Firefox for Enterprise Community Forum

After updating to v132 I have noticed a significant increase in the load times for some websites that our users connect to. Using v131.0.3 I usually see < 1 second load times for the two websites I am monitoring but after upgrading to v132 it is consistently taking 18-19 seconds for the same page. I have tried uninstalling v132 and reverting to v131 and it immediately goes back to the much faster load times. I have also tried installing various v133 releases and I see the same performance issue as for v132.

The environment I am working in is behind a network firewall with relatively restrictive internet access and I am wondering whether there are sites that Firefox is trying to connect to for the new anti-tracking or suspicious activity features (or anything else) that are being blocked and are therefore causing timeouts and retries that are bumping the total load time up.

Can anyone think of anything else I could check or change?

Hello,

New subscriber here. I have been given the task to test the install and uninstall of the Purview Firefox browser extension using Intune. I created 2 groups in EntraID, one for each (install and uninstall).

I have no issues with the installation. Initially, I left the test device in the install group and then added it to the uninstall group to remove it. (this usually works with other apps, it worked this way with the Purview Chrome browsing extension as well other apps) but when I do this, nothing happens.

Next, I removed the device from the install group and added it to the uninstall group only. Once the configuration profile applies to the test device, it allows the user to remove it manually (before it did not) but the extension remains installed.

I have created a policy using the administrative template extension uninstall option as well as with the OMA-URI settings but the same happens. When i check the device configuration for the device in Intune, it says it succeeded but that is not the case. The OMA-URI setting I was not too sure about, but gave it a shot. I used the UUID value for the Purview Firefox extension

I am attaching some pictures and hope someone can tell me what I am doing wrong. I can add additional information, if needed. I have opened a ticket with Microsoft last week but have not called me yet. I ran into this forum today.

Thanks in advance

In /Library/Preferences/org.mozilla.firefox.plist:

``` <plist version="1.0"> <dict> <key>EnterprisePoliciesEnabled</key> <true /> <key>ExtensionSettings</key> <dict> <key>cloudmetering@snowsoftware.com</key> <dict> <key>install_url</key> <string>https://raw.githubusercontent.com/SnowSoftware/agent-firefox-extension/refs/heads/main/cloudmetering-v1.2.3.xpi</string> <key>installation_mode</key> <string>force_installed</string> </dict> </dict> </dict> </plist>```

In about:policies: {"cloudmetering@snowsoftware.com":{"installation_mode":"blocked","install_url":"https://raw.githubusercontent.com/SnowSoftware/agent-firefox-extension/refs/heads/main/cloudmetering-v1.2.3.xpi"}}

The plist file did read "blocked" at one point, but it no longer does. Why isn't firefox picking up the new value from the plist file? Restarting/refresing FF has not helped so far.

Hello community :)

hope everybody is doing well. I´m coming here with with asking for a help.

I´m managing browsers (Google Chrome, MS Edge and Firefox) in my company via GPOs. What we´ve been dealing with since 135 version came up is having the "Did Not Connect: Potential Security Issue error page , Error insufficient cert transparency" while visiting our internal resources.

Despite of having the security.pki.certificate_transparency.disable_for_spki_hashes set up -> main three certificate hashes are correctly added, basically copying the setup from Chromium browsers , where everything works as expected , Firefox is not.

The only way how to make it work is via security.pki.certificate_transparency.disable_for_hosts , which is , of course, not desirable , because of the security risks.

Does anyone face the same issues ?

Thank you very much ya´ll

We're exploring adopting a default deny policy for Firefox extensions in our enterprise. However when I tested this by creating a custom policies.json Firefox unexpectedly removed all extensions for me, including the ones I thought I had allow listed. Here is my policies.json but just keeping in the Facebook Container add-on to illustrate:

{

   "policies": {
       "ExtensionSettings": {
           "*": {
               "blocked_install_message": "Only approved Firefox extensions can be installed, please email your request to itdept@example.org",
               "installation_mode": "blocked",
               "allowed_types": ["theme", "dictionary", "locale"]
           },
           "@contain-facebook.xpi": { "installation_mode": "allowed" }
       }
   }

}

What I would like is to to allow pre-approved extensions (including if they already are installed) and all other types of add-on, but remove and prohibit installation of unapproved extensions.

Can anyone assist, please?

Hi All, I want to block traffic on firefox externally for managed devices via Intune, following the import of the ADMX/ADML files into intune.

I have set '\Mozilla\Firefox\Exceptions to blocked websites' to the following

• //*.mydomain.com/*

which works, however, I also want to add hosts that are only resolving on IPs and not DNS. I can add specific IPs if known, but is there a way I can allow IP ranges? Ie

• //10.10.*/* (this doesn't currently work)

Of the included screenshot, only the wildcard for mydomain.com and the specific IP currently work

If there is a better way to do this via intune for firefox only, please let me know.

Thanks

I am having the same issue as this other user here: https://www.reddit.com/r/sysadmin/comments/17wvuwh/help_pinning_extension_in_firefox_with_gpo/

Preliminaries -- Initially (before trying to force-pin), I had these GPOs enabled:

Extensions to Install -> https://addons.mozilla.org/firefox/downloads/file/4410896/bitwarden_password_manager-2024.12.4.xpi

Prevent extensions from being disabled or removed ->

• {446900e4-71c2-419f-a6a7-df9c091e268b}
• {3f6129fb-6c55-4452-ab6f-7c109b2301df}
• https://addons.mozilla.org/firefox/downloads/file/4410896/bitwarden_password_manager-2024.12.4.xpi

(Those GPOs above all work.)

What I'm trying to do: Force-pin Bitwarden.

I believe I've followed the documentation correctly (except for not including a "*" case): https://mozilla.github.io/policy-templates/#extensionsettings

I've enabled this GPO with this value:

Extension Management ->

{

 "{446900e4-71c2-419f-a6a7-df9c091e268b}": {
   "default_area": "navbar"
 }

}

After running various "GPUpdate"s and whatnot, the option to uncheck "Pin to toolbar" is still available to click.

I've verified in "about:policies#active" that the JSON item appears next to "ExtensionSettings" and that there are no errors listed in the "Errors" tab.

I've also verified that it appears in the correct location in the Registry.

Since another user had the same issue (Reddit link above), I figured it'd be a good idea to check in with y'all to see if we are missing something.

Thanks for your help!

We are currently considering using Firefox ESR as our default browser but experiencing a few issues and one of them is with our configured SailPoint IdentityIQ Single Sign-On Experience, which uses Basic Authentication.

Issue Description First, the login button needs to be clicked multiple times before access to the site is granted. Once signed in, the Firefox inbuilt authentication dialogue appears, prompting the user to log in again (see the attached screenshot). The landing page is only presented after clicking the login button several times. This creates a poor user experience, sometimes causing pages to load improperly. Interestingly, the same process works seamlessly in Edge Chromium.

Troubleshooting Steps Taken I have already attempted the following: 1. Temporarily disabled all custom and security settings in mozilla.cfg and config.json. 2. Temporarily disabled Firefox Tracking Protection. 3. Allowed third-party cookies for the specific URL. 4. Upgraded Firefox Version to 128.7.0 5. Since our Firefox browser is significantly hardened, I have also enabled and reconfigured the following settings in mozilla.cfg to ensure Basic Authentication is allowed, functions properly, and suppresses Firefox’s authentication prompt, but without success:

network.http.phishy-userpass-length = 255 network.http.use-basic-auth network.automatic-ntlm-auth.allow-non-fqdn network.automatic-ntlm-auth.trusted-uris security.enterprise_roots.enabled security.enterprise_roots.enabled

Observations from SailPoint Team Our colleagues from SailPoint have tested the setup in their environment, and according to them, it works as expected. However, their browser is not hardened, and they have leveraged the SailPoint UI for authentication instead of the built-in Firefox authentication prompt.

Further Investigation • Is there a specific configuration required in the user profile settings? • Network trace analysis shows 404 errors on GET requests and the following error codes on POST requests: • 302 Redirect: Mozilla Documentation • 408 Request Timeout: Mozilla Documentation

Next Steps Is there a specific security setting that needs to be enabled or disabled? Are there any particular Firefox enterprise policies we should modify? I have also attached screenshots for reference. Let me know if you need specific logs or network traces for further troubleshooting.

We have Firefox deployed and managed through Intune/Endpoint and all works well but every device has an error with this line of the policy:

UserMessaging_FirefoxLabs [./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_FirefoxLabs] STATE Error SOURCE PROFILES Source Profile Mozilla_Firefox_Configuration ERROR CODE 0x87d1fde8

The error code is the same on all devices and is the only one present in on each device config.

Does anyone have any idea what the issue and resolution would be?

Thanks, Matt

I'm using Firefox ESR 128.10.1esr on Kali, and I'm encountering an issue where the 'Refresh Firefox' option is missing from the ☰ → Help → Troubleshooting more Information. This is preventing me from restoring Firefox to its default settings. I've already tried the following:

   Restarting Firefox

   Clearing the startup cache

   Confirmed there are no extensions installed

None of these steps have fixed the issue. I need a way to reset Firefox ESR to factory defaults, but I can't find an option to do so. Attached is a screenshot of the Troubleshooting Information page.

Any assistance would be greatly appreciated!

Hello community,

i would like to ask about how to deploy security.pki.certificate_transparency.disable_for_hosts globally for users? With version 135 a lot of production webapps stopped working and as of now , we have to do manual modification in about:config. Our company has over 300k users , so the possible disruption might arise very quickly and there will be significant loses in production enviroment.

Is there a way how to deploy this specific setting via GPO/SCCM ?

Thank you

Hello,

Our organization is attempting to implement a Conditional Access policy that restricts access to certain websites to Intune joined devices only. The error message mentions that I need to enable a setting from within Firefox called Windows SSO, mentioned here: https://support.mozilla.org/en-US/kb/windows-sso. This setting is already enabled and I am still getting an error.

Is there anything else that could be causing this?

I'm developing a parental control add-on, installed with policies.json. It works... but it's easy to disable it by simply deactivating it in private windows + opening a private window, which kinda makes it useless.

Is there a way to force my add-on to work in private windows, regardless of user choice?

If that's not possible, is it possible to somehow disable private windows while the add-on is disabled in private windows.

Note: I know that I can disable private browsing entirely with policies.json `privatebrowsingmodeavailability`, but I'd rather avoid it. Kids browing privately is a good idea :)

Trying to block www.share365.net but it's not working

{

 "policies": {
     "WebsiteFilter": {
         "Block": [
           "*:share365.net",
           "*:www.share365.net",
           "*://share365.net/*"
         ]
     }
 }

}

I am trying to manage Firefox browser for our users with MDM. On doing so, I can't able to get expected output on blocking the camera access for certain websites with the following OMA-URI.

./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Camera/Camera_Block

I can add websites in allow section and even lock the setting so that the users can't change. But facing issues with blocking camera access.

Is there any place where I can see the log if there are any error encountering by any chance? Any insights or suggestions would be greatly appreciated.

Thanks in advance!

Dear Community,

i had .cfg file with following settings to clean up some userdata after closing firefox:

//Clean UP Cache etc. lockPref("privacy.sanitize.sanitizeOnShutdown", true); lockPref("privacy.clearOnShutdown.cache", true); lockPref("privacy.clearOnShutdown.cookies", false); lockPref("privacy.clearOnShutdown.offlineApps", true); lockPref("privacy.clearOnShutdown.sessions", false);

This cleaned the "Storage" Folder in the Firefox Profile folder, but cookies and sessions where remaining, so the logins where active.

Now i saw that all useres have lots of folders in the "Storage/Default" folder. After some research i found out that this behavior startet at 02.10.2024.

I also found a new pref: privacy.clearOnShutdown_v2.cookiesAndStorage which was set to "false". No idea where this key came from? When I set this key to "Yes", the storage is cleared after closing Firefox. But so also all the cookies. Was there a change at the prefs?

And is ther any other solution to clear the Storage but remain the cookies?

Thank you in advance!

Hi, we use Firefox 128.9.0esr (64bit) on about 6000 workstations. We redirect the stored bookmarks on a personal network drive for each user. For that we use these settings via Windows group policy:

browser.bookmarks.file = P:\Firefox\Bookmarks browser.bookmarks.autoExportHTML = true browser.places.importBookmarksHTML = true

For some time the automatic export/import with that settings above does not work any more. When I close Firefox on workstation A, the bookmarks seem to be exported correctly in that export-file (check the file via editor). But when I use another workstation B an start Firefox, the exported file does not import on startup. But this worked fine in the past.

I found out, that the switch "browser.places.importBookmarksHTML" is obviously automtically set to false when I have startet Firefox (checking with about:config). I dont know if it is correct.

Any suggestions? Maybe it's a new bug?

Thanks Malte

I'm setting up a cloud-init to make it easier to deploy Linux workstations. I want to display the various links to my sites on my Firefox browser. Bookmark my services. Do you think this is possible? I've already applied a rule to retrieve certificates, but it seems complicated for bookmarks.

Here's an extract  :

{

 "policies": {
   "Bookmarks": [
     {
       "Title": "Main",
       "URL": "https://service.net",
       "Folder": "Bookmarks Toolbar"
     },
     {
       "Title": "Service 1",
       "URL": "https://service1.net",
       "Folder": "Bookmarks Toolbar"
     },
     {
       "Title": "Service 2",
       "URL": "https://service2.net",
       "Folder": "Bookmarks Toolbar"
     },
     {
       "Title": "Documentation",
       "URL": "https://docs.net",
       "Folder": "Bookmarks Toolbar"
     }
   ]
 }

}

Best Regards,

Dylan

Until recently the Firefox docs described how to use the CDP-based Remote Agent at [this url](https://firefox-source-docs.mozilla.org/remote/cdp/Usage.html), now defunct. Here is the latest archive version I can find from the end of last year: https://web.archive.org/web/20241126214503/https://firefox-source-docs.mozilla.org/remote/cdp/Usage.html

One usage example looked like this:

% firefox --remote-debugging-port DevTools listening on ws://localhost:9222/devtools/browser/7b4e84a4-597f-4839-ac6d-c9e86d16fb83

I have tried the same but get no websocket address returned:- ``` % firefox-esr Mozilla Firefox 128.11.0esr ``` ``` % firefox-esr -h ... ... --remote-debugging-port [<port>] Start the Firefox Remote Agent,

                    which is a low-level remote debugging interface used for WebDriver
                    BiDi and CDP. Defaults to port 9222.

... ... ```

`% firefox-esr --remote-debugging-port` command exits with nothing returned

I have `remote.active-protocols` set to 3 in my Firefox prefs.

Please advise how I get the Remote Agent to return a websocket address for use with BiDi with FF 128. My OS is Debian-based Linux.

TIA

Hello,

For enterprise solutions, for our browser extension can we disable the switch button where user can turn-off the "Access your data for all websites"?

This can be informed to the end user and also approved by the IT admins.

But the option to disable at runtime on the fly needs to be disabled.