Firefox za Enterprise Forum podrške

Launch Firefox, manually check for latest update by going to settings > Help > About Firefox. However the manual update keep showing update failed. Other than Mozilla config file, can we use GPO to configure auto update for Firefox browser?

I am a Cyber Security Specialist and System Integrator (www.techwareusa.com and www.cybersecureusa.com ). I have developed a pretty good Cyber Security Stack with the exception of one chink in my armor. I have been running the Stack on my Clients systems (about 100 total) for over two years and have had only one breach. That breach was caused by the Client not following my suggestion (read any popup and don’t just click through it). He does now.

Part of my Stack is Firefox which I like a lot except that your cyber security leaves one thing as an exposure.

If one were to browse to a poisoned website (namely one infected with malware of some type) and click on an inserted link, malware is automatically downloaded and installed. Firefox does nothing to stop the system from being infected. This kind of website is one that pops up with a big red screen saying “your machine has been infected with a “trojan” or some such. Do not attempt to turn off your system and call Microsoft Support at xxx-xxx-xxxx” (often an 800 #). Indeed, the browser is locked and can’t be closed from a normal action. (When I install Firefox, I setup the security features for my Clients including telling it to block pop-up windows and Warn you when websites try to install add-ons in the Privacy & Security, Permissions section. I have my Clients systems under my control via Splashtop Remote Support into my office. If the “Tech” hasn’t messed up my Splashtop install, I will go in, use Task Manager to shut down Firefox and then clean the system. If the “Tech” did mess up my Splashtop install, the system will have to be sent to me to fix. I have Clients in several states across the southern part of the country.

If the Client calls the 800# the “tech” will remotely access their system and totally messes it up with registry entry’s, replacing files with corrupted versions and such actions. All of this to raise the cost to my Client. They will charge the Client about $700 to $800 but also they will get the Client’s Credit card information to sell. The Client will then call me and often the system is so messed up that I have to reload the OS and missing applications plus my time and the total cost to the Client is often well over $1,000.

I have been looking for software that will block these poisoned websites. The only one that I have found that looks like it will work is Threatlocker. While a good product, the company has its head in the wrong place as far as setting up resellers. I am a reseller and have been in business for over 28 years and have had many vendor relationships. These folks want us to sign both an End User Agreement (that makes me responsible for the way that my Clients use their software) plus they want me to sign a Partner Agreement. In my mind I cannot be both and certainly will not agree to be the end user.

Back to what I am asking help on is the automatic install of the malware off of the poisoned website. Perhaps a browser “setting” to ask for an override button option to be able to install software on the system. If I chose this in the Firefox Settings it will take an action on the part of the user to override the automatic install. In fact, if we could add to the option a number of times (and maybe a message, like CALL BILL before you proceed) that the override button has to be pressed to do the install. The more I can get the user to think, the better it will be for them and the more they will appreciate Firefox and me. No other browser has any feature like this.

All our Firefox browsers (version 99.*, Windows 10 Pro or Enterprise) in the company need around 20 seconds to load a web page when first opened. All other browser functions work fluently from the beginning. Also the slowness only happens after opening and not during further use. Which Firefox is refusing to load I can open other tabs and e.g. do a Google search and then the "slowness timer" starts again (independently if the first tab is closed or stays open) and refuses to do anything on that tab. Once the slownedd period is over all tabs are loaded and no further problem occurs. This issue occurs only when the GPO "URL for Home Page" is applied. But this page is reachable and when Firefox is working it loads within milliseconds. For testing I created a new profile and on the first startup the problem already occurs. And all other startups too. When temporarily removing this one GPO entry it immediately works again fluently. It also doesn't matter what I set as home page (company internal website or some random web page); it is always slow once this setting is in place.

Hi All- I am in charge of deploying Firefox ESR to my company and trying to get it to silently auto update on it's on with user interaction. We have policies in place (GPO) that prevent it at this point. I need some guidance on whether I should use just GPOs to manage this or should I go the route of the .cfg file? If someone has a step by step on how to best achieve this I would appreciate it. I am currently using the .msi installer.

Here is settings in an old .cfg file that I am testing with:

lockPref("app.update.mode", 1); lockPref("app.update.service.enabled", true); lockPref("extensions.update.enabled", false); lockPref("extensions.update.autoUpdateEnabled", false);

// Set default homepage - users can change // Requires a complex preference defaultPref("browser.startup.homepage","data:text/plain,browser.startup.homepage=http://workday");

// Don't ask to install the Flash plugin lockPref("plugins.notifyMissingFlash", false);

// Disable Search Engine automatic updates lockPref("browser.search.update", false);

//Disable telemetry lockPref("toolkit.telemetry.prompted", 2); lockPref("toolkit.telemetry.rejected", true); lockPref("toolkit.telemetry.enabled", false);

// Disable health reporter lockPref("datareporting.healthreport.service.enabled", false); lockPref("datareporting.healthreport.logging.consoleEnabled", false); lockPref("datareporting.healthreport.uploadEnabled", false);

// Disable all data upload (Telemetry and FHR) lockPref("datareporting.policy.dataSubmissionEnabled", false);

// Disable crash reporter lockPref("toolkit.crashreporter.enabled", false); Components.classes["@mozilla.org/toolkit/crash-reporter;1"].getService(Components.interfaces.nsICrashReporter).submitReports = false;

// Don't show WhatsNew on first run after every update pref("browser.startup.homepage_override.mstone","ignore");

// Don't show 'know your rights' on first run pref("browser.rights.3.shown", true);

Hello! As you may know, FireFox does not use the Windows Certificate Store by default. Therefore I have to change the "security.enterprise-roots.enabled" in the preferences on each workstation. I have searched and found ways to enforce this change by GPE , but I wonder if there is a way to change firefox preferences, especially the one I've mentioned, via Registry Editor.

I manage SCCM in my environment, and have been successfully offering Firefox ESR for a while now, along with silent updates when new versions are released.

Today I realised that not all of my users are using the ESR version from the Software Centre (90.10.0), but have instead installed the normal version to their profile (ranging from 83.x.x to 101.x.x). These are clearly not being updated, and it's been flagged by security scans.

So, I'm looking for a way to remove them silently with a script that I can insert into the ESR deployment, and replace these unsupported versions.

Can anyone help me?

I would like to completely remove the address bar (url bar?) from Firefox 78 64bit. We had to update our Firefox at work and the old way of doing it through the userChrome.css file doesnt seem to work with the newer versions.

Hi,

We've GPOs in place for Edge and Chrome that set said browsers on all our Windows endpoints to open downloaded ICA files in Citrix Workspace.

I've imported the firefox.admx and mozilla.admx file along with assocaited .adml files, checked Github, checked through the GPO settings yet cannot figure out how to do the same with Firefox.

Is there a Mozila Firefox for Windows GPO ADMX setting I can use to control the "Firefox>Settings>General>Files and Applications>Applications" section to add "Content type: ica | Action: Use Citrix Workspace"?

Thanking you....

Hello all,

We must use a third party application which can only be installed in user home directory. We'd like to create a GPO to manage user settings, and configure a handler for this application.

Is it possible to use an environnement variable (for example %LOCALAPPDATA%) in the path of a handler ?

Thank you.

Hello,

As the title mentions, applying a block to all extensions via "*" by utilizing Extension Management GPO will block about:debugging.

Is there a way to simultaneously have all extensions blocked and about:debugging available?

Here's the JSON - { "*": { "installation_mode": "blocked" } }

Appreciate your time and help, - Dom

I have been tasked to have our Firefox auto update without user interaction. We have a small enterprise of about 2000 or so PCs but only maybe 300 use Firefox consistently. According to the GPOs it claims that it will update even when the browser is not open. I have this working fine on Chrome and Edge. You can see my attached screenshots that my GPOs are dropping down correctly to my VM. When I open Firefox and leave it open I can see that an "updated" folder is created in the Program Files>Mozilla Firefox. If I close Firefox the updated folder disappears and and installs the latest update. Once I reopen Firefox I can see that it updated. I need this to happen without the browser being launched, closed and reopened. I went into Settings>General and noticed that my update section is missing some of the update options that I see when researching. Automatically Install Updates and When Firefox is not Running options (see screen shots) are missing from my install. I am pretty sure this is why it will not truly silently auto update. Does anyone know where those two options are controlled from and how do I get those to show on my installs?

We have several servers with Firefox installed and automatic updates enabled to include "When Firefox is not running". However, our security scans indicate that the version is out of date. We have to connect to the box and finish the updates. The current version is at 103.0.1 and the previous version was above 100 (failing to remember exact version). Is there a way to ensure that Firefox remains up to date without connecting to the server?

We have a customer using our SaaS solution running through Firefox 91.12.0 ESR. The web application we provide requires access to the camera on the local machine so we can capture a photo. We give them instructions and they configure their instance of Firefox to ALLOW access to the camera, along with several other adjustments (like allowing pop-ups, and no autofill).

However, whenever they restart Firefox the camera permission reverts back to the DEFAULT of Always Ask. The other settings adjustments we make, like pop-ups and no autofill stick around, but not the camera setting.

We've checked the PREF.js file in the Profile folder and that doesn't appear to be a problem. On our in-house machines we are running the same version of Windows and Firefox and cannot reproduce the problem.

The customer has recently applied the upgrade from an earlier version of Firefox ESR to 91.12.0. The customer has also imaged the PC and copied over to a large number of additional machines for use around their organization. This problem is causing a serious disruption to their deployment of the updated PC's as we work with them to try and troubleshoot the problem.

Any ideas on what to try would be appreciated.

Why isn't firefox ESR 102.1 available for download via this link, it still downloads 91.12 which has vulnerabilities. https://www.mozilla.org/en-US/firefox/enterprise/ I found it after digging around but it was a hassel.

Hello, Qualys is detecting Vulnerabilites on our Firefox ESR 91.12 Versions which were patched by MFSA2022-29.

It is showing Vulnerabilities because MFSA2022-30 lists CVE's for ESR 102.X and we are on 91.12.

Is there anywhere I can go to get a list of all Vulnerabilities on 91.X to show our Security team, I believe CVE-2022-36314 and CVE-2022-2505 are not present in 91.12 because they are not listed in https://www.mozilla.org/en-US/security/advisories/mfsa2022-29/ but need evidence

Thank You,

Some users in my organization have been complaining about FireFox location protection since the update to 103.0.2. We would like an option to completely disable this "feature". Our users are complaining about having to individually make exceptions via the shield icon and selecting custom and unchecking all boxes does not work for our use case scenario. Is there any option to disable this completely or are there plans in future releases to allow us a disable feature (like you used to have) or is the only solution to switch our users to Chrome? Thanks

We use GPO to push out our Firefox homepage and bookmarks. I get totally different results for each user, some will make changes right away if I add a new book marks, but they don't see older ones?

I decided to build a few test machines (we don't have time to build a dev envir) and it applies the GPO for the home page but not the bookmarks, I can see the book marks in the registry even but nothing on firefox. Anyone have a guess?

thanks David