Firefox for Enterprise Support Forum

I am trying trying to install the keeper extension via intune but am having trouble with the oma-uri. It looks right to me but I might be missing something. Prior to running this I followed https://mzl.la/3vYAIYT and added the Firefox ADMX. Both run successfully but it does not add the extension. Firefox version 116.0.3

OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings

String: <enabled/> <data id="ExtensionSettings" value=' {

 "*": {
   "blocked_install_message": Opps, this may have been a mistake reach out to IT.",
   "install_sources":["about:addons","https://addons.mozilla.org/"],
   "installation_mode": "allowed",
   "allowed_types": ["extension" ,"theme"]
 },
 "KeeperFFStoreExtension@KeeperSecurityInc": {
   "installation_mode": "normal_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/keeper-password-manager/latest.xpi",

"default_area": "navbar"

 },

}'/>

Hello Guys,

in our network we have several Fritzbox Routers which we remote administrate. If we connect to the routers with Firefox V115.2.0 we get a warning message - because it´s a Fritzbox self-signed certificate and cannot be validated. No Problem - everything okay with the message. But in Firefox 115.2.0 there is no advanced button that lets you go futher to connect to the website. With Version 102.14.0 ESR the advanced button is there. The webinterface works fine with Edge and Chrome (with warning but with advanced button to continue)

https://imgur.com/2ykzjY9

https://imgur.com/5LyIwzt

Is this a bug?

Best Regards, Michael

Hi there,

we trying to restrict internet access that used Mozilla Firefox on client computers through Microsoft Intune.

We have already configured policy by uploading ADMX template & Custom OMA-URI as described in https://github.com/mozilla/policy-templates/blob/master/README.md 

We are trying to add custom allowed web sites to "WebsiteFilter" OMA-URI ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Exceptions. added web sites are not allowed. my question is what is the best way to enter URLs (I mean format) to allow list & how I can used wild card to allow all the web sites of one specific domain. eg:- microsoft

We have Firefox-ESR in use and we are using Applocker.

When we enable applocker dll Rule policys and start https://shaka-player-demo.appspot.com page clearkey addon crashes.

We have allowed widevinedrm.dll in applocker rule policys, and we have used Process Monitor to track which dll file / files are being "locked" but we cant seem to pinpoint it.

Where does Firefox-ESR run DRM content and which dll files are needed to run ?

What we know that it is caused by applocker DLL rule policys, when disabling it clearkey addon does not crash and drm content can be played.

Also Applocker eventlogs does not show anything related to this.

br Ben

We followed the links below to block internet access in Firefox browser:

https://www.youtube.com/watch?v=fAGYYX5hYb8 https://github.com/mozilla/policy-templates/releases

We downloaded the ADMX and ADML files. Using these files, we were able to locate Mozilla Firefox in Group Policy Management and successfully block all websites in the Firefox browser using the pattern :///*.

However, we encountered an issue with exceptions. We do not wish to block certain websites, including localhost. We attempted to use the "Exceptions to block websites" option, providing values such as ://msn.com/ to exclude specific sites. Unfortunately, this approach did not work as intended. For instance, msn.com is one of the websites we want to allow, among others and also localhost.

We require assistance with the following issue: "Exceptions to block websites" is not functioning properly within the group policy of Mozilla Firefox.

When setting Windows to "Require DoH", firefox will not resolve DNS addresses, regardless of which "Enable secure DNS" setting is picked in FireFox security settings tab.

I expected at least "Off -- Use your default DNS resolver" to work.

If Windows is configured to just "Allow DoH", Firefox has no issues resolving DNS addresses, for any of the Firefox policy settings.

For reference, you can find the DoH policy setting in windows group policy editor, here:

gpedit.msc

Computer Configuration -> Administrative Templates -> Network -> DNS Client -> Configure DNS over HTTPS

(Have to enable it, then select Configure DoH options: Require DoH.)

you may need to issue a gpupdate /force for the setting to be picked up quickly.

Attempting to disable FF Password manager completely for my org via a plist.

Currently have the password manager itself disabled but can't figure out how to disable the Auto-fill settings with previously saved passwords prior to the password manager being disabled?

Is this possible? Or is this disabled already when the password manager itself is disabled?

Currently have this set via a plist:

<key>PasswordManagerEnabled</key> <false/>

I am writing from an enterprise environment and I have been directed to the community page by Mozilla support to seek answers. This approach seems somewhat unreasonable for an enterprise setting and it has led me to consider discontinuing their product within our organization. I had requested support to send me a copy of my previous correspondence as I had forgotten some details, but this request was ignored, which is disappointing.

I am skeptical about receiving the help or answers I need here. If there is a more direct line to Mozilla support, I would greatly appreciate being redirected there.

We are currently using Firefox 121.0 and are attempting to implement the Applied Epic extension. I have updated the ADMX policy.

Originally, the reg key flip I created did work but something has changed since then. See screenshot of this. I followed the guide provided at https://github.com/mozilla/policy-templates/blob/v5.5/docs/index.md, which instructed me to place the registry key in Software\Policies\Mozilla\Firefox\Extensions\Install\1. However, the guide did not specify whether this should be in HKLM or HKCU. I tried this instead, and it did not work.

I also attempted to implement the extension via GPO, but this was unsuccessful. I tried the new Extension Management system as well, but to no avail.

Here is the JSON configuration I used: {

 "AppliedEpicExtension@gmail.com": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/file/4143256/applied_epic_extension-3.16.3.xpi"
 }

}

Despite following the guide and trying multiple methods, none of the options seem to work. I would appreciate any guidance on what I might be doing wrong.

Is there a way to trigger a Firefox browser update through command line or script? I need to trigger an update across a few hundered computers and I can do this, but through command line or script automation. What is the command line syntax to do this, if there is any?

Thank you for your help

Hi

i need to know how to achieve the following using windows 10 registry.

1. Block Extension installations and disable existing installed extensions.

2. Allow only approved extensions so that users could install it from the store.

These settings were able to configure easily for Chrome and Edge browsers.

Thanks Muja

Seems to be new in 122.0 because i never received that before. It asks if you want to open links with Firefox and if you do, it sets file associations for htm / html and things like that. However in a company environment i want to supress that notification

Hello everyone,

being annoyed of a huge amount of Qualys tickets in my enterprise environment, i have decided to use the ability of firefox to update itself on its own instead of deploying a new version each time.

Requirement: Firefox has to stay up-to-date even on devices where it is not used. That´s what the scheduled background update task and Mozilla Maintenance Service are for, right?

Problem: The background update task will only be created if a logged on user will run firefox at least one time. Since Firefox is used as the secondary browser here, it is installed on all clients, but not even half of the clients/users are running it.

I didn´t find any option to create that task manually. So - at least in my environment - the autoupdate mechanism is useless.

Is there any hope for an autoupdate mechanism which can be run independent of logged on users? Or does anyone have an idea how i could achieve my goal?

Thank you in advance!

Looking to specify homepage, homepage button, and new tab page within Firefox on our Mac fleet.

I was able to create a plist file for macs, and it was "deployed successfully" according to Intune, but no changes actually happened on my test machines.

I've uploaded a redacted version of the used plist.

Anyone out there have any ideas?

Hi,

I've been struggling for a week to try and get our extensions managed in Firefox. Firstly I tried doing it in Intune through the Extension Management setting in the ADMX however that wouldn't work as it couldn't parse the JSON. Then I've tried using the OMA-URI ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings

I'm now getting a straight up error in Intune -2016281112 (0x87d1fde8). I've followed the documentation as best as I can but it still doesn't seem to work. In the Intune logs there is no record of the Config profile even being attempted. Any ideas as to what is causing this error? Here is the full code being used for the OMA-URI string:

<enabled/>
<data id="ExtensionSettings" value='
{

   "*": {
       "blocked_install_message": "This extension is blocked. Please contact the helpdesk for further assistance.",
       "install_sources": ["about:addons","https://addons.mozilla.org/*"],
       "installation_mode": "blocked",
       "allowed_types": ["extension"]
   },
   "rested@restedclient": {
       "installation_mode": "allowed"
   },
   "{c45c406e-ab73-11d8-be73-000a95be3b12}": {
       "installation_mode": "allowed"
   },
   "{5caff8cc-3d2e-4110-a88a-003cc85b3858}": {
       "installation_mode": "allowed"
   },
   "selenium-ide": {
       "installation_mode": "allowed"
   },
   "{a6fd85ed-e919-4a43-a5af-8da18bda539f}": {
       "installation_mode": "allowed"
   },
   "{16a49f65-1369-4839-a5ef-db2581e08b16}": {
       "installation_mode": "allowed"
   },
   "{5384767E-00D9-40E9-B72F-9CC39D655D6F}": {
       "installation_mode": "allowed"
   },
   "{83efb7a7-cf21-4f94-840a-316f651053ef}": {
       "installation_mode": "allowed"
   },
   "{edfc63b3-fc9b-4b6b-b9bf-4561ad548044}": {
       "installation_mode": "allowed"
   },
    "{f1a3d59a-f759-4d03-9545-6f741e64524e}": {
       "installation_mode": "allowed"
   },
    "cors-everywhere@spenibus": {
       "installation_mode": "allowed"
   }
}'/>

Been managing bookmarks for users through Intune, but for some reason on my HP Elitebook 840 I keep getting an error "Unable to parse JSON for ManagedBookmarks" I haven't changed anything to the bookmarks before swapping to the HP laptop from a Dell 5410. I have double-checked GitHub for the proper string for bookmarks and everything looks to be correct as well as submitting a support case with Microsoft who checked it and say it is something on Firefox's side that needs fixing.

I am also constantly getting this unknown extension setting. Not sure why I have this or where I can remove it.

ExtensionSettings {"firefoxhpsureclicksecurebrowsing@bromium.com":{"installation_mode":"blocked"},"firefoxhpwolfsecurityextension@bromium.com":{"installation_mode":"blocked"}}

I have one extension to be installed on the enterprise network machines. There are host permissions required to access All websites data. How can I, as an Admin, enable this host permissions for the installation ?

When downloading Firefox ESR via the website for macOS (https://download.mozilla.org/?product=firefox-esr-latest-ssl&os=osx&lang=en-US) one still receives the old 91.13.0 version instead of the current release 102.2.0. Can you please fix this?

Dear Team, Our application is accessible on Firefox v101.0.1. But recently we have upgraded our desktops with Firefox v112.0.1. The same application accessible on Firefox 101.0.1 is not able to accessible on v112.0.1.

The error code we could see on browser is SEC_ERROR+PKCS11_GENERAL_ERROR. We have already raised a case with HTTP support team but they have suggested to check at browser level. We had also collected traces from firefox but unable to upload the same. Kindly help here at the earliest. Thanks, Shruti Fegade

I am wondering if I can get some help configuring some GPO for Firefox on our new domain we are building. I want to be able to block private browsing as well as I was wondering if there is an option to force firefox to sign in with certain accounts only so we can monitor students as we are a school district

Hi All,

I am trying to block the Last Pass extension in Firefox using Intune, and the ADMX configuration setting is not working on the endpoint. I've used the templates found here

https://github.com/mozilla/policy-templates/releases / Target Extension "support@lastpass.com"

And have tried using the imported admx template as well as a single line OMA-URI.

I've worked with Microsoft, and they see the correct settings on the device as pushed out via Intune, so they said it is not on their end. Any ideas why blocking named browser extenstions is not working? I've configured a few other settings with Intune/ADMX templates and they work.

Thanks! -Doug