Firefox for Enterprise Community Forum

Hello Mozilla Community,

I am an administrator in a company where we currently use Microsoft Intune for software distribution. We are currently deploying Firefox 76.0, which automatically updates itself and is no longer at version 76.0. However, we are planning to switch to the Firefox ESR version.

In our organization, we are not allowed to use Mozilla accounts for syncing passwords and bookmarks due to internal policies. Our goal is to make this transition as seamless as possible for our users, with as much automation as possible, while still ensuring that they can sync their passwords and bookmarks effectively without relying on Mozilla accounts.

Is there a way to achieve this, perhaps through a third-party tool or another method that integrates well with Intune and respects our privacy requirements?

Any guidance or suggestions to make this process smooth and user-friendly would be greatly appreciated!

Thank you in advance for your help.

Hi all

I like to enforce the following setting "Require device sign in to fill and mange passwords" in the mozilla.cfg but I couldn't find the setting in about:config.

Can anyone help?

Regards

Ogami

Is there any parameter or group policy similar to Chrome "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\AutoSelectCertificateForUrls]", as we implemented application with Certificate sign-in, it pop-up every time when navigating to different on-prem servers, we enabled Group policy for MSEdge & Chrome, but need to do same for Mozilla Firefox.

I need expert advice on this subject matter.

Regards,

Kamal Kiri

Hi team, I need a few insights on auto update policy - I have used your knowledge base sources and have created policies to auto update firefox in our environment via intune, unfortunately the settings are not working as expected. I'd appreciate any comments and assistance on this matter. This the source I followed: https://support.mozilla.org/en-US/kb/managing-firefox-intune

Firefox (129.0.2) displays "401 - Unauthorized: Access is denied due to invalid credentials" (see attached image)

I have tried various combinations of setting and not setting the following in Firefox:

• network.negotiate-auth.trusted-uris
• network.negotiate-auth.delegation-uris
• network.auth.use-sspi

For the URI settings I have tried both .domainname.domainextension and https://servicename.domainname.domainextension

In Windows 10 Control Panel -> Internet Options, the site is in "Trusted sites" using a domain wildcard, and also "Local intranet" and both "Automatic logon" and "Enable Integrated Windows Authentication" are enabled. I suspect those setting aren't relevant since other browsers are authenticating without error or prompt, but calling this out to show that I've covered that base.

The web service is served by IIS 10.0 on Windows Server 2022 and the authentication provider list only includes Negotiate, but I don't believe this issue has anything to do with IIS or its configuration as, again, other browsers are authenticating without error or prompt.

Anything else to check?

Thank you for any guidance you can offer.

Hi,

Looking to upgrade our org to ESR 128.2.0 due to compatibility issues - most notably, embedded PDFs not loading due to Promise.withResolvers() not being implemented on versions prior to 121.

Curious to know if there are any issues or concerns with upgrading manually/pushing this version out - would like to ensure we don't cause further issues in attempting to resolve one.

My company has been using the same customized autoconfig.js without issue since last year's FF 115 esr release on our Ubuntu servers.

cat /opt/firefox-115.13.0esr/defaults/pref/autoconfig.js pref("browser.tabs.inTitlebar", 0); pref("general.config.filename", "firefox.cfg"); pref("general.config.obscure_value", 0); pref("general.config.sandbox_enabled", false); pref("pdfjs.annotationEditorMode", 1);

Now we are testing the 128 esr next releases with the same config and getting the failed to read the configuration file. please contact your system administrator error

cat /opt/firefox-128.1.0esr/defaults/pref/autoconfig.js pref("browser.tabs.inTitlebar", 0); pref("general.config.filename", "firefox.cfg"); pref("general.config.obscure_value", 0); pref("general.config.sandbox_enabled", false); pref("pdfjs.annotationEditorMode", 1);

If remove pref("general.config.obscure_value", 0); or set it to 1, the error goes away, but our actual firefox.cfg does not get read and are configs are not present at all.

Добрый день! Есть проблема в получении определенных писем. От отправителя один вид писем приходит (общение с тех.поддержкой), а автоматическая рассылка кодов нет. Может ли быть у меня проблема в получении писем? какое то ограничение или запрет? В папке спам письма так же проверяю

Hello,

I installed Firefox 128.2.0esr. I set the next parameters in GPO for settings DNSOverHTTPS: "DNSOverHTTPS": {

                      "Enabled":  true,

"ProviderURL": "https://safe.dot.dns.yandex.net/dns-query", "Locked": true, "Fallback": true }. But when checking via https://www.cloudflare.com/ru-ru/ssl/encrypted-sni/#results I get (screenshot in attachment). As you can see from the screenshot, DNS and SNI did not receive the coveted check marks. Secure DNS We weren’t able to detect whether you were using a DNS resolver over secure transport. Contact your DNS provider or try using 1.1.1.1 for fast & secure DNS. DNSSEC Attackers cannot trick you into visiting a fake website by manipulating DNS responses for domains that are outside their control. TLS 1.3 Nobody snooping on the wire can see the certificate of the website you made a TLS connection to. Secure SNI Anybody listening on the wire can see the exact website you made a TLS connection to.

In my browser / about:config: network.trr.mode = 2 network.trr.uri = https://safe.dot.dns.yandex.net/dns-query

In 128.2.0esr there is no protection against ESNI interceptions and ECH is enabled by default? Or is the problem that the DNS provider does not support the technology from Mozilla? Or what other settings we need use (via GPO)?

Thank you.

Hi,

At my work, we use Windows AppLocker to allow only trusted code to be executed. Firefox works great in this environment, but I do have a request.

We were regularly getting notices of untrusted code being attempted from the "%windir%\temp\NS?????.tmp\" folder, which was a mystery to us for a long time. We finally tracked the cause back to "C:\Program Files\Mozilla Firefox\uninstall\helper.exe", which extracts DLLs (e.g. system.dll, shelllink.dll, userinfo.dll and accesscontrol.dll). It's my pleasure to report that the extracted DLLs ARE signed (btw, thank you so much for that!!). However, I had an embarrassingly hard time getting to this point since the code is code only exists temporarily, and I sadly never had the thought that NS might mean Netscape.

Incase there are others in my situation, I was wondering you'd like to prepend the .tmp folder name to include moz- or Mozilla?

I think there may be others in my situation, since our instance that followed the best practice of exempting all DLLs in Program Files from the exclusion policy, and since Firefox keeps all DLLs in Program Files, these were the only Firefox DLLs being checked.

Thank you for 30 years of a great product!

Rob

I need some help to get Intune Firefox Extension Management to work.

I have imported the Firefox ADMX into Intune but cant seem to get the JSON correct for this to work correctly.

The scenario I would like to give is I would like to block all extensions but allow Power Automate Extension and Cisco Web Ex Extension.

Any help would be appreciated!

Hello,

I am reaching out to gain information on ADMX GPO policies. We are retiring Policy Pak which used to add all the policies and secure Firefox for Enterprise. What we noticed is that Policy Pak used the app set to apply these policies and we are noticing that native GPO's for the most part to match the Policy Pak policies is not as accurate for GPO's My ask here is there any Most Viable Product suggestions to apply Native GPO's for securing Firefox.

Hello,

I’m reaching out on behalf of Funding Move, where we’re developing a trading platform that sees significant traffic. We’re looking to fine-tune Firefox settings to ensure our users have a smooth and secure experience.

We’re specifically interested in:

Optimizing Firefox settings for better performance and faster load times Ensuring our platform integrates well with Firefox’s security features Customizing user preferences to support high-frequency trading tools Can anyone help you adjust Firefox settings to meet these needs? Any best practices or configurations you’ve found effective would be beneficial.

Thank you!

We use ESR due to its stability and long term security updates, and we use Duo as our SSO/IDP.

We have Duo set to deny login when the browser is more than 6 mo out of date, but due to the way FF reports only the main version number via the user agent Duo is unable to determine that FF ESR is actually up to date and thinks that it's too old and my users are being denied login or getting an erroneous message about needing to update their browser.

Is there a way to set FF to report it's whole version to Duo? We would prefer not to have to "outlaw" FF in our prod environment if at all possible.

I am working on deploying Firefox with a GPO and I noticed that a saved password can be easily viewed just by going into the password manager. I found a way to disable the password manager all together, but then you can't save passwords. I am look for a way just to Require device sign in to fill and manage passwords as it says so its not just clicking the eyeball to see the password. I saw this article ( https://support.mozilla.org/en-US/kb/firefox-password-authentification-prompt ) which is how I got the description for this and that seems to be exactly what I want, But I cannot find this setting anywhere in the GPO. Anyone know where it is OR perhaps maybe you could add it?