All Products Community Forum

We recently update Firefox with version 138.0 and now getting the message "Gah. Your tab just crashed" when opening the browser.

We attempted to update and install version 138.0.1 only resulting with the same error. We also found and attempted the following all resulting with the same error: - change the about:config page for settings to false for both browser.tabs.remote.autostart and browser.tabs.remote.autostart.2

- clear browser cache.

- enable Temporary Mode in the Help menu. This appears to fix the problem but only for the current browser session. When a new Firefox window is opened, the error reappears.

What is needed to resolve this error or is there a way to permanently enable Temporary Mode or some similar setting? Thanks for all your help with this.

Hello,

New subscriber here. I have been given the task to test the install and uninstall of the Purview Firefox browser extension using Intune. I created 2 groups in EntraID, one for each (install and uninstall).

I have no issues with the installation. Initially, I left the test device in the install group and then added it to the uninstall group to remove it. (this usually works with other apps, it worked this way with the Purview Chrome browsing extension as well other apps) but when I do this, nothing happens.

Next, I removed the device from the install group and added it to the uninstall group only. Once the configuration profile applies to the test device, it allows the user to remove it manually (before it did not) but the extension remains installed.

I have created a policy using the administrative template extension uninstall option as well as with the OMA-URI settings but the same happens. When i check the device configuration for the device in Intune, it says it succeeded but that is not the case. The OMA-URI setting I was not too sure about, but gave it a shot. I used the UUID value for the Purview Firefox extension

I am attaching some pictures and hope someone can tell me what I am doing wrong. I can add additional information, if needed. I have opened a ticket with Microsoft last week but have not called me yet. I ran into this forum today.

Thanks in advance

Hey everyone. I am automating end-to-end testing with playwright for python, using the official Docker image from the microsoft artifact repository (using `playwright/python:v1.49.1`).

As I have signed certificates for my local domains with my own certificate authority, I am trying to have Firefox automatically install the certificates via a policies file. However, Firefox seems to ignore the policies file no matter what.

To ensure that the file itself is used, I simplified it to a single boolean value, and ensured that it's copied correctly inside the container via the `cat` command. Here are the current contents:

{

 "policies": {
   "DisableTelemetry": true

}

I know that the CA certificate is installed correctly, as it works out of the box using the WebKit browser and Curl command. I have gotten it to work in Chromium by installing it to nssdb using `certutil`.

I have converted the file from ASCII to the `utf-8` charset.

The file has the expected content, and I have copied it to both `/etc/firefox/policies/policies.json` and `/ms-playwright/firefox-1466/firefox/distribution/policies.json` (the path to the binary is `/ms-playwright/firefox-1466/firefox/firefox`).

Opening `about:policies` shows the text "The Enterprise Policies service is inactive.", which is sadly not very informative. It would be nice to have a list of locations it looks in, and any problems it encountered.

The container uses Firefox Nightly 132.

Are these locations incorrect? Is there any way to debug this? Does anyone have any other suggestions? If you need any more info (Dockerfile, etc.), please let me know.

Thanks in advance.

The recommended methods, changing to this in the registry :

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\Certificates] "ImportEnterpriseRoots"=dword:00000000

Reverts back to 00000001

Put this policies.json and did nothing: {

 "policies": {
   "Certificates": {
     "ImportEnterpriseRoots": false
   }
 }

} What am I missing or what's changed?

My specific need at the moment is to add another search engine option in about:preferences#search

Thanks.

Hi. On an Active Directory, we deploy Firefox (normal or ESR). It's OK. When we deactivate the link of the GPO, it's supposed to uninstall. But it doesn't (even if we delete the GPO, specifying to uninstall at once).

The gpresult command on each computer doesn't show the GPO anymore, but Firefox is still installed.

( FYI, we used to do that with FrontMotion Community Edition, and it was always working (instal and uninstal). We even just tried the "last" (but old) ESR edition present on the FrontMotion site (CEESR-102), and it works. But FM CE version has stopped being developped. )

So, any idea about why the official Mozilla Firefox version (normal or ESR) doesn't uninstall?

Thanks by advance.

We are currently considering using Firefox ESR as our default browser but experiencing a few issues and one of them is with our configured SailPoint IdentityIQ Single Sign-On Experience, which uses Basic Authentication.

Issue Description First, the login button needs to be clicked multiple times before access to the site is granted. Once signed in, the Firefox inbuilt authentication dialogue appears, prompting the user to log in again (see the attached screenshot). The landing page is only presented after clicking the login button several times. This creates a poor user experience, sometimes causing pages to load improperly. Interestingly, the same process works seamlessly in Edge Chromium.

Troubleshooting Steps Taken I have already attempted the following: 1. Temporarily disabled all custom and security settings in mozilla.cfg and config.json. 2. Temporarily disabled Firefox Tracking Protection. 3. Allowed third-party cookies for the specific URL. 4. Upgraded Firefox Version to 128.7.0 5. Since our Firefox browser is significantly hardened, I have also enabled and reconfigured the following settings in mozilla.cfg to ensure Basic Authentication is allowed, functions properly, and suppresses Firefox’s authentication prompt, but without success:

network.http.phishy-userpass-length = 255 network.http.use-basic-auth network.automatic-ntlm-auth.allow-non-fqdn network.automatic-ntlm-auth.trusted-uris security.enterprise_roots.enabled security.enterprise_roots.enabled

Observations from SailPoint Team Our colleagues from SailPoint have tested the setup in their environment, and according to them, it works as expected. However, their browser is not hardened, and they have leveraged the SailPoint UI for authentication instead of the built-in Firefox authentication prompt.

Further Investigation • Is there a specific configuration required in the user profile settings? • Network trace analysis shows 404 errors on GET requests and the following error codes on POST requests: • 302 Redirect: Mozilla Documentation • 408 Request Timeout: Mozilla Documentation

Next Steps Is there a specific security setting that needs to be enabled or disabled? Are there any particular Firefox enterprise policies we should modify? I have also attached screenshots for reference. Let me know if you need specific logs or network traces for further troubleshooting.

I'm developing a parental control add-on, installed with policies.json. It works... but it's easy to disable it by simply deactivating it in private windows + opening a private window, which kinda makes it useless.

Is there a way to force my add-on to work in private windows, regardless of user choice?

If that's not possible, is it possible to somehow disable private windows while the add-on is disabled in private windows.

Note: I know that I can disable private browsing entirely with policies.json `privatebrowsingmodeavailability`, but I'd rather avoid it. Kids browing privately is a good idea :)

Hello,

Our organization is attempting to implement a Conditional Access policy that restricts access to certain websites to Intune joined devices only. The error message mentions that I need to enable a setting from within Firefox called Windows SSO, mentioned here: https://support.mozilla.org/en-US/kb/windows-sso. This setting is already enabled and I am still getting an error.

Is there anything else that could be causing this?

I'm using Firefox ESR 128.10.1esr on Kali, and I'm encountering an issue where the 'Refresh Firefox' option is missing from the ☰ → Help → Troubleshooting more Information. This is preventing me from restoring Firefox to its default settings. I've already tried the following:

   Restarting Firefox

   Clearing the startup cache

   Confirmed there are no extensions installed

None of these steps have fixed the issue. I need a way to reset Firefox ESR to factory defaults, but I can't find an option to do so. Attached is a screenshot of the Troubleshooting Information page.

Any assistance would be greatly appreciated!

Hello community,

i would like to ask about how to deploy security.pki.certificate_transparency.disable_for_hosts globally for users? With version 135 a lot of production webapps stopped working and as of now , we have to do manual modification in about:config. Our company has over 300k users , so the possible disruption might arise very quickly and there will be significant loses in production enviroment.

Is there a way how to deploy this specific setting via GPO/SCCM ?

Thank you

I look after about 20 PCs. All Windows 10. All were running Firefox ESR ranging from 115 - 128. As I get time I update each to the latest 128.x. Using group policies I've disabled all update settings.

However, on two of the PCs, they have updated to v139.0.1. Both of the users swear they did not manually do any update. I can't figure out how they got downgraded to the retail channel.

So my question is, since 128 < 139 how can I get them back on to the ESR channel, without loosing history, bookmarks, passwords and saved logins? I gather FF's installer will detect 128 as an older version and throw an error?

ESR -> Retail to me is a downgrade. So is it possible then to upgrade back to 128.11.x?

Each PC is refreshed annually and the only backup of the profile folder I have is from the last refresh, which in most cases in 8-9 months old.

Is there any way to find out why the downgrade happened when group policy forbids it, and the user did not manually download and install the latest version?

When these downgrades happen they break things. For example, when one PC was downgraded to retail his outlook.com email no longer works. If he uses his laptop which is on 128.11.0 it works fine.

I confirmed this problem on two separate computers(windows 7 and windows 11) and version 115.23.0 of Firefox ESR can not properly play streams on twitch.tv

Audio will play, but the video does not load with only a black screen with question mark icon replacing video feed.

Form History Control (II) FoxyProxy Standard

These 2 extensions just installed themselves in Firefox ESR and disabled ALL my current extensions!!? I can't seem to remove them either.. please help!

I'm running Parrot OS (Linux) and had just signed myself in @hackthebox.com , which is a friendly place where people can learn to develop their cybersecurity skills. security on this site should be great, i don't know if this could be the issue...

Thanks in regards!

Hi, we use Firefox 128.9.0esr (64bit) on about 6000 workstations. We redirect the stored bookmarks on a personal network drive for each user. For that we use these settings via Windows group policy:

browser.bookmarks.file = P:\Firefox\Bookmarks browser.bookmarks.autoExportHTML = true browser.places.importBookmarksHTML = true

For some time the automatic export/import with that settings above does not work any more. When I close Firefox on workstation A, the bookmarks seem to be exported correctly in that export-file (check the file via editor). But when I use another workstation B an start Firefox, the exported file does not import on startup. But this worked fine in the past.

I found out, that the switch "browser.places.importBookmarksHTML" is obviously automtically set to false when I have startet Firefox (checking with about:config). I dont know if it is correct.

Any suggestions? Maybe it's a new bug?

Thanks Malte

I am going to deploy Firefox ESR in an environment where the default topsites provided by the top-sites.json included in omni.ja (namely Wikipedia, youtube and reddit) are not desirable, and I want to provide my own. I cannot find a way to do so.

Setting the browser.newtabpage.activity-stream.default.sites preference through the policies.json file does not work (the pref gets loaded but it does not influence the actual default topsites, which is not surprising since the default value of this pref has nothing to do with the actual default topsites).

Note that I am not seeking to remove the topsites from the homepage entirely (as would be achieved through the FirefoxHome/TopSites policy), I want to change the default ones.

I tried creating my own top-sites.json in /lib/firefox-esr/browser/ where omni.ja resides, but to no avail.

Добрый день Есть ли возможность установить плагин .xpi в mozilla через cmd. AltLinux. Конечно я уже прочел статьи существующие. Не сработали рекомендации. Можно ли сделать вывод что Firefox 128.0 ESR не поддерживает установку плагинов через cmd? Если да, то можем ли мы сослаться на официальный ответ firefox ? Благодарю за рекомендации.

I am a DNS administator at my employers and notice that on my employers network that aus3.mozilla.org and aus4.mozilla.org seem to be returning NXDOMAIN both with our on prem DNS and via the public dns providers when a browser attempts update it can fail.

Have other Australian users reported such behavior and are these hosts still valid

DIG

grudd@crayon:~$ dig @8.8.8.8 aus3.mozilla.org

<<>> DiG 9.18.30-0ubuntu0.20.04.2-Ubuntu <<>> @8.8.8.8 aus3.mozilla.org

(1 server found)

global options: +cmd

Got answer:

->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40382

flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

OPT PSEUDOSECTION:

EDNS: version: 0, flags:; udp: 512

QUESTION SECTION:

aus3.mozilla.org. IN A

AUTHORITY SECTION:

mozilla.org. 2 IN SOA infoblox1.private.mdc1.mozilla.com. hostmaster.mozilla.com. 2024020614 180 180 1209600 60

Query time: 0 msec

SERVER: 8.8.8.8#53(8.8.8.8) (UDP)

WHEN: Mon Jun 02 10:04:52 AEST 2025

MSG SIZE rcvd: 126

grudd@crayon:~$ dig stun.services.mozilla.com

<<>> DiG 9.18.30-0ubuntu0.20.04.2-Ubuntu <<>> stun.services.mozilla.com

global options: +cmd

Got answer:

->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56679

flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

OPT PSEUDOSECTION:

EDNS: version: 0, flags:; udp: 1280

QUESTION SECTION:

stun.services.mozilla.com. IN A

AUTHORITY SECTION:

services.mozilla.com. 836 IN SOA ns-679.awsdns-20.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

Query time: 0 msec

SERVER: 10.67.10.62#53(10.67.10.62) (UDP)

WHEN: Mon Jun 02 10:13:11 AEST 2025

MSG SIZE rcvd: 138

grudd@crayon:~$ dig @8.8.8.8 stun.services.mozilla.com

<<>> DiG 9.18.30-0ubuntu0.20.04.2-Ubuntu <<>> @8.8.8.8 stun.services.mozilla.com

(1 server found)

global options: +cmd

Got answer:

->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62337

flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

OPT PSEUDOSECTION:

EDNS: version: 0, flags:; udp: 512

QUESTION SECTION:

stun.services.mozilla.com. IN A

AUTHORITY SECTION:

services.mozilla.com. 127 IN SOA ns-679.awsdns-20.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

Query time: 0 msec

SERVER: 8.8.8.8#53(8.8.8.8) (UDP)

WHEN: Mon Jun 02 10:13:19 AEST 2025

MSG SIZE rcvd: 135

grudd@crayon:~$ dig @8.8.8.8 aus4.mozilla.org

<<>> DiG 9.18.30-0ubuntu0.20.04.2-Ubuntu <<>> @8.8.8.8 aus4.mozilla.org

(1 server found)

global options: +cmd

Got answer:

->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15261

flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

OPT PSEUDOSECTION:

EDNS: version: 0, flags:; udp: 512

QUESTION SECTION:

aus4.mozilla.org. IN A

AUTHORITY SECTION:

mozilla.org. 40 IN SOA infoblox1.private.mdc1.mozilla.com. hostmaster.mozilla.com. 2024020614 180 180 1209600 60

Query time: 4 msec

SERVER: 8.8.8.8#53(8.8.8.8) (UDP)

WHEN: Mon Jun 02 10:24:30 AEST 2025

MSG SIZE rcvd: 126

grudd@crayon:~$ dig @8.8.8.8 aus4.mozilla.org

<<>> DiG 9.18.30-0ubuntu0.20.04.2-Ubuntu <<>> @8.8.8.8 aus4.mozilla.org

(1 server found)

global options: +cmd

Got answer:

->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26928

flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

OPT PSEUDOSECTION:

EDNS: version: 0, flags:; udp: 512

QUESTION SECTION:

aus4.mozilla.org. IN A

AUTHORITY SECTION:

mozilla.org. 35 IN SOA infoblox1.private.mdc1.mozilla.com. hostmaster.mozilla.com. 2024020614 180 180 1209600 60

Query time: 0 msec

SERVER: 8.8.8.8#53(8.8.8.8) (UDP)

WHEN: Mon Jun 02 10:24:32 AEST 2025

MSG SIZE rcvd: 126

grudd@crayon:~$ dig @8.8.8.8 aus5.mozilla.org

<<>> DiG 9.18.30-0ubuntu0.20.04.2-Ubuntu <<>> @8.8.8.8 aus5.mozilla.org

(1 server found)

global options: +cmd

Got answer:

->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37023

flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

OPT PSEUDOSECTION:

EDNS: version: 0, flags:; udp: 512

QUESTION SECTION:

aus5.mozilla.org. IN A

ANSWER SECTION:

aus5.mozilla.org. 48 IN CNAME balrog-aus5.r53-2.services.mozilla.com. balrog-aus5.r53-2.services.mozilla.com. 58 IN CNAME prod.balrog.prod.cloudops.mozgcp.net. prod.balrog.prod.cloudops.mozgcp.net. 984 IN A 35.244.181.201

Query time: 4 msec

SERVER: 8.8.8.8#53(8.8.8.8) (UDP)

WHEN: Mon Jun 02 10:24:43 AEST 2025

MSG SIZE rcvd: 163

grudd@crayon:~$ dig @8.8.8.8 aus5.mozilla.org SOA

<<>> DiG 9.18.30-0ubuntu0.20.04.2-Ubuntu <<>> @8.8.8.8 aus5.mozilla.org SOA

(1 server found)

global options: +cmd

Got answer:

->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65395

flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

OPT PSEUDOSECTION:

EDNS: version: 0, flags:; udp: 512

QUESTION SECTION:

aus5.mozilla.org. IN SOA

ANSWER SECTION:

aus5.mozilla.org. 42 IN CNAME balrog-aus5.r53-2.services.mozilla.com. balrog-aus5.r53-2.services.mozilla.com. 52 IN CNAME prod.balrog.prod.cloudops.mozgcp.net.

AUTHORITY SECTION:

balrog.prod.cloudops.mozgcp.net. 300 IN SOA ns-cloud-d1.googledomains.com. cloud-dns-hostmaster.google.com. 1 21600 3600 259200 300

Query time: 108 msec

SERVER: 8.8.8.8#53(8.8.8.8) (UDP)

WHEN: Mon Jun 02 10:24:49 AEST 2025

MSG SIZE rcvd: 237

grudd@crayon:~$