Firefox for Enterprise Community Forum

After updating to v132 I have noticed a significant increase in the load times for some websites that our users connect to. Using v131.0.3 I usually see < 1 second load times for the two websites I am monitoring but after upgrading to v132 it is consistently taking 18-19 seconds for the same page. I have tried uninstalling v132 and reverting to v131 and it immediately goes back to the much faster load times. I have also tried installing various v133 releases and I see the same performance issue as for v132.

The environment I am working in is behind a network firewall with relatively restrictive internet access and I am wondering whether there are sites that Firefox is trying to connect to for the new anti-tracking or suspicious activity features (or anything else) that are being blocked and are therefore causing timeouts and retries that are bumping the total load time up.

Can anyone think of anything else I could check or change?

Dear Everyone, Facing issue with deploying Configuration Profile for Extension Settings via Intune. Tried ADMX imported template with adding there "block all extensions" and allow certain ones. Worked perfect in Jamf, for Intune failing all time. We are using Firefox v.121, policies are for v.120, but I am in doubt that this is the issue. Can someone review and let me know if there any issue or may be changes? Using latest instructions https://mozilla.github.io/policy-templates/#extensionsettings Also here is my OMA, very easy.

OMA used ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings

Value(string):

<enabled/> <data id="ExtensionSettings" value=' {

 "*": {
   "blocked_install_message": "Security Test",
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "{bf855ead-d7c3-4c7b-9f88-9a7e75c0efdf}": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/zoom-new-scheduler/latest.xpi"
 },
   "@react-devtools": {
   "installation_mode": "allowed"
 }

}'/>

Recently we've began installing Firefox 140.2.0esr to our environment via the .msi file that Mozilla provides, however we're running in to a very odd incident.

After approximately 24 hours from installing Firefox esr to devices, it appears that the application is "updating" to 141.0.3 on the "release" channel. As far as I'm aware, this shouldn't be possible to begin with. But we've applied these settings via GPO:

Computer Config > Policies > Admin Templates > Mozilla > Firefox Application Autoupdate = Disabled Pin updates to a specific version = Enabled = Set to 140.2.0 Background updater = Disabled Disable Update = Enabled Manual Update Only = Enabled

After applying the GPO, confirmed this appears within the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\ AppAutoUpdate = 0 AppUpdatePin = 140.2.0 BackgroundAppUpdate = 0 DisableAppUpdate = 1 ManualAppUpdateOnly = 1

At this point, I'm at a loss. We cannot have rapid release be what's installed in our environment. Is there something broken with 140.2.0 or are we doing something wrong here?

Hello community :)

hope everybody is doing well. I´m coming here with with asking for a help.

I´m managing browsers (Google Chrome, MS Edge and Firefox) in my company via GPOs. What we´ve been dealing with since 135 version came up is having the "Did Not Connect: Potential Security Issue error page , Error insufficient cert transparency" while visiting our internal resources.

Despite of having the security.pki.certificate_transparency.disable_for_spki_hashes set up -> main three certificate hashes are correctly added, basically copying the setup from Chromium browsers , where everything works as expected , Firefox is not.

The only way how to make it work is via security.pki.certificate_transparency.disable_for_hosts , which is , of course, not desirable , because of the security risks.

Does anyone face the same issues ?

Thank you very much ya´ll

Hi all,

For quite a while I'm working together with others on a voluntary base (nobody gets money) as members of a computer-club, a charitable NGO and NPO (in German: gemeinnütziger Verein) for seniors in order to bring them closer to the use of digital devices and media. It's not only teaching, but administrating the hard- and software as well.

I can remember that it was possible in former versions of Firefox to include at least a script into "defaults->prefs". I think it was user.js (not sure) in the installation folder to define common preferences to be fixed, like proxi settings. It always worked well, preventing non-privileged users from making any unwanted changes. As a I found out there must have been a very similar way to include add-ons (like uBlock Origin).

Unfortunately all content I found was older than about 10 years. When trying setting up Firefox as it is now, my test system didn't care about anything I've tried.

I'm talking about > 50 Windows-PC having in average 3 user profiles each (for teaching more than 400 members). We are amateurs regarding PC administration, except some network ex-professionals. "Baking" installation media including our needs, as I already found on Mozilla's pages, seems to be beyond our abilities as well as distributing a fitting profile (we don't have a MS-server), not speaking about Group Policies.

Is there any usable guideline for people like us? Today, each FF-installation looks different and I would like to unify this as easy as possible.

In /Library/Preferences/org.mozilla.firefox.plist:

``` <plist version="1.0"> <dict> <key>EnterprisePoliciesEnabled</key> <true /> <key>ExtensionSettings</key> <dict> <key>cloudmetering@snowsoftware.com</key> <dict> <key>install_url</key> <string>https://raw.githubusercontent.com/SnowSoftware/agent-firefox-extension/refs/heads/main/cloudmetering-v1.2.3.xpi</string> <key>installation_mode</key> <string>force_installed</string> </dict> </dict> </dict> </plist>```

In about:policies: {"cloudmetering@snowsoftware.com":{"installation_mode":"blocked","install_url":"https://raw.githubusercontent.com/SnowSoftware/agent-firefox-extension/refs/heads/main/cloudmetering-v1.2.3.xpi"}}

The plist file did read "blocked" at one point, but it no longer does. Why isn't firefox picking up the new value from the plist file? Restarting/refresing FF has not helped so far.

Hello. I know how to define a server certificate exception to avoid browser warnings in case of certificate issue with a website (see attachment). However, I'd like to apply that exception for all users with access to my machine using a GPO (for user or local machine). This is also a requirement in my work where many users run Firefox from a server and the face browser warnings all the time (related to self-signed certificates) so it would be great to apply an exception for all users through a GPO specifying the self-signed certificate warning we want Firefox to ignore. Thanks.

Hello, I have a problem with setting up HTTPs only Mode in my Organization, I read a lot about that, but I dont see the "dom.security.https_only_mode" switch in GPO, we have the newest admx for Firefox. We need that to specific container, but still I dont know how to set it up, even via regedit, or preferences. Can someone describe me when can I set it up ? It could be using json file (which exactly file and how?), registry or just gpo. Regards, M.

Current version of Firefox has

    (1) popups to get me to download a new version,
    (2) tab pickup,
    (3) popups to show
    article titles,
    (4) popups to show
    current URLs.

I just want to download the install programs until I get the most recent one that has none of (1) - (4).

I need to go back 1, 3, 5, 10 years?

So where on the Internet should I go to get such an old Firefox install program?

I used to really like Firefox, but changes (1) -- (2) have ruined it for me.

Hi All, I have been on the struggle bus lately trying to get the application handlers set properly in our GPO. I am trying to get PDF, webp, avif to open in browser, and jnlp to auto launch Java. Any help will be greatly appreciated!

{"application/pdf":{"action":3,"extensions":["pdf"]},"image/webp":{"action":3,"extensions":["webp"]},"image/avif":{"action":3,"extensions":["avif"]},"application/x-java-jnlp-file":{"action":4,"handlers":[{"name":"javaws.exe","path":"C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\javaws.exe"}],"extensions":["jnlp"]}}

We're exploring adopting a default deny policy for Firefox extensions in our enterprise. However when I tested this by creating a custom policies.json Firefox unexpectedly removed all extensions for me, including the ones I thought I had allow listed. Here is my policies.json but just keeping in the Facebook Container add-on to illustrate:

{

   "policies": {
       "ExtensionSettings": {
           "*": {
               "blocked_install_message": "Only approved Firefox extensions can be installed, please email your request to itdept@example.org",
               "installation_mode": "blocked",
               "allowed_types": ["theme", "dictionary", "locale"]
           },
           "@contain-facebook.xpi": { "installation_mode": "allowed" }
       }
   }

}

What I would like is to to allow pre-approved extensions (including if they already are installed) and all other types of add-on, but remove and prohibit installation of unapproved extensions.

Can anyone assist, please?

Hello

I am looking for a way to disable the QUIC protocol in Firefox through Intune. tried by below value but its not working, anyone did the settings in MS Intune for Windows? <enabled/> <data id="JSON" value=' {

 "network.http.http3.enable": {
   "Value": 0,
   "Status": "user"
 },

{

 "network.http.http3.enable_0rtt": {
   "Value": 0,
   "Status": "user"
 }

}'/>

Thanks

Hello, I am trying to create a deny all & white list only gpo for Firefox extensions.

I am using the gpo; Computer Configuration/Policies/Administrative Templates/Mozilla/Firefox/Extensions/Extension Management

I started out simple using a template which worked.

{ "*": { "blocked_install_message": "Your Company Blocked Message", "installation_mode": "blocked" }, "uBlock0@raymondhill.net": { "installation_mode": "allowed" } }

However, when I tried to add in more allowed extensions it now longer worked and was able to install any extension.

{ "*": { "blocked_install_message": "Your Company Blocked Message", "installation_mode": "blocked" }, "uBlock0@raymondhill.net": { "installation_mode": "allowed" }, "querymoid@kaply.com": { "installation_mode": "allowed" } }

I am having the same issue as this other user here: https://www.reddit.com/r/sysadmin/comments/17wvuwh/help_pinning_extension_in_firefox_with_gpo/

Preliminaries -- Initially (before trying to force-pin), I had these GPOs enabled:

Extensions to Install -> https://addons.mozilla.org/firefox/downloads/file/4410896/bitwarden_password_manager-2024.12.4.xpi

Prevent extensions from being disabled or removed ->

• {446900e4-71c2-419f-a6a7-df9c091e268b}
• {3f6129fb-6c55-4452-ab6f-7c109b2301df}
• https://addons.mozilla.org/firefox/downloads/file/4410896/bitwarden_password_manager-2024.12.4.xpi

(Those GPOs above all work.)

What I'm trying to do: Force-pin Bitwarden.

I believe I've followed the documentation correctly (except for not including a "*" case): https://mozilla.github.io/policy-templates/#extensionsettings

I've enabled this GPO with this value:

Extension Management ->

{

 "{446900e4-71c2-419f-a6a7-df9c091e268b}": {
   "default_area": "navbar"
 }

}

After running various "GPUpdate"s and whatnot, the option to uncheck "Pin to toolbar" is still available to click.

I've verified in "about:policies#active" that the JSON item appears next to "ExtensionSettings" and that there are no errors listed in the "Errors" tab.

I've also verified that it appears in the correct location in the Registry.

Since another user had the same issue (Reddit link above), I figured it'd be a good idea to check in with y'all to see if we are missing something.

Thanks for your help!

I need to be able to hide the Extensions button from the toolbar. Is there a way to do that outside of the user.js or prefs.js? Preferably I'd like to do this though the policies.json file though I could not find any options for this.

We have Firefox deployed and managed through Intune/Endpoint and all works well but every device has an error with this line of the policy:

UserMessaging_FirefoxLabs [./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_FirefoxLabs] STATE Error SOURCE PROFILES Source Profile Mozilla_Firefox_Configuration ERROR CODE 0x87d1fde8

The error code is the same on all devices and is the only one present in on each device config.

Does anyone have any idea what the issue and resolution would be?

Thanks, Matt

We are allowing end user to scan 2D matrix barcode using a wedge scanner in our application. We are facing a problem where different elements of the bar code are not getting split into the application. On investigating this further, we found that Firefox browser not recognising the FNC character(input character 29) coming from input stream (barcode scanner in this case).

Hi All, I want to block traffic on firefox externally for managed devices via Intune, following the import of the ADMX/ADML files into intune.

I have set '\Mozilla\Firefox\Exceptions to blocked websites' to the following

• //*.mydomain.com/*

which works, however, I also want to add hosts that are only resolving on IPs and not DNS. I can add specific IPs if known, but is there a way I can allow IP ranges? Ie

• //10.10.*/* (this doesn't currently work)

Of the included screenshot, only the wildcard for mydomain.com and the specific IP currently work

If there is a better way to do this via intune for firefox only, please let me know.

Thanks

Good afternoon,

We're currently trying to set up a Hardening Guide for Firefox ESR but are struggling with a few policies and setting wildcards.

For example, we're trying to set an origin in Cookies > Block Settings to something like "*", and we get the error "Ignoring parameter "*" - not a valid origin."

In Chrome / Edge you can set a wildcard like this: [*.]google.com for example - we receive the same error message for this.

Can you do such a thing for Firefox ESR without having to list every site you want to block?

ESR Version: 115.6.0esr (64-bit)

Kind Regards, Ethan Jerrum