Firefox za Enterprise Forum podrške

Hello! As you may know, FireFox does not use the Windows Certificate Store by default. Therefore I have to change the "security.enterprise-roots.enabled" in the preferences on each workstation. I have searched and found ways to enforce this change by GPE , but I wonder if there is a way to change firefox preferences, especially the one I've mentioned, via Registry Editor.

Hi,

We've GPOs in place for Edge and Chrome that set said browsers on all our Windows endpoints to open downloaded ICA files in Citrix Workspace.

I've imported the firefox.admx and mozilla.admx file along with assocaited .adml files, checked Github, checked through the GPO settings yet cannot figure out how to do the same with Firefox.

Is there a Mozila Firefox for Windows GPO ADMX setting I can use to control the "Firefox>Settings>General>Files and Applications>Applications" section to add "Content type: ica | Action: Use Citrix Workspace"?

Thanking you....

Hello,

As the title mentions, applying a block to all extensions via "*" by utilizing Extension Management GPO will block about:debugging.

Is there a way to simultaneously have all extensions blocked and about:debugging available?

Here's the JSON - { "*": { "installation_mode": "blocked" } }

Appreciate your time and help, - Dom

Hello,

I want to download an extension using firefox policy templates. I put the location folder and extension id so that it cannot be deleted, but for some reason it doesn't want to install most of the times. The policy is added after using the gpupdate /force command and restarting the machine then open and close the browser. I wait 10 minutes for the policy to be configured on the computer and open the browser again and nothing happens. Also, the keys in the registry have the corresponding value type (checked in site https://admx.help/?Category=Firefox&Policy=Mozilla.Policies.Firefox::Extensions_Locked). But when I drag and drop with a mouse, the extension is installed and cannot be deleted. Can you tell me why does the extension not install when the policy is in effect?

I sent pictures from Group Policy Manager, Registry editor and showing that the extension can not be deleted after drag and drop with a mouse.

Thank you in advanced!

Hello, Qualys is detecting Vulnerabilites on our Firefox ESR 91.12 Versions which were patched by MFSA2022-29.

It is showing Vulnerabilities because MFSA2022-30 lists CVE's for ESR 102.X and we are on 91.12.

Is there anywhere I can go to get a list of all Vulnerabilities on 91.X to show our Security team, I believe CVE-2022-36314 and CVE-2022-2505 are not present in 91.12 because they are not listed in https://www.mozilla.org/en-US/security/advisories/mfsa2022-29/ but need evidence

Thank You,

From my point of view, the setting " What should Firefox do with other files?" has been added in the current ESR version.

"What should Firefox do with other files?" ("Wie soll Firefox mit anderen Dateien verfahren?") . "Save files" ("Dateien speichern") . "Ask whether to open or save files" ("Fragen, ob Dateien geöffnet oder gespeichert werden sollen")

How can I control/change this setting using mozilla.cfg?

By the way:

// What should Firefox do with other files? - Wie soll Firefox mit anderen Dateien verfahren? lockPref("applications-ask-before-handling", false);

// What should Firefox do with other files? - Wie soll Firefox mit anderen Dateien verfahren? lockPref("applications-ask-before-handling", true);

works detectably via about:config but does not change the setting for "What should Firefox do with other files?".

I have a need to use regular browser (not kiosk), but disable the "open downloads folder" once a file has been downloaded. This is opening a file manager (thunar or alike) which then allows the user to browse the filesystem and open a terminal emulator from /usr/bin.

Using the policies, I am able to prompt for downloads, or select a download location, however I have been unable to completely stop the user from opening the download folder which opens a file browser.

Is there any way I can select policies or profile options for disabling the option for opening download folder?

Hi everyone, I'm trying to standardize the homepage for the browser which enrolled with Intune on MacOS. I have imported the .plist file as below with the preference domain name as "org.mozilla.firefox". After applied, it returned error and nothing has been changed on the browser. Thanks.

<key>Homepage</key> <key>URL</key> <string>http://example.com</string> <key>StartPage</key> <string>homepage</string>

Hello, ever since we moved endpoints from Firefox ESR 91.13 to 102.3, it has become impossible to play any media with Firefox.

No video will play in youtube, for instance (it just loads endlessly as if it would start, but it doesn't).

Can't use radio websites either. Anything with a "play" button (video or sound) does nothing.

This has been tested with a clean profile, a clean install, after allowing autoplay in the settings.

Is there any info on what exactly changed between ESR 91 and 102 that might explain this ? There has been no system change, If I reinstall 91 instead it works again as usual.

No issues anywhere else on the endpoints (Edge, Windows), this is on Windows 10 if it makes any difference.

Tanks for any help on this.

Hello,

Firefox 102.6.0esr (x64) Firefox 108.2.0 (x64)

after implementing the bookmarks (JSON) setting by GPO policy, it turns out that an entry for Bookmarks is created in the registry and not ManagedBookmarks, which causes bookmarks not to appear in the bookmarks bar. When I manually rename a registry entry from Bookmarks to ManagedBookmarks, the bookmarks appear properly. Please let me know if I'm doing something wrong or if there really is a problem reported by me.

Yours sincerely Bart

Hello, in Firefox browser, my organization has always blocked all extensions except for ones we allow through OMA-URI ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings.

About a month ago this stopped working and our end users can now install any extension in the Firefox browser that they choose, without approval, creating a security risk.

When checking in about:policies, there is a policy error: Unable to parse JSON for ExtensionSettings. We have checked with Microsoft Intune support and they verified that the policy looks to be configured and targeted correctly.

Here is a snippet of our JSON, this is a test policy where microsoft support had us remove "about:addons" from the 'install sources'. Both test and production policies are not working.

<enabled/>
<data id="ExtensionSettings" value='
{
    "*": {
        "blocked_install_message": "Contact Service Line",
        "install_sources": ["https://addons.mozilla.org/*"],
        "installation_mode": "blocked",
        "allowed_types": ["extension"]
    },
    "cloudmetering@snowsoftware.com": {
        "installation_mode": "force_installed",
        "install_url": "file:///C:/Program Files/Snow Software/Inventory/Agent/FFCloudmetering.xpi"
    },
    "fpdlpffext2@forcepoint.com": {
        "installation_mode": "force_installed",
        "install_url": "file:///C:/Program Files/Websense/Websense Endpoint/winFFext.xpi"
    },
    "jid1-5AULKXLKGyjuLQ@jetpack": {
        "installation_mode": "allowed"
    },
    "abb@amazon.com": {
        "installation_mode": "allowed"
    },
    "ciscowebexstart1@cisco.com": {
        "installation_mode": "allowed"
    },
    "linkedinConverted@firefox-extension": {
        "installation_mode": "allowed"
    },
    "{7bc53591-5218-45a0-b572-4366979097fd}": {
        "installation_mode": "allowed"
    },
    "queryamoid@kaply.com": {
        "installation_mode": "allowed"
    },
    "jid1-93WyvpgvxzGATw@jetpack": {
        "installation_mode": "allowed"
    },

Is this a bug? Or something wrong with our configuration? Has firefox changed the requirements of the extensionsettings OMA-URI?

Thanks for any help in advance.

Environment: Windows 10 22h2 clients, latest ESR build, Domain servers Windows 2016 or better.

So I followed the guide https://github.com/mozilla/policy-templates/blob/master/README.md#extensionsettings and tried to set up the config. We are using the latest ESR build but after the settings is applied I still dont have working extensions.

Here is the code

{
     "*": {
           "blocked_install_message": "Addon or Extension is not approved. Please submit a ticket to Help Desk if you need access to this extension.",
           "install_sources": ["https://addons.mozilla.org/"],
           "installation_mode": "blocked"
     },
     "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/adblock-plus/latest.xpi"
           },
     "ciscowebexstart1@cisco.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/cisco-webex-extension/latest.xpi"
     },
     "{d0210f13-a970-4f1e-8322-0f76ec80adde}": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/instapaper-official/latest.xpi"
           },
     "appstore-mini@feedly.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/feedly_mini/latest.xpi"
           },
     "extension@one-tab.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/onetab/latest.xpi"
           },
     "support@lastpass.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/lastpass-password-manager/latest.xpi"
           },
     "sweb2pdfextension.4@kofax.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/kofax-pdf-create-4-0/latest.xpi"
           },
     "Aternity-WebExt-12.1.4@aternity.com": {
           "installation_mode": "allowed",
           },
     "its_addons_wrap@onelog.com": {
           "installation_mode": "allowed",
           "install_url": "https://extensions.onelog.com/extension/onelog.xpi"
     }

}

I have placed the settings in HKCU but also tried in HKLM and there has been no difference. in each case I get Unable to parse JSON for Extensionsettings when checking the about:policies section and when I look at the registry I see the REG_MULTI_SZ value but when i click on it to read it I get another error message. Cannot edit ExtensionSettings: Error reading the values contents.

I tried re-entering the code and tried not listing the install URLs and even tried only listing 1 item. I haven't been able to get past this error so any help would be greatly appreciated.

I am installing Firefox via microsoft endpoint, and deploying multi account containers with the OMA-URI policy for extensions. (this blog page is super helpful! https://securitygeneralist.blogspot.com/2019/08/auto-installing-extensions-on-firefox.html )

The extension by default has containers for Personal, Work, Banking, Shopping.

Is there a way to automatically remove that default container list as part of the install?

Even better, is there a way to create a different default containers list through Endpoint?

Thanks

Hello

I am looking for a way to disable the QUIC protocol in Firefox by GPO. I got your latest AMDX templates but I don't see the option to modify network.http.http3.enabled.

Either an AMDX template with this option or a Registry will do the trick

Thanks

in our organisation i need several domainnames to be added in network.negotiate-auth.delegation-uris and network.negotiate-auth.trusted-uris, so that sso for some webapplications is working. some are allready in the list. when i make changes to the list, everything is working ok, but when i clos all mozilla windows and restart mozilla, the changes are gone.

I am looking for information regarding the support life for settings that are defined in the Preferences (Deprecated) section of the ADMX templates provided in GitHub. There doesn't appear to be a definitive answer as to when these preferences are no longer applicable to a version of Firefox. The term "Deprecated" certainly applies they're on their way to extinction. But only a small handful of preferences have been ported over to non-deprecated template settings (like Auto Update). Is there an expected version of Firefox where all these preferences are meaningless? Or will they be supported indefinitely? "Industry recommendations' from 3rd party security vendors are bloating my policies in the domain space and I can't definitively say they are 'no longer supported as of version xyz' for all these Firefox Preference settings, which happen to be about 80% of the security parameters defined by STIG and/or CIS Workbench.

We try to deploy Extension Management Settings via GPO.

Goal is to allow only whitelisted extensions, but don't block themes, dictionaries and locales.

Below find the JSON-settings deployed to the client, which should allow all themes and whitelisted extensions. Unfortunately this blocks everything except whitelisted IDs. See example screenshot with error-message, when trying to install a theme. We don't want to whitelist locales or themes, they should be still allowed for installation.

What I'm doing wrong? - Thanks for your feedback.

##############

{
"*": {
"installation_mode": "blocked",
"allowed_types": ["theme"]
},
"uBlock0@raymondhill.net": {
"installation_mode": "allowed"
},
"jid1-ZSMfwe4lCAw9oQ@jetpack": {
"installation_mode": "allowed"
}
}

We downloaded the GPO Templates for AD and looking to customize Firefox.

We would like to disable Forms and Autofill: Autofill addresses Autofill credit cards

Also would like to lock down so they can't reenable if possible.

We would like to do this all through GPOs if possible. I found these in the about:config: extensions.formautofill.addresses.enabled extensions.formautofill.creditCards.enabled

But again want to do through the GPO. Is this possible?

Side note while working on GPOs, I set Exceptions for the popup blocker and they are not showing up in the browser. I also filled out to remove Search Engines but they all still appear in the browsers. These two GPO settings don't appear to be working.

We are looking to mass deploy Firefox x64 for Windows to all staff in our organization, using SCCM. I know you can set a default home page in mozilla.cfg for all users, including future users who don't yet have a profile on the computer Firefox is installed on. Is there a similar option so I can configure Firefox to always show the menu bar for all users? Preferably, another line I can add to mozilla.cfg so that I can easily copy that to all our machines? Thanks.

I am an admin of some servers, i modify the proxy settings of firefox in a GPO, and it works, but now ont thing is that users can modify the settings of "No proxy for" in Connection Settings, then add the urls, then users can access to any web site which they want to, is there a method to disable this? thanks.