Firefox for Enterprise Community Forum

We are currently considering using Firefox ESR as our default browser but experiencing a few issues and one of them is with our configured SailPoint IdentityIQ Single Sign-On Experience, which uses Basic Authentication.

Issue Description First, the login button needs to be clicked multiple times before access to the site is granted. Once signed in, the Firefox inbuilt authentication dialogue appears, prompting the user to log in again (see the attached screenshot). The landing page is only presented after clicking the login button several times. This creates a poor user experience, sometimes causing pages to load improperly. Interestingly, the same process works seamlessly in Edge Chromium.

Troubleshooting Steps Taken I have already attempted the following: 1. Temporarily disabled all custom and security settings in mozilla.cfg and config.json. 2. Temporarily disabled Firefox Tracking Protection. 3. Allowed third-party cookies for the specific URL. 4. Upgraded Firefox Version to 128.7.0 5. Since our Firefox browser is significantly hardened, I have also enabled and reconfigured the following settings in mozilla.cfg to ensure Basic Authentication is allowed, functions properly, and suppresses Firefox’s authentication prompt, but without success:

network.http.phishy-userpass-length = 255 network.http.use-basic-auth network.automatic-ntlm-auth.allow-non-fqdn network.automatic-ntlm-auth.trusted-uris security.enterprise_roots.enabled security.enterprise_roots.enabled

Observations from SailPoint Team Our colleagues from SailPoint have tested the setup in their environment, and according to them, it works as expected. However, their browser is not hardened, and they have leveraged the SailPoint UI for authentication instead of the built-in Firefox authentication prompt.

Further Investigation • Is there a specific configuration required in the user profile settings? • Network trace analysis shows 404 errors on GET requests and the following error codes on POST requests: • 302 Redirect: Mozilla Documentation • 408 Request Timeout: Mozilla Documentation

Next Steps Is there a specific security setting that needs to be enabled or disabled? Are there any particular Firefox enterprise policies we should modify? I have also attached screenshots for reference. Let me know if you need specific logs or network traces for further troubleshooting.

Hi guys,

I'm trying to uninstall an extension using a GPO, but it's not working.

I've placed a GPO on the user's OU and configured the ID to be removed in the User-Part of that GPO. I previously retrieved the ID using about:debugging.

But nothing happens; the extension isn't removed. (Logoff/Logon/reboot/gpupdate /force .....)

128.11.0esr (64-Bit)

KeePassXC-Browser Extension

The GPOs for Edge and Chrome have the same function. Enter the ID there, and the extension is reliably removed.

Any suggestions? Thanks

Michael

Firefox is used on Windows 11 Enterprise. There is a firefox.cfg in the installation directory (and an autoconfig.js in the ./defaults/pref sub-directory). Everything works fine when a pref(...); entry is written to the firefox.cfg. However, we want the firefox.cfg to call the pref(...); entries from a global_config.js which is saved on the machines public directory.

Therefore, the firefox.cfg says:

// free line lockPref("autoadmin.global_config_url","file:///C:/Users/Public/.../global_config.js");

But firefox does not load whatever prefs are written to the global_config.js. There probably is problems with the formatting of the file path (file:///C:/Users/Public/.../global_config.js). What would the correct formatting look like? Unfortunately, Mozilla´s support guide only includes an example code for a firefox.cfg which calls a global_config.js via http:, but not via file:.

Dear Mozilla Firefox Team,

I hope this message finds you well.

We manage a network of workstations that frequently utilize the Mozilla Firefox browser. Recently, we have encountered a situation where many of our systems are showing vulnerabilities due to pending browser updates. The updates are being installed successfully; however, users often neglect to restart the browser, which is crucial for completing the update process and ensuring security.

To address this, we would like to inquire if there is an existing Group Policy that can be configured to automatically notify users when they need to restart their Firefox browser to apply the latest updates. Such a feature would greatly assist us in maintaining the security integrity of our workstations and ensuring that users are made aware of the importance of restarting their browsers when prompted.

If this functionality is not currently available, we would appreciate any insights on potential workarounds or future plans to incorporate such a feature.

Thank you for your attention to this matter. We look forward to your response.

I am trying to manage Firefox browser for our users with MDM. On doing so, I can't able to get expected output on blocking the camera access for certain websites with the following OMA-URI.

./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Camera/Camera_Block

I can add websites in allow section and even lock the setting so that the users can't change. But facing issues with blocking camera access.

Is there any place where I can see the log if there are any error encountering by any chance? Any insights or suggestions would be greatly appreciated.

Thanks in advance!