Showing questions tagged: Show all questions

Install extention using GPO

Hello, I want to download an extension using firefox policy templates. I put the location folder and extension id so that it cannot be deleted, but for some reason it doe… (read more)

Hello,

I want to download an extension using firefox policy templates. I put the location folder and extension id so that it cannot be deleted, but for some reason it doesn't want to install most of the times. The policy is added after using the gpupdate /force command and restarting the machine then open and close the browser. I wait 10 minutes for the policy to be configured on the computer and open the browser again and nothing happens. Also, the keys in the registry have the corresponding value type (checked in site https://admx.help/?Category=Firefox&Policy=Mozilla.Policies.Firefox::Extensions_Locked). But when I drag and drop with a mouse, the extension is installed and cannot be deleted. Can you tell me why does the extension not install when the policy is in effect?

I sent pictures from Group Policy Manager, Registry editor and showing that the extension can not be deleted after drag and drop with a mouse.

Thank you in advanced!

Asked by thristov1980 1 week ago

Last reply by Mike Kaply 1 week ago

Hardening Firefox browser

Hi, I am looking for a security Hardening guidelines for Firefox from Mozilla. Could you please guide me to the right direction where I can find one. Thanks Raju … (read more)

Hi, I am looking for a security Hardening guidelines for Firefox from Mozilla. Could you please guide me to the right direction where I can find one.

Thanks Raju

Asked by raju.singanna 3 weeks ago

Last reply by Mike Kaply 3 weeks ago

Firefox ESR | Update and Download URL

Hi all, we are using Mozilla Firefox ESR in our enterprise environment. Is there a documentation which URL's Firefox uses when (Mozilla Maintenance Service) when it trie… (read more)

Hi all,

we are using Mozilla Firefox ESR in our enterprise environment.

Is there a documentation which URL's Firefox uses when (Mozilla Maintenance Service) when it tries to update his version ?

We have tried with following URL's on our Firewall:

aus.mozilla.org aus2.mozilla.org aus3.mozilla.org aus4.mozilla.org aus5.mozilla.org download.cdn.mozilla.net archive.mozilla.org ftp.mozilla.org

It is finding the new version, but when trying to download the update it fails.

Thank you for any help on this case.

Asked by oerneka 1 month ago

Last reply by Mike Kaply 1 month ago

Completely remove address bar

I would like to completely remove the address bar (url bar?) from Firefox 78 64bit. We had to update our Firefox at work and the old way of doing it through the userChrom… (read more)

I would like to completely remove the address bar (url bar?) from Firefox 78 64bit. We had to update our Firefox at work and the old way of doing it through the userChrome.css file doesnt seem to work with the newer versions.

Asked by pingaaron 2 months ago

Last reply by Mike Kaply 2 months ago

SSL_ERROR_BAD_CERT_DOMAIN in Firefox 101.0

Hello We use our own CA to secure some websites on the internal network. Until version 101.0, the SSL was working correctly. I have updated today to firefox 101 and all o… (read more)

Hello

We use our own CA to secure some websites on the internal network. Until version 101.0, the SSL was working correctly. I have updated today to firefox 101 and all our internal websites started giving SSL_ERROR_BAD_CERT_DOMAIN. There are no issues with external CA issued certificates, so I'm assuming it is something related to the way we generate the certificates. Were there any changes done at version 101 which might reject certificates with a valid common name? Is there a way to disable it and revert to version 100 options?

Thank you

Asked by m3talik 2 months ago

Last reply by cor-el 2 months ago

Silent Auto Update for Firefox ESR

Hi All- I am in charge of deploying Firefox ESR to my company and trying to get it to silently auto update on it's on with user interaction. We have policies in place (GP… (read more)

Hi All- I am in charge of deploying Firefox ESR to my company and trying to get it to silently auto update on it's on with user interaction. We have policies in place (GPO) that prevent it at this point. I need some guidance on whether I should use just GPOs to manage this or should I go the route of the .cfg file? If someone has a step by step on how to best achieve this I would appreciate it. I am currently using the .msi installer.

Here is settings in an old .cfg file that I am testing with:

lockPref("app.update.mode", 1); lockPref("app.update.service.enabled", true); lockPref("extensions.update.enabled", false); lockPref("extensions.update.autoUpdateEnabled", false);

// Set default homepage - users can change // Requires a complex preference defaultPref("browser.startup.homepage","data:text/plain,browser.startup.homepage=http://workday");

// Don't ask to install the Flash plugin lockPref("plugins.notifyMissingFlash", false);

// Disable Search Engine automatic updates lockPref("browser.search.update", false);

//Disable telemetry lockPref("toolkit.telemetry.prompted", 2); lockPref("toolkit.telemetry.rejected", true); lockPref("toolkit.telemetry.enabled", false);

// Disable health reporter lockPref("datareporting.healthreport.service.enabled", false); lockPref("datareporting.healthreport.logging.consoleEnabled", false); lockPref("datareporting.healthreport.uploadEnabled", false);

// Disable all data upload (Telemetry and FHR) lockPref("datareporting.policy.dataSubmissionEnabled", false);

// Disable crash reporter lockPref("toolkit.crashreporter.enabled", false); Components.classes["@mozilla.org/toolkit/crash-reporter;1"].getService(Components.interfaces.nsICrashReporter).submitReports = false;

// Don't show WhatsNew on first run after every update pref("browser.startup.homepage_override.mstone","ignore");

// Don't show 'know your rights' on first run pref("browser.rights.3.shown", true);

Asked by CherishYourLife 2 months ago

Last reply by cor-el 2 months ago

How do I configure kiosk mode?

Mozilla's website states: "Numerous features of the kiosk mode are configurable through policy or command line parameters when launching the browser." However, other tha… (read more)

Mozilla's website states:

"Numerous features of the kiosk mode are configurable through policy or command line parameters when launching the browser."

However, other than a single example to run kiosk mode as a private window, it doesn't seem to provide any information on how to access such configuration. I couldn't seem to find the information anywhere else either.

How can I configure kiosk mode? Preferably via the CLI, but I'd be interested also to learn what is meant by "configurable through policy".

Asked by davidecl175 3 months ago

Last reply by Mike Kaply 3 months ago

Firefox gives error message when launching on MAC

Every time Firefox is opened it gives an error message (see image). I have tried: Deleting and reinstalling. Deleting Firefox folder in //users/xxxxxxx/Library/Applic… (read more)

Every time Firefox is opened it gives an error message (see image).

I have tried:

  • Deleting and reinstalling.
  • Deleting Firefox folder in //users/xxxxxxx/Library/Application Support & //Library/Caches then uninstalling Firefox.
  • Both above using older Firefox versions.

This issue is happening on all of the Macs in our org. We have no custom configurations. The pkg is installed via FileWave device management. It occurs whether installed through FileWave or manually.

Thanks

Asked by twolf2286 4 months ago

Last reply by Mike Kaply 3 months ago

Why Firefox (ESR version) manual update is failed on selective machines

Launch Firefox, manually check for latest update by going to settings > Help > About Firefox. However the manual update keep showing update failed. Other than Mozil… (read more)

Launch Firefox, manually check for latest update by going to settings > Help > About Firefox. However the manual update keep showing update failed. Other than Mozilla config file, can we use GPO to configure auto update for Firefox browser?

Asked by chin_leng_ooi 3 months ago

Last reply by Mike Kaply 3 months ago

Why Firefox (ESR version) manual update is failed on selective machines

Launch Firefox, manually check for latest update by going to settings > Help > About Firefox. However the manual update keep showing update failed. Other than Mozil… (read more)

Launch Firefox, manually check for latest update by going to settings > Help > About Firefox. However the manual update keep showing update failed. Other than Mozilla config file, can we use GPO to configure auto update for Firefox browser?

Asked by chin_leng_ooi 3 months ago

Last reply by Mike Kaply 3 months ago

Is there a global way to turn off dns over https and also make firefox use the system certificate store?

Is there a global way to turn off dns over https and also make firefox use the system certificate store? We have a dns filter that needs to resolve all dns querys and we … (read more)

Is there a global way to turn off dns over https and also make firefox use the system certificate store?

We have a dns filter that needs to resolve all dns querys and we need a certificate on all systems to allow our Fortigate to do deep packed inspection on all traffic including encrypted.

Asked by dcrawford1 4 months ago

Last reply by Mike Kaply 3 months ago

How to disable "Basic Authentication" in Firefox using GPO or Intune policy

I am struggling to find the right policy for disabling "basic authentication" in Firefox using GPO or Intune policy. For other chromium browser like Chrome and Edge Chrom… (read more)

I am struggling to find the right policy for disabling "basic authentication" in Firefox using GPO or Intune policy. For other chromium browser like Chrome and Edge Chromium is very straightforward.

Been struggling to find right config or policies. Non of about:config or about:policy seems to work.

Please suggest.

Regards, Rakesh

Asked by sahoo.rakesh 4 months ago

Last reply by Mike Kaply 3 months ago

Extension Management via GPO not working

Trying to block all but allow specific plugins. I have the okta one and the web password filler working, but not the logon assist. I've tried putting in (secret-server-l… (read more)

Trying to block all but allow specific plugins. I have the okta one and the web password filler working, but not the logon assist. I've tried putting in (secret-server-logon-assist-ff57@thycotic.com), and {secret-server-logon-assist-ff57@thycotic.com}, and also without any extras. These codes come from just the numeric URL (ie https://addons.mozilla.org/firefox/downloads/file/1747490) which says "Secret Server Login Assist (secret-server-logon-assist-ff57@thycotic.com) is blocked by your system administrator. Extension not on OAI allowed list". Am I misreading this message, or missing something on this specific one?

{ "*": { "blocked_install_message" : "Extension not on OAI allowed list", "installation_mode": "blocked" }, "dd1e31d5-3623-45cb-b1ad-64074d36b360@thycotic.com": { "installation_mode": "allowed", "install_url": "https://addons.mozilla.org/firefox/downloads/file/3906662/secret_server_web_password_filler-3.2-fx.xpi" }, "secret-server-logon-assist-ff57@thycotic.com": { "installation_mode": "allowed", "install_url": "https://addons.mozilla.org/firefox/downloads/file/1747490/secret_server_login_assist-2.1.1-an+fx.xpi" }, "plugin@okta.com": { "installation_mode": "allowed", "install_url": "https://addons.mozilla.org/firefox/downloads/file/3901586/okta_browser_plugin-6.8.0-an+fx.xpi" } }

Asked by mhunt3 5 months ago

Last reply by trackcourier1 4 months ago

Loading CA certificates programmatically to Firefox for Linux

I am looking for a method to be able to programmatically load CA certificates system wide as opposed to a per user method. We made a modification policies.json to install… (read more)

I am looking for a method to be able to programmatically load CA certificates system wide as opposed to a per user method. We made a modification policies.json to install a certificate but it's not working, we followed the documentation on Github

https://github.com/mozilla/policy-templates/blob/master/README.md

Attached is the screenshot of the section we used.

Asked by jrendon 4 months ago

Last reply by cor-el 4 months ago

  • Archived

Firefox update in the enterprise

Multiple banks are removing Firefox due to vulnerabilities. They have found as I have told them multiple times that there is no centralized method to ensuring firefox rem… (read more)

Multiple banks are removing Firefox due to vulnerabilities. They have found as I have told them multiple times that there is no centralized method to ensuring firefox remains up to date. The admx files from github do set the appautoupdate and backgroundappupdate to a value of 1 to indicate updates but all PCs are at different levels from 90.0 to 95.0 and I've found that even with the auto update switch on that many pcs do not auto update due to users leaving firefox up and ignoring the restart. The autoupdate task runs only if the user is logged on and that allows users to browse with an insecure version of Firefox that can lead to data breaches. CVEs lead to threats to exploit the CVE and that leads to risk that leads to data breaches. These CVEs are tracked by the NVD and this puts security in the hands of users instead of the business and the business has decided to remove firefox from their environments due to this fact.

I know mozilla is NFP but to maintain firefox in an enterprise environment, it need a better update process such as Google Chrome and Edge Chromium.

CVE-2021-38503 CVE-2021-38504 CVE-2021-38505 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-38510

The above are current CVEs of High risk in one environment that has decided firefox will no longer be used.

Asked by bruce92 8 months ago

Last reply by Mike Kaply 5 months ago

Mozilla Maintenance Service is not updating Firefox

Hey! We want to use Firefox in our school. The school computers are running Windows 10 in a domain. The normal users don´t have rights to install software / updates. That… (read more)

Hey! We want to use Firefox in our school. The school computers are running Windows 10 in a domain. The normal users don´t have rights to install software / updates. That's why we want to use the Mozilla Maintenance Service but it doesn´t work as expected.

After installing a clean Firefox (no old profiles, data, or anything else) it shows that there is a new version. When you click on that message you have to get through Windows UAC. With the admin it is just a "yes"-click but everyone else needs a password.

Any ideas what i can check or try to get the Mozilla Maintenance Service updating Firefox?

Thanks a lot! Nils

Asked by nilskammerer 5 months ago

Last reply by Mike Kaply 5 months ago

  • Archived

Disable DoH using plist file in MacOS

Hello Team, We are trying to disable DoH option in firefox, but i am still not able to disable it using plist file. If anyone can help with the plist file and location to… (read more)

Hello Team,

We are trying to disable DoH option in firefox, but i am still not able to disable it using plist file. If anyone can help with the plist file and location to put the file in MacOS it would be a great help.

I am using the below plist file <plist> <dict> <key>DNSOverHTTPS</key> <dict> <key>Enabled</key> <false/> <key>Locked</key> <true/> </dict> </dict> </plist> Ref: https://github.com/mozilla/policy-templates/blob/master/README.md

Thanks

Asked by trishant.kaushik28 6 months ago

Last reply by Mike Kaply 6 months ago

  • Archived

Extensions -> can't auto enable them

Hi, I'm trying to auto enable 2 extensions for my users, and after hours on the issue, I cannot find any fix. We are using: ESR 91.4 32 bits I've tried to use: - Group Po… (read more)

Hi,

I'm trying to auto enable 2 extensions for my users, and after hours on the issue, I cannot find any fix.

We are using: ESR 91.4 32 bits

I've tried to use: - Group Policy -> ExtensionSettings {

 "policies": {
   "ExtensionSettings": {

"uBlock0@asipsante.fr": { "installation_mode": "force_installed", "install_url": "file:///c:/Program Files (x86)/Ivanti/Workspace Control/Data/DBCache/Resources/custom_resources/Logiciels/Mozilla/extensions/CPS2ter-2020_Firefox@asipsante.fr.xpi" }, "uBlock1@netsoins.org": { "installation_mode": "force_installed", "install_url": "https://maintenance.netsoins.org/cpsvitale/firefox.xpi" } } } }

- and Registry HKCU\Software\Policies\Mozilla\Firefox -> ExtensionSettings (REG_MULTI_SZ): { "uBlock0@asipsante.fr": { "installation_mode": "force_installed", "install_url": "file:///c:/Program Files (x86)/Ivanti/Workspace Control/Data/DBCache/Resources/custom_resources/Logiciels/Mozilla/extensions/CPS2ter-2020_Firefox@asipsante.fr.xpi" }, "uBlock1@netsoins.org": { "installation_mode": "force_installed", "install_url": "https://maintenance.netsoins.org/cpsvitale/firefox.xpi" } }

-> HKCU\Software\Policies\Mozilla\Firefox\Extensions\Install 1 (REG_SZ): c:\Program Files (x86)\Ivanti\Workspace Control\Data\DBCache\Resources\custom_resources\Logiciels\Mozilla\extensions\CPS2ter-2020_Firefox@asipsante.fr.xpi 2 (REG_SZ): https://maintenance.netsoins.org/cpsvitale/firefox.xpi


The result is: extension are installed, but always disabled. I have to manually enable them.

Would you have any idea?

thanks for help

Asked by pierre.rodriguez 7 months ago

Last reply by Mike Kaply 6 months ago