Firefox for Enterprise Community Forum

Are these supposed to look different, or am I just doing something wrong? In the image I included here, SanitizeOnShutdown and Preferences look different from FirefoxHome and look incorrect. I removed other policies to make this simpler, but all of the other policies with multiple policy values look just like FirefoxHome. It appears that SanitizeOnShutdown is at least working since my history is indeed getting cleared on shutdown, but I'm unsure whether this actually works when I set these to the settings they should be since they should all be false other than Locked. Am I doing something wrong here or are these two policies supposed to look like that for some reason? Thank you in advance for the help!

``` {

   "policies": {

"DisablePrivateBrowsing": true,

       "SanitizeOnShutdown": {
           "Cache": false,
           "Cookies": false,
           "Downloads": false,
           "FormData": false,
           "History": true,
           "Sessions": false,
           "SiteSettings": false,
           "OfflineApps": false,

"Locked": true

       },
       "FirefoxHome": {
           "TopSites": false,
           "Search": false,
           "SponsoredTopSites": false,
           "Pocket": false,
           "SponsoredPocket": false,
           "Highlights": false,
           "Snippets": false,
           "Locked": true
       }

"Preferences": {

   	    "browser.contentblocking.category": {
   			"Value": "strict",
   			"Status": "locked"
   		},
   		"extensions.htmlaboutaddons.recommendations.enabled": {
   		    "Value": false,
   		    "Status": false
   		}

}

   }

} ```

Hello. I know how to define a server certificate exception to avoid browser warnings in case of certificate issue with a website (see attachment). However, I'd like to apply that exception for all users with access to my machine using a GPO (for user or local machine). This is also a requirement in my work where many users run Firefox from a server and the face browser warnings all the time (related to self-signed certificates) so it would be great to apply an exception for all users through a GPO specifying the self-signed certificate warning we want Firefox to ignore. Thanks.

I am writing from an enterprise environment and I have been directed to the community page by Mozilla support to seek answers. This approach seems somewhat unreasonable for an enterprise setting and it has led me to consider discontinuing their product within our organization. I had requested support to send me a copy of my previous correspondence as I had forgotten some details, but this request was ignored, which is disappointing.

I am skeptical about receiving the help or answers I need here. If there is a more direct line to Mozilla support, I would greatly appreciate being redirected there.

We are currently using Firefox 121.0 and are attempting to implement the Applied Epic extension. I have updated the ADMX policy.

Originally, the reg key flip I created did work but something has changed since then. See screenshot of this. I followed the guide provided at https://github.com/mozilla/policy-templates/blob/v5.5/docs/index.md, which instructed me to place the registry key in Software\Policies\Mozilla\Firefox\Extensions\Install\1. However, the guide did not specify whether this should be in HKLM or HKCU. I tried this instead, and it did not work.

I also attempted to implement the extension via GPO, but this was unsuccessful. I tried the new Extension Management system as well, but to no avail.

Here is the JSON configuration I used: {

 "AppliedEpicExtension@gmail.com": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/file/4143256/applied_epic_extension-3.16.3.xpi"
 }

}

Despite following the guide and trying multiple methods, none of the options seem to work. I would appreciate any guidance on what I might be doing wrong.

I am trying trying to install the keeper extension via intune but am having trouble with the oma-uri. It looks right to me but I might be missing something. Prior to running this I followed https://mzl.la/3vYAIYT and added the Firefox ADMX. Both run successfully but it does not add the extension. Firefox version 116.0.3

OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings

String: <enabled/> <data id="ExtensionSettings" value=' {

 "*": {
   "blocked_install_message": Opps, this may have been a mistake reach out to IT.",
   "install_sources":["about:addons","https://addons.mozilla.org/"],
   "installation_mode": "allowed",
   "allowed_types": ["extension" ,"theme"]
 },
 "KeeperFFStoreExtension@KeeperSecurityInc": {
   "installation_mode": "normal_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/keeper-password-manager/latest.xpi",

"default_area": "navbar"

 },

}'/>

In /Library/Preferences/org.mozilla.firefox.plist:

``` <plist version="1.0"> <dict> <key>EnterprisePoliciesEnabled</key> <true /> <key>ExtensionSettings</key> <dict> <key>cloudmetering@snowsoftware.com</key> <dict> <key>install_url</key> <string>https://raw.githubusercontent.com/SnowSoftware/agent-firefox-extension/refs/heads/main/cloudmetering-v1.2.3.xpi</string> <key>installation_mode</key> <string>force_installed</string> </dict> </dict> </dict> </plist>```

In about:policies: {"cloudmetering@snowsoftware.com":{"installation_mode":"blocked","install_url":"https://raw.githubusercontent.com/SnowSoftware/agent-firefox-extension/refs/heads/main/cloudmetering-v1.2.3.xpi"}}

The plist file did read "blocked" at one point, but it no longer does. Why isn't firefox picking up the new value from the plist file? Restarting/refresing FF has not helped so far.

Hello, I have a problem with setting up HTTPs only Mode in my Organization, I read a lot about that, but I dont see the "dom.security.https_only_mode" switch in GPO, we have the newest admx for Firefox. We need that to specific container, but still I dont know how to set it up, even via regedit, or preferences. Can someone describe me when can I set it up ? It could be using json file (which exactly file and how?), registry or just gpo. Regards, M.

Hi, I am in a company where there is 100 and more devices with firefox on it. Right now we are facing a problem where some of it are using version way back into the days such as version 100 115 117 and such. We enabled auto updating but it only updates to version 127 whereas the latest version is 132. We are required to open firefox again for multiple time b4 it gets the latest version. Is there any way to jump those stages and straight updates to the latest version?

Hello, from Terminal Servers, it is not possible to browse the Internet via FortiGate's explicit proxy from the Firefox browser, while there is no problem with Chrome or Edge. When the user tries to browse external sites, the proxy sends the error page "You need to authenticate to use this service". It seems that Firefox does not pass user authentication to FortiGate. The proxy authenticates users per session via Kerberos tickets.

Firefox version: 115.5.0esr

I also performed the following settings to pass the Kerberos ticket to the proxy without success: https://people.redhat.com/mikeb/negotiate/

I also noticed that it is not possible to change the "network.negotiate-auth.allow-proxies" setting from "false" to "true." Is this my problem? Is it normal that it cannot be changed?

Attached are the settings.

Thank you in advance.

Hello, and good day. Some of my employees in our org have been using Mozilla as their preferred browser; however, I am having difficulty deploying or managing the browser to deploy the Torii Extension/add-on.

Torii provided me with this link https://support.toriihq.com/hc/en-us/.../5148326594203-Deploy-the-Firefox-Extension to deploy the extension but still to no avail. Can someone assist me with getting this tested and deployed?

Thank you!

Dears, Based on your documentation on https://github.com/mozilla/policy-templates/blob/master/README.md#extensionsettings I am not able to successfully deliver setting to firefox app via Intune OMA-URI. Can you check this on your side and help?

ExtensionSettings [./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings] Error -2016281112

Summary Session ID 68f1c5af4fb3404789cf Resource ID Not available Extension Microsoft_Intune_DeviceSettings Content PolicyReportSettingDetailBlade Error code 404

Thank you very much

I need to set the max TLS version to 1.3 and the min version to 1.2 on my shstems. The max and min TLS versions are set to 4 and 3 by default in about:config. If I use lockPref(“security.tls.version.max”,”3”), it is still 4 in about:config for some reason. If I set the min version to 2, it is still 3. This also doesn’t work if I use “SSLVersionMin”: “tls1.2” how can I fix this issue? Thank you in advance!

Hi All, I have been on the struggle bus lately trying to get the application handlers set properly in our GPO. I am trying to get PDF, webp, avif to open in browser, and jnlp to auto launch Java. Any help will be greatly appreciated!

{"application/pdf":{"action":3,"extensions":["pdf"]},"image/webp":{"action":3,"extensions":["webp"]},"image/avif":{"action":3,"extensions":["avif"]},"application/x-java-jnlp-file":{"action":4,"handlers":[{"name":"javaws.exe","path":"C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\javaws.exe"}],"extensions":["jnlp"]}}

We use Microsoft MDT for computer deployment. We have been installing the Standard version of Firefox for a long time with no problem. Recently we started using AD GPO Templates to configure firefox. To be able to configure certain settings you need to be running the ESR version. I downloaded the more recent ESR version: 102.12.0esr.msi file.

When deploying machine MDT to install Mozilla firefox I keep getting this error: Application Mozilla Firefox ESR returned an unexpected return code: 1618

This is the only application having issues and this issue only came up since I change the installation file to the ESR version.

This is the install command being used in MDT: msiexec /i "Firefoxesr.msi" /qn /norestart

I am posting here and not with MDT support, as this only started happening when I changed the installation file to the ESR version. Has anybody else had a problem deploying ESR version through MDT? Any help on how to fix?

im tryin to instal firefox in a firm users are non admins, and i distributing from a network server made a json file with som changes and on my test machine is lookin good but on a computer in the firm is startin to act funny creatin "Firefox Privat surfning.lnk" in "C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs" dont wont that changing my homepage settings showing "https://www.mozilla.org/en-US/privacy/firefox/ " dont want that how can i fix that try to google but no help there or is it another installer for enterprises? tryed this "https://www.mozilla.org/en-US/firefox/enterprise/#download" no diffrent

Version: Firefox ESR 102.9.0 (64-bit) - Windows 10 Enterprise 22H2

Customers have been complaining for about 6 months that they can no longer drag and drop email attachments from Outlook (Microsoft Office Professional Plus 2019 - Exchange) into a Help Desk formula. I tested dragging from Outlook desktop and from the web version.

Drag and Drop works when using Edge and Chrome.

This is not a major issue, since customers can use the other browsers, but since they would prefer to use Firefox, a fix would really be appreciated.  :-)

I am reviewing my user.js and pref.js files in anticipation of deploying policy settings in GPO. As a part of the review, I am trying to document what each of the preferences in those files actually do, in order to be able to see in the future why a setting was set the way it was.

I am presently at the preference "pref.browser.language.disable_button.remove". Based on the name of the preference, I would think that if set to true, it would disable the remove button in the Webpage Language Settings window. (Hamburger menu -> Settings -> General -> Language -> Choose your preferred language for displaying pages)

When I set it to true, it does not disable the remove button but when I use the remove button, the preference is set to false.

Am I misunderstanding the purpose of this preference or is there more to using this preference than just setting its value in about:config?

Also, I see there are a number of other preferences that contain disable_button but that only one, "pref.privacy.disable_button.view_passwords", has a GPO policy for setting. I would expect that these preferences containing disable_button would all work in a similar way just each for a different button in the Firefox GUI.

If it matters, I'm running Firefox 115.3.1esr 64-bit en-ca on Windows 10.

Hi!

Using Intune, we are setting some settings in Firefox. One that is a bit troublesome is the ExtensionSettings

Currently looks like this:

{

 "*": {
   "blocked_install_message": "Blocked.",
   "installation_mode": "blocked"
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "allowed"
 },
 "addon@darkreader.org": {
   "installation_mode": "allowed"
 },
 "@react-devtools": {
   "installation_mode": "allowed"
 }

}

I get the Blocked message if I try any of the allowed extentions like uBlock, Dark Reader or React Dev Tools.

I can add that uBlock had "force_installed" (With URL since that is required for force) and that worked fine.

I recently deployed Mozilla Firefox 102.4 ESR here in our environment expecting that when a new version is released Firefox would automatically update on clients computers. Well today I noticed at a new release is out but isn't automatically updating on end users workstations. Does Firefox ESR not automatically update?

We're exploring adopting a default deny policy for Firefox extensions in our enterprise. However when I tested this by creating a custom policies.json Firefox unexpectedly removed all extensions for me, including the ones I thought I had allow listed. Here is my policies.json but just keeping in the Facebook Container add-on to illustrate:

{

   "policies": {
       "ExtensionSettings": {
           "*": {
               "blocked_install_message": "Only approved Firefox extensions can be installed, please email your request to itdept@example.org",
               "installation_mode": "blocked",
               "allowed_types": ["theme", "dictionary", "locale"]
           },
           "@contain-facebook.xpi": { "installation_mode": "allowed" }
       }
   }

}

What I would like is to to allow pre-approved extensions (including if they already are installed) and all other types of add-on, but remove and prohibit installation of unapproved extensions.

Can anyone assist, please?

Hello Guys,

in our network we have several Fritzbox Routers which we remote administrate. If we connect to the routers with Firefox V115.2.0 we get a warning message - because it´s a Fritzbox self-signed certificate and cannot be validated. No Problem - everything okay with the message. But in Firefox 115.2.0 there is no advanced button that lets you go futher to connect to the website. With Version 102.14.0 ESR the advanced button is there. The webinterface works fine with Edge and Chrome (with warning but with advanced button to continue)

https://imgur.com/2ykzjY9

https://imgur.com/5LyIwzt

Is this a bug?

Best Regards, Michael