <plist> <dict> <key>DNSOverHTTPS</key> <dict> <key>Enabled</key> <false/> <key>Locked</key> <true/> </dict> </dict> </plist> Ref: https://github.com/mozilla/policy-templates/blob/master/README.md

Thanks

I recently pushed a GPO to all the computers so Firefox would detect the CAC readers on end user devices. The push updated the registry but it hasn’t taken effect. I think the Mozilla.cfg is overriding the GPO. Is there somewhere in the config file I can update device manager settings for Firefox? Or better yet can I override the config file.