All Products Community Forum

Hello,

I had issue to verify the cert on android app for https://partners-enrichment.heytelecom.be. On Windows I didn't have the same issue.

version 144.0.2 / build id 20251027123126 / target arm64-v8a armeabi-v7a x86_64 Device: Samsung S22 / One UI 7.0 / Android version 15 / version S901U1UES8FYI2 / Security patch level September 1, 2025

Error: Secure Connection Failed, because its certificate issuer is unknown, the certificate is self-signed, or the server is not sending the correct intermediate certificates.

CertChain RCA: DigiCert Global Root G2 DCA: DigiCert Global G2 TLS RSA SHA256 2020 CA1 cert: partners-enrichment.heytelecom.be

1) I couldn't check the cert from the gui as on windows. Shield in search bar / Connection not secure doesn't opened the cert. Is it expected?

2) I found this helppage: https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox

Unfortunately about:preferences isn't available on android (ref. https://www.reddit.com/r/firefox/comments/u593x0/how_to_access_to_aboutpreferences_on_android/)

I see in about:certificate which is the correct RCA (I verified the pem file with the root). DigiCert Global Root G2

Where do I check the Intermediate CA's (DCA)?

3) When exporting the RCA it has been download as: digicert-global-root-g2.pem.txt Why the txt at the end?

On Windows it downloads as digicert-global-root-g2.pem

Kind regards,

I want nothing to do with AI.

I have unticked perplexity.ai in preferences#search but every search from the search bar and address bar goes to perplexity.ai then immediately crashes and displays "Internal Error".

To use DDG I have to type duckduckgo.com on the address bar then search from there.

Firefox 140.4.0 ESR.

I've' scanned the PC with malwarebytes. I restored windows from a backup image I haven't made any changes to the PC at all. Was working fine in the AM but by later afternoon, it started using perplexity.ai exclusively.

How do I get rid of perplexity.ai

I am logged on to my Credit Union and attempt to download my statements. When using Firefox I get the message: {"Errors":["Authorization has been denied for this request."]}

When I contacted my CU, they said to add an URL to the Manage Exceptions. This worked, but I want to know why Firefox needs this but Chrome doesn't.

Hello everyone,

i would like to ask if anyone have/had similar experience as me.

Im managing browsers in my company (Chrome, Edge , Firefox) via on-prem/Cloud solutions, approximately 300k users.

We are observing that most of the users are no longer using Firefox that often , leaving Firefox unpatched and therefore risking potential malware/ other attacks.

Of course that brings attention from our security team and now , we have to deal with it :)

Option to remotely uninstall (Intune , SCCM) is option number one of course, yet not the desired one.

We would like to check if there is an option how to "silently" update all the browsers with version N-1. We have looked into scripting, resulting into UAC prompt all the time, which is , of course, not desired.

Does anyone had similar experience, where you had to deal with similar use case ?

Please let me know

Have a great one you all !! Tomas

I look after about 20 PCs. All Windows 10. All were running Firefox ESR ranging from 115 - 128. As I get time I update each to the latest 128.x. Using group policies I've disabled all update settings.

However, on two of the PCs, they have updated to v139.0.1. Both of the users swear they did not manually do any update. I can't figure out how they got downgraded to the retail channel.

So my question is, since 128 < 139 how can I get them back on to the ESR channel, without loosing history, bookmarks, passwords and saved logins? I gather FF's installer will detect 128 as an older version and throw an error?

ESR -> Retail to me is a downgrade. So is it possible then to upgrade back to 128.11.x?

Each PC is refreshed annually and the only backup of the profile folder I have is from the last refresh, which in most cases in 8-9 months old.

Is there any way to find out why the downgrade happened when group policy forbids it, and the user did not manually download and install the latest version?

When these downgrades happen they break things. For example, when one PC was downgraded to retail his outlook.com email no longer works. If he uses his laptop which is on 128.11.0 it works fine.

We are currently rolling out a profile management solution based on Ivanti User Environment Manager. In order to configure file includes and excludes in the profile management tool, we have to “standardize” the Firefox profile path in the filesystem. We have implemented a PowerShell script, which reads the currently used profile from %appdata%\Mozilla\Firefox\install.ini, renames the appropriate profile subfolder to “firefox.default-esr” and replaces the entries in installs.ini and profiles.ini.

The script seems to be reliable. However, for around 10% of the users, we are seeing issues when the user launches Firefox after the “firefox profile migration” happened. Firefox opens but none of the GUI controls is accessible. Firefox is completely unusable. See screenshot attached.

We do have workarounds to resolve this issue, such as completely wiping the %appdata%\Mozilla\Firefox folder and let Firefox re-build everything from scratch. But we are still trying to find the root cause the issue, because our customers have more than 100k clients, what will be a big impact and hard to handle for the helpdesk.

We are currently unable to reproduce the issue on test clients. Even copied Firefox profile folders form affected clients don’t show the issue on other clients.

Therefore we want to find out and ask for your help:

- Is there a supported way to “standardize” the filesystem folder name of the Mozilla Firefox (ESR) profile of a user? - What are the files within a Firefox profile that are required for the profile and the application itself to properly start? - Do you have any idea which files in a Firefox profile (in a corrupted state) could cause our issue?

Hello Everyone,

I am seeking assistance to configure Firefox browser so that internet access is blocked when the browser cannot download or access the proxy Auto-configuration (PAC) file. Our organisation enforces all web traffic through proxy servers defined by a PAC file. For compliance and security reasons, users should not have any direct internet access unless the browser is able to successfully retrieve and apply the PAC file.

The desired behaviour is:

1. Firefox attempts to download the PAC file from a defined URL. 2. If the PAC file is unreachable or fails to load (e.g., due to network restrictions or the device being outside the corporate network), Firefox should "fail closed" - meaning it should not allow any direct internet traffic. 3. This is effectively a "fail-block" mode: no fallback to direct connections, and no cached or bypassed proxy settings should allow internet browsing.

This behaviour is critical to prevent devices from accessing the internet without applying corporate proxy rules. I would like to know:

1/ Whether Firefox currently supports a setting or policy that enforces this fail-block condition when the PAC file is unavailable. 2/ If not, whether there are recommended configurations or enterprise policies (e.g., via `policies.json` or Group Policy templates) that could achieve equivalent enforcement.

Thank you for your assistance and guidance.

Hi,

I have 2 machines (Win10 and Win11) with FF 140.3.1esr (32-bit) installed which demonstrates the same failure when I enter one site's url:

PR_CONNECT_RESET_ERROR

Chrome at the same machines goes at this url w/o any failures. Any ideas what to change on "about:config" in FF to allow it opening this url w/o such error?

Hello

We want to set up a GPO that when users exit their Firefox browser, all of there cookies and cache gets deleted.

How do we do this?

Thanks

Hi all,

For quite a while I'm working together with others on a voluntary base (nobody gets money) as members of a computer-club, a charitable NGO and NPO (in German: gemeinnütziger Verein) for seniors in order to bring them closer to the use of digital devices and media. It's not only teaching, but administrating the hard- and software as well.

I can remember that it was possible in former versions of Firefox to include at least a script into "defaults->prefs". I think it was user.js (not sure) in the installation folder to define common preferences to be fixed, like proxi settings. It always worked well, preventing non-privileged users from making any unwanted changes. As a I found out there must have been a very similar way to include add-ons (like uBlock Origin).

Unfortunately all content I found was older than about 10 years. When trying setting up Firefox as it is now, my test system didn't care about anything I've tried.

I'm talking about > 50 Windows-PC having in average 3 user profiles each (for teaching more than 400 members). We are amateurs regarding PC administration, except some network ex-professionals. "Baking" installation media including our needs, as I already found on Mozilla's pages, seems to be beyond our abilities as well as distributing a fitting profile (we don't have a MS-server), not speaking about Group Policies.

Is there any usable guideline for people like us? Today, each FF-installation looks different and I would like to unify this as easy as possible.

Greetings!

I am using the firefox enterprise version and I have noticed an issue that the browser does not capture mouse events when the pointer is at rightmost edge of the firefox window. For example, on this website near the edge the pointer would initially focus on the scroll bar and then lose focus at the edge (see attached images).

This issue does not persist on x11, and only seems to exist on wayland. It also exists on other flavours of firefox on wayland.

If more information is required, feel free to send me a ping.

Hi,

I am having the issues on more than 1 pc that after updating the firefox esr 128 version to 140 esr version, the firefox does not work properly, specially with xWiki. when i click on xwiki (on-premis server), i can read the contents and all. but when i click edit then it shows the blank page. this is very odd as it happens after updating to 140 version. picture is attached.

Thanks Sheras

How do I lock the Microsoft Purview settings in the attached image using intune, so users cannot change them.

I have been able to make it that they cant disable or remove the extension but cannot figure out how to make it that they cant change the settings. I did try making a json file but it does not seem like Firefox uses it.

We are allowing end user to scan 2D matrix barcode using a wedge scanner in our application. We are facing a problem where different elements of the bar code are not getting split into the application. On investigating this further, we found that Firefox browser not recognising the FNC character(input character 29) coming from input stream (barcode scanner in this case).

I've been struggling for months to standardize a deployment of Firefox ESR across various client environments that reliably auto-updates and doesn't cause UAC prompts and XULRunner profile error pop-ups(I work in IT).

We deploy Firefox ESR in bulk on machines via a batch script which runs as SYSTEM, with msiexec /i and /qn flags.

Firefox installs fine, but then users are typically met with a UAC prompt when they first try to run Firefox. If they decline, then the UAC prompt comes back again next time and often fails to update at all, so the machine is left on an older, vulnerable version.

Regarding the environment: we have deployed the Firefox ESR admx templates and enabled the relevant auto update settings in Group Policy. But only some machines seem to stay up to date, and it seems like this only happens if a user with local administrative privileges has run the program at least once.

What I find unusual is that Firefox seems to attempt to make a "Background Updater" scheduled task for every user that runs the software on each PC, but these users do not have administrative privileges, and the scheduled task is set to only run when that user is logged in. Obviously a scheduled task running as a user with limited privileges isn't going to be able to update files in the Mozilla/Firefox subdirectory in "Program Files" as by default that's read-only access for non-admin users. And, obviously, if a user with local admin privileges DOES log into the machine, then it can update once, but then the scheduled task that it creates for that user (now with admin privileges) will only run when that user logs in - and we don't login as "admin"-privileged users day-to-day.

So, various machines are out of date, running vulnerable Firefox 128 instead of 140 or 142 even though they're all deployed from the same image and have the same policies and restrictions, and ran the same installer for Firefox.

Is there some reason why the auto update scheduled task isn't created at installation time, when administrative privileges have been granted? It's very odd that it doesn't, because then every time a user logs into a machine it seems like Firefox ESR creates the background upgrade task under a non-admin user which simply won't work. I see machines having 4 or 5 background upgrade scheduled tasks, all created by Firefox ESR, and yet the software still won't update - there's a UAC prompt every time the program launches, and going to Help -> About shows "Restart Firefox to update..." but then when clicking the button to restart Firefox, we get the UAC prompt, user doesn't have privileges, so this goes around and around in circles.

Is there a reliable way to keep Firefox up to date without manually logging into each machine and going through the UAC prompts? Can we manually create a scheduled task with the correct user account that has privileges to actually upgrade Firefox?

The background auto update mechanism simply doesn't make sense to our team on a machine-wide install.