Firefox for Enterprise Support Forum

I posted this previously and got zero response and the post is now archived. Hoping for better luck this time.

We have rolled Firefox ESR to all of our computers. On some of them the Maintenance Service is working correctly and installing updates with no user interaction. On other computers, users are getting a UAC prompt to enter admin credentials to install updates. I have tried various changes that I have found across the web from Deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MozillaMaintenance\Security to uninstalling and re-installing the Maintenance Service. All of the users/computers have the same policies applied via Group Policy (Application Autoupdate: Enabled and Disable Update: Disabled) and are not local admins.

Im working on a deployment package for Mozilla Firefox 106.0.1 when launching Firefox on a brand new user it automatically creates a shortuct for private browsing. Im looking for a way to disable this as the package im creating is an appv package and this new shortcut installs in users profile, so it won't be uninstalled. I have searched google but cant find any hits.

We have the following for customization: Application directory\defaults\pref: localsettings.js with these settings: pref("general.config.obscure_value", 0); // only needed if you do not want to obscure the content with ROT-13 pref("general.config.filename", "mozilla.cfg");

Application directory\mozilla.cfg with these settings: // Don't show WhatsNew on first run after every update pref("browser.startup.homepage_override.mstone","ignore");

// Don't show 'know your rights' on first run pref("browser.rights.3.shown", true);

// Disable Policy Notice on First Run pref("toolkit.telemetry.reportingpolicy.firstRun", false);

// Disable checkDefaultBrowser lockPref("browser.shell.checkDefaultBrowser", false);

Application directory\distribution\policies.json with the following settings: {

 "policies": {
   "DisableAppUpdate": true,

"DontCheckDefaultBrowser": true } }

Is there a corresponding GPO for this setting? I have been unable to find it and searching hasn't yielded much help.

I'm on 102 ESR with up to date admx files. This would be super helpful!

Thanks!

Need way to overwrite prefs.js with corporate standard for kiosk like environment. Either need way to have firefox install in standard path within each user profile or have firefox insert file from source. Advice ? thanks.

Nessus, Qualys, IBM Big Fix security scans constantly pick up firefox vulnerabilities. What we find is that either users have deleted the Firefox background update task or on servers, it never gets put onto the task scheduler. All other browsers have a channel update in the GPO files that ensure they are kept up to date and never show up in our scans. When will firefox put out similar channel GPOs and quit relying on the differently named task that we can't put into a group policy task scheduler, but constantly find firefox vulnerabilities from users that have deleted it so that group policy does not take effect.

Hello,

I'm trying to deploy Firefox with several languages.

I followed the guide on [https://support.mozilla.org/en-US/kb/deploying-firefox-language-packs].

Everything work fine until I set up ExtensionSettings policy. This policy hide and block languages menu.

After scratching my head for a while, I finally figured out how to do it. I would to like to know if an easier way to whitelist all locales and dictionaries. I would like to only control the extensions.

<enabled/> <data id="ExtensionSettings" value=' {

 "*": {
   "blocked_install_message": "Blocked by your administrator.",
   "installation_mode": "blocked",
   "allowed_types": ["extensions", "dictionary", "locale"]
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
 },

"qwantcomforfirefox@jetpack": {

   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/file/3658805/latest.xpi"

}, "langpack-en-CA@firefox.mozilla.org": {

 "installation_mode": "allowed"

}, "langpack-en-GB@firefox.mozilla.org": {

 "installation_mode": "allowed"

}, "langpack-en-US@firefox.mozilla.org": {

 "installation_mode": "allowed"

}, "langpack-es-AR@firefox.mozilla.org": {

 "installation_mode": "allowed"

}, "langpack-es-CL@firefox.mozilla.org": {

 "installation_mode": "allowed"

}, "langpack-es-ES@firefox.mozilla.org": {

 "installation_mode": "allowed"

}, "langpack-es-MX@firefox.mozilla.org": {

 "installation_mode": "allowed"

}, "langpack-fr@firefox.mozilla.org": {

 "installation_mode": "allowed"

}, "langpack-pt-BR@firefox.mozilla.org": {

 "installation_mode": "allowed"

}, "langpack-pt-PT@firefox.mozilla.org": {

 "installation_mode": "allowed"

} }'/>

Thank you

I'm trying to configure the "Extension Management" policy for firefox in my company. We have 14 addons to manage. using JSON this will end to a line of about 2500 characters.

when I try to copy the code into the gpo I get a message telling me the limit is 2048 characters.

Is there a way to baypass this limitation ?

thank you

Hi, trying to setup local update server for Firefox, and I hit on a problem:

Was testing on my PC which has for multiple reasons "normal" Firefox and get to the point where updates from local server are working, but then tried to test the PC where the ESR version is installed - was expecting the update will not be found, and I would download the MAR files for ESR, edit the update.xml.... but the ESR Firefox found and downloaded the "normal" update, but of course could not install it.

Is there a way to set in XML file that one update is only for ESR and another for Rapid release version of Firefox? How to setup local update server for both channels simultaneously?

Another minor question - is there a simple way how to get buildID for/from downloaded prebuild MAR file? Without it the in the XML file update process don't work correctly and only place I found it so far is in source code for that build.

Thanks.

Environment:

• Version: 102.3.0esr
• Build ID: 20220912135840
• OS: Windows_NT 10.0 19044

Issue: I had Firefox window 1 opened in virtual desktop 1, then I switched to virtual desktop 2 and open Firefox window 2 there. After using window 2 for some time, I switched back to virtual desktop 1 and found Firefox window 1 was gone. I checked `about:support` page but found no crash report there. I don't know what's going wrong.

Hi, Background: a few months ago I had to redeploy the CA for a network I manage. I was able to do so and publish the new intermediate CA's cert via Active Directory. Since then, I've updated certs on webhosts with certs from the new CA. Whenever a user uses FF (version 91.12.0) to browse to a site with the newly signed cert, I get an error stating "sec_error_ocsp_old". I've been able to temporarily advise users to disable OCSP Validation in FF security settings, but I'd REALLY like to fix this.

Other browsers (Edge, Chrome, Opera) all load the sites without issue.

Using this the below article, I double checked the time settings on the CA, Webserver, and clients: https://support.mozilla.org/en-US/kb/troubleshoot-time-errors-secure-websites

All the machines/VMs in question show the same time source, time, time zone, and sync interval.

I'm at a loss for what is happening. Any help would be greatly appreciated.

We have about 35 versions of firefox running across the enterprise (38 to 91) and I have been tasked to update the EOL dates for all versions we have to help bring things up to speed and know what is/is not supported.

I found this page with release dates (https://www.mozilla.org/en-US/firefox/releases/) but nothing about when a version has reached it's EOL. Any help would be appreciated.

Steps:

• Open Linux server via VNC
• Open Firefox
• Search the term "test"

Issue:

• The google result page doesn't fit into the window and has a horizontal scrollbar to see content on the right hand side

Note: I need my website to fit into browser properly at 100%(default) zoom itself for the purpose of automation because changing zoom level via selenium automation to press ctrl and minus 3 times causes unexpected behavior like even though value is filled in a textbox, it doesn't get sent in the API request payload. (Python 3.4.3, Selenium 3.12.0, GeckoDriver 0.31.0)

Versions:

• Ubuntu 14.04.6
• Firefox 91.13.0ESR
• VNC: Tight VNC Viewer 2.8.63 OR Real VNC Viewer 6.22.515

I am deploying Mozilla Firefox using Intune. The application is deployed no problem but there is always the error in Intune portal. I was told that Mozilla Firefox has custom return codes to indicate post-installation behavior. That is why though the application itself is installed and works properly on the device, Intune portal does not know the status of the installation and gives the error. This error causes a lot of issues to the further application management. Dose any one knows what those codes are? Or maybe can point into the correct direction on how to get them. Thank you.

Hi We have had FF ers for some time. The old "no longer employed" sccm manager had the 64 bit version install in the x86 dir. We are now trying to use Qualys for patching. How can i move the 12k users bookmarks to the correct install path so Qualys can update when needed. Thanks TJ

Hello,

Applying Preferences & Extension Management GPO's will bug certain GUI settings. The three examples I have are HTTPS-Only Mode & Forms and Autofill within about:preferences, and Enable USB Devices within about:debugging.

When HTTPS-Only Mode is set to "Don't Enable HTTPS-Only Mode" and locked via Preferences GPO, Users can continue to toggle between the settings. Forms and Autofill settings will not populate within about:preferences if address and credit card formfill values are false and locked via Preferences GPO. However, when the same GPO is deployed from Active Directory, Forms and Autofill settings will populate with address available for User toggle. Key, the values within about:config reflect what is set via GPO, and do not change among toggle or User intervention.

When locking down Enable USB Devices within about:debugging by blocking the extension install via Extension Management GPO, Users can continue to toggle the button after the policy applied. Although, just as previously mentioned, the extension does not get installed and seems the policy intervenes.

My questions being, are these simply GUI bugs since the values respect group policy? Are there other methods to lock down these settings?

I understand this is quite a bit of information and appreciate your help and time!

Preferences JSON - { "extensions.formautofill.creditCards.available": {

   "Value": false,
   "Status": "locked"
 },

"extensions.formautofill.creditCards.enabled": {

   "Value": false,
   "Status": "locked"
 },
 "browser.formfill.enable": {
   "Value": false,
   "Status": "locked"
 },
 "extensions.formautofill.addresses.enabled": {
    "Value": false,
    "Status": "locked"
 }

}

Extension Management JSON - { "adb@mozilla.org": { "installation_mode": "blocked" } }

- Dom

I am an administrator at a university and we use Blackboard and Zoom as a couple of the tools at our university. We install Firefox on all of our PCs across campus. After a recent update, when our instructors try to launch Zoom using the integration setup in Blackboard, the meeting fails to launch. We have found that disabling Enhanced Protection fixes this issue. Is there a way to add this exception to an install file that can be sent across many PCs on our campus? We have hundreds of PCs and going from one to another to install this exception would not be practical.

Do you have any suggestions? Justin

We use GPO to push out our Firefox homepage and bookmarks. I get totally different results for each user, some will make changes right away if I add a new book marks, but they don't see older ones?

I decided to build a few test machines (we don't have time to build a dev envir) and it applies the GPO for the home page but not the bookmarks, I can see the book marks in the registry even but nothing on firefox. Anyone have a guess?

thanks David

Some users in my organization have been complaining about FireFox location protection since the update to 103.0.2. We would like an option to completely disable this "feature". Our users are complaining about having to individually make exceptions via the shield icon and selecting custom and unchecking all boxes does not work for our use case scenario. Is there any option to disable this completely or are there plans in future releases to allow us a disable feature (like you used to have) or is the only solution to switch our users to Chrome? Thanks

Hello, Qualys is detecting Vulnerabilites on our Firefox ESR 91.12 Versions which were patched by MFSA2022-29.

It is showing Vulnerabilities because MFSA2022-30 lists CVE's for ESR 102.X and we are on 91.12.

Is there anywhere I can go to get a list of all Vulnerabilities on 91.X to show our Security team, I believe CVE-2022-36314 and CVE-2022-2505 are not present in 91.12 because they are not listed in https://www.mozilla.org/en-US/security/advisories/mfsa2022-29/ but need evidence

Thank You,