Showing questions tagged: Show all questions
  • Solved

Distribute Exception set via cert_override.txt company wide

Hey everyone, I'm currently working for a company where we need to distribute a set of exceptions for 4 internal websites. For many reasons the firefox currently does not… (read more)

Hey everyone,

I'm currently working for a company where we need to distribute a set of exceptions for 4 internal websites. For many reasons the firefox currently does not trust the certificate that has been issued and users will receive the prompt "Warning: Potential Security Risk Ahead" and the user can click on "Advanced" -> "Accept the risk and continue" Now this is something we would like to prevent from happening.

The obvious solution would be to have a proper certificate in place but that is the long term solution and we need a quick workaround with the same result -> access the page without the prompt. The prompt is gone once we set the exception and copy the "Cert_override.txt" to the user profile. Now I have a script that I could use to copy the file to all profiles but that would be the absolute last thing I would want to do.

So my question is: is there any way to set an exception system wide instead of on a user profile basis? We are not using the Firefox ADMX templates but just a mozilla.cfg. Reading about the ADMX templates it also doesn't look like it would be possible via a policy, is that correct? Do you guys have any suggestions as to what we can do here?

Any helpful hints would be appreciated.

Thank you.

Asked by Randoms 1 week ago

Answered by Randoms 2 days ago

  • Solved

Upgrade over or uninstall when upgrading?

Hi! I've been deploying Firefox for a while now. One question I was never able to find an answer to, is this: after adding a new upgrade package and selecting a package i… (read more)

Hi! I've been deploying Firefox for a while now. One question I was never able to find an answer to, is this: after adding a new upgrade package and selecting a package it will upgrade, should one choose the "Uninstall the existing package, then install upgrade package" or the "Package can upgrade over the existing package" option? I've been upgrading over and it seems to have been working OK, but I never got a confirmation one way or another. Is there a preference here for Firefox?

Asked by draito 1 month ago

Answered by Mike Kaply 1 month ago

  • Solved

Will the removal of DTLS v1.0 be considered a security fix for FFx ESR 68.x or will the feature be preserved until ESR 78 is out?

Hi, Support for DTLSv1.0 will be removed in FireFox 75. Will the feature be preserved in all the FireFox ESR 68.x security-fix releases, until FireFox ESR 78 is out? Or… (read more)

Hi,

Support for DTLSv1.0 will be removed in FireFox 75.

Will the feature be preserved in all the FireFox ESR 68.x security-fix releases, until FireFox ESR 78 is out? Or will disabling DTLSv1.0 be considered a security fix that can get pushed to one of the ESR 68.x releases?

Thanks in advance, Lionel

Asked by lionel.capiez 2 months ago

Answered by TyDraniu 2 months ago

  • Solved

how to pin a tab automatically at first launch, after installing firefox ?

hello, i know how to set homepage with policies.json, add bookmarks, or set user pref with autoconfig but i can't find a way to pin a tab automatically at first launch, a… (read more)

hello, i know how to set homepage with policies.json, add bookmarks, or set user pref with autoconfig but i can't find a way to pin a tab automatically at first launch, after installing firefox. is it even possible ? it seems that Firefox store a pinned tab in the sessionstore-backups folder on user profile. thank you

Asked by himago 3 months ago

Answered by Rasmus Kallas 3 months ago

  • Solved

Can I control normal Firefox application using the Firefox Group Policy Object? Or must I use Firefox Enterprise?

I was under the impression that I would need to install Firefox enterprise edition in order to work with the Firefox Group Policy admx files, however I noticed that when … (read more)

I was under the impression that I would need to install Firefox enterprise edition in order to work with the Firefox Group Policy admx files, however I noticed that when I set the policy to disable to password prompt in the GPO, it worked just fine with a normal Firefox install (not enterprise).

Can someone confirm if there are certain policies that require the enterprise version of Firefox to be installed?

Asked by jfilmore 4 months ago

Answered by philipp 4 months ago

  • Solved

Why does pref app.update.auto take no effect in custom cfg file?

Every six months we update firefox to the newest ESR version in our company. Last we did this in December 2019, and now users are complaining that firefox wants to instal… (read more)

Every six months we update firefox to the newest ESR version in our company. Last we did this in December 2019, and now users are complaining that firefox wants to install updates, which requieres admin privileges. To prevent this, we set up the following in a custom cfg file:

lockPref("app.update.auto", false); lockPref("app.update.enabled", false);

But now this setup takes no effect anymore (Neither the preference itself, nor that it should actually be locked). The firefox settings seem to ignore this, for there is absolutely no restriction. Other settings get applied, only the update policy is changeable to whatever the users want.

Am I missing something?

Asked by Albani 4 months ago

Answered by Wesley Branton 4 months ago

  • Solved

How to disable automatic updates by managing ESR 68

At: (https://support.mozilla.org/en-US/kb/firefox-esr-release-cycle): "System administrators can disable automatic updates through ESR management through your installatio… (read more)

At: (https://support.mozilla.org/en-US/kb/firefox-esr-release-cycle): "System administrators can disable automatic updates through ESR management through your installation system. " However, as of the ESR 68 version, no police to disable automatic update has been effective. In fact, I believe this control is the need for corporate environments, that is, controlling their versions in production. Is there a solution? Thanks! Obs.: Annex follow differences between ESR 60 and ESR 68 versions.

Asked by Klaus 4 months ago

Answered by Wesley Branton 4 months ago

  • Solved

How do I determine what the support period for a particular esr release is?

I am trying to determine whether or not a machine I'm evaluating is running a supported version of Firefox, but I don't seem to be able to actually find the support perio… (read more)

I am trying to determine whether or not a machine I'm evaluating is running a supported version of Firefox, but I don't seem to be able to actually find the support periods for various release listed anywhere. The machine in question is running "Extended Support Release 60.2.2esr (32-bit)"

Asked by Chuck Reel 4 months ago

Answered by TyDraniu 4 months ago

  • Solved

how to change the the setting "Privacy & Security - History - Clear history when Firefox closes" using mozilla.cfg

My Firefox 70.0 32-bit version is default to not clear history when Firefox closes. However, when I upgrade to Firefox 68.2 ESR 64-bit, it is defaulted to clear history … (read more)

My Firefox 70.0 32-bit version is default to not clear history when Firefox closes. However, when I upgrade to Firefox 68.2 ESR 64-bit, it is defaulted to clear history when Firefox closes. How do I toggle that value in .cfg file. I want to change the config before install Firefox because changing it after the installation is not feasible. I have a lot of users to install. Thanks.

Asked by hknguyen2000 5 months ago

Answered by Wesley Branton 5 months ago

  • Solved
  • Archived

Does Firefox 60.7.2 ESR contain the security fix detailed in "CVE-2019-11702: IE protocols can be used to open known local files"?

After looking through the security fixes for Firefox ESR, I don't see "CVE-2019-11702: IE protocols can be used to open known local files" addressed anywhere. This was f… (read more)

After looking through the security fixes for Firefox ESR, I don't see "CVE-2019-11702: IE protocols can be used to open known local files" addressed anywhere. This was fixed in Firefox non-ESR 67.0.2 (released 06/11/2019) under 2019-16.

ESR 60.7.2 released 06/20/2019 so I'm assuming that it'd include the 2019-16 security fix but the Mozilla site detailing security fixes does not show that. Is it possible to confirm if 60.7.2 patches out the known vulnerability?

Asked by someguy 10 months ago

Answered by philipp 10 months ago

  • Solved

Unable to delete Certificates added using Firefox policies

My product needs to add a CA cert to firefox cert chain. My CA can change and accordingly I have to delete older cert from FF cert store and add the new one. To achieve … (read more)

My product needs to add a CA cert to firefox cert chain. My CA can change and accordingly I have to delete older cert from FF cert store and add the new one. To achieve this currently I am using a cfg file which enumerates over the all the certs, finds if cert with common name already exists, match the pem and deletes/adds the cert.

The issue I am seeing from FF 71 (FF < v70 and FF 68.3esr are working fine):

TypeError: certdb.getCerts(...).getEnumerator is not a function

This seems to be deprecated. Do we have any substitute for this function?? Changing "security.enterprise_roots.enabled" config is not an option.


I also find out that new way of doing is to use policies.json(https://github.com/mozilla/policy-templates/blob/master/README.md#certificates). I tried the new way and is able to add the certs but I have few questions:

1. There is an "Install" option present but no "Uninstall". Is there any way to uninstall the previously installed CA cert in the event of cert change using policies.json.

2. If not, then do we have a timeline by which we can expect this to be included?

3. I see that we have to name the file "policies.json". What if someone else is using the policies.json for another software? Do I have to add it in the same file because using any other name for the file is not working.

Asked by Pankaj Adhikari 5 months ago

Answered by Pankaj Adhikari 5 months ago

  • Solved
  • Archived

Using mozilla.cfg and group policies

In the past we've modified mozilla.cfg to make modifications to Firefox for our organization. Mozilla.cfg is still deployed. I attempted to use Group Policy in an attem… (read more)

In the past we've modified mozilla.cfg to make modifications to Firefox for our organization. Mozilla.cfg is still deployed. I attempted to use Group Policy in an attempt to test how well it worked however it does not appear to work at all. Can you use Group Policies to configure Firefox if Mozilla.cfg is also deployed?

Asked by Daniel Kaliel 10 months ago

Answered by Wesley Branton 10 months ago

  • Solved
  • Archived

Flash site whitelisting not working ?

Good morning, I would like to implement site whitelisting for FLASH but I cannot find the right combination of GPO settings. I am tweaking two of them: - Activate Flash … (read more)

Good morning,

I would like to implement site whitelisting for FLASH but I cannot find the right combination of GPO settings.

I am tweaking two of them: - Activate Flash on websites left in "Not configured" - Allowed sites , enabled with a couple of domains on it. - Blocked sites, put * to block all by default.

I was expecting that only the two domains listed would be allowed to execute FLASH but the behavior was that for those two domains, the click to play is not shown. For any other site with flash i can simply click on the icon and enable flash for it. :/

Is that the intended behavior?

Using FF ESR 68.01 in W10 Enterprise

Asked by jose.cortijo 6 months ago

Answered by Mike Kaply 6 months ago

  • Solved
  • Archived

Firefox 68.2esr how to confgiure before deploymnet the disabling (not showing) both the library icon "|||\ " and "show sidebars" icons

using the most recent firefox-68.2.0esr.tar.bz2 I have to configure it for corporate use. I'm using policies.json and userChrome.css files properly installed. They work.… (read more)

using the most recent firefox-68.2.0esr.tar.bz2 I have to configure it for corporate use. I'm using policies.json and userChrome.css files properly installed. They work. But I cannot find out how to disable (i.e. prevent from ever showing) the library icon and the "show sidebars" icons. This has to happen before deployment - users are not allowed to change any configuration/preferences/customization once deployed.

In the image below see the 2 icons at near the top of this snippet of a browser page. Left icon looks like a stack of books (the library icon) and the one next to it on the right is the "show sidebars" icon.

Thanks for your help.

Asked by jpietras 7 months ago

Answered by Wesley Branton 7 months ago