Showing questions tagged: Show all questions
  • Solved
  • Archived

Can no longer play media with Firefox ESR 102.x

Hello, ever since we moved endpoints from Firefox ESR 91.13 to 102.3, it has become impossible to play any media with Firefox. No video will play in youtube, for instanc… (read more)

Hello, ever since we moved endpoints from Firefox ESR 91.13 to 102.3, it has become impossible to play any media with Firefox.

No video will play in youtube, for instance (it just loads endlessly as if it would start, but it doesn't).

Can't use radio websites either. Anything with a "play" button (video or sound) does nothing.

This has been tested with a clean profile, a clean install, after allowing autoplay in the settings.

Is there any info on what exactly changed between ESR 91 and 102 that might explain this ? There has been no system change, If I reinstall 91 instead it works again as usual.

No issues anywhere else on the endpoints (Edge, Windows), this is on Windows 10 if it makes any difference.

Tanks for any help on this.

Asked by OdeonFF 2 years ago

Answered by OdeonFF 1 year ago

  • Solved
  • Archived

AutoConfig Alert

Good morning, I'm reaching out to see if I can get some assistance with Firefox on of our network. I'm System Admin at Goodfellow AFB. I've tried searching this issues … (read more)

Good morning,

I'm reaching out to see if I can get some assistance with Firefox on of our network. I'm System Admin at Goodfellow AFB. I've tried searching this issues on the web and found similar issues but solutions that were recommend online have not worked for us. Yes I have uninstalled Firefox completely and installed it from scratch. I know it has something to do with autoconfig file but not sure what exactly I'm looking for. Thanks.

Asked by Chase Cathey 2 years ago

Answered by jscher2000 - Support Volunteer 2 years ago

  • Solved
  • Archived

Firefox Intune OMA-URI error

Dear Everyone, Facing issue with deploying Configuration Profile for Extension Settings via Intune. Tried ADMX imported template with adding there "block all extensions"… (read more)

Dear Everyone, Facing issue with deploying Configuration Profile for Extension Settings via Intune. Tried ADMX imported template with adding there "block all extensions" and allow certain ones. Worked perfect in Jamf, for Intune failing all time. We are using Firefox v.121, policies are for v.120, but I am in doubt that this is the issue. Can someone review and let me know if there any issue or may be changes? Using latest instructions https://mozilla.github.io/policy-templates/#extensionsettings Also here is my OMA, very easy.

OMA used ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings

Value(string):

<enabled/> <data id="ExtensionSettings" value=' {

 "*": {
   "blocked_install_message": "Security Test",
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "{bf855ead-d7c3-4c7b-9f88-9a7e75c0efdf}": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/zoom-new-scheduler/latest.xpi"
 },
   "@react-devtools": {
   "installation_mode": "allowed"
 }

}'/>

Asked by Valery Volos 9 months ago

Answered by Mike Kaply 9 months ago

  • Solved
  • Archived

deploying firefox-add-ons via group policies doesn't work anymore after proxy-change

Hello, I used to deploy add-ons via group policies - this worked like a charm: Firefox esr (91.11.0esr x64), ADMX-templates in Sysvol\PolicyDefinitions, Group Policies: … (read more)

Hello,

I used to deploy add-ons via group policies - this worked like a charm: Firefox esr (91.11.0esr x64), ADMX-templates in Sysvol\PolicyDefinitions, Group Policies: User configuration, administrative templates, mozilla, firefox, add-ons --> install add-ons --> https://addons.mozilla.org/firefox/downloads/file/1234567/goodaddon-1.0.01.xpi

A few months ago, we had to change our network-configuration. We were using a proxy before, but our proxy had direct access to the internet. Now our proxy forwards everything to another proxy. Since about that time, add-on-deployment via gpo doesn't work anymore. It could be something else, but i suspect the proxy-change.

I tried to deploy unc-paths, internal websites and different syntaxes; none of this works:

  • http://192.168.100.10/goodaddon-1.0.01.xpi
  • http://internalwebsite/goodaddon-1.0.01.xpi
  • https://192.168.100.10/goodaddon-1.0.01.xpi
  • https://internalwebsite/goodaddon-1.0.01.xpi
  • \\192.168.100.20\netshare\goodaddon-1.0.01.xpi
  • \\internalfileserver\netshare\goodaddon-1.0.01.xpi
  • file://///192.168.100.20/netshare/goodaddon-1.0.01.xpi
  • file://///internalfileserver/netshare/goodaddon-1.0.01.xpi

As you can see I tried using internal sites, so that no proxy would be needed. And I also added these sites to the allowed add-on-installation-sites (computer configuration, same group policy). The sites are all accessible; if I enter these addresses as url, firefox can access the xpi-file.

I know how to pack add-ons into the firefox-setup-file; that still works. But first of all, firefox is already installed on most of my clients. Second, after a fresh installation of firefox with this self-created package, all add-ons are installed, but not activated. And I would like to restrict activation/deactivation of add-ons via gpo.

  1. 1 Are there other ways to deploy add-ons in a domain-network (e.g. script-based)?
  2. 2 Are there any logs where I could find out what exactly goes wrong?
  3. 3 Are there any other syntaxes I could try (group policy urls)?
  4. 4 Can anyone guess what the problem is (why it is not working anymore)?

Help would be very much appreciated.

Best regards.

Asked by mozilla355 2 years ago

Answered by mozilla355 2 years ago

  • Solved
  • Archived

Intune ExtensionSettings Policy No Longer Working in Firefox

Hello, in Firefox browser, my organization has always blocked all extensions except for ones we allow through OMA-URI ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~fi… (read more)

Hello, in Firefox browser, my organization has always blocked all extensions except for ones we allow through OMA-URI ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings.

About a month ago this stopped working and our end users can now install any extension in the Firefox browser that they choose, without approval, creating a security risk.

When checking in about:policies, there is a policy error: Unable to parse JSON for ExtensionSettings. We have checked with Microsoft Intune support and they verified that the policy looks to be configured and targeted correctly.

Here is a snippet of our JSON, this is a test policy where microsoft support had us remove "about:addons" from the 'install sources'. Both test and production policies are not working.

<enabled/>
<data id="ExtensionSettings" value='
{
    "*": {
        "blocked_install_message": "Contact Service Line",
        "install_sources": ["https://addons.mozilla.org/*"],
        "installation_mode": "blocked",
        "allowed_types": ["extension"]
    },
    "cloudmetering@snowsoftware.com": {
        "installation_mode": "force_installed",
        "install_url": "file:///C:/Program Files/Snow Software/Inventory/Agent/FFCloudmetering.xpi"
    },
    "fpdlpffext2@forcepoint.com": {
        "installation_mode": "force_installed",
        "install_url": "file:///C:/Program Files/Websense/Websense Endpoint/winFFext.xpi"
    },
    "jid1-5AULKXLKGyjuLQ@jetpack": {
        "installation_mode": "allowed"
    },
    "abb@amazon.com": {
        "installation_mode": "allowed"
    },
    "ciscowebexstart1@cisco.com": {
        "installation_mode": "allowed"
    },
    "linkedinConverted@firefox-extension": {
        "installation_mode": "allowed"
    },
    "{7bc53591-5218-45a0-b572-4366979097fd}": {
        "installation_mode": "allowed"
    },
    "queryamoid@kaply.com": {
        "installation_mode": "allowed"
    },
    "jid1-93WyvpgvxzGATw@jetpack": {
        "installation_mode": "allowed"
    },

Is this a bug? Or something wrong with our configuration? Has firefox changed the requirements of the extensionsettings OMA-URI?

Thanks for any help in advance.

Asked by victoria.gray 1 year ago

Answered by victoria.gray 1 year ago

  • Solved
  • Archived

how to disable common users to modify the settings of "No proxy for" in "Connection Settings"

I am an admin of some servers, i modify the proxy settings of firefox in a GPO, and it works, but now ont thing is that users can modify the settings of "No proxy for" in… (read more)

I am an admin of some servers, i modify the proxy settings of firefox in a GPO, and it works, but now ont thing is that users can modify the settings of "No proxy for" in Connection Settings, then add the urls, then users can access to any web site which they want to, is there a method to disable this? thanks.

Asked by fas910 1 year ago

Answered by Mike Kaply 1 year ago

  • Solved
  • Archived

GPO Settings for AutoFill Address and Credit Cards

We downloaded the GPO Templates for AD and looking to customize Firefox. We would like to disable Forms and Autofill: Autofill addresses Autofill credit cards Also wou… (read more)

We downloaded the GPO Templates for AD and looking to customize Firefox.

We would like to disable Forms and Autofill: Autofill addresses Autofill credit cards

Also would like to lock down so they can't reenable if possible.

We would like to do this all through GPOs if possible. I found these in the about:config: extensions.formautofill.addresses.enabled extensions.formautofill.creditCards.enabled

But again want to do through the GPO. Is this possible?

Side note while working on GPOs, I set Exceptions for the popup blocker and they are not showing up in the browser. I also filled out to remove Search Engines but they all still appear in the browsers. These two GPO settings don't appear to be working.

Asked by Joshua_Calais 1 year ago

Answered by Mike Kaply 1 year ago

  • Solved
  • Archived

Application Handlers

Hi All, I have been on the struggle bus lately trying to get the application handlers set properly in our GPO. I am trying to get PDF, webp, avif to open in browser, and… (read more)

Hi All, I have been on the struggle bus lately trying to get the application handlers set properly in our GPO. I am trying to get PDF, webp, avif to open in browser, and jnlp to auto launch Java. Any help will be greatly appreciated!

{"application/pdf":{"action":3,"extensions":["pdf"]},"image/webp":{"action":3,"extensions":["webp"]},"image/avif":{"action":3,"extensions":["avif"]},"application/x-java-jnlp-file":{"action":4,"handlers":[{"name":"javaws.exe","path":"C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\javaws.exe"}],"extensions":["jnlp"]}}

Asked by Chris Wilkerson 7 months ago

Answered by Mike Kaply 7 months ago

  • Solved
  • Archived

Firefox ESR deployment with MDT Error: 1618

We use Microsoft MDT for computer deployment. We have been installing the Standard version of Firefox for a long time with no problem. Recently we started using AD GPO Te… (read more)

We use Microsoft MDT for computer deployment. We have been installing the Standard version of Firefox for a long time with no problem. Recently we started using AD GPO Templates to configure firefox. To be able to configure certain settings you need to be running the ESR version. I downloaded the more recent ESR version: 102.12.0esr.msi file.

When deploying machine MDT to install Mozilla firefox I keep getting this error: Application Mozilla Firefox ESR returned an unexpected return code: 1618

This is the only application having issues and this issue only came up since I change the installation file to the ESR version.

This is the install command being used in MDT: msiexec /i "Firefoxesr.msi" /qn /norestart

I am posting here and not with MDT support, as this only started happening when I changed the installation file to the ESR version. Has anybody else had a problem deploying ESR version through MDT? Any help on how to fix?

Asked by Joshua_Calais 1 year ago

Answered by Joshua_Calais 1 year ago

  • Solved
  • Archived

ManagedBookmarks [JSON]

Hello, Firefox 102.6.0esr (x64) Firefox 108.2.0 (x64) after implementing the bookmarks (JSON) setting by GPO policy, it turns out that an entry for Bookmarks is created… (read more)

Hello,

Firefox 102.6.0esr (x64) Firefox 108.2.0 (x64)

after implementing the bookmarks (JSON) setting by GPO policy, it turns out that an entry for Bookmarks is created in the registry and not ManagedBookmarks, which causes bookmarks not to appear in the bookmarks bar. When I manually rename a registry entry from Bookmarks to ManagedBookmarks, the bookmarks appear properly. Please let me know if I'm doing something wrong or if there really is a problem reported by me.

Yours sincerely Bart

Asked by bartekbrzozka 1 year ago

Answered by Mike Kaply 1 year ago

  • Solved
  • Archived

How to disable Quic protocol in Windows with MS Intune

Hello I am looking for a way to disable the QUIC protocol in Firefox through Intune. tried by below value but its not working, anyone did the settings in MS Intune for W… (read more)

Hello

I am looking for a way to disable the QUIC protocol in Firefox through Intune. tried by below value but its not working, anyone did the settings in MS Intune for Windows? <enabled/> <data id="JSON" value=' {

 "network.http.http3.enable": {
   "Value": 0,
   "Status": "user"
 },

{

 "network.http.http3.enable_0rtt": {
   "Value": 0,
   "Status": "user"
 }

}'/>

Thanks

Asked by Shri Sivakumaran 9 months ago

Answered by Shri Sivakumaran 9 months ago

  • Solved
  • Archived

Can I set Multi Account Containers default containers with endpoint deployment?

I am installing Firefox via microsoft endpoint, and deploying multi account containers with the OMA-URI policy for extensions. (this blog page is super helpful! https:/… (read more)

I am installing Firefox via microsoft endpoint, and deploying multi account containers with the OMA-URI policy for extensions. (this blog page is super helpful! https://securitygeneralist.blogspot.com/2019/08/auto-installing-extensions-on-firefox.html )

The extension by default has containers for Personal, Work, Banking, Shopping.

Is there a way to automatically remove that default container list as part of the install?

Even better, is there a way to create a different default containers list through Endpoint?

Thanks

Asked by Chris 1 year ago

Answered by Mike Kaply 1 year ago

  • Solved
  • Archived

Firefox Install Location/Versions

Hello, I am working to convert my Org to Firefox ESR, but in order to this I need to uninstall the per user install of Firefox. We have many users that have the Firefox.… (read more)

Hello,

I am working to convert my Org to Firefox ESR, but in order to this I need to uninstall the per user install of Firefox. We have many users that have the Firefox.exe located in their Local Appdata folder. So I need to test the uninstall of the Appdata install and then the install of ESR. But the problem is I haven't been able to get Firefox to automatically install into the appdata folder. How am I able to do this? The users who have it installed in the appdata folder are not admins on their computers. When I'm testing I've also been using a normal user account. Please let me know how I can install the exe into the appdata folder automatically without me specifically placing it there or which exe version I need to do this.

Thanks!

Asked by tmlloyd 1 year ago

Answered by tmlloyd 1 year ago

  • Solved
  • Archived

Group Policy Templates / Preferences (Deprecated)

I am looking for information regarding the support life for settings that are defined in the Preferences (Deprecated) section of the ADMX templates provided in GitHub. Th… (read more)

I am looking for information regarding the support life for settings that are defined in the Preferences (Deprecated) section of the ADMX templates provided in GitHub. There doesn't appear to be a definitive answer as to when these preferences are no longer applicable to a version of Firefox. The term "Deprecated" certainly applies they're on their way to extinction. But only a small handful of preferences have been ported over to non-deprecated template settings (like Auto Update). Is there an expected version of Firefox where all these preferences are meaningless? Or will they be supported indefinitely? "Industry recommendations' from 3rd party security vendors are bloating my policies in the domain space and I can't definitively say they are 'no longer supported as of version xyz' for all these Firefox Preference settings, which happen to be about 80% of the security parameters defined by STIG and/or CIS Workbench.

Asked by rott3nhippi3 1 year ago

Answered by TyDraniu 1 year ago

  • Solved

How to Add preferences to Firefox through Windows Server Group Policy

Hi everyone. I have installed Firefox on all windows 10 workstations and I have also installed latest Firefox Group Policy ADMX on Server. I need to set some preferences … (read more)

Hi everyone. I have installed Firefox on all windows 10 workstations and I have also installed latest Firefox Group Policy ADMX on Server. I need to set some preferences on all Workstations. The preferences that I want to set are the ones that can be found in about:config.

But the problem is that only some of these preferences exist in Group Policy by default and it says "deprecated". I know that I can add additional about:config preferences in a Group Policy object called "Preferences". But no matter how I enter the format or how I change the JASON file, no preference policy is applied to Firefox in workstations. By the way when I change "Preferences" gpo in group Policy the next Policy called "Preferences (JASON on one file)" does also change. I have thoroughly searched the web and Mozilla support and have tested all suggestions but all to no avail. Can you please help me and Give me an example of how to do that? I would appreciate any answer in advance.

Asked by manoochehr.zangooei 5 months ago

Answered by TyDraniu 5 months ago

  • Solved
  • Archived

How to disable QUIC http3 in Firefow either by Windows Registry editor o by AMDX template

Hello I am looking for a way to disable the QUIC protocol in Firefox by GPO. I got your latest AMDX templates but I don't see the option to modify network.http.http3.ena… (read more)

Hello

I am looking for a way to disable the QUIC protocol in Firefox by GPO. I got your latest AMDX templates but I don't see the option to modify network.http.http3.enabled.

Either an AMDX template with this option or a Registry will do the trick

Thanks

Asked by rmirandacr 1 year ago

Answered by rmirandacr 1 year ago

  • Solved
  • Archived

Windows GPO Help with JSON configs

Environment: Windows 10 22h2 clients, latest ESR build, Domain servers Windows 2016 or better. So I followed the guide https://github.com/mozilla/policy-templates/blob/m… (read more)

Environment: Windows 10 22h2 clients, latest ESR build, Domain servers Windows 2016 or better.

So I followed the guide https://github.com/mozilla/policy-templates/blob/master/README.md#extensionsettings and tried to set up the config. We are using the latest ESR build but after the settings is applied I still dont have working extensions.

Here is the code

{
     "*": {
           "blocked_install_message": "Addon or Extension is not approved. Please submit a ticket to Help Desk if you need access to this extension.",
           "install_sources": ["https://addons.mozilla.org/"],
           "installation_mode": "blocked"
     },
     "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/adblock-plus/latest.xpi"
           },
     "ciscowebexstart1@cisco.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/cisco-webex-extension/latest.xpi"
     },
     "{d0210f13-a970-4f1e-8322-0f76ec80adde}": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/instapaper-official/latest.xpi"
           },
     "appstore-mini@feedly.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/feedly_mini/latest.xpi"
           },
     "extension@one-tab.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/onetab/latest.xpi"
           },
     "support@lastpass.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/lastpass-password-manager/latest.xpi"
           },
     "sweb2pdfextension.4@kofax.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/kofax-pdf-create-4-0/latest.xpi"
           },
     "Aternity-WebExt-12.1.4@aternity.com": {
           "installation_mode": "allowed",
           },
     "its_addons_wrap@onelog.com": {
           "installation_mode": "allowed",
           "install_url": "https://extensions.onelog.com/extension/onelog.xpi"
     }

}

I have placed the settings in HKCU but also tried in HKLM and there has been no difference. in each case I get Unable to parse JSON for Extensionsettings when checking the about:policies section and when I look at the registry I see the REG_MULTI_SZ value but when i click on it to read it I get another error message. Cannot edit ExtensionSettings: Error reading the values contents.

I tried re-entering the code and tried not listing the install URLs and even tried only listing 1 item. I haven't been able to get past this error so any help would be greatly appreciated.

Asked by daniel.david.white 1 year ago

Answered by Mike Kaply 1 year ago

  • Solved
  • Archived

Fully disable Pocket to alleviate DNS requests

We are working on implementing Firefox for Enterprise and rolling it out through Intune/Company Portal, one challenge we are encountering is that we have disabled Pocket … (read more)

We are working on implementing Firefox for Enterprise and rolling it out through Intune/Company Portal, one challenge we are encountering is that we have disabled Pocket as thoroughly as we can (followed the guide from Mozilla https://support.mozilla.org/en-US/kb/disable-or-re-enable-pocket-for-firefox) and we are still seeing requests go out to "img-getpocket.cdn.mozilla.net" we do not want Pocket available at all, we do not want queries made to those domains, is it not possible to completely eradicate Pocket?

It wouldn't be a problem but our AV solution (MDE) has a popup every time the URL is queried and blocked.

Attached image of our configuration profile for Pocket.

Asked by null_panda 10 months ago

Answered by cor-el 9 months ago

  • Solved
  • Archived

What is the proper format for the ExtensionSettings policy registry key/value that is used to manage browser extension settings?

When looking at the ExtensionSettings page for Firefox or Chrome they both use an example that shows the registry key Software\Policies\Mozilla\Firefox\ExtensionSettings… (read more)

When looking at the ExtensionSettings page for Firefox or Chrome they both use an example that shows the registry key Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) being set to a long JSON string with every extension ID and the settings for that particular ID. For example...

{

 "*": {
   "blocked_install_message": "Custom error message.",
   "install_sources": ["https://yourwebsite.com/*"],
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
 },
 "https-everywhere@eff.org": {
   "installation_mode": "allowed"
 }

}

The problem with this method is that if I am installing an extension, and I overwrite what already exists in Software\Policies\Mozilla\Firefox\ExtensionSettings then all of those other settings get removed. So even if I am a non-malicious actor and just make a mistake with my installer I can easily delete every other extension's settings. Instead what I have to do is during install I have to read the current value of Software\Policies\Mozilla\Firefox\ExtensionSettings and then insert my extension's settings into the JSON blob.

So the examples that Firefox and Chrome provides do of course work, however they do not make very much sense to me. Why would it be formatted this way since all of those are additional key/value pairs and that is exactly what the registry excels at storing. So why put all of those into a single key/value instead of breaking them into multiple?

Additionally breaking them a part into multiple key/value pairs does work! So if instead of the example above I were to split them into multiple key value pairs it works just fine!

Software\Policies\Mozilla\Firefox\ExtensionSettings

   uBlock0@raymondhill.net
       "installation_mode": "force_installed",
       "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"

So knowing that this way with multiple key/value pairs works why am I bothering to ask this question at all instead of just doing it the way that makes sense to me? Well the issue is that by breaking it up into multiple key value pairs it actually overrides the other method and makes it so that all those registry settings are ignored. So it doesn't delete them but it still leaves me with nearly the exact same problem.

While I believe "my" way is superior because it uses the registry in a more common sense route, if that is not what the majority of extension developers do then it doesn't matter and I should be conforming to the other way.

As I am typing this question up I did realize just how hard/annoying it is to properly format and make it clear and digestible what the multi key/value format of the registry would look like instead of being a JSON string. So perhaps that is the reason why all the documentation puts it all as one JSON string?

Asked by perihwk+firefox 1 year ago

Answered by Mike Kaply 1 year ago

  • Solved
  • Archived

network.negotiate-auth content changes are deleted after restart mozilla

in our organisation i need several domainnames to be added in network.negotiate-auth.delegation-uris and network.negotiate-auth.trusted-uris, so that sso for some webappl… (read more)

in our organisation i need several domainnames to be added in network.negotiate-auth.delegation-uris and network.negotiate-auth.trusted-uris, so that sso for some webapplications is working. some are allready in the list. when i make changes to the list, everything is working ok, but when i clos all mozilla windows and restart mozilla, the changes are gone.

Asked by bonami 1 year ago

Answered by bonami 1 year ago