Firefox for Enterprise Community Forum

We recently update Firefox with version 138.0 and now getting the message "Gah. Your tab just crashed" when opening the browser.

We attempted to update and install version 138.0.1 only resulting with the same error. We also found and attempted the following all resulting with the same error: - change the about:config page for settings to false for both browser.tabs.remote.autostart and browser.tabs.remote.autostart.2

- clear browser cache.

- enable Temporary Mode in the Help menu. This appears to fix the problem but only for the current browser session. When a new Firefox window is opened, the error reappears.

What is needed to resolve this error or is there a way to permanently enable Temporary Mode or some similar setting? Thanks for all your help with this.

Dear Everyone, Facing issue with deploying Configuration Profile for Extension Settings via Intune. Tried ADMX imported template with adding there "block all extensions" and allow certain ones. Worked perfect in Jamf, for Intune failing all time. We are using Firefox v.121, policies are for v.120, but I am in doubt that this is the issue. Can someone review and let me know if there any issue or may be changes? Using latest instructions https://mozilla.github.io/policy-templates/#extensionsettings Also here is my OMA, very easy.

OMA used ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings

Value(string):

<enabled/> <data id="ExtensionSettings" value=' {

 "*": {
   "blocked_install_message": "Security Test",
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "{bf855ead-d7c3-4c7b-9f88-9a7e75c0efdf}": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/zoom-new-scheduler/latest.xpi"
 },
   "@react-devtools": {
   "installation_mode": "allowed"
 }

}'/>

Hello,

New subscriber here. I have been given the task to test the install and uninstall of the Purview Firefox browser extension using Intune. I created 2 groups in EntraID, one for each (install and uninstall).

I have no issues with the installation. Initially, I left the test device in the install group and then added it to the uninstall group to remove it. (this usually works with other apps, it worked this way with the Purview Chrome browsing extension as well other apps) but when I do this, nothing happens.

Next, I removed the device from the install group and added it to the uninstall group only. Once the configuration profile applies to the test device, it allows the user to remove it manually (before it did not) but the extension remains installed.

I have created a policy using the administrative template extension uninstall option as well as with the OMA-URI settings but the same happens. When i check the device configuration for the device in Intune, it says it succeeded but that is not the case. The OMA-URI setting I was not too sure about, but gave it a shot. I used the UUID value for the Purview Firefox extension

I am attaching some pictures and hope someone can tell me what I am doing wrong. I can add additional information, if needed. I have opened a ticket with Microsoft last week but have not called me yet. I ran into this forum today.

Thanks in advance

Welcome, We are implementing redirected folders in our company via Widnows Server. We are also redirecting the Appdata folder. We have offline mode enabled which means that the folders are synchronised every 5 minutes. The synchronised Appdata folder has a Firefox profile which causes a lot of conflicts. Every time the folder is synced there are conflicts like "Both versions have been updated since the last sync" or "Cannot sync now. Try again". I attach a screen shot of how much of this there is. No other applications cause such errors. Only Firefox blocks us from a large deployment. If the problem cannot be resolved we will be forced to abandon the FireFox browser altogether. Has anyone had a similar problem?

Dear Team,

When my Client device installs From Firefox 102.7.0 ESR to Firefox 128.7.0 from SCCM. (The case is First install the Version 102.7.0 then save the Bookmarks and then uninstall. Second Install the 128.7.0 then check the bookmarks)

user profile Bookmarks are not mapped in Firefox. When I check C:\Users\Tests\AppData\Roaming\Mozilla\Firefox\Profiles I can see the xxxx.defaultesr

I don't understand why the bookmarks are not linked in Firefox. Can you please help? I would be thankful to you if you could share me the .bat script

Thank you

Dear Team, Our application is accessible on Firefox v101.0.1. But recently we have upgraded our desktops with Firefox v112.0.1. The same application accessible on Firefox 101.0.1 is not able to accessible on v112.0.1.

The error code we could see on browser is SEC_ERROR+PKCS11_GENERAL_ERROR. We have already raised a case with HTTP support team but they have suggested to check at browser level. We had also collected traces from firefox but unable to upload the same. Kindly help here at the earliest. Thanks, Shruti Fegade

I am trying trying to install the keeper extension via intune but am having trouble with the oma-uri. It looks right to me but I might be missing something. Prior to running this I followed https://mzl.la/3vYAIYT and added the Firefox ADMX. Both run successfully but it does not add the extension. Firefox version 116.0.3

OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings

String: <enabled/> <data id="ExtensionSettings" value=' {

 "*": {
   "blocked_install_message": Opps, this may have been a mistake reach out to IT.",
   "install_sources":["about:addons","https://addons.mozilla.org/"],
   "installation_mode": "allowed",
   "allowed_types": ["extension" ,"theme"]
 },
 "KeeperFFStoreExtension@KeeperSecurityInc": {
   "installation_mode": "normal_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/keeper-password-manager/latest.xpi",

"default_area": "navbar"

 },

}'/>

I am writing from an enterprise environment and I have been directed to the community page by Mozilla support to seek answers. This approach seems somewhat unreasonable for an enterprise setting and it has led me to consider discontinuing their product within our organization. I had requested support to send me a copy of my previous correspondence as I had forgotten some details, but this request was ignored, which is disappointing.

I am skeptical about receiving the help or answers I need here. If there is a more direct line to Mozilla support, I would greatly appreciate being redirected there.

We are currently using Firefox 121.0 and are attempting to implement the Applied Epic extension. I have updated the ADMX policy.

Originally, the reg key flip I created did work but something has changed since then. See screenshot of this. I followed the guide provided at https://github.com/mozilla/policy-templates/blob/v5.5/docs/index.md, which instructed me to place the registry key in Software\Policies\Mozilla\Firefox\Extensions\Install\1. However, the guide did not specify whether this should be in HKLM or HKCU. I tried this instead, and it did not work.

I also attempted to implement the extension via GPO, but this was unsuccessful. I tried the new Extension Management system as well, but to no avail.

Here is the JSON configuration I used: {

 "AppliedEpicExtension@gmail.com": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/file/4143256/applied_epic_extension-3.16.3.xpi"
 }

}

Despite following the guide and trying multiple methods, none of the options seem to work. I would appreciate any guidance on what I might be doing wrong.

Hello, from Terminal Servers, it is not possible to browse the Internet via FortiGate's explicit proxy from the Firefox browser, while there is no problem with Chrome or Edge. When the user tries to browse external sites, the proxy sends the error page "You need to authenticate to use this service". It seems that Firefox does not pass user authentication to FortiGate. The proxy authenticates users per session via Kerberos tickets.

Firefox version: 115.5.0esr

I also performed the following settings to pass the Kerberos ticket to the proxy without success: https://people.redhat.com/mikeb/negotiate/

I also noticed that it is not possible to change the "network.negotiate-auth.allow-proxies" setting from "false" to "true." Is this my problem? Is it normal that it cannot be changed?

Attached are the settings.

Thank you in advance.

Hi there,

We are currently utilizing Windows Server 2019 as our development server. To maintain security protocols, we have implemented a Group Policy to block internet access on this server. Initially, this configuration successfully restricted internet access on all browsers, including Firefox. However, recently we encountered an issue where internet access became available solely through the Firefox browser, posing a significant data security risk.

Upon investigation, we discovered that Firefox allows users to modify proxy settings, effectively bypassing our Group Policy restrictions. Unlike other browsers, Firefox permits users to adjust proxy settings without sufficient rights, thus overriding our established restrictions.

To mitigate this issue, we require guidance on enforcing Group Policy settings within Firefox to prevent unauthorized alterations to proxy settings and ensure internet access remains restricted. It's important to note that Firefox is exclusively utilized for development purposes on our server.

Your assistance in resolving this matter would be greatly appreciated.

Regards, Hiten

Hi!

Using Intune, we are setting some settings in Firefox. One that is a bit troublesome is the ExtensionSettings

Currently looks like this:

{

 "*": {
   "blocked_install_message": "Blocked.",
   "installation_mode": "blocked"
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "allowed"
 },
 "addon@darkreader.org": {
   "installation_mode": "allowed"
 },
 "@react-devtools": {
   "installation_mode": "allowed"
 }

}

I get the Blocked message if I try any of the allowed extentions like uBlock, Dark Reader or React Dev Tools.

I can add that uBlock had "force_installed" (With URL since that is required for force) and that worked fine.

I'm having trouble find clear directions online on how to import Firefox Developer Edition into my Intune App Catalog to deploy it to users. I was able to convert the .exe installer into a .intunewin file but Intune won't import it for some reason. All the other directions i keep finding just direct me to creating a custom configuration policy around FireFox but it looks like it is just the basic Firefox for Enterprise.

I'm hoping to either get directed to actual directions for this or even a .msi installer for the developer edition. Does that exist?

I am having the same issue as this other user here: https://www.reddit.com/r/sysadmin/comments/17wvuwh/help_pinning_extension_in_firefox_with_gpo/

Preliminaries -- Initially (before trying to force-pin), I had these GPOs enabled:

Extensions to Install -> https://addons.mozilla.org/firefox/downloads/file/4410896/bitwarden_password_manager-2024.12.4.xpi

Prevent extensions from being disabled or removed ->

• {446900e4-71c2-419f-a6a7-df9c091e268b}
• {3f6129fb-6c55-4452-ab6f-7c109b2301df}
• https://addons.mozilla.org/firefox/downloads/file/4410896/bitwarden_password_manager-2024.12.4.xpi

(Those GPOs above all work.)

What I'm trying to do: Force-pin Bitwarden.

I believe I've followed the documentation correctly (except for not including a "*" case): https://mozilla.github.io/policy-templates/#extensionsettings

I've enabled this GPO with this value:

Extension Management ->

{

 "{446900e4-71c2-419f-a6a7-df9c091e268b}": {
   "default_area": "navbar"
 }

}

After running various "GPUpdate"s and whatnot, the option to uncheck "Pin to toolbar" is still available to click.

I've verified in "about:policies#active" that the JSON item appears next to "ExtensionSettings" and that there are no errors listed in the "Errors" tab.

I've also verified that it appears in the correct location in the Registry.

Since another user had the same issue (Reddit link above), I figured it'd be a good idea to check in with y'all to see if we are missing something.

Thanks for your help!

I'm a security analyst. I would like to get email notifications on security advisories, alerts and vulnerability information regarding Firefox to stay up to date. Please help on how I can get the subscription?

We have Firefox deployed and managed through Intune/Endpoint and all works well but every device has an error with this line of the policy:

UserMessaging_FirefoxLabs [./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_FirefoxLabs] STATE Error SOURCE PROFILES Source Profile Mozilla_Firefox_Configuration ERROR CODE 0x87d1fde8

The error code is the same on all devices and is the only one present in on each device config.

Does anyone have any idea what the issue and resolution would be?

Thanks, Matt

I am using the intune preview feature which allows you to import admx/adml instead of using the custom injection method. Everything works far better then with the injection method, except for one settings:

ExtensionSettings this setting is working when I have only one setting set (ex):

{"someplugin@test.com": { "installation_mode" : "allowed" }}

If I add a second line to the entry:

{"someotherplugin@test.com":{ "installation_mode" : "allowed"}}

I understand this is a new feature, but if I had the correct format that would work for HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\ExtensionSettings to allow two plugins to work I belive I shouldn't have any issue getting the admx feature to do this, I even tried manually editing the registry setting and it breaks whenever I add the second line to it.

I am pushing out bookmarks company-wide through Intune on users Laptops. I spoke with Microsoft support and the configuration policy is created correctly and I followed Firefox's support page in creating them. It seems that the new JSON script that tells Firefox what bookmarks is unable to parse.

Anyone know if Firefox had an update that prevents intune from sending the JSON file?

Error message given through firefox.

"Unable to parse JSON for ManagedBookmarks"

Hi All, I want to block traffic on firefox externally for managed devices via Intune, following the import of the ADMX/ADML files into intune.

Having read https://support.mozilla.org/en-US/kb/managing-firefox-intune I have set '\Mozilla\Firefox\Exceptions to blocked websites' to the following; //*.mydomain.com/*

Which works, however, I also want to add hosts that are only resolving on IPs and not DNS. I can add specific IPs if known, but is there a way I can allow IP ranges? Ie

//10.10.*/* (this doesn't currently work) Of the included screenshot, only the wildcard for mydomain.com and the specific IP currently work

I've looked over the link that is recommened in the policy (indirectly) and can't see an option for allowing an IP range. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Match_patterns

If there is a better way to do this via intune for firefox only, please let me know.

Thanks

Hi All,

I have recently been enhaciing our security posture and have started sorting out our browser extensions, however I seem to be having errors allowing 2 extensions

• 1Password; and
• Firefox Multi Containers.

This is my json:

{ "*": { "blocked_install_message": "version 0.4 - Addon or Extension is not approved. Please submit a ticket to Help Desk if you need access to this extension.", "install_sources": ["https://addons.mozilla.org/"], "installation_mode": "blocked" }, "{bc8367b6-d946-484e-8da6-37691f23ee64}": { "installation_mode": "allowed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/1password-x-password-manager/latest.xpi" }, "{2a28e7e4-64c9-4e7f-81fb-0475af840c0f}": { "installation_mode": "allowed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/multi-account-containers/latest.xpi" } }

I have tried the obvious and removed the {} from both extensions, however still having troubles.

Is someone able to point me in the right direction?