Deploying FireFox MSI with GPO: uninstall fails

Hi. On an Active Directory, we deploy Firefox (normal or ESR). It's OK. When we deactivate the link of the GPO, it's supposed to uninstall. But it doesn't (even if we del… (read more)

Hi. On an Active Directory, we deploy Firefox (normal or ESR). It's OK. When we deactivate the link of the GPO, it's supposed to uninstall. But it doesn't (even if we delete the GPO, specifying to uninstall at once).

The gpresult command on each computer doesn't show the GPO anymore, but Firefox is still installed.

( FYI, we used to do that with FrontMotion Community Edition, and it was always working (instal and uninstal). We even just tried the "last" (but old) ESR edition present on the FrontMotion site (CEESR-102), and it works. But FM CE version has stopped being developped. )

So, any idea about why the official Mozilla Firefox version (normal or ESR) doesn't uninstall?

Thanks by advance.

Asked by fepubs 5 days ago

Last reply by Mike Kaply 14 hours ago

Managed Bookmarks subfolder

Hello, I would like to create Managed Bookmarks for our company and distribute them via Group Policy. However, I am unable to create subfolders for these Managed Bookmar… (read more)

Hello,

I would like to create Managed Bookmarks for our company and distribute them via Group Policy. However, I am unable to create subfolders for these Managed Bookmarks, so they would all be in one folder and quite disorganized, which is why I need subfolders. Can I map this using a JSON file, and if so, could someone assist me with the structure of the JSON file?

Thank you in advance!

Kind regards

Asked by Username2025 1 week ago

Last reply by TyDraniu 1 week ago

New Preference clearOnShutdown Cache/Cookies/Storage is now v2

Dear Community, i had .cfg file with following settings to clean up some userdata after closing firefox: //Clean UP Cache etc. lockPref("privacy.sanitize.sanitizeOnShut… (read more)

Dear Community,

i had .cfg file with following settings to clean up some userdata after closing firefox:

//Clean UP Cache etc. lockPref("privacy.sanitize.sanitizeOnShutdown", true); lockPref("privacy.clearOnShutdown.cache", true); lockPref("privacy.clearOnShutdown.cookies", false); lockPref("privacy.clearOnShutdown.offlineApps", true); lockPref("privacy.clearOnShutdown.sessions", false);

This cleaned the "Storage" Folder in the Firefox Profile folder, but cookies and sessions where remaining, so the logins where active.

Now i saw that all useres have lots of folders in the "Storage/Default" folder. After some research i found out that this behavior startet at 02.10.2024.

I also found a new pref: privacy.clearOnShutdown_v2.cookiesAndStorage which was set to "false". No idea where this key came from? When I set this key to "Yes", the storage is cleared after closing Firefox. But so also all the cookies. Was there a change at the prefs?

And is ther any other solution to clear the Storage but remain the cookies?

Thank you in advance!

Asked by sn1.k 18 hours ago

Last reply by Mike Kaply 14 hours ago

Ajax Call Frequently Blocked by Firefox

We have an application running on Firefox and noticed that with new Firefox ESR, Ajax call (XMLHttpRequest ) from js script running on Firefox browser on thin clients see… (read more)

We have an application running on Firefox and noticed that with new Firefox ESR, Ajax call (XMLHttpRequest ) from js script running on Firefox browser on thin clients seems to be blocked frequently (same call succeed most of the time, but blocked from time to time). Issue was raised starting with Firefox 128.2.0esr), but in general persist with newer Firefox ESR. We tried replacing XMLHttpRequest with fetch which seems making no much difference so far.

Asked by kunling zeng 1 week ago

Last reply by Mike Kaply 14 hours ago

ADMX Help

Hello, I am reaching out to gain information on ADMX GPO policies. We are retiring Policy Pak which used to add all the policies and secure Firefox for Enterprise. Wha… (read more)

Hello,

I am reaching out to gain information on ADMX GPO policies. We are retiring Policy Pak which used to add all the policies and secure Firefox for Enterprise. What we noticed is that Policy Pak used the app set to apply these policies and we are noticing that native GPO's for the most part to match the Policy Pak policies is not as accurate for GPO's My ask here is there any Most Viable Product suggestions to apply Native GPO's for securing Firefox.

Asked by chris_weiderhold 5 months ago

Last reply by Mike Kaply 4 months ago

Log-in with a certificate is not possible

With Firefox 115.14.0esr, 115.2esr and 128.xesr we can`t log in into a company website with a certificate. After the certificate login we end up on the WebSeal again. Htt… (read more)

With Firefox 115.14.0esr, 115.2esr and 128.xesr we can`t log in into a company website with a certificate. After the certificate login we end up on the WebSeal again. Http status 302 for pkmslogin.form and pkmscertpromptstagen is called ~12x repeatedly with 302 error each time and then jump back to the login screen.

Asked by desislava.ivanova 3 months ago

Last reply by Mike Kaply 3 months ago

Auto updating in stages

Hi, I am in a company where there is 100 and more devices with firefox on it. Right now we are facing a problem where some of it are using version way back into the days … (read more)

Hi, I am in a company where there is 100 and more devices with firefox on it. Right now we are facing a problem where some of it are using version way back into the days such as version 100 115 117 and such. We enabled auto updating but it only updates to version 127 whereas the latest version is 132. We are required to open firefox again for multiple time b4 it gets the latest version. Is there any way to jump those stages and straight updates to the latest version?

Asked by LucasLau 2 months ago

Last reply by Max Christian Pohle 1 month ago

Firefox 128 ESR-next Releases not reading firefox.cfg

My company has been using the same customized autoconfig.js without issue since last year's FF 115 esr release on our Ubuntu servers. cat /opt/firefox-115.13.0esr/defau… (read more)

My company has been using the same customized autoconfig.js without issue since last year's FF 115 esr release on our Ubuntu servers.

cat /opt/firefox-115.13.0esr/defaults/pref/autoconfig.js pref("browser.tabs.inTitlebar", 0); pref("general.config.filename", "firefox.cfg"); pref("general.config.obscure_value", 0); pref("general.config.sandbox_enabled", false); pref("pdfjs.annotationEditorMode", 1);

Now we are testing the 128 esr next releases with the same config and getting the failed to read the configuration file. please contact your system administrator error

cat /opt/firefox-128.1.0esr/defaults/pref/autoconfig.js pref("browser.tabs.inTitlebar", 0); pref("general.config.filename", "firefox.cfg"); pref("general.config.obscure_value", 0); pref("general.config.sandbox_enabled", false); pref("pdfjs.annotationEditorMode", 1);

If remove pref("general.config.obscure_value", 0); or set it to 1, the error goes away, but our actual firefox.cfg does not get read and are configs are not present at all.

Asked by Ruben Gomez 5 months ago

Last reply by cor-el 5 months ago

install command of version 18.05

i want to add win32 app on intune and i need the ( install & uninstall command of my version 18.05 ) below uploaded images more details about my version that I downl… (read more)

i want to add win32 app on intune and i need the ( install & uninstall command of my version 18.05 )

below uploaded images more details about my version that I download it in my device.

Asked by wejdan.bawazeer 2 months ago

Last reply by Mike Kaply 2 months ago

An Extension was added via GPO, and we would like to enable the two settings / make the extension removable

Hi supporting teams / volunteers, A Microsoft Purview extension was added via GPO previously, and we would like to enable the two settings (indicated with red box), may … (read more)

Hi supporting teams / volunteers,

A Microsoft Purview extension was added via GPO previously, and we would like to enable the two settings (indicated with red box), may I know if anyone might have clues on that please? Also, would like to also check if we could remove the extension from users' end, since it said "can't be removed". Many thanks.

Best regards, Vincent

Asked by vyau1018 5 months ago

Last reply by Mike Kaply 5 months ago

Firefox ESR/Duo: Not reporting minor version in user agent

We use ESR due to its stability and long term security updates, and we use Duo as our SSO/IDP. We have Duo set to deny login when the browser is more than 6 mo out of da… (read more)

We use ESR due to its stability and long term security updates, and we use Duo as our SSO/IDP.

We have Duo set to deny login when the browser is more than 6 mo out of date, but due to the way FF reports only the main version number via the user agent Duo is unable to determine that FF ESR is actually up to date and thinks that it's too old and my users are being denied login or getting an erroneous message about needing to update their browser.

Is there a way to set FF to report it's whole version to Duo? We would prefer not to have to "outlaw" FF in our prod environment if at all possible.

Asked by Jarrod Coombes 5 months ago

Last reply by Mike Kaply 4 months ago

Require device sign in to fill and mange passwords (mozilla.cfg)

Hi all I like to enforce the following setting "Require device sign in to fill and mange passwords" in the mozilla.cfg but I couldn't find the setting in about:config. … (read more)

Hi all

I like to enforce the following setting "Require device sign in to fill and mange passwords" in the mozilla.cfg but I couldn't find the setting in about:config.

Can anyone help?

Regards

Ogami

Asked by Ogami Itto (Gobi85) 5 months ago

Last reply by Mike Kaply 5 months ago

Locking down firefox for primary school

Hi All, I'm using Firefox on 24 PC's in a primary school computer Lab, I have had reports of students installing extensions and plugins that i wish to stop, also i've ha… (read more)

Hi All,

I'm using Firefox on 24 PC's in a primary school computer Lab, I have had reports of students installing extensions and plugins that i wish to stop, also i've had issues with students not signing out of their email and other students gaining access.

Im looking for solutions for the following and was hoping someone could point me in the right direction -

1. Disabling the installations of extensions and plugins. 2. Clearing browsing history/logging out of any accounts. 3. Locking settings so students can't change settings.

Any help would be greatly appreciated. Adam

Asked by adam183 5 months ago

Last reply by James 4 months ago

How to update Firefox ESR 115.14.0 to 128.1.0?

I'm a newbie using Debian and Deb 12 ships with Firefox ESR and I've decided to stick with it instead of the regular release, 'cause it breaks some extensions I have. How… (read more)

I'm a newbie using Debian and Deb 12 ships with Firefox ESR and I've decided to stick with it instead of the regular release, 'cause it breaks some extensions I have. However, I want to upgrade to the latest ESR version, how do I do it? I tried going to (https://www.mozilla.org/en-US/firefox/all/#product-desktop-esr), but the file for linux 64 bit is a .tar.bz2 file, which I have no idea how to compile.

Asked by spandanjit.05 4 months ago

Last reply by cor-el 4 months ago

Kerberos authentication working for Chrome, Edge, Opera, and Brave, but not Firefox

Firefox (129.0.2) displays "401 - Unauthorized: Access is denied due to invalid credentials" (see attached image) I have tried various combinations of setting and not se… (read more)

Firefox (129.0.2) displays "401 - Unauthorized: Access is denied due to invalid credentials" (see attached image)

I have tried various combinations of setting and not setting the following in Firefox:

  • network.negotiate-auth.trusted-uris
  • network.negotiate-auth.delegation-uris
  • network.auth.use-sspi

For the URI settings I have tried both .domainname.domainextension and https://servicename.domainname.domainextension

In Windows 10 Control Panel -> Internet Options, the site is in "Trusted sites" using a domain wildcard, and also "Local intranet" and both "Automatic logon" and "Enable Integrated Windows Authentication" are enabled. I suspect those setting aren't relevant since other browsers are authenticating without error or prompt, but calling this out to show that I've covered that base.

The web service is served by IIS 10.0 on Windows Server 2022 and the authentication provider list only includes Negotiate, but I don't believe this issue has anything to do with IIS or its configuration as, again, other browsers are authenticating without error or prompt.

Anything else to check?

Thank you for any guidance you can offer.

Asked by bryan 4 months ago

Last reply by Mike Kaply 4 months ago

Conditional access policy

Login to o365 email does not work on Firefox browsers after enabling the Conditional Access policy based on compatible devices Firefox does not send device details, resu… (read more)

Login to o365 email does not work on Firefox browsers after enabling the Conditional Access policy based on compatible devices

Firefox does not send device details, resulting in a device incompatibility message

Does Firefox support this?

There is an example of missing device ID in the attachment

Asked by spie.michal 1 month ago

Last reply by Mike Kaply 1 month ago

security.cert_pinning.enforcement_level using a GPO?

Hi, I need to ask regardining this security.cert_pinning.enforcement_level. how can i set this value using the windwos server GPO? i could not find this even after copy… (read more)

Hi,

I need to ask regardining this security.cert_pinning.enforcement_level. how can i set this value using the windwos server GPO? i could not find this even after copying the firefox.admx file. could someone please guide me how can i acheive it?

I would really appreciate the help!

Regards Sheras

Asked by Sheras 4 weeks ago

Last reply by Mike Kaply 1 week ago

Support ECH or ESNI in 128.2.0esr

Hello, I installed Firefox 128.2.0esr. I set the next parameters in GPO for settings DNSOverHTTPS: "DNSOverHTTPS": { "Enabled": true, "Provi… (read more)

Hello,

I installed Firefox 128.2.0esr. I set the next parameters in GPO for settings DNSOverHTTPS: "DNSOverHTTPS": {

                      "Enabled":  true,

"ProviderURL": "https://safe.dot.dns.yandex.net/dns-query", "Locked": true, "Fallback": true }. But when checking via https://www.cloudflare.com/ru-ru/ssl/encrypted-sni/#results I get (screenshot in attachment). As you can see from the screenshot, DNS and SNI did not receive the coveted check marks. Secure DNS We weren’t able to detect whether you were using a DNS resolver over secure transport. Contact your DNS provider or try using 1.1.1.1 for fast & secure DNS. DNSSEC Attackers cannot trick you into visiting a fake website by manipulating DNS responses for domains that are outside their control. TLS 1.3 Nobody snooping on the wire can see the certificate of the website you made a TLS connection to. Secure SNI Anybody listening on the wire can see the exact website you made a TLS connection to.

In my browser / about:config: network.trr.mode = 2 network.trr.uri = https://safe.dot.dns.yandex.net/dns-query

In 128.2.0esr there is no protection against ESNI interceptions and ECH is enabled by default? Or is the problem that the DNS provider does not support the technology from Mozilla? Or what other settings we need use (via GPO)?

Thank you.

Asked by Mark Talala 4 months ago

Last reply by Valentin 4 months ago