Showing questions tagged: Show all questions

FF 102.3.0esr doesn't update

FF 102.3.0esr (64-bit) says 'You are currently on the update channel' but doesn't update. I see 102.5.0 is available. Originally said policies managed by organization. … (read more)

FF 102.3.0esr (64-bit) says 'You are currently on the update channel' but doesn't update. I see 102.5.0 is available. Originally said policies managed by organization. Enterprises Policies. I Deleted [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox]. Enterprises Policies now gone, but message hasn't changed nor can I update.

Asked by Norbert38 2 weeks ago

Last reply by Mike Kaply 11 hours ago

I want to put Zscaler Root CA certificate for web access by terminal

Hi Team, I'm using the Zscaler in my network, when I use the Firefox, appear the error: "Software is Preventing Firefox From Safely Connecting to This Site www.googleadse… (read more)

Hi Team, I'm using the Zscaler in my network, when I use the Firefox, appear the error:

"Software is Preventing Firefox From Safely Connecting to This Site

www.googleadservices.com is most likely a safe site, but a secure connection could not be established. This issue is caused by Zscaler Root CA, which is either software on your computer or your network.

What can you do about it?

www.googleadservices.com has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely...." Picture 1

I have root certificate in path: /usr/share/ca-certificates/mozilla$ Picture 2

I run the command for updates CA but it doesn't work: sudo update-ca-certificates

Errors keep popping up.

The certificate not appear in the Certificate manager > Authorities Picture 3

But if I open the firefox > Settings > Privacy & Security> Certifcates > View Certificates > Import And I import the certificate ZscalerRoot.crt and I mark the option "trust this CA to identify websites" the firefox works, and I can open the site without error message.

Picture 4

And the certificate appear in the manager certificate: Picture 5


How can I put the command terminal certificate, which I have on hundreds of machines?

Note: I need to put the certificate only for internet access.

Asked by walter.sena.m 6 days ago

Last reply by cor-el 1 day ago

Can no longer play media with Firefox ESR 102.x

Hello, ever since we moved endpoints from Firefox ESR 91.13 to 102.3, it has become impossible to play any media with Firefox. No video will play in youtube, for instance… (read more)

Hello, ever since we moved endpoints from Firefox ESR 91.13 to 102.3, it has become impossible to play any media with Firefox.

No video will play in youtube, for instance (it just loads endlessly as if it would start, but it doesn't).

Can't use radio websites either. Anything with a "play" button (video or sound) does nothing.

This has been tested with a clean profile, a clean install, after allowing autoplay in the settings.

Is there any info on what exactly changed between ESR 91 and 102 that might explain this ? There has been no system change, If I reinstall 91 instead it works again as usual.

No issues anywhere else on the endpoints (Edge, Windows), this is on Windows 10 if it makes any difference.

Tanks for any help on this.

Asked by OdeonFF 2 months ago

Last reply by OdeonFF 1 week ago

  • Solved

Unable to set Homepage via Intune configuration profile for MacOS

Hi everyone, I'm trying to standardize the homepage for the browser which enrolled with Intune on MacOS. I have imported the .plist file as below with the preference doma… (read more)

Hi everyone, I'm trying to standardize the homepage for the browser which enrolled with Intune on MacOS. I have imported the .plist file as below with the preference domain name as "org.mozilla.firefox". After applied, it returned error and nothing has been changed on the browser. Thanks.

<key>Homepage</key> <key>URL</key> <string>http://example.com</string> <key>StartPage</key> <string>homepage</string>

Asked by thomas1881 2 weeks ago

Answered by Mike Kaply 2 weeks ago

Firefox ESR - Maintenance Service - UAC Prompt

I posted this previously and got zero response and the post is now archived. Hoping for better luck this time. We have rolled Firefox ESR to all of our computers. On so… (read more)

I posted this previously and got zero response and the post is now archived. Hoping for better luck this time.

We have rolled Firefox ESR to all of our computers. On some of them the Maintenance Service is working correctly and installing updates with no user interaction. On other computers, users are getting a UAC prompt to enter admin credentials to install updates. I have tried various changes that I have found across the web from Deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MozillaMaintenance\Security to uninstalling and re-installing the Maintenance Service. All of the users/computers have the same policies applied via Group Policy (Application Autoupdate: Enabled and Disable Update: Disabled) and are not local admins.

Asked by bfrawley 1 month ago

Last reply by Mike Kaply 1 month ago

  • Archived

Prefs.js file is generated in random userprofile path, need to overwrite it dynamically

Need way to overwrite prefs.js with corporate standard for kiosk like environment. Either need way to have firefox install in standard path within each user profile or h… (read more)

Need way to overwrite prefs.js with corporate standard for kiosk like environment. Either need way to have firefox install in standard path within each user profile or have firefox insert file from source. Advice ? thanks.

Asked by jon.dickens 6 months ago

Last reply by jon.dickens 1 month ago

Background Update

Nessus, Qualys, IBM Big Fix security scans constantly pick up firefox vulnerabilities. What we find is that either users have deleted the Firefox background update task o… (read more)

Nessus, Qualys, IBM Big Fix security scans constantly pick up firefox vulnerabilities. What we find is that either users have deleted the Firefox background update task or on servers, it never gets put onto the task scheduler. All other browsers have a channel update in the GPO files that ensure they are kept up to date and never show up in our scans. When will firefox put out similar channel GPOs and quit relying on the differently named task that we can't put into a group policy task scheduler, but constantly find firefox vulnerabilities from users that have deleted it so that group policy does not take effect.

Asked by bruce92 1 month ago

Last reply by bruce92 1 month ago

Managed Bookmarks GPO - Max character limit

Wanted to post and see if anyone has came across this issue before. We utilize managed bookmarks via GPO for our company and are now running into an issue regarding chara… (read more)

Wanted to post and see if anyone has came across this issue before. We utilize managed bookmarks via GPO for our company and are now running into an issue regarding character limit. I searched a bit myself, but unable to find anything regarding this. Hoping someone on here has possibly seen this before.

'This field can contain a maximum of 16834 characters per line. Make sure you enter 16384 or fewer characters per line.'

Not have any issues with Chrome or Edge.

Thanks for help / insight you can provide.

Asked by blong2 1 month ago

Extension Management GPO has a limit of 2048 characters

I'm trying to configure the "Extension Management" policy for firefox in my company. We have 14 addons to manage. using JSON this will end to a line of about 2500 chara… (read more)

I'm trying to configure the "Extension Management" policy for firefox in my company. We have 14 addons to manage. using JSON this will end to a line of about 2500 characters.

when I try to copy the code into the gpo I get a message telling me the limit is 2048 characters.

Is there a way to baypass this limitation ?


thank you

Asked by kalimera555 1 month ago

Last reply by Mike Kaply 1 month ago

How to configure "What Firefox should do with other files" with policies.json

Hi, I deployed the last Firefox ESR update and I just found about this new feature : https://support.mozilla.org/en-US/kb/manage-downloads-preferences-using-downloads-men… (read more)

Hi,

I deployed the last Firefox ESR update and I just found about this new feature : https://support.mozilla.org/en-US/kb/manage-downloads-preferences-using-downloads-menu

So files are now downloaded and users are no longer prompted for what to do. My question is can we change this to "Ask whether to open or save files" using policies.json?

Kind regards,

McB

Asked by loic.hemat 2 months ago

Last reply by cor-el 2 months ago

  • Solved

Disable "show in download folder"

I have a need to use regular browser (not kiosk), but disable the "open downloads folder" once a file has been downloaded. This is opening a file manager (thunar or alike… (read more)

I have a need to use regular browser (not kiosk), but disable the "open downloads folder" once a file has been downloaded. This is opening a file manager (thunar or alike) which then allows the user to browse the filesystem and open a terminal emulator from /usr/bin.

Using the policies, I am able to prompt for downloads, or select a download location, however I have been unable to completely stop the user from opening the download folder which opens a file browser.

Is there any way I can select policies or profile options for disabling the option for opening download folder?

Asked by Freddog 2 months ago

Answered by Terry 2 months ago

  • Solved

about:preferences " What should Firefox do with other files?" change with mozialla.cfg / How can I control this setting using mozilla.cfg?

From my point of view, the setting " What should Firefox do with other files?" has been added in the current ESR version. "What should Firefox do with other files?" ("Wie… (read more)

From my point of view, the setting " What should Firefox do with other files?" has been added in the current ESR version.

"What should Firefox do with other files?" ("Wie soll Firefox mit anderen Dateien verfahren?") . "Save files" ("Dateien speichern") . "Ask whether to open or save files" ("Fragen, ob Dateien geöffnet oder gespeichert werden sollen")


How can I control/change this setting using mozilla.cfg?


By the way:

// What should Firefox do with other files? - Wie soll Firefox mit anderen Dateien verfahren? lockPref("applications-ask-before-handling", false);

// What should Firefox do with other files? - Wie soll Firefox mit anderen Dateien verfahren? lockPref("applications-ask-before-handling", true);

works detectably via about:config but does not change the setting for "What should Firefox do with other files?".

Asked by bzam 2 months ago

Answered by bzam 2 months ago

Unable to configure the firefox policy for Proxy in Intune

OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy Value (string): <enabled/> <data id="ProxyLocked" value="true | false"/> <data id=… (read more)

OMA-URI:

./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy Value (string):

<enabled/> <data id="ProxyLocked" value="true | false"/> <data id="ConnectionType" value="none | system | manual | autoDetect | autoConfig"/> <data id="HTTPProxy" value="https://httpproxy.example.com"/> <data id="UseHTTPProxyForAllProtocols" value="true | false"/> <data id="SSLProxy" value="https://sslproxy.example.com"/> <data id="FTPProxy" value="https://ftpproxy.example.com"/> <data id="SOCKSProxy" value="https://socksproxy.example.com"/> <data id="SOCKSVersion" value="4 | 5"/> <data id="AutoConfigURL" value="URL_TO_AUTOCONFIG"/> <data id="Passthrough" value="<local>" >="" <data="" <="" p=""></data>


This has mixure of String and Integer , when we configure as string and use one from the above or leaving blank or setting only string , it failed the policy with error - -2016281112

Asked by kamal.manoranjith 2 months ago

Last reply by Mike Kaply 2 months ago

OCSP validation failing.

Hi, Background: a few months ago I had to redeploy the CA for a network I manage. I was able to do so and publish the new intermediate CA's cert via Active Directory. Sin… (read more)

Hi, Background: a few months ago I had to redeploy the CA for a network I manage. I was able to do so and publish the new intermediate CA's cert via Active Directory. Since then, I've updated certs on webhosts with certs from the new CA. Whenever a user uses FF (version 91.12.0) to browse to a site with the newly signed cert, I get an error stating "sec_error_ocsp_old". I've been able to temporarily advise users to disable OCSP Validation in FF security settings, but I'd REALLY like to fix this.

Other browsers (Edge, Chrome, Opera) all load the sites without issue.

Using this the below article, I double checked the time settings on the CA, Webserver, and clients: https://support.mozilla.org/en-US/kb/troubleshoot-time-errors-secure-websites

All the machines/VMs in question show the same time source, time, time zone, and sync interval.

I'm at a loss for what is happening. Any help would be greatly appreciated.

Asked by kaz.szydlo 2 months ago

Last reply by Mike Kaply 2 months ago

Looking for End Of Life (EOL) dates

We have about 35 versions of firefox running across the enterprise (38 to 91) and I have been tasked to update the EOL dates for all versions we have to help bring things… (read more)

We have about 35 versions of firefox running across the enterprise (38 to 91) and I have been tasked to update the EOL dates for all versions we have to help bring things up to speed and know what is/is not supported.

I found this page with release dates (https://www.mozilla.org/en-US/firefox/releases/) but nothing about when a version has reached it's EOL. Any help would be appreciated.

Asked by david.burrows 2 months ago

Last reply by James 2 months ago

Url print

Hi, I have a domain network that use an app open it in mozilla firefox.when we want to print a page the url address of app print with page in top and bottom of the page… (read more)

Hi, I have a domain network that use an app open it in mozilla firefox.when we want to print a page the url address of app print with page in top and bottom of the page. 1- i want that url dont print with it page 2- how i distribute this config to all clients with group policy? Note: when i changed the margin options that url would be removed from print page.but i want do this for all page and clients.

Asked by S.kh.hosseini 2 months ago

Last reply by Mike Kaply 2 months ago

Preventing access to about: pages, specifically about:logins

Hi, I've been tasked to make some changes to the way users deal with logins and passwords in the office. So, in short, one of the issues is this: is there ANY way to disa… (read more)

Hi,

I've been tasked to make some changes to the way users deal with logins and passwords in the office. So, in short, one of the issues is this: is there ANY way to disable (I'd say "hide" is more accurate) the about:logins page on Firefox?

  • pref.privacy.disable_button.view_passwords (with a lock pref) in autoconfig only disables the "View saved logins" button in Settings.

As for policies:

  • a few policies for blocking about: pages do exist - BlockAboutAddons/Config/Profiles/Support, but can't find one, say, "BlockAboutLogins" or something like that.
  • PasswordManagerEnabled set to false disables the password manager completely, including about:logins, password autofill is disabled as well - not what I need.
  • WebsiteFilter, as expected, doesn't treat about: as a protocol, so it can't be done there either.


Any help is appreciated. Thanks in advance!

Asked by slavev16 3 months ago

Last reply by cor-el 2 months ago