• Solved

Can I disable browser using http3 protocol externally ?

I know users are allow to disable http3 through "about:config", and it works. However, I have to apply to multiple devices by script and the risk page might be a challeng… (read more)

I know users are allow to disable http3 through "about:config", and it works.

However, I have to apply to multiple devices by script and the risk page might be a challenge for me.

I tried to edit prefs.js, but it will still be overwrite even I restart my device. (Re-install is not allowed)

Is there any alternative way to disable http3, such as regedit key?

Or is there method to keep pref.js unchangeable?

Asked by Dali 5 days ago

Answered by andmagdo 5 days ago

  • Solved

Firefox tries to connect to high risk IP

We realized that our Firefox ESR 91.4.1 (installed on couple of hundreds of PCs) tries to connect to the IP 34.107.221.82 which is marked as high risk. How is it possibl… (read more)

We realized that our Firefox ESR 91.4.1 (installed on couple of hundreds of PCs) tries to connect to the IP 34.107.221.82 which is marked as high risk. How is it possible? What exactly wants Firefox to do with this IP.

It is strange that connection to this IP goes directly and be blocked on our corporate firewall. Why does it go directly even if proxy is enabled and works. ?

Kind regards Vladimir

Asked by dovlaze 1 week ago

Answered by andmagdo 1 week ago

  • Solved

Does using policies.json turn of the effects of all about:config changes done before?

I just created a policies.json file in the appropriate distribution folder with ONE policiy, then restarted the browser, and now the browser shows: The browser is managed… (read more)

I just created a policies.json file in the appropriate distribution folder with ONE policiy, then restarted the browser, and now the browser shows: The browser is managed by your organisation. ("Der Browser wird durch Ihre Organisation verwaltet." in German.)

Now the question occured to me: Has this any effect on the changes I made before manually in the about:config section, or in the settings UI, other than the one change by the one policy I put in the policies.json?

Firefox 91.3.0esr (64-Bit)

Asked by Bill Smith 3 weeks ago

Answered by Mike Kaply 3 weeks ago

  • Solved

Is there any way to set firefox config by active directory group policy?

Hello I'm Bae, and i'm sorry for my poor English. I want to make my users be able to use seamless single sign on to Microsoft Azure by setting Firefox config with Active … (read more)

Hello

I'm Bae, and i'm sorry for my poor English.

I want to make my users be able to use seamless single sign on to Microsoft Azure by setting Firefox config with Active Directory group policy.

First, I created the 'user.js' file and wrote 'user_pref("network.negotiate-auth.trusted-uris","https://autologon.microsoftazuread-sso.com");' and 'user_pref("network.negotiate-auth.delegation-uris","https://autologon.microsoftazuread-sso.com");' in it.

Second, I put this user.js file in the Firefox¥Profiles folder (such as xxx.default-release).

Third, I checked that the setting was changed on about:config.

Last, I also checked that I could use seamless single sign on to "www.office.com".

What I want to do is to distribute this user.js file to my domain users (exactly, to users' firefox profiles folder) by group policy. Please tell me how to do.

Or, if there is any way to set 'network.negotiate-auth.trusted-uris' and 'network.negotiate-auth.delegation-uris' without user.js file, such as Firefox group policy template, please tell me which one I should modify.

Thanks.

Asked by sherlocksh 1 month ago

Answered by Mike Kaply 1 month ago

  • Solved

Block websites and exceptions to blocked websites not working

Hello, I have a series of laptops that I need to block access to all URLs and only allow access to one. These laptops are not joined to an AD domain so I downloaded the … (read more)

Hello, I have a series of laptops that I need to block access to all URLs and only allow access to one. These laptops are not joined to an AD domain so I downloaded the ADMX templates and copied them to c:\windows\policydefinitions. I ran gpedit.msc and added <all_urls> to the Blocked Websites policy and then added the specific URL to the Exceptions to Blocked Websites policy. However I am unable to access the allowed URL as Firefox is blocking it, despite having the URL defined in the exceptions policy.

I have added various other URLs to the exceptions policy like https://www.msn.com, https://www.yahoo.com, and https://www.mozilla.org, and all are blocked. I have tried different match patterns in the blocked policy and none blocked any URL, which I didn't expect them to anyway. I tried these patterns:

*://*.*.*
https://*.*.*
http://*.*.*
*

Also in my testing I added https://www.yahoo.com to the block policy, did not enable the exceptions policy and found Firefox did not block that site, which makes zero sense. Am I missing something? I was able to do something similar to this in Chrome with its ADMX templates copied locally to a non-domain joined PC, and it worked flawlessly.

Asked by mgorski10 1 month ago

Answered by mgorski10 1 month ago

  • Solved

block file:///c:/ in Firefox Quantum release 60.4.0esr(32-bit)

Hello, I ve tried to block file:///c:/ in Firefox Quantum release 60.4.0esr(32-bit) by the above .json with no results. I ve also tried to block it in a newer release and… (read more)

Hello, I ve tried to block file:///c:/ in Firefox Quantum release 60.4.0esr(32-bit) by the above .json with no results. I ve also tried to block it in a newer release and it was fine (78.15.0esr (32-bit)). Is anything i can do to block it in this particular version i m using(60.4.0esr(32-bit))?

Thank you

{ "policies": { "WebsiteFilter": { "Block": ["file:///C:/*"] } } }

Asked by ThanosTh 3 months ago

Answered by Mike Kaply 2 months ago

  • Solved

GPO (Group Policy) Change security.tls.enable_0rtt_data

Hello, we have some trouble in our Enterprise Environment with tls 1.3 and 0rtt data. The integrated google search and other websites doesnt work as they should (Pages do… (read more)

Hello,

we have some trouble in our Enterprise Environment with tls 1.3 and 0rtt data. The integrated google search and other websites doesnt work as they should (Pages doesnt load and stay white).

So we want to turn of "security.tls.enable_0rtt_data" with Group Policy. But i cannot find a switch for this setting.

When i try to set security.tls.enable_0rtt_data with Preferences in GPO it doesnt work (old Preferences is empty) { "security.tls.enable_0rtt_data": { "Value": false, "Status": "locked" } }

With Preferences i am able to configure security.tls.hello_downgrade_check, but not security.tls.enable_0rtt_data

The only workaround would be to disable tls 1.3 completely and use tls 1.2. (security.tls.version.max = 3) Is there a solution for this?

Regards, Michael

Asked by michael.reiter 4 months ago

Answered by Mike Kaply 3 months ago

  • Solved

Migrating normal Firefox profiles to Firefox ESR ones

We have around 1000 Firefox installations on our government organization, all installed via the Firefox MSI installer. Unfortunately, we came late to realize that the Fir… (read more)

We have around 1000 Firefox installations on our government organization, all installed via the Firefox MSI installer. Unfortunately, we came late to realize that the Firefox ESR would be a much more suitable product, compared to the normal Firefox branch.

Now, some years ago we would simply mass uninstall the normal Firefox and mass install the (latest) ESR version and all would be well. Problem is that we have to keep existing profiles (including passwords/bookmarks etc), something that is not supported in the latest Firefox builds.

Can anyone offer some advice/"hacks" to accomplish this? Note that whatever we'll do, we'll have to do it automatically, we lack the man-power to do this manually on a system by system basis...

Thanks in advance for any information provided.

Asked by Michail Pappas 3 months ago

Answered by Mike Kaply 3 months ago

  • Solved

Firefox resetting profiles after each launch. Keeps creating new install even if same version launched

Hello world, This problem is sticking for a year now. We even switched to ESR thinking it will fixed the problem but to no avail. After a bunch of test, I've finally deci… (read more)

Hello world,

This problem is sticking for a year now. We even switched to ESR thinking it will fixed the problem but to no avail. After a bunch of test, I've finally decided to post and ask for help. Tests have been done on macos 11.6 fresh vanilla install, no encryption (no filevault, I hate it), and Firefox 91.1.0esr (64 bits), but problem is the same since version 75 + (no problem seen on windows or linux) If I don't use Profiles Manager, at each launch of Firefox a new profile is created with no import from former profiles. If I do use Profiles Manager, I can keep on choosing my default profile, and no new ones are created, BUT new install is added to install.ini and profiles.ini. All tests have been done with the exact same firefox (i mean, application is the same and correctly installed in the /Applications of macos).

Here is the profiles.ini

[Install5A291CFD23D97DBF] Default=Profiles/ucaeqkrb.default-esr Locked=1

[Profile0] Name=default-esr IsRelative=1 Path=Profiles/ucaeqkrb.default-esr Default=1

[General] StartWithLastProfile=0 Version=1

[InstallF5B6C4E8673B7987] Default=Profiles/ucaeqkrb.default-esr Locked=1

[Install7F9608401B386673] Default=Profiles/ucaeqkrb.default-esr Locked=1

And the installs.ini

[5A291CFD23D97DBF] Default=Profiles/ucaeqkrb.default-esr Locked=1

[F5B6C4E8673B7987] Default=Profiles/ucaeqkrb.default-esr Locked=1

[7F9608401B386673] Default=Profiles/ucaeqkrb.default-esr Locked=1

As you can see each launch of Firefox created a new hash of installation (even if same it's always the same firefox version). As long as I choose my default profile in profiles manager, I can keep it. If I switch to default comportment, I will get a new profile at each launch (as it see en new install hash) and it will not import former profiles (even if it's from the same or an older version).

So I'm wandering, why Firefox keeps on adding a news install hash on each launch, and/or how can I prevent it from doing it.

Asked by firefox1540 4 months ago

Answered by Mike Kaply 3 months ago

  • Solved

prevent firefox tabs from opening

Hey there I am running Firefox on a lot of touchpanels in kiosk mode. It works really great and is rather reliable. The only problems are tabs from firefox opening. Like… (read more)

Hey there

I am running Firefox on a lot of touchpanels in kiosk mode. It works really great and is rather reliable.

The only problems are tabs from firefox opening. Like the tab advertising the firefox account, first start tab, update tab and the tab to recreate a session after a powerloss.

As it is a kiosk, I dont want any of the users to see these things.

Yet though I did not find a way to disable these tabs/ functions.

Is there a way to do so? If yes then your help would appreciated a lot!

Sincerely Alessio

Asked by Ale 3 months ago

Answered by Mike Kaply 3 months ago

  • Solved

GPO Settings

Good Afternoon Im currently configuring OKTA for SSO, part of this setup is to configure a FireFox option, for people that use this particular browser. These are the inst… (read more)

Good Afternoon

Im currently configuring OKTA for SSO, part of this setup is to configure a FireFox option, for people that use this particular browser.

These are the instructions provided by OKTA:- Open the Firefox web browser, enter about:config in the Address bar. If the Proceed with Caution message appears, click Accept the Risk and Continue. In the Search preference name field, enter network.negotiate-auth.trusted-uris. Click Edit, enter <org>.kerberos.okta.com, and click Save.

This works fine when i manually edit the config for myself to test, but i need to deploy this across our org, i downloaded the Mozilla GPOS but i cannot find anywhere i can set this particular setting.

Is it possible to set this particular setting in the GPOs? so i can deploy across our org.


Thanks.

Asked by richard.rostron 4 months ago

Answered by jscher2000 4 months ago

  • Solved

policies.json WebsiteFilter does not block website properly

Suppose I have a "policies.json" file in the "distribution" subdirectory of my Firefox installation. And suppose "policies.json" file contains this: { "policies": { … (read more)

Suppose I have a "policies.json" file in the "distribution" subdirectory of my Firefox installation.

And suppose "policies.json" file contains this:

{

 "policies": {
     "WebsiteFilter": {
         "Block": [
           "youtube.com",
           "www.youtube.com",
           "http://www.youtube.com",
           "https://www.youtube.com",
         ]
     }
 }

}


Now if I type "youtube.com" in the address bar, it shows "Your organisation has blocked access to this page or web site." It means firefox blocks "youtube.com" correctly. Meanwhile the url in the address bar is "https://www.youtube.com/."

But if I remove "https://www." from "https://www.youtube.com/" in the address bar (Not retype), I can actually visit "youtube.com." It means somehow the webfilter is not working properly.

This issue exists in ubuntu and macos with version 92.0(64-bit).

Does anyone have the same problem? Any help would be appreciated.

Asked by purple_sheep 3 months ago

Answered by jscher2000 3 months ago

  • Solved

Kiosk Usage

I am currently creating new Images for our touch kiosks and would like to use Firefox. Sadly I am confronted with some problems / strange behaviour. I want to set up a wi… (read more)

I am currently creating new Images for our touch kiosks and would like to use Firefox.

Sadly I am confronted with some problems / strange behaviour.

I want to set up a windows Kiosk with Firefox as shell application. So far this worked but the Firefox window opens around 5 times at every restart, also it does not open again if it is closed. The reopening is a feature of the eshell which reacts to the exit code of the Application. Is there anything you know what causes these behaviours? Google chrome does nothing of these things and simply gets restarted if it is closed, as it should.

The second thing is, the built in Kiosk mode is great but our Application at least needs tabs. Is it possible without too much of a hassle to create such a locked down experience? I'd like to do it with a policy or settings file and not to create my own browser out of firefox, maybe there's a way I have overseeen.

I'd really like to do it with firefox as I personally always had a great experience and I trust the team behind it. Thank you for your support beforehand!

Asked by Ale 5 months ago

Answered by Mike Kaply 4 months ago

  • Solved

How to find the URL to use for ExtensionSettings?

I am using group policy, extension settings. I want to block all extensions, require 1, and allow a handful. I think I have the JSON figured out but finding the URL to … (read more)

I am using group policy, extension settings. I want to block all extensions, require 1, and allow a handful. I think I have the JSON figured out but finding the URL to use is escaping me.

I can find the site in the Mozilla addons, https://addons.mozilla.org/en-US/firefox/addon, but how do I find the exact filename to use? I see that many end in latest.xpi but I'm unsure what that means or how I should know which is correct. I know how to find it in Chrome but I'm now trying for FireFox. I've had a hard time and it's not as clear as the direct GPO implementation as Chrome uses.

My next thing to figure out is when extension settings are mentioned in multiple levels of the GPO hierarchy. That's a separate question and not needed for an answer to this question. I only mention it as someone who knows one part is likely to know the other as well.

Thanks, -g

Asked by GrumpyGreg 4 months ago

Answered by cor-el 4 months ago

  • Solved

Attempting ExtensionSettings via Extension Managmement GPO - Error 'No text was entered...'

Hi, I'm trying to create a Windows GPO to control Addons/Extensions in our FireFox installations. From the doc I've read, the place is Policies|Administrative Templates|M… (read more)

Hi, I'm trying to create a Windows GPO to control Addons/Extensions in our FireFox installations.

From the doc I've read, the place is Policies|Administrative Templates|Mozilla|Firefox|Extensions Policy is "Extension Management"

I set it to enabled and include this text: {

 "*": {
   "blocked_install_message": "My Custom Test Message",
   "installation_mode": "blocked"
 }

}

When I hit apply, I get this error message: "No text was entered for this field. Make sure that you enter text."

If I put nothing (but still enabled) or "A" or A, then it accepts that. It's when I plop in the JSON that it fails.

What am I doing wrong?

I have ESR 91.0.1 and policy 3.0 installed. I do not have Firefox installed on the machine doing the GPO work, that's currently only on the test machine. I do have the policy definitions installed.

-g

Asked by GrumpyGreg 4 months ago

Answered by Mike Kaply 4 months ago

  • Solved
  • Archived

Silently Import Bookmarks from IE to Firefox

I am in an enterprise environment with over 500 machines, and we are looking for a way to import users Bookmarks from IE to Firefox silently and behind the scenes without… (read more)

I am in an enterprise environment with over 500 machines, and we are looking for a way to import users Bookmarks from IE to Firefox silently and behind the scenes without requiring user interaction.

Due to security restrictions 3rd party software is not a possibility. Most users have already been using Firefox. We do not want to delete their existing bookmarks in Firefox

Asked by Reod_Dai97 7 months ago

Answered by Mike Kaply 6 months ago

  • Solved
  • Archived

Certificates included with browser

I am trying to use a policies.json file to include a certificate for my own website using a certificate stored online, but not locally. Would it be possible to do so usi… (read more)

I am trying to use a policies.json file to include a certificate for my own website using a certificate stored online, but not locally. Would it be possible to do so using code similar to below: {

   "policies": {
   "Certificates": {
       "ImportEnterpriseRoots": true,
       "Install" [
           "cert_name",
           "http://www.xxxxxxxx.com/xxxxx/xxxxx.der"
                  ]
            }
       }
   }

Any help would be greatly appreciated.

Asked by gtevi 6 months ago

Answered by Mike Kaply 6 months ago