Showing questions tagged: Show all questions
  • Archived

Enforce use of extension

Hello, My company recently started using ActivTrak Monitoring software and I need some help configuring the setup for Apple computers. I'm trying to create a custom .mob… (read more)

Hello,

My company recently started using ActivTrak Monitoring software and I need some help configuring the setup for Apple computers. I'm trying to create a custom .mobileconfig to automatically turn on the browser extension and then stop the end users from turning the add-on off. I can successfully install and lock the extension on once installed but need to manually activate the add-on first. What do I need to add to the plist to enable the extension automatically?

Thank you!

Asked by MiITsolutions 7 months ago

Last reply by Mike Kaply 4 months ago

Microsoft SSO not working

Hello, I have enabled the Allow Windows single sign-on for Microsoft, work, and school accounts setting via GPO for Desktops, and it is showing as ticked. Additionally,… (read more)

Hello,

I have enabled the Allow Windows single sign-on for Microsoft, work, and school accounts setting via GPO for Desktops, and it is showing as ticked.

Additionally, within Settings > Email & Accounts, my account is showing underneath Accounts used by other apps

However SSO does not seem to be working whenever I go to the likes of office.com

However, within the likes of Google Chrome (with the Microsoft Single Sign On Extension), SSO works seamlessly.

Does anyone have any ideas?

Thanks so much.

Asked by d.mccrickard 5 months ago

Last reply by Mike Kaply 5 months ago

  • Archived

Addon/Extension allow list with group policy

Hello! I manage our browser configuration for our enterprise. We use group policy to restrict browser addons until they clear our internal security review. I'm looking … (read more)

Hello!

I manage our browser configuration for our enterprise. We use group policy to restrict browser addons until they clear our internal security review.

I'm looking for a way to allow specific addons using group policy, while generally blocking everything else.

I've found the setting to enforce the installation of addons, but we'd like to avoid forcing every addon to install on every system as there would be overlap between things like password managers and such.

Is there a way to accomplish this?

Asked by ggroathouse 6 months ago

Last reply by Mike Kaply 5 months ago

  • Archived

How to Get rid of "Firefox closed unexpectedly while starting" error window

Unattended software (kiosk) here. Sometimes (so rarely that I cannot reproduce in dev) the client sees this error screen: "Firefox closed unexpectedly while starting...… (read more)

Unattended software (kiosk) here.

Sometimes (so rarely that I cannot reproduce in dev) the client sees this error screen: "Firefox closed unexpectedly while starting..." (see image in attachment)

Sometimes when rebooting the error goes away and Firefox starts normally.

Sometimes even when rebooting the system - this vertical error screen appears, and one solution is to reinstall Firefox, but I'd like not to (if not necessary) or at least programmatically detect the issue and perform the needed actions.

QUESTIONS: How to programmatically detect (bash i.e.) that this error window is present and get rid of it properly? Or, how to (for debugging) force that screen to appear (to force that broken state)?

PS: I'm running Firefox using:

nohup firefox -P ff_custom_profile -new-instance -private-window -kiosk "$url" > /dev/null 2>&1 &

Thank you for any assistance or insight

Asked by Roko C.B. 6 months ago

Last reply by Mike Kaply 6 months ago

  • Archived

Extensions through GPO

Hi, I already have the admx and adml templates installed on my gpo. I would like to control or prevent the install of vpn extensions on the firefox browser. Specificall… (read more)

Hi,

I already have the admx and adml templates installed on my gpo. I would like to control or prevent the install of vpn extensions on the firefox browser.

Specifically I would like to prevent the install of all vpn extensions to the firefox browser for the users in my company. I would like them to download and install other extensions. How could I do this through modifying the json file in the extensions folder of the firefox template in my gpo.

Thanks in advance, Floyd,

Asked by fcastellino 6 months ago

Last reply by Mike Kaply 6 months ago

  • Archived

Could we have a plist for configuring DNS settings on our Firefox browser.

Hello, We would like to deploy a configuration profile to our macbooks running Sonoma 14.5 and above. This is being done via Jamf MDM. However when we use our current … (read more)

Hello,

We would like to deploy a configuration profile to our macbooks running Sonoma 14.5 and above. This is being done via Jamf MDM. However when we use our current plist to configure settings, They are not being applied correctly, The issue seems to be with the firefox plist itself and not our Jamf deployment. Would you be be able to advise or could we ask for a plist template that could achieve this?


Thanks.

Asked by sysadmins 6 months ago

Last reply by Mike Kaply 6 months ago

  • Solved
  • Archived

Application Handlers

Hi All, I have been on the struggle bus lately trying to get the application handlers set properly in our GPO. I am trying to get PDF, webp, avif to open in browser, and… (read more)

Hi All, I have been on the struggle bus lately trying to get the application handlers set properly in our GPO. I am trying to get PDF, webp, avif to open in browser, and jnlp to auto launch Java. Any help will be greatly appreciated!

{"application/pdf":{"action":3,"extensions":["pdf"]},"image/webp":{"action":3,"extensions":["webp"]},"image/avif":{"action":3,"extensions":["avif"]},"application/x-java-jnlp-file":{"action":4,"handlers":[{"name":"javaws.exe","path":"C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\javaws.exe"}],"extensions":["jnlp"]}}

Asked by Chris Wilkerson 9 months ago

Answered by Mike Kaply 9 months ago

  • Archived

Disable Save menu entry from Firefox built-in PDF Viewer on local Linux system

I would like to prevent users to navigate on the Linux system when they view a PDF and then use the Save option. The "PDFjs" policy enables or disables the PDF Viewer but… (read more)

I would like to prevent users to navigate on the Linux system when they view a PDF and then use the Save option. The "PDFjs" policy enables or disables the PDF Viewer but does not control the built-in PDF Viewer menus.

Asked by InfoMaze 12 months ago

Last reply by zeroknight 9 months ago

  • Archived

Looking to customize Firefox application via Intune Plist

Looking to specify homepage, homepage button, and new tab page within Firefox on our Mac fleet. I was able to create a plist file for macs, and it was "deployed successf… (read more)

Looking to specify homepage, homepage button, and new tab page within Firefox on our Mac fleet.

I was able to create a plist file for macs, and it was "deployed successfully" according to Intune, but no changes actually happened on my test machines.

I've uploaded a redacted version of the used plist.

Anyone out there have any ideas?

Asked by jmajors50 9 months ago

Last reply by Mike Kaply 9 months ago

  • Archived

GPO, Reg Key, Nothing works to force add/install an extension.

I am writing from an enterprise environment and I have been directed to the community page by Mozilla support to seek answers. This approach seems somewhat unreasonable f… (read more)

I am writing from an enterprise environment and I have been directed to the community page by Mozilla support to seek answers. This approach seems somewhat unreasonable for an enterprise setting and it has led me to consider discontinuing their product within our organization. I had requested support to send me a copy of my previous correspondence as I had forgotten some details, but this request was ignored, which is disappointing.

I am skeptical about receiving the help or answers I need here. If there is a more direct line to Mozilla support, I would greatly appreciate being redirected there.

We are currently using Firefox 121.0 and are attempting to implement the Applied Epic extension. I have updated the ADMX policy.

Originally, the reg key flip I created did work but something has changed since then. See screenshot of this. I followed the guide provided at https://github.com/mozilla/policy-templates/blob/v5.5/docs/index.md, which instructed me to place the registry key in Software\Policies\Mozilla\Firefox\Extensions\Install\1. However, the guide did not specify whether this should be in HKLM or HKCU. I tried this instead, and it did not work.

I also attempted to implement the extension via GPO, but this was unsuccessful. I tried the new Extension Management system as well, but to no avail.

Here is the JSON configuration I used: {

 "AppliedEpicExtension@gmail.com": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/file/4143256/applied_epic_extension-3.16.3.xpi"
 }

}

Despite following the guide and trying multiple methods, none of the options seem to work. I would appreciate any guidance on what I might be doing wrong.

Asked by BM 11 months ago

Last reply by Mike Kaply 10 months ago

  • Solved
  • Archived

Extensions Management .json is not working

Hello, I am trying to create a management policy for extensions where all themes are allowed, some extensions are force installed, other specified ones are allowed, and … (read more)

Hello,

I am trying to create a management policy for extensions where all themes are allowed, some extensions are force installed, other specified ones are allowed, and anything else is blocked. I have been scouring the web looking for samples and I just can't get it to work as intended. Here is a sample of what I have written.

{ "*": { "blocked_install_message": "IT has blocked the installation of UNAPPROVED add-ons. Please contact the IT Service Desk to request approval.", "install_sources": "https://addons.mozilla.org/*", "allowed_types": ["theme","extension"] }, "plugin@okta.com": { "installation_mode": "force_installed", "install_url": "https://addons.mozilla.org/firefox/downloads/file/3601147/okta_browser_plugin.xpi" }, "support@lastpass.com": { "installation_mode": "force_installed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/lastpass-password-manager/latest.xpi" }, "developer@zoom.us": { "installation_mode": "allowed", "install_url": "https://addons.mozilla.org/firefox/downloads/file/4212428/zoom_new_scheduler-2.1.52.xpi" }, "info@katalon.com": { "installation_mode": "allowed", "install_url": "https://addons.mozilla.org/firefox/downloads/file/3826743/katalon_automation_record-5.5.3.xpi" } }

In this current state, I am allowed to install themes, I get the forced installs, but I can install ANY extension. I don't want that.

If I modify the blocking section with [ "installation_mode": "blocked", ], then I only get the force installed plugins and I can't do anything else. It even removes any previously installed themes or plugins not explicitly forced in. The allowed plugins can't be installed either.

I have also tried it without the "extensions" allowed_type but the result did not change. To recap, I need to block any extensions not explicitly pushed or allowed. Would anyone be able to assist and point out what I may be missing please?

~Regards

Asked by yaponte 11 months ago

Answered by yaponte 11 months ago

  • Solved
  • Archived

How to disable Quic protocol in Windows with MS Intune

Hello I am looking for a way to disable the QUIC protocol in Firefox through Intune. tried by below value but its not working, anyone did the settings in MS Intune for W… (read more)

Hello

I am looking for a way to disable the QUIC protocol in Firefox through Intune. tried by below value but its not working, anyone did the settings in MS Intune for Windows? <enabled/> <data id="JSON" value=' {

 "network.http.http3.enable": {
   "Value": 0,
   "Status": "user"
 },

{

 "network.http.http3.enable_0rtt": {
   "Value": 0,
   "Status": "user"
 }

}'/>

Thanks

Asked by Shri Sivakumaran 11 months ago

Answered by Shri Sivakumaran 11 months ago

  • Solved
  • Archived

How to disable Quic protocol in Mac with Jamf

Hello I am looking for a way to disable the QUIC protocol in Firefox through Jamf Pro. tried by below value but its not working, anyone did the settings for Mac? <… (read more)

Hello

I am looking for a way to disable the QUIC protocol in Firefox through Jamf Pro. tried by below value but its not working, anyone did the settings for Mac?

<plist version="1.0"> <dict> <key>Preferences</key> <dict> <key>network.http.http3.enable</key> <dict> <key>Value</key> <false/> <key>Status</key> <string>user</string> </dict> <key>network.http.http3.enable_0rtt</key> <dict> <key>Value</key> <false/> <key>Status</key> <string>user</string> </dict> </dict> </dict> </plist>


Thanks

Asked by Shri Sivakumaran 11 months ago

Answered by Mike Kaply 11 months ago

  • Solved
  • Archived

Fully disable Pocket to alleviate DNS requests

We are working on implementing Firefox for Enterprise and rolling it out through Intune/Company Portal, one challenge we are encountering is that we have disabled Pocket … (read more)

We are working on implementing Firefox for Enterprise and rolling it out through Intune/Company Portal, one challenge we are encountering is that we have disabled Pocket as thoroughly as we can (followed the guide from Mozilla https://support.mozilla.org/en-US/kb/disable-or-re-enable-pocket-for-firefox) and we are still seeing requests go out to "img-getpocket.cdn.mozilla.net" we do not want Pocket available at all, we do not want queries made to those domains, is it not possible to completely eradicate Pocket?

It wouldn't be a problem but our AV solution (MDE) has a popup every time the URL is queried and blocked.

Attached image of our configuration profile for Pocket.

Asked by null_panda 1 year ago

Answered by cor-el 1 year ago

  • Archived

Configuring AddOn Parameters using `policy.json`?

I'm setting up addon installation through `policy.json`. Below is an example. I am wondering howto configure addons thus installed using the same file. Is it possible? If… (read more)

I'm setting up addon installation through `policy.json`. Below is an example. I am wondering howto configure addons thus installed using the same file. Is it possible? If yes: where to find addon-specific keys/options? As an example: when providing below `policy.json`, starting any fresh firefox profile/installation produces the dialog "Startpage.com - Private Search Engine would like to change your default search engine from Google to Startpage.com - English. Is that OK?", followed by yes/no buttons. I would like to be able to just make the addon do so forgoing the dialog.

Thanks for any pointers.

{

 "policies": {
   "ExtensionSettings": {
     "*": {
       "blocked_install_message": "Installation of extensions only allowed from 'policy.json'.",
       "installation_mode": "blocked"
     },
     "{20fc2e06-e3e4-4b2b-812b-ab431220cada}": {
       "installation_mode": "force_installed",
       "install_url": "https://addons.mozilla.org/firefox/downloads/latest/startpage-private-search/latest.xpi"
     }
   },
   "ExtensionUpdate": true
 }

}

Asked by nonsense2 1 year ago

Last reply by Mike Kaply 1 year ago

  • Solved
  • Archived

deploying firefox-add-ons via group policies doesn't work anymore after proxy-change

Hello, I used to deploy add-ons via group policies - this worked like a charm: Firefox esr (91.11.0esr x64), ADMX-templates in Sysvol\PolicyDefinitions, Group Policies: … (read more)

Hello,

I used to deploy add-ons via group policies - this worked like a charm: Firefox esr (91.11.0esr x64), ADMX-templates in Sysvol\PolicyDefinitions, Group Policies: User configuration, administrative templates, mozilla, firefox, add-ons --> install add-ons --> https://addons.mozilla.org/firefox/downloads/file/1234567/goodaddon-1.0.01.xpi

A few months ago, we had to change our network-configuration. We were using a proxy before, but our proxy had direct access to the internet. Now our proxy forwards everything to another proxy. Since about that time, add-on-deployment via gpo doesn't work anymore. It could be something else, but i suspect the proxy-change.

I tried to deploy unc-paths, internal websites and different syntaxes; none of this works:

  • http://192.168.100.10/goodaddon-1.0.01.xpi
  • http://internalwebsite/goodaddon-1.0.01.xpi
  • https://192.168.100.10/goodaddon-1.0.01.xpi
  • https://internalwebsite/goodaddon-1.0.01.xpi
  • \\192.168.100.20\netshare\goodaddon-1.0.01.xpi
  • \\internalfileserver\netshare\goodaddon-1.0.01.xpi
  • file://///192.168.100.20/netshare/goodaddon-1.0.01.xpi
  • file://///internalfileserver/netshare/goodaddon-1.0.01.xpi

As you can see I tried using internal sites, so that no proxy would be needed. And I also added these sites to the allowed add-on-installation-sites (computer configuration, same group policy). The sites are all accessible; if I enter these addresses as url, firefox can access the xpi-file.

I know how to pack add-ons into the firefox-setup-file; that still works. But first of all, firefox is already installed on most of my clients. Second, after a fresh installation of firefox with this self-created package, all add-ons are installed, but not activated. And I would like to restrict activation/deactivation of add-ons via gpo.

  1. 1 Are there other ways to deploy add-ons in a domain-network (e.g. script-based)?
  2. 2 Are there any logs where I could find out what exactly goes wrong?
  3. 3 Are there any other syntaxes I could try (group policy urls)?
  4. 4 Can anyone guess what the problem is (why it is not working anymore)?

Help would be very much appreciated.

Best regards.

Asked by mozilla355 2 years ago

Answered by mozilla355 2 years ago

  • Archived

Hardening Firefox browser

Hi, I am looking for a security Hardening guidelines for Firefox from Mozilla. Could you please guide me to the right direction where I can find one. Thanks Raju … (read more)

Hi, I am looking for a security Hardening guidelines for Firefox from Mozilla. Could you please guide me to the right direction where I can find one.

Thanks Raju

Asked by raju.singanna 2 years ago

Last reply by Mike Kaply 2 years ago

  • Archived

in a corporate environment, using Kerberos authentication to authenticate AD user to OKTA (IdP) via Firefox

We have used Firefox in our environment for well over a year in the configuration explained here: https://help.okta.com/en-us/content/topics/directory/ad-dsso-configure-b… (read more)

We have used Firefox in our environment for well over a year in the configuration explained here: https://help.okta.com/en-us/content/topics/directory/ad-dsso-configure-browsers.htm

OKTA is our Identity provider to do Single Sign on to our SaaS applications.

today when version 118 rolled out, this functionality stopped working. Can you help me to get this working again. Chrome and Edge are not affected, so we have options, but we would really like to use Firefox.

Thanks so much for your help

Scott

Asked by Scott Voll 1 year ago

Last reply by Mike Kaply 1 year ago

  • Solved
  • Archived

What is the proper format for the ExtensionSettings policy registry key/value that is used to manage browser extension settings?

When looking at the ExtensionSettings page for Firefox or Chrome they both use an example that shows the registry key Software\Policies\Mozilla\Firefox\ExtensionSettings… (read more)

When looking at the ExtensionSettings page for Firefox or Chrome they both use an example that shows the registry key Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) being set to a long JSON string with every extension ID and the settings for that particular ID. For example...

{

 "*": {
   "blocked_install_message": "Custom error message.",
   "install_sources": ["https://yourwebsite.com/*"],
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
 },
 "https-everywhere@eff.org": {
   "installation_mode": "allowed"
 }

}

The problem with this method is that if I am installing an extension, and I overwrite what already exists in Software\Policies\Mozilla\Firefox\ExtensionSettings then all of those other settings get removed. So even if I am a non-malicious actor and just make a mistake with my installer I can easily delete every other extension's settings. Instead what I have to do is during install I have to read the current value of Software\Policies\Mozilla\Firefox\ExtensionSettings and then insert my extension's settings into the JSON blob.

So the examples that Firefox and Chrome provides do of course work, however they do not make very much sense to me. Why would it be formatted this way since all of those are additional key/value pairs and that is exactly what the registry excels at storing. So why put all of those into a single key/value instead of breaking them into multiple?

Additionally breaking them a part into multiple key/value pairs does work! So if instead of the example above I were to split them into multiple key value pairs it works just fine!

Software\Policies\Mozilla\Firefox\ExtensionSettings

   uBlock0@raymondhill.net
       "installation_mode": "force_installed",
       "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"

So knowing that this way with multiple key/value pairs works why am I bothering to ask this question at all instead of just doing it the way that makes sense to me? Well the issue is that by breaking it up into multiple key value pairs it actually overrides the other method and makes it so that all those registry settings are ignored. So it doesn't delete them but it still leaves me with nearly the exact same problem.

While I believe "my" way is superior because it uses the registry in a more common sense route, if that is not what the majority of extension developers do then it doesn't matter and I should be conforming to the other way.

As I am typing this question up I did realize just how hard/annoying it is to properly format and make it clear and digestible what the multi key/value format of the registry would look like instead of being a JSON string. So perhaps that is the reason why all the documentation puts it all as one JSON string?

Asked by perihwk+firefox 1 year ago

Answered by Mike Kaply 1 year ago