Firefox for Enterprise Support Forum

My purpose is deploy specific Certification Authority, which is available in network share, to Firefox by Active Directory group policy (Windows 2012 R2) or alternately to set 'security. enterprise_roots' to 'enabled' so that Firefox can use Windows Certificate Store. Clients are using Firefox on Windows XP, 7, 10 and consequentially different Firefox version. Can I apply my task ? Suggestions ?

Hello

I'm Bae, and i'm sorry for my poor English.

I want to make my users be able to use seamless single sign on to Microsoft Azure by setting Firefox config with Active Directory group policy.

First, I created the 'user.js' file and wrote 'user_pref("network.negotiate-auth.trusted-uris","https://autologon.microsoftazuread-sso.com");' and 'user_pref("network.negotiate-auth.delegation-uris","https://autologon.microsoftazuread-sso.com");' in it.

Second, I put this user.js file in the Firefox¥Profiles folder (such as xxx.default-release).

Third, I checked that the setting was changed on about:config.

Last, I also checked that I could use seamless single sign on to "www.office.com".

What I want to do is to distribute this user.js file to my domain users (exactly, to users' firefox profiles folder) by group policy. Please tell me how to do.

Or, if there is any way to set 'network.negotiate-auth.trusted-uris' and 'network.negotiate-auth.delegation-uris' without user.js file, such as Firefox group policy template, please tell me which one I should modify.

Thanks.

I downloaded the admx files for Mozilla Firefox and put them in with the other Windows provided Administrative Local Policy Templates, thinking that it SHOULD show up in the Group Policy Editor tool provided with Windows 10. Apparently I could not have been more wrong. Does anybody know how to make the template show up on a non-domain (Home PC running Windows 10 Pro) computer? Granted, I know I can't control it from "Active Directory" since there is none, but I still want to add this functionality to the PC.

What I have tried: I renamed C:\Windows\PolicyDefinitions to C:\Windows\PolicyDefinitions.old I then Reopened GPEditor and verified all templates had been cleared of viewing (Empty set). I then created a new folder called C:\Windows\PolicyDefinitions and copied the files into it. It refuses to read the Firefox, but everything else shows back up. I downloaded the files again, and reinstalled them, but it still does not show up. I then Rebooted the PC, but my attempts were futile. Any assistance would be appreciated.

i am switching preference / policy management from the mozilla.cfg file to the admin template/GPO. i need to know if the following are still supported in the current release of Firefox ESR.

lockPref("app.update.enabled", false); lockPref("browser.download.dir", "N:"); lockPref("browser.download.downloadDir", "N:"); lockPref("browser.shell.checkDefaultBrowser", false); lockPref("dom.disable_open_during_load", true); lockPref("privacy.item.history", false); lockPref("xpinstall.whitelist.required", true); lockPref("browser.newtabpage.activity-stream.feeds.section.highlights", false); lockPref("browser.newtabpage.activity-stream.feeds.section.topstories", false); lockPref("browser.urlbar.autocomplete.enabled", false); lockPref("network.automatic-ntlm-auth.allow-non-fqdn", true); lockPref("plugin.default_plugin_disabled", "PDF, FDF, XFDF, LSL, LSO, LSS, IQY, RQY, XLK, XLS, XLT, POT, PPS, PPT, DOS, DOT, WKS, BAT, PS, EPS, WCH, WCM, WB1, WB3, RTF, DOC, MDB, MDE, WBK, WB1, WCH, WCM, AD, ADP"); lockPref("privacy.sanitize.promptOnSanitize", false); lockPref("privacy.sanitize.timeSpan", 40); lockPref("security.enable_ssl2", false); lockPref("security.enable_ssl3", false); lockPref("startup.homepage_welcome_url", ""); lockPref("startup.homepage_welcome_url.additional", ""); lockPref("toolkit.crashreporter.enabled", false);

if they are no longer supported, i need to know when (which release) they became unsupported. if there is a link that details all afailable preference and their support status, please provide that as well.

Thanks in advance.

We block our user's access to about:config in Firefox for security reasons. I need to set the browser.cache.disk.capacity and browser.cache.disk.max_entry_size for a group of users as recommended by an online services provider. Those values are not available under the preferences policy in the ADMX template for Firefox. How can I set these values in group policy? Is there a registry entry I can make? I tried changing them on my computer and then finding the change in the registry but was unable to find the changed values.

Is there a global way to turn off dns over https and also make firefox use the system certificate store?

We have a dns filter that needs to resolve all dns querys and we need a certificate on all systems to allow our Fortigate to do deep packed inspection on all traffic including encrypted.

Hello, I am trying to customize the Firefox Homepage XML file and need some assistance as to what fields need to modified with the url to set the default homepage. Please let me know if you have any questions. Thanks

<plist version="1.0"> <dict> <key>EnterprisePoliciesEnabled</key> <true/> <key>AllowedDomainsForApps</key> <string>managedfirefox.com,example.com</string> <key>AppAutoUpdate</key> <true/> <key>AppUpdateURL</key> <string>https://www.example.com/update.xml</string> <key>Authentication</key> <dict> <key>SPNEGO</key> <array> <string>mydomain.com</string> <string>https://myotherdomain.com</string> </array> <key>Delegated</key> <array> <string>mydomain.com</string> <string>https://myotherdomain.com</string> </array> <key>NTLM</key> <array> <string>mydomain.com</string> <string>https://myotherdomain.com</string> </array> <key>AllowNonFQDN</key> <dict> <key>SPNEGO</key> <true/> <key>NTLM</key> <true/> </dict> <key>AllowProxies</key> <dict> <key>SPNEGO</key> <true/> <key>NTLM</key> <true/> </dict> <key>PrivateBrowsing</key> <true/> <key>Locked</key> <true/> </dict> <key>AutoLaunchProtocolsFromOrigins</key> <array> <dict> <key>protocol</key> <string>zoommtg</string> <key>allowed_origins</key> <array> <string>https://somesite.zoom.us</string> </array> </dict> </array> <key>BlockAboutAddons</key> <true/> <key>BlockAboutConfig</key> <true/> <key>BlockAboutProfiles</key> <true/> <key>BlockAboutSupport</key> <true/> <key>Bookmarks</key> <array> <dict> <key>Title</key> <string>Example1</string> <key>URL</key> <string>https://www.example.org</string> <key>Favicon</key> <string>https://www.example.org/favicon.ico</string> <key>Placement</key> <string>toolbar</string> <key>Folder</key> <string>Example1Folder</string> </dict> <dict> <key>Title</key> <string>Example2</string> <key>URL</key> <string>https://www.example.com</string> <key>Favicon</key> <string>https://www.example.com/favicon.ico</string> <key>Placement</key> <string>menu</string> <key>Folder</key> <string>Example2Folder</string> </dict> </array> <key>CaptivePortal</key> <false/> <key>Certificates</key> <dict> <key>ImportEnterpriseRoots</key> <true/> <key>Install</key> <array> <string>cert1.der</string> <string>cert2.pem</string> </array> </dict> <key>Cookies</key> <dict> <key>Allow</key> <array> <string>https://www.example.org/</string> </array> <key>Allowsession</key> <array> <string>https://www.example.edu/</string> </array> <key>Block</key> <array> <string>https://www.example.edu/</string> </array> <key>Behavior</key> <string>limit-foreign</string> <key>Locked</key> <true/> </dict> <key>DefaultDownloadDirectory</key> <string>${home}/Downloads</string> <key>DownloadDirectory</key> <string>${home}/Downloads</string> <key>DNSOverHTTPS</key> <dict> <key>Enabled</key> <false/> <key>ProviderURL</key> <string>URL_TO_ALTERNATE_PROVIDER</string> <key>Locked</key> <true/> <key>ExcludedDomains</key> <array> <string>example.com</string> </array> </dict> <key>DisableAppUpdate</key> <true/> <key>DisableBuiltinPDFViewer</key> <true/> <key>DisabledCiphers</key> <dict> <key>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</key> <true/> <key>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</key> <true/> <key>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</key> <true/> <key>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</key> <true/> <key>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</key> <true/> <key>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</key> <true/> <key>TLS_RSA_WITH_AES_128_CBC_SHA</key> <true/> <key>TLS_RSA_WITH_AES_256_CBC_SHA</key> <true/> <key>TLS_RSA_WITH_3DES_EDE_CBC_SHA</key> <true/> <key>TLS_RSA_WITH_AES_128_GCM_SHA256</key> <false/> <key>TLS_RSA_WITH_AES_256_GCM_SHA384</key> <false/> </dict> <key>DisableDeveloperTools</key> <true/> <key>DisableFeedbackCommands</key> <true/> <key>DisableFirefoxAccounts</key> <true/> <key>DisableFirefoxScreenshots</key> <true/> <key>DisableFirefoxStudies</key> <true/> <key>DisableForgetButton</key> <true/> <key>DisableFormHistory</key> <true/> <key>DisableMasterPasswordCreation</key> <true/> <key>DisablePasswordReveal</key> <true/> <key>DisablePocket</key> <true/> <key>DisablePrivateBrowsing</key> <true/> <key>DisableProfileImport</key> <true/> <key>DisableProfileRefresh</key> <true/> <key>DisableSafeMode</key> <true/> <key>DisableSecurityBypass</key> <dict> <key>InvalidCertificate</key> <true/> <key>SafeBrowsing</key> <true/> </dict> <key>DisableSetDesktopBackground</key> <true/> <key>DisableSystemAddonUpdate</key> <true/> <key>DisableTelemetry</key> <true/> <key>DisplayBookmarksToolbar</key> <true/> <key>DontCheckDefaultBrowser</key> <true/> <key>EnableTrackingProtection</key> <dict> <key>Value</key> <true/> <key>Locked</key> <true/> <key>Cryptomining</key> <true/> <key>Fingerprinting</key> <true/> <key>Exceptions</key> <array> <string>https://example.com</string> </array> </dict> <key>EncryptedMediaExtensions</key> <dict> <key>Enabled</key> <false/> <key>Locked</key> <false/> </dict> <key>Extensions</key> <dict> <key>Install</key> <array> <string>https://addons.mozilla.org/firefox/downloads/file/1053714/ghostery_privacy_ad_blocker-8.2.4-an+fx.xpi</string> </array> <key>Uninstall</key> <array/> <key>Locked</key> <array> <string>firefox@ghostery.com</string> </array> </dict> <key>ExtensionSettings</key> <dict> <key>*</key> <dict> <key>blocked_install_message</key> <string>Custom error message.</string> <key>install_sources</key> <array> <string>https://addons.mozilla.org/</string> </array> <key>installation_mode</key> <string>blocked</string> </dict> <key>uBlock0@raymondhill.net</key> <dict> <key>installation_mode</key> <string>force_installed</string> <key>install_url</key> <string>https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi</string> </dict> </dict> <key>ExtensionUpdate</key> <false/> <key>FirefoxHome</key> <dict> <key>Search</key> <true/> <key>TopSites</key> <true/> <key>SponsoredTopSites</key> <false/> <key>Highlights</key> <true/> <key>Pocket</key> <false/> <key>SponsoredPocket</key> <false/> <key>Snippets</key> <false/> <key>Locked</key> <true/> </dict> <key>FlashPlugin</key> <dict> <key>Allow</key> <array> <string>https://www.example.com</string> </array> <key>Block</key> <array> <string>https://www.example.org</string> </array> <key>Default</key> <true/> <key>Locked</key> <true/> </dict> <key>Handlers</key> <dict> <key>mimeTypes</key> <dict> <key>application/msword</key> <dict> <key>action</key> <string>useSystemDefault</string> <key>ask</key> <false/> </dict> </dict> <key>schemes</key> <dict> <key>mailto</key> <dict> <key>action</key> <string>useHelperApp</string> <key>ask</key> <false/> <key>handlers</key> <array> <dict> <key>name</key> <string>Gmail</string> <key>uriTemplate</key> <string>https://mail.google.com/mail/?extsrc=mailto&url=%s</string> </dict> </array> </dict> </dict> <key>extensions</key> <dict> <key>pdf</key> <dict> <key>action</key> <string>useHelperApp</string> <key>ask</key> <false/> <key>handlers</key> <array> <dict> <key>name</key> <string>Adobe Acrobat</string> <key>path</key> <string>/System/Applications/Preview.app</string> </dict> </array> </dict> </dict> </dict> <key>HardwareAcceleration</key> <false/> <key>Homepage</key> <dict> <key>URL</key> <string>http://example.com</string> <key>Locked</key> <true/> <key>Additional</key> <array> <string>https://www.example.com/extra-home1.htm</string> <string>https://www.example.com/extra-home2.htm</string> <string>https://www.example.com/extra-home3.htm</string> </array> <key>StartPage</key> <string>homepage</string> </dict> <key>InstallAddonsPermission</key> <dict> <key>Allow</key> <array> <string>https://example.org</string> <string>https://example.edu</string> </array> <key>Default</key> <false/> </dict> <key>LocalFileLinks</key> <array> <string>http://example.org</string> <string>http://example.edu</string> </array> <key>PrimaryPassword</key> <true/> <key>NetworkPrediction</key> <false/> <key>NewTabPage</key> <false/> <key>NoDefaultBookmarks</key> <true/> <key>OfferToSaveLogins</key> <false/> <key>OfferToSaveLoginsDefault</key> <true/> <key>OverrideFirstRunPage</key> <string>https://www.example.com</string> <key>OverridePostUpdatePage</key> <string></string> <key>PasswordManagerEnabled</key> <false/> <key>PDFjs</key> <dict> <key>Enabled</key> <false/> <key>EnablePermissions</key> <false/> </dict> <key>Permissions</key> <dict> <key>Camera</key> <dict> <key>Allow</key> <array> <string>https://example.org</string> </array> <key>Block</key> <array> <string>https://example.edu</string> </array> <key>BlockNewRequests</key> <true/> <key>Locked</key> <true/> </dict> <key>Microphone</key> <dict> <key>Allow</key> <array> <string>https://example.org</string> </array> <key>Block</key> <array> <string>https://example.edu</string> </array> <key>BlockNewRequests</key> <true/> <key>Locked</key> <true/> </dict> <key>Location</key> <dict> <key>Allow</key> <array> <string>https://example.org</string> </array> <key>Block</key> <array> <string>https://example.edu</string> </array> <key>BlockNewRequests</key> <true/> <key>Locked</key> <true/> </dict> <key>Notifications</key> <dict> <key>Allow</key> <array> <string>https://example.org</string> </array> <key>Block</key> <array> <string>https://example.edu</string> </array> <key>BlockNewRequests</key> <true/> <key>Locked</key> <true/> </dict> <key>Autoplay</key> <dict> <key>Allow</key> <array> <string>https://example.org</string> </array> <key>Block</key> <array> <string>https://example.edu</string> </array> <key>Default</key> <string>block-audio</string> <key>Locked</key> <true/> </dict> <key>VirtualReality</key> <dict> <key>Allow</key> <array> <string>https://example.org</string> </array> <key>Block</key> <array> <string>https://example.edu</string> </array> <key>BlockNewRequests</key> <true/> <key>Locked</key> <true/> </dict> </dict> <key>PictureInPicture</key> <dict> <key>Enabled</key> <false/> <key>Locked</key> <true/> </dict> <key>PopupBlocking</key> <dict> <key>Allow</key> <array> <string>https://www.example.org</string> <string>https://www.example.edu</string> </array> <key>Default</key> <true/> <key>Locked</key> <true/> </dict> <key>Preferences</key> <dict> <key>accessibility.force_disabled</key> <dict> <key>Value</key> <integer>1</integer> <key>Status</key> <string>default</string> </dict> <key>browser.cache.disk.parent_directory</key> <dict> <key>Value</key> <string>SOME_NATIVE_PATH</string> <key>Status</key> <string>user</string> </dict> <key>browser.tabs.warnOnClose</key> <dict> <key>Value</key> <false/> <key>Status</key> <string>locked</string> </dict> </dict> <key>Proxy</key> <dict> <key>SocksVersion</key> <string>4</string> <key>Mode</key> <string>manual</string> <key>HTTPProxy</key> <string>proxy.example.com:80</string> <key>Locked</key> <true/> </dict> <key>RequestedLocales</key> <array> <string>de</string> <string>en-US</string> </array> <key>SanitizeOnShutdown</key> <true/> <key>SearchBar</key> <string>separate</string> <key>UserMessaging</key> <dict> <key>WhatsNew</key> <false/> <key>ExtensionRecommendations</key> <false/> <key>FeatureRecommendations</key> <false/> <key>UrlbarInterventions</key> <false/> <key>SkipOnboarding</key> <true/> </dict> <key>WebsiteFilter</key> <dict> <key>Block</key> <array> <string><all_urls></string> </array> <key>Exceptions</key> <array> <string>https://www.google.com/*</string> <string>https://www.yahoo.com/*</string> </array> </dict> <key>SecurityDevices</key> <dict> <key>NAME_OF_DEVICE</key> <string>PATH_TO_LIBRARY_FOR_DEVICE</string> </dict> <key>ShowHomeButton</key> <true/> <key>SSLVersionMin</key> <string>tls1.2</string> <key>SSLVersionMax</key> <string>tls1.3</string> <key>SupportMenu</key> <dict> <key>Title</key> <string>Click here for help</string> <key>URL</key> <string>http://example.edu/</string> <key>AccessKey</key> <string>C</string> </dict> </dict> </plist>

Launch Firefox, manually check for latest update by going to settings > Help > About Firefox. However the manual update keep showing update failed. Other than Mozilla config file, can we use GPO to configure auto update for Firefox browser?

Launch Firefox, manually check for latest update by going to settings > Help > About Firefox. However the manual update keep showing update failed. Other than Mozilla config file, can we use GPO to configure auto update for Firefox browser?

Hello! As you may know, FireFox does not use the Windows Certificate Store by default. Therefore I have to change the "security.enterprise-roots.enabled" in the preferences on each workstation. I have searched and found ways to enforce this change by GPE , but I wonder if there is a way to change firefox preferences, especially the one I've mentioned, via Registry Editor.

Hi,

We've GPOs in place for Edge and Chrome that set said browsers on all our Windows endpoints to open downloaded ICA files in Citrix Workspace.

I've imported the firefox.admx and mozilla.admx file along with assocaited .adml files, checked Github, checked through the GPO settings yet cannot figure out how to do the same with Firefox.

Is there a Mozila Firefox for Windows GPO ADMX setting I can use to control the "Firefox>Settings>General>Files and Applications>Applications" section to add "Content type: ica | Action: Use Citrix Workspace"?

Thanking you....

Hello, Qualys is detecting Vulnerabilites on our Firefox ESR 91.12 Versions which were patched by MFSA2022-29.

It is showing Vulnerabilities because MFSA2022-30 lists CVE's for ESR 102.X and we are on 91.12.

Is there anywhere I can go to get a list of all Vulnerabilities on 91.X to show our Security team, I believe CVE-2022-36314 and CVE-2022-2505 are not present in 91.12 because they are not listed in https://www.mozilla.org/en-US/security/advisories/mfsa2022-29/ but need evidence

Thank You,

We have about 35 versions of firefox running across the enterprise (38 to 91) and I have been tasked to update the EOL dates for all versions we have to help bring things up to speed and know what is/is not supported.

I found this page with release dates (https://www.mozilla.org/en-US/firefox/releases/) but nothing about when a version has reached it's EOL. Any help would be appreciated.

I posted this previously and got zero response and the post is now archived. Hoping for better luck this time.

We have rolled Firefox ESR to all of our computers. On some of them the Maintenance Service is working correctly and installing updates with no user interaction. On other computers, users are getting a UAC prompt to enter admin credentials to install updates. I have tried various changes that I have found across the web from Deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MozillaMaintenance\Security to uninstalling and re-installing the Maintenance Service. All of the users/computers have the same policies applied via Group Policy (Application Autoupdate: Enabled and Disable Update: Disabled) and are not local admins.

Hi everyone, I'm trying to standardize the homepage for the browser which enrolled with Intune on MacOS. I have imported the .plist file as below with the preference domain name as "org.mozilla.firefox". After applied, it returned error and nothing has been changed on the browser. Thanks.

<key>Homepage</key> <key>URL</key> <string>http://example.com</string> <key>StartPage</key> <string>homepage</string>

Bonjour, Je travaille dans un musée. Nous utilisons Firefox sur des pc accessibles pour le public. Comment accéder à "aboutNetErrorCodes.js" pour l'éditer. Je souhaite remplacer le message par défaut de Firefox et rediriger vers une une page en local. Merci pour votre aide. Yves

I am wondering if I can get some help configuring some GPO for Firefox on our new domain we are building. I want to be able to block private browsing as well as I was wondering if there is an option to force firefox to sign in with certain accounts only so we can monitor students as we are a school district

we want to control the actions over all browsers, don't want common users to download anything via firefox, how to disable the download in firefox via GPO? thanks.

We have been stuck on Firefox 93.x ESR for a while and now we are able to move forward and upgrade to the most recent version of Firefox ESR, we downloaded Firefox 115.1.0 and deployed to our test users and for some of them they are seeing an Alert popup on SSO sites after clicking on the login button.

"Please authenticate to the token xxxxxxxxxx. How to do so depends on the token (for example, using a fingerprint reader or entering a code with a keypad)."

The xxxxxxxxxx is a different number for every user so I believe that is the serial number of their PKI card. How to reproduce the issue is when the user visits a SSO internal site they are prompted to choose a certificate, usually a choice to choose one of two possible certificates and it doesn't matter which certificate the end user chooses and also place a check mark in Remember this decision will always produce the Alert popup every time they visit that page. If the user never places a check mark in Remember this decision the Alert will not popup. I have looked thru the forums and looked over the interwebs to see if anyone else mentions this issue but have found nothing.

Why does this Alert message popup, how can we get rid of this popup message? Is it a setting in Firefox somewhere? I don't know what has changed between 93.x and 115.1.x so I am unsure what to check or setting to try to eliminate this popup. All help is appreciated, please and thank you.

Hi there,

I'm playing with policies.json on Linux/Ubuntu now, trying to improve my knowledge of Firefox customization through different policies and user interaction after the Firefox deployment. I added a custom bookmark and extension, which show and install okay when I restart the browser. But when I delete them from within the browser and restart Firefox, they show up again. To avoid this, I can delete /etc/firefox/policies/policies.json after the Firefox deployment. Hence my questions:

• Is the deletion of the JSON file after the Firefox deployment a reasonable option at all?
• If yes, how can I automate the process silently, without user interaction?
• If no, what would be your advice to let users modify the browser settings like removing extension(s) or bookmark(s) set in policies.json so that they do not reappear after the browser restart?

Thank you! Rustam