Firefox za Enterprise Forum podrške

Hi All- I am in charge of deploying Firefox ESR to my company and trying to get it to silently auto update on it's on with user interaction. We have policies in place (GPO) that prevent it at this point. I need some guidance on whether I should use just GPOs to manage this or should I go the route of the .cfg file? If someone has a step by step on how to best achieve this I would appreciate it. I am currently using the .msi installer.

Here is settings in an old .cfg file that I am testing with:

lockPref("app.update.mode", 1); lockPref("app.update.service.enabled", true); lockPref("extensions.update.enabled", false); lockPref("extensions.update.autoUpdateEnabled", false);

// Set default homepage - users can change // Requires a complex preference defaultPref("browser.startup.homepage","data:text/plain,browser.startup.homepage=http://workday");

// Don't ask to install the Flash plugin lockPref("plugins.notifyMissingFlash", false);

// Disable Search Engine automatic updates lockPref("browser.search.update", false);

//Disable telemetry lockPref("toolkit.telemetry.prompted", 2); lockPref("toolkit.telemetry.rejected", true); lockPref("toolkit.telemetry.enabled", false);

// Disable health reporter lockPref("datareporting.healthreport.service.enabled", false); lockPref("datareporting.healthreport.logging.consoleEnabled", false); lockPref("datareporting.healthreport.uploadEnabled", false);

// Disable all data upload (Telemetry and FHR) lockPref("datareporting.policy.dataSubmissionEnabled", false);

// Disable crash reporter lockPref("toolkit.crashreporter.enabled", false); Components.classes["@mozilla.org/toolkit/crash-reporter;1"].getService(Components.interfaces.nsICrashReporter).submitReports = false;

// Don't show WhatsNew on first run after every update pref("browser.startup.homepage_override.mstone","ignore");

// Don't show 'know your rights' on first run pref("browser.rights.3.shown", true);

Hello

We use our own CA to secure some websites on the internal network. Until version 101.0, the SSL was working correctly. I have updated today to firefox 101 and all our internal websites started giving SSL_ERROR_BAD_CERT_DOMAIN. There are no issues with external CA issued certificates, so I'm assuming it is something related to the way we generate the certificates. Were there any changes done at version 101 which might reject certificates with a valid common name? Is there a way to disable it and revert to version 100 options?

Thank you

I manage SCCM in my environment, and have been successfully offering Firefox ESR for a while now, along with silent updates when new versions are released.

Today I realised that not all of my users are using the ESR version from the Software Centre (90.10.0), but have instead installed the normal version to their profile (ranging from 83.x.x to 101.x.x). These are clearly not being updated, and it's been flagged by security scans.

So, I'm looking for a way to remove them silently with a script that I can insert into the ESR deployment, and replace these unsupported versions.

Can anyone help me?

I would like to completely remove the address bar (url bar?) from Firefox 78 64bit. We had to update our Firefox at work and the old way of doing it through the userChrome.css file doesnt seem to work with the newer versions.

I would like to hide the menu button located at the top right (the three lines button) or hide the access to the firefox settings (about:preferences) but I cannot find any GPO to do this. How can I hide this button?

Thanks in advance

We have a customer using our SaaS solution running through Firefox 91.12.0 ESR. The web application we provide requires access to the camera on the local machine so we can capture a photo. We give them instructions and they configure their instance of Firefox to ALLOW access to the camera, along with several other adjustments (like allowing pop-ups, and no autofill).

However, whenever they restart Firefox the camera permission reverts back to the DEFAULT of Always Ask. The other settings adjustments we make, like pop-ups and no autofill stick around, but not the camera setting.

We've checked the PREF.js file in the Profile folder and that doesn't appear to be a problem. On our in-house machines we are running the same version of Windows and Firefox and cannot reproduce the problem.

The customer has recently applied the upgrade from an earlier version of Firefox ESR to 91.12.0. The customer has also imaged the PC and copied over to a large number of additional machines for use around their organization. This problem is causing a serious disruption to their deployment of the updated PC's as we work with them to try and troubleshoot the problem.

Any ideas on what to try would be appreciated.

Why isn't firefox ESR 102.1 available for download via this link, it still downloads 91.12 which has vulnerabilities. https://www.mozilla.org/en-US/firefox/enterprise/ I found it after digging around but it was a hassel.

I have an issue on a Mac OS Server environment with home folders. The user's login to the MAC which authenticates to the Open Directory MAC server giving home folders to the logged-on users that reside on the server and not the local workstation. Users commonly use different computers to log in. What we're finding is that the users are increasingly getting the error message that a copy of firefox is open and firefox cannot open.

Removing the lock file solves the issue.

cd ~/Library/Application\ Support/Firefox/Profiles/ cd uniqueid.default rm -rf .parentlock

Is there a way to avoid this? We have the most current version of FF installed.

Some users in my organization have been complaining about FireFox location protection since the update to 103.0.2. We would like an option to completely disable this "feature". Our users are complaining about having to individually make exceptions via the shield icon and selecting custom and unchecking all boxes does not work for our use case scenario. Is there any option to disable this completely or are there plans in future releases to allow us a disable feature (like you used to have) or is the only solution to switch our users to Chrome? Thanks

We use GPO to push out our Firefox homepage and bookmarks. I get totally different results for each user, some will make changes right away if I add a new book marks, but they don't see older ones?

I decided to build a few test machines (we don't have time to build a dev envir) and it applies the GPO for the home page but not the bookmarks, I can see the book marks in the registry even but nothing on firefox. Anyone have a guess?

thanks David

I am an administrator at a university and we use Blackboard and Zoom as a couple of the tools at our university. We install Firefox on all of our PCs across campus. After a recent update, when our instructors try to launch Zoom using the integration setup in Blackboard, the meeting fails to launch. We have found that disabling Enhanced Protection fixes this issue. Is there a way to add this exception to an install file that can be sent across many PCs on our campus? We have hundreds of PCs and going from one to another to install this exception would not be practical.

Do you have any suggestions? Justin

When downloading Firefox ESR via the website for macOS (https://download.mozilla.org/?product=firefox-esr-latest-ssl&os=osx&lang=en-US) one still receives the old 91.13.0 version instead of the current release 102.2.0. Can you please fix this?

Hi We have had FF ers for some time. The old "no longer employed" sccm manager had the 64 bit version install in the x86 dir. We are now trying to use Qualys for patching. How can i move the 12k users bookmarks to the correct install path so Qualys can update when needed. Thanks TJ

I am deploying Mozilla Firefox using Intune. The application is deployed no problem but there is always the error in Intune portal. I was told that Mozilla Firefox has custom return codes to indicate post-installation behavior. That is why though the application itself is installed and works properly on the device, Intune portal does not know the status of the installation and gives the error. This error causes a lot of issues to the further application management. Dose any one knows what those codes are? Or maybe can point into the correct direction on how to get them. Thank you.

Hi,

I've been tasked to make some changes to the way users deal with logins and passwords in the office. So, in short, one of the issues is this: is there ANY way to disable (I'd say "hide" is more accurate) the about:logins page on Firefox?

• pref.privacy.disable_button.view_passwords (with a lock pref) in autoconfig only disables the "View saved logins" button in Settings.

As for policies:

• a few policies for blocking about: pages do exist - BlockAboutAddons/Config/Profiles/Support, but can't find one, say, "BlockAboutLogins" or something like that.
• PasswordManagerEnabled set to false disables the password manager completely, including about:logins, password autofill is disabled as well - not what I need.
• WebsiteFilter, as expected, doesn't treat about: as a protocol, so it can't be done there either.

Any help is appreciated. Thanks in advance!

Steps:

• Open Linux server via VNC
• Open Firefox
• Search the term "test"

Issue:

• The google result page doesn't fit into the window and has a horizontal scrollbar to see content on the right hand side

Note: I need my website to fit into browser properly at 100%(default) zoom itself for the purpose of automation because changing zoom level via selenium automation to press ctrl and minus 3 times causes unexpected behavior like even though value is filled in a textbox, it doesn't get sent in the API request payload. (Python 3.4.3, Selenium 3.12.0, GeckoDriver 0.31.0)

Versions:

• Ubuntu 14.04.6
• Firefox 91.13.0ESR
• VNC: Tight VNC Viewer 2.8.63 OR Real VNC Viewer 6.22.515

We have about 35 versions of firefox running across the enterprise (38 to 91) and I have been tasked to update the EOL dates for all versions we have to help bring things up to speed and know what is/is not supported.

I found this page with release dates (https://www.mozilla.org/en-US/firefox/releases/) but nothing about when a version has reached it's EOL. Any help would be appreciated.

Hi, Background: a few months ago I had to redeploy the CA for a network I manage. I was able to do so and publish the new intermediate CA's cert via Active Directory. Since then, I've updated certs on webhosts with certs from the new CA. Whenever a user uses FF (version 91.12.0) to browse to a site with the newly signed cert, I get an error stating "sec_error_ocsp_old". I've been able to temporarily advise users to disable OCSP Validation in FF security settings, but I'd REALLY like to fix this.

Other browsers (Edge, Chrome, Opera) all load the sites without issue.

Using this the below article, I double checked the time settings on the CA, Webserver, and clients: https://support.mozilla.org/en-US/kb/troubleshoot-time-errors-secure-websites

All the machines/VMs in question show the same time source, time, time zone, and sync interval.

I'm at a loss for what is happening. Any help would be greatly appreciated.

OMA-URI:

./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy Value (string):

<enabled/> <data id="ProxyLocked" value="true | false"/> <data id="ConnectionType" value="none | system | manual | autoDetect | autoConfig"/> <data id="HTTPProxy" value="https://httpproxy.example.com"/> <data id="UseHTTPProxyForAllProtocols" value="true | false"/> <data id="SSLProxy" value="https://sslproxy.example.com"/> <data id="FTPProxy" value="https://ftpproxy.example.com"/> <data id="SOCKSProxy" value="https://socksproxy.example.com"/> <data id="SOCKSVersion" value="4 | 5"/> <data id="AutoConfigURL" value="URL_TO_AUTOCONFIG"/> <data id="Passthrough" value="<local>" >="" <data="" <="" p=""></data>

This has mixure of String and Integer , when we configure as string and use one from the above or leaving blank or setting only string , it failed the policy with error - -2016281112