Форум поддержки Корпоративный Firefox

Hello, ever since we moved endpoints from Firefox ESR 91.13 to 102.3, it has become impossible to play any media with Firefox.

No video will play in youtube, for instance (it just loads endlessly as if it would start, but it doesn't).

Can't use radio websites either. Anything with a "play" button (video or sound) does nothing.

This has been tested with a clean profile, a clean install, after allowing autoplay in the settings.

Is there any info on what exactly changed between ESR 91 and 102 that might explain this ? There has been no system change, If I reinstall 91 instead it works again as usual.

No issues anywhere else on the endpoints (Edge, Windows), this is on Windows 10 if it makes any difference.

Tanks for any help on this.

on GitHub the commands are all based on Java https://github.com/mozilla/policy-templates#preferences

Is there a list of all available registry settings? Or where do these Java options come from, where can I read them out?

Good morning,

I'm reaching out to see if I can get some assistance with Firefox on of our network. I'm System Admin at Goodfellow AFB. I've tried searching this issues on the web and found similar issues but solutions that were recommend online have not worked for us. Yes I have uninstalled Firefox completely and installed it from scratch. I know it has something to do with autoconfig file but not sure what exactly I'm looking for. Thanks.

Every time you open Firefox, you will prompt old version bookmarks, history, and passwords, and you can't use them. Choose to opt out or create a new personal file. There are also prompts for the upgrade, and the downgrading version is unsuccessful pls help me

I am currently creating new Images for our touch kiosks and would like to use Firefox.

Sadly I am confronted with some problems / strange behaviour.

I want to set up a windows Kiosk with Firefox as shell application. So far this worked but the Firefox window opens around 5 times at every restart, also it does not open again if it is closed. The reopening is a feature of the eshell which reacts to the exit code of the Application. Is there anything you know what causes these behaviours? Google chrome does nothing of these things and simply gets restarted if it is closed, as it should.

The second thing is, the built in Kiosk mode is great but our Application at least needs tabs. Is it possible without too much of a hassle to create such a locked down experience? I'd like to do it with a policy or settings file and not to create my own browser out of firefox, maybe there's a way I have overseeen.

I'd really like to do it with firefox as I personally always had a great experience and I trust the team behind it. Thank you for your support beforehand!

I'm trying to force the install of the Okta extension for users in my environment. I just updated to the latest admx templates and I'm not allowed to install any extensions.

My GPO JSON is as follows:

{

 "*": {
   "blocked_install_message": "Custom error message.",
   "install_sources": ["about:addons","https://addons.mozilla.org/"],
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
 },
 "Okta": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/okta-browser-plugin/latest.xpi"
 },
 "https-everywhere@eff.org": {
   "installation_mode": "allowed"
 }

}

Yes I'm getting the attached image on this when i'm trying to install it manually because it's not auto installing. I'm also getting the same with the allowed uBlock extension.

I am trying to use a policies.json file to include a certificate for my own website using a certificate stored online, but not locally. Would it be possible to do so using code similar to below: {

   "policies": {
   "Certificates": {
       "ImportEnterpriseRoots": true,
       "Install" [
           "cert_name",
           "http://www.xxxxxxxx.com/xxxxx/xxxxx.der"
                  ]
            }
       }
   }

Any help would be greatly appreciated.

FF 102.3.0esr (64-bit) says 'You are currently on the update channel' but doesn't update. I see 102.5.0 is available. Originally said policies managed by organization. Enterprises Policies. I Deleted [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox]. Enterprises Policies now gone, but message hasn't changed nor can I update.

Hello,

I used to deploy add-ons via group policies - this worked like a charm: Firefox esr (91.11.0esr x64), ADMX-templates in Sysvol\PolicyDefinitions, Group Policies: User configuration, administrative templates, mozilla, firefox, add-ons --> install add-ons --> https://addons.mozilla.org/firefox/downloads/file/1234567/goodaddon-1.0.01.xpi

A few months ago, we had to change our network-configuration. We were using a proxy before, but our proxy had direct access to the internet. Now our proxy forwards everything to another proxy. Since about that time, add-on-deployment via gpo doesn't work anymore. It could be something else, but i suspect the proxy-change.

I tried to deploy unc-paths, internal websites and different syntaxes; none of this works:

• http://192.168.100.10/goodaddon-1.0.01.xpi
• http://internalwebsite/goodaddon-1.0.01.xpi
• https://192.168.100.10/goodaddon-1.0.01.xpi
• https://internalwebsite/goodaddon-1.0.01.xpi
• \\192.168.100.20\netshare\goodaddon-1.0.01.xpi
• \\internalfileserver\netshare\goodaddon-1.0.01.xpi
• file://///192.168.100.20/netshare/goodaddon-1.0.01.xpi
• file://///internalfileserver/netshare/goodaddon-1.0.01.xpi

As you can see I tried using internal sites, so that no proxy would be needed. And I also added these sites to the allowed add-on-installation-sites (computer configuration, same group policy). The sites are all accessible; if I enter these addresses as url, firefox can access the xpi-file.

I know how to pack add-ons into the firefox-setup-file; that still works. But first of all, firefox is already installed on most of my clients. Second, after a fresh installation of firefox with this self-created package, all add-ons are installed, but not activated. And I would like to restrict activation/deactivation of add-ons via gpo.

1. 1 Are there other ways to deploy add-ons in a domain-network (e.g. script-based)?
2. 2 Are there any logs where I could find out what exactly goes wrong?
3. 3 Are there any other syntaxes I could try (group policy urls)?
4. 4 Can anyone guess what the problem is (why it is not working anymore)?

Help would be very much appreciated.

Best regards.

Need way to overwrite prefs.js with corporate standard for kiosk like environment. Either need way to have firefox install in standard path within each user profile or have firefox insert file from source. Advice ? thanks.

Every time Firefox is opened it gives an error message (see image).

I have tried:

• Deleting and reinstalling.
• Deleting Firefox folder in //users/xxxxxxx/Library/Application Support & //Library/Caches then uninstalling Firefox.
• Both above using older Firefox versions.

This issue is happening on all of the Macs in our org. We have no custom configurations. The pkg is installed via FileWave device management. It occurs whether installed through FileWave or manually.

Thanks

Hi,

I've been tasked to make some changes to the way users deal with logins and passwords in the office. So, in short, one of the issues is this: is there ANY way to disable (I'd say "hide" is more accurate) the about:logins page on Firefox?

• pref.privacy.disable_button.view_passwords (with a lock pref) in autoconfig only disables the "View saved logins" button in Settings.

As for policies:

• a few policies for blocking about: pages do exist - BlockAboutAddons/Config/Profiles/Support, but can't find one, say, "BlockAboutLogins" or something like that.
• PasswordManagerEnabled set to false disables the password manager completely, including about:logins, password autofill is disabled as well - not what I need.
• WebsiteFilter, as expected, doesn't treat about: as a protocol, so it can't be done there either.

Any help is appreciated. Thanks in advance!

Hello, in Firefox browser, my organization has always blocked all extensions except for ones we allow through OMA-URI ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings.

About a month ago this stopped working and our end users can now install any extension in the Firefox browser that they choose, without approval, creating a security risk.

When checking in about:policies, there is a policy error: Unable to parse JSON for ExtensionSettings. We have checked with Microsoft Intune support and they verified that the policy looks to be configured and targeted correctly.

Here is a snippet of our JSON, this is a test policy where microsoft support had us remove "about:addons" from the 'install sources'. Both test and production policies are not working.

<enabled/>
<data id="ExtensionSettings" value='
{
    "*": {
        "blocked_install_message": "Contact Service Line",
        "install_sources": ["https://addons.mozilla.org/*"],
        "installation_mode": "blocked",
        "allowed_types": ["extension"]
    },
    "cloudmetering@snowsoftware.com": {
        "installation_mode": "force_installed",
        "install_url": "file:///C:/Program Files/Snow Software/Inventory/Agent/FFCloudmetering.xpi"
    },
    "fpdlpffext2@forcepoint.com": {
        "installation_mode": "force_installed",
        "install_url": "file:///C:/Program Files/Websense/Websense Endpoint/winFFext.xpi"
    },
    "jid1-5AULKXLKGyjuLQ@jetpack": {
        "installation_mode": "allowed"
    },
    "abb@amazon.com": {
        "installation_mode": "allowed"
    },
    "ciscowebexstart1@cisco.com": {
        "installation_mode": "allowed"
    },
    "linkedinConverted@firefox-extension": {
        "installation_mode": "allowed"
    },
    "{7bc53591-5218-45a0-b572-4366979097fd}": {
        "installation_mode": "allowed"
    },
    "queryamoid@kaply.com": {
        "installation_mode": "allowed"
    },
    "jid1-93WyvpgvxzGATw@jetpack": {
        "installation_mode": "allowed"
    },

Is this a bug? Or something wrong with our configuration? Has firefox changed the requirements of the extensionsettings OMA-URI?

Thanks for any help in advance.

I have created GPOs to block websites. Edge and Chrome work as expected but the Firefox Block Websites is not blocking anything. I have tried User and Computer GPO's they do not work. Does anyone know the trick to making this work for Firefox?

Forgive me if I am not describing this correctly but really need help, if you ask me questions back, I will be happy to answer once I find that answer to your question. The issue we are experiencing is not my area of expertiese but no one in my org can find an answer so here I am.

We have not migrated our enterprise above Firefox ESR 91.x as of yet, we have some internal sites that use IBM Webseal to provide SSO and some of that functionality is broken in version 102.x and above. There are three options on the frontend page to use RSA token, PKI logon and username/password: each one a separate choice for the end user experience. RSA and Username/password work without issue but PKI logon does not, once you click on the logon button it is supposed to grab the certificate from your PKI card and use it to logon to the web application, but it does not seem to complete this process instead it proceeds to another page almost immediately that reads Error An attempt to authenticate with a client certificate failed. A valid client certificate is required to make this connection. Click here to return to the authentication page. DPWWA1124W A client certificate could not be authenticated. Our web developers have opened a ticket with IBM and from what I was told after troubleshooting and traffic capture, they never see the certificate make it to the backend for authentication and it is a Firefox issue because Google and MS Edge work just fine. Because of this IBM closed the case.

Has anyone experienced this issue and know of a fix or is there any suggestions as to what we can look for as an attempt to fix this issue? What has changed between version 91.x to 102.x ESR (we have tried the RRs and it is an issue there also)? Is this a bug in Firefox?

Hello, Qualys is detecting Vulnerabilites on our Firefox ESR 91.12 Versions which were patched by MFSA2022-29.

It is showing Vulnerabilities because MFSA2022-30 lists CVE's for ESR 102.X and we are on 91.12.

Is there anywhere I can go to get a list of all Vulnerabilities on 91.X to show our Security team, I believe CVE-2022-36314 and CVE-2022-2505 are not present in 91.12 because they are not listed in https://www.mozilla.org/en-US/security/advisories/mfsa2022-29/ but need evidence

Thank You,

Hello,

we have some trouble in our Enterprise Environment with tls 1.3 and 0rtt data. The integrated google search and other websites doesnt work as they should (Pages doesnt load and stay white).

So we want to turn of "security.tls.enable_0rtt_data" with Group Policy. But i cannot find a switch for this setting.

When i try to set security.tls.enable_0rtt_data with Preferences in GPO it doesnt work (old Preferences is empty) { "security.tls.enable_0rtt_data": { "Value": false, "Status": "locked" } }

With Preferences i am able to configure security.tls.hello_downgrade_check, but not security.tls.enable_0rtt_data

The only workaround would be to disable tls 1.3 completely and use tls 1.2. (security.tls.version.max = 3) Is there a solution for this?

Regards, Michael

Hello world,

This problem is sticking for a year now. We even switched to ESR thinking it will fixed the problem but to no avail. After a bunch of test, I've finally decided to post and ask for help. Tests have been done on macos 11.6 fresh vanilla install, no encryption (no filevault, I hate it), and Firefox 91.1.0esr (64 bits), but problem is the same since version 75 + (no problem seen on windows or linux) If I don't use Profiles Manager, at each launch of Firefox a new profile is created with no import from former profiles. If I do use Profiles Manager, I can keep on choosing my default profile, and no new ones are created, BUT new install is added to install.ini and profiles.ini. All tests have been done with the exact same firefox (i mean, application is the same and correctly installed in the /Applications of macos).

Here is the profiles.ini

[Install5A291CFD23D97DBF] Default=Profiles/ucaeqkrb.default-esr Locked=1

[Profile0] Name=default-esr IsRelative=1 Path=Profiles/ucaeqkrb.default-esr Default=1

[General] StartWithLastProfile=0 Version=1

[InstallF5B6C4E8673B7987] Default=Profiles/ucaeqkrb.default-esr Locked=1

[Install7F9608401B386673] Default=Profiles/ucaeqkrb.default-esr Locked=1

And the installs.ini

[5A291CFD23D97DBF] Default=Profiles/ucaeqkrb.default-esr Locked=1

[F5B6C4E8673B7987] Default=Profiles/ucaeqkrb.default-esr Locked=1

[7F9608401B386673] Default=Profiles/ucaeqkrb.default-esr Locked=1

As you can see each launch of Firefox created a new hash of installation (even if same it's always the same firefox version). As long as I choose my default profile in profiles manager, I can keep it. If I switch to default comportment, I will get a new profile at each launch (as it see en new install hash) and it will not import former profiles (even if it's from the same or an older version).

So I'm wandering, why Firefox keeps on adding a news install hash on each launch, and/or how can I prevent it from doing it.

Hello, I ve tried to block file:///c:/ in Firefox Quantum release 60.4.0esr(32-bit) by the above .json with no results. I ve also tried to block it in a newer release and it was fine (78.15.0esr (32-bit)). Is anything i can do to block it in this particular version i m using(60.4.0esr(32-bit))?

Thank you

{ "policies": { "WebsiteFilter": { "Block": ["file:///C:/*"] } } }

I would like to completely remove the address bar (url bar?) from Firefox 78 64bit. We had to update our Firefox at work and the old way of doing it through the userChrome.css file doesnt seem to work with the newer versions.