Showing questions tagged: Show all questions
  • Solved

Is there any Group Policy for AutoSelectCertificateForUrls

Is there any parameter or group policy similar to Chrome "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\AutoSelectCertificateForUrls]", as we implemented application… (read more)

Is there any parameter or group policy similar to Chrome "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\AutoSelectCertificateForUrls]", as we implemented application with Certificate sign-in, it pop-up every time when navigating to different on-prem servers, we enabled Group policy for MSEdge & Chrome, but need to do same for Mozilla Firefox.

I need expert advice on this subject matter.

Regards,

Kamal Kiri

Asked by Kamal Kiri 3 months ago

Answered by Kamal Kiri 3 months ago

  • Solved

website is not displayed completely

Firefox version 128.2.0esr (64-bit) Operating system Windows 10/Windows11 23H2 Septembre patch Hello everyone, maybe you can tell me/explain what the proble… (read more)

Firefox version

   128.2.0esr (64-bit)

Operating system

   Windows 10/Windows11 23H2 Septembre patch

Hello everyone,


maybe you can tell me/explain what the problem could be.

In our company we had Firefox version 115.14.0esr (64-bit) and then we updated to 128.2.0esr (64-bit).

Since version 128.2 ESR we have experienced problems in Firefox when trying to access DNN+ pages (with login). https://www.dnn.de/sport/regional/dresdner-sc-denkt-ueber-uebernahme-der-margon-arena-nach-C3IC74MZ6FE43AKGCZJSKUXA3I.html

In Firefox the content is cut off, in Edge it is displayed normally.

With Edge and Firefox 115.14.0esr the page is displayed normally. No AdBlock installed.

In developer mode I see the errors in the versions, so it shouldn't be that.

Cross-source (cross-origin) request blocked: The same-source rule prohibits reading the external resource on https://gum.criteo.com/sid/json?origi...AAAAAAAA&gdpr=1. (Reason: CORS request failed). Status code: (null).

Cross-source (cross-origin) request blocked: The same-source rule prohibits reading the external resource on https://id5-sync.com/api/config/prebid. (Reason: CORS request failed). Status code: (null).

Any ideas? Thank you very much! :)

Asked by Maik09 3 weeks ago

Answered by Maik09 2 weeks ago

  • Solved

Uninstall All Extensions/Add-Ons via Intune

I am trying to manage Firefox for company devices via Intune and would like to know if there is a way to uninstall all extensions/add-ons besides one or two approved ones… (read more)

I am trying to manage Firefox for company devices via Intune and would like to know if there is a way to uninstall all extensions/add-ons besides one or two approved ones.

I have been able to import the Firefox AMDX into Intune and have made a policy to install uBlock (which works without issue) and I can uninstall specific extensions/add-ins via their Extension ID (also without issue), however I can't see a way to uninstall all extensions. If I try and put a wildcard in the Extension ID field, nothing is affected.

We have a large number of devices with their own user-installed extensions so auditing this and then updating a policy manually with specific extension IDs may be quite painful.

Asked by matthew.winter 1 month ago

Answered by matthew.winter 1 month ago

  • Solved
  • Archived

Configure Firefox to always show menu bar, for all users

We are looking to mass deploy Firefox x64 for Windows to all staff in our organization, using SCCM. I know you can set a default home page in mozilla.cfg for all users, i… (read more)

We are looking to mass deploy Firefox x64 for Windows to all staff in our organization, using SCCM. I know you can set a default home page in mozilla.cfg for all users, including future users who don't yet have a profile on the computer Firefox is installed on. Is there a similar option so I can configure Firefox to always show the menu bar for all users? Preferably, another line I can add to mozilla.cfg so that I can easily copy that to all our machines? Thanks.

Asked by rick.sparrow 1 year ago

Answered by cor-el 1 year ago

  • Solved
  • Archived

Subscriptions for security advisory alerts for Firefox enterprise

I'm a security analyst. I would like to get email notifications on security advisories, alerts and vulnerability information regarding Firefox to stay up to date. Please … (read more)

I'm a security analyst. I would like to get email notifications on security advisories, alerts and vulnerability information regarding Firefox to stay up to date. Please help on how I can get the subscription?

Asked by nandini.vempati 8 months ago

Answered by Mike Kaply 8 months ago

  • Solved
  • Archived

Can I set Multi Account Containers default containers with endpoint deployment?

I am installing Firefox via microsoft endpoint, and deploying multi account containers with the OMA-URI policy for extensions. (this blog page is super helpful! https:/… (read more)

I am installing Firefox via microsoft endpoint, and deploying multi account containers with the OMA-URI policy for extensions. (this blog page is super helpful! https://securitygeneralist.blogspot.com/2019/08/auto-installing-extensions-on-firefox.html )

The extension by default has containers for Personal, Work, Banking, Shopping.

Is there a way to automatically remove that default container list as part of the install?

Even better, is there a way to create a different default containers list through Endpoint?

Thanks

Asked by Chris 1 year ago

Answered by Mike Kaply 1 year ago

  • Solved
  • Archived

Allowed Extension is getting removed.

Hello, I am trying to manage Firefox Extension using "Extension Setting" via Intune. Source: https://github.com/mozilla/policy-templates/blob/master/README.md#extensions… (read more)

Hello, I am trying to manage Firefox Extension using "Extension Setting" via Intune. Source: https://github.com/mozilla/policy-templates/blob/master/README.md#extensionsettings I am testing below JSON for testing. <enabled/> <data id="ExtensionSettings" value=' {

 "*": {
   "blocked_install_message": "Not Allowed contact HelpDesk.",
   "install_sources": ["https://www.example.com/*"],
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
 },
   "https-everywhere@eff.org": {
   "installation_mode": "allowed"
 },
 "jetpack-extension@dashlane.com": {
   "installation_mode": "allowed",
   "install_url": "https://prod.extensions.dashlane.com/downloads/firefox/dashlane-latest-fx.xpi"
 }

}'/>


When deployed to test devices, all extension previously installed get removed and Ublock get installed, seem like working as intended but when I try to install any "Allowed" I get the block installed message. I see no error in "about:policies". I don't know where else to look for why its getting blocked?

Any help will be much appreciated.

Asked by bluekind12 1 year ago

Answered by Mike Kaply 1 year ago

  • Solved
  • Archived

Fully disable Pocket to alleviate DNS requests

We are working on implementing Firefox for Enterprise and rolling it out through Intune/Company Portal, one challenge we are encountering is that we have disabled Pocket … (read more)

We are working on implementing Firefox for Enterprise and rolling it out through Intune/Company Portal, one challenge we are encountering is that we have disabled Pocket as thoroughly as we can (followed the guide from Mozilla https://support.mozilla.org/en-US/kb/disable-or-re-enable-pocket-for-firefox) and we are still seeing requests go out to "img-getpocket.cdn.mozilla.net" we do not want Pocket available at all, we do not want queries made to those domains, is it not possible to completely eradicate Pocket?

It wouldn't be a problem but our AV solution (MDE) has a popup every time the URL is queried and blocked.

Attached image of our configuration profile for Pocket.

Asked by null_panda 10 months ago

Answered by cor-el 10 months ago

  • Solved
  • Archived

Firefox Policies

We try to deploy Extension Management Settings via GPO. Goal is to allow only whitelisted extensions, but don't block themes, dictionaries and locales. Below find the J… (read more)

We try to deploy Extension Management Settings via GPO.

Goal is to allow only whitelisted extensions, but don't block themes, dictionaries and locales.

Below find the JSON-settings deployed to the client, which should allow all themes and whitelisted extensions. Unfortunately this blocks everything except whitelisted IDs. See example screenshot with error-message, when trying to install a theme. We don't want to whitelist locales or themes, they should be still allowed for installation.

What I'm doing wrong? - Thanks for your feedback.

##############
{
"*": {
"installation_mode": "blocked",
"allowed_types": ["theme"]
},
"uBlock0@raymondhill.net": {
"installation_mode": "allowed"
},
"jid1-ZSMfwe4lCAw9oQ@jetpack": {
"installation_mode": "allowed"
}
}

Asked by Mario.Daub 1 year ago

Answered by Mike Kaply 1 year ago

  • Solved
  • Archived

Extensions Management .json is not working

Hello, I am trying to create a management policy for extensions where all themes are allowed, some extensions are force installed, other specified ones are allowed, and … (read more)

Hello,

I am trying to create a management policy for extensions where all themes are allowed, some extensions are force installed, other specified ones are allowed, and anything else is blocked. I have been scouring the web looking for samples and I just can't get it to work as intended. Here is a sample of what I have written.

{ "*": { "blocked_install_message": "IT has blocked the installation of UNAPPROVED add-ons. Please contact the IT Service Desk to request approval.", "install_sources": "https://addons.mozilla.org/*", "allowed_types": ["theme","extension"] }, "plugin@okta.com": { "installation_mode": "force_installed", "install_url": "https://addons.mozilla.org/firefox/downloads/file/3601147/okta_browser_plugin.xpi" }, "support@lastpass.com": { "installation_mode": "force_installed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/lastpass-password-manager/latest.xpi" }, "developer@zoom.us": { "installation_mode": "allowed", "install_url": "https://addons.mozilla.org/firefox/downloads/file/4212428/zoom_new_scheduler-2.1.52.xpi" }, "info@katalon.com": { "installation_mode": "allowed", "install_url": "https://addons.mozilla.org/firefox/downloads/file/3826743/katalon_automation_record-5.5.3.xpi" } }

In this current state, I am allowed to install themes, I get the forced installs, but I can install ANY extension. I don't want that.

If I modify the blocking section with [ "installation_mode": "blocked", ], then I only get the force installed plugins and I can't do anything else. It even removes any previously installed themes or plugins not explicitly forced in. The allowed plugins can't be installed either.

I have also tried it without the "extensions" allowed_type but the result did not change. To recap, I need to block any extensions not explicitly pushed or allowed. Would anyone be able to assist and point out what I may be missing please?

~Regards

Asked by yaponte 9 months ago

Answered by yaponte 9 months ago

  • Solved
  • Archived

Firefox Intune OMA-URI error

Dear Everyone, Facing issue with deploying Configuration Profile for Extension Settings via Intune. Tried ADMX imported template with adding there "block all extensions"… (read more)

Dear Everyone, Facing issue with deploying Configuration Profile for Extension Settings via Intune. Tried ADMX imported template with adding there "block all extensions" and allow certain ones. Worked perfect in Jamf, for Intune failing all time. We are using Firefox v.121, policies are for v.120, but I am in doubt that this is the issue. Can someone review and let me know if there any issue or may be changes? Using latest instructions https://mozilla.github.io/policy-templates/#extensionsettings Also here is my OMA, very easy.

OMA used ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings

Value(string):

<enabled/> <data id="ExtensionSettings" value=' {

 "*": {
   "blocked_install_message": "Security Test",
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "{bf855ead-d7c3-4c7b-9f88-9a7e75c0efdf}": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/zoom-new-scheduler/latest.xpi"
 },
   "@react-devtools": {
   "installation_mode": "allowed"
 }

}'/>

Asked by Valery Volos 9 months ago

Answered by Mike Kaply 9 months ago

  • Solved
  • Archived

Intune ExtensionSettings Policy No Longer Working in Firefox

Hello, in Firefox browser, my organization has always blocked all extensions except for ones we allow through OMA-URI ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~fi… (read more)

Hello, in Firefox browser, my organization has always blocked all extensions except for ones we allow through OMA-URI ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings.

About a month ago this stopped working and our end users can now install any extension in the Firefox browser that they choose, without approval, creating a security risk.

When checking in about:policies, there is a policy error: Unable to parse JSON for ExtensionSettings. We have checked with Microsoft Intune support and they verified that the policy looks to be configured and targeted correctly.

Here is a snippet of our JSON, this is a test policy where microsoft support had us remove "about:addons" from the 'install sources'. Both test and production policies are not working.

<enabled/>
<data id="ExtensionSettings" value='
{
    "*": {
        "blocked_install_message": "Contact Service Line",
        "install_sources": ["https://addons.mozilla.org/*"],
        "installation_mode": "blocked",
        "allowed_types": ["extension"]
    },
    "cloudmetering@snowsoftware.com": {
        "installation_mode": "force_installed",
        "install_url": "file:///C:/Program Files/Snow Software/Inventory/Agent/FFCloudmetering.xpi"
    },
    "fpdlpffext2@forcepoint.com": {
        "installation_mode": "force_installed",
        "install_url": "file:///C:/Program Files/Websense/Websense Endpoint/winFFext.xpi"
    },
    "jid1-5AULKXLKGyjuLQ@jetpack": {
        "installation_mode": "allowed"
    },
    "abb@amazon.com": {
        "installation_mode": "allowed"
    },
    "ciscowebexstart1@cisco.com": {
        "installation_mode": "allowed"
    },
    "linkedinConverted@firefox-extension": {
        "installation_mode": "allowed"
    },
    "{7bc53591-5218-45a0-b572-4366979097fd}": {
        "installation_mode": "allowed"
    },
    "queryamoid@kaply.com": {
        "installation_mode": "allowed"
    },
    "jid1-93WyvpgvxzGATw@jetpack": {
        "installation_mode": "allowed"
    },

Is this a bug? Or something wrong with our configuration? Has firefox changed the requirements of the extensionsettings OMA-URI?

Thanks for any help in advance.

Asked by victoria.gray 1 year ago

Answered by victoria.gray 1 year ago

  • Solved

ExtensionSettings does not show up as a GPO setting with the latest ADMX files

the settings ExtessionSettings does not show up to be able to modify even tho it is on the ADMX file (5.11)? Should I use the older Extensions policies? I want to install… (read more)

the settings ExtessionSettings does not show up to be able to modify even tho it is on the ADMX file (5.11)? Should I use the older Extensions policies? I want to install and pin an extension from the store.

Asked by Christopher Roble 4 months ago

Answered by Mike Kaply 4 months ago

  • Solved
  • Archived

Unable to set multiple ExtensionSettings through imported admx

I am using the intune preview feature which allows you to import admx/adml instead of using the custom injection method. Everything works far better then with the inject… (read more)

I am using the intune preview feature which allows you to import admx/adml instead of using the custom injection method. Everything works far better then with the injection method, except for one settings:

ExtensionSettings this setting is working when I have only one setting set (ex):

{"someplugin@test.com": { "installation_mode" : "allowed" }}

If I add a second line to the entry:

{"someotherplugin@test.com":{ "installation_mode" : "allowed"}}

I understand this is a new feature, but if I had the correct format that would work for HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\ExtensionSettings to allow two plugins to work I belive I shouldn't have any issue getting the admx feature to do this, I even tried manually editing the registry setting and it breaks whenever I add the second line to it.

Asked by robert.deed 1 year ago

Answered by robert.deed 1 year ago

  • Solved
  • Archived

Firefox Extension Management

Hi All, I have recently been enhaciing our security posture and have started sorting out our browser extensions, however I seem to be having errors allowing 2 extensions… (read more)

Hi All,

I have recently been enhaciing our security posture and have started sorting out our browser extensions, however I seem to be having errors allowing 2 extensions

  • 1Password; and
  • Firefox Multi Containers.

This is my json:

{ "*": { "blocked_install_message": "version 0.4 - Addon or Extension is not approved. Please submit a ticket to Help Desk if you need access to this extension.", "install_sources": ["https://addons.mozilla.org/"], "installation_mode": "blocked" }, "{bc8367b6-d946-484e-8da6-37691f23ee64}": { "installation_mode": "allowed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/1password-x-password-manager/latest.xpi" }, "{2a28e7e4-64c9-4e7f-81fb-0475af840c0f}": { "installation_mode": "allowed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/multi-account-containers/latest.xpi" } }

I have tried the obvious and removed the {} from both extensions, however still having troubles.

Is someone able to point me in the right direction?

Asked by andrew219 1 year ago

Answered by andrew219 1 year ago

  • Solved
  • Archived

Extensions policy allowed not working (Intune ADMX)

Hi! Using Intune, we are setting some settings in Firefox. One that is a bit troublesome is the ExtensionSettings Currently looks like this: { "*": { "blocked_ins… (read more)

Hi!

Using Intune, we are setting some settings in Firefox. One that is a bit troublesome is the ExtensionSettings

Currently looks like this:

{

 "*": {
   "blocked_install_message": "Blocked.",
   "installation_mode": "blocked"
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "allowed"
 },
 "addon@darkreader.org": {
   "installation_mode": "allowed"
 },
 "@react-devtools": {
   "installation_mode": "allowed"
 }

}

I get the Blocked message if I try any of the allowed extentions like uBlock, Dark Reader or React Dev Tools.

I can add that uBlock had "force_installed" (With URL since that is required for force) and that worked fine.

Asked by janfredrik 11 months ago

Answered by janfredrik 11 months ago