Forum Bashkësie Firefox për Ndërmarrje

Hi,

I am having the issues on more than 1 pc that after updating the firefox esr 128 version to 140 esr version, the firefox does not work properly, specially with xWiki. when i click on xwiki (on-premis server), i can read the contents and all. but when i click edit then it shows the blank page. this is very odd as it happens after updating to 140 version. picture is attached.

Thanks Sheras

How do I lock the Microsoft Purview settings in the attached image using intune, so users cannot change them.

I have been able to make it that they cant disable or remove the extension but cannot figure out how to make it that they cant change the settings. I did try making a json file but it does not seem like Firefox uses it.

I've been struggling for months to standardize a deployment of Firefox ESR across various client environments that reliably auto-updates and doesn't cause UAC prompts and XULRunner profile error pop-ups(I work in IT).

We deploy Firefox ESR in bulk on machines via a batch script which runs as SYSTEM, with msiexec /i and /qn flags.

Firefox installs fine, but then users are typically met with a UAC prompt when they first try to run Firefox. If they decline, then the UAC prompt comes back again next time and often fails to update at all, so the machine is left on an older, vulnerable version.

Regarding the environment: we have deployed the Firefox ESR admx templates and enabled the relevant auto update settings in Group Policy. But only some machines seem to stay up to date, and it seems like this only happens if a user with local administrative privileges has run the program at least once.

What I find unusual is that Firefox seems to attempt to make a "Background Updater" scheduled task for every user that runs the software on each PC, but these users do not have administrative privileges, and the scheduled task is set to only run when that user is logged in. Obviously a scheduled task running as a user with limited privileges isn't going to be able to update files in the Mozilla/Firefox subdirectory in "Program Files" as by default that's read-only access for non-admin users. And, obviously, if a user with local admin privileges DOES log into the machine, then it can update once, but then the scheduled task that it creates for that user (now with admin privileges) will only run when that user logs in - and we don't login as "admin"-privileged users day-to-day.

So, various machines are out of date, running vulnerable Firefox 128 instead of 140 or 142 even though they're all deployed from the same image and have the same policies and restrictions, and ran the same installer for Firefox.

Is there some reason why the auto update scheduled task isn't created at installation time, when administrative privileges have been granted? It's very odd that it doesn't, because then every time a user logs into a machine it seems like Firefox ESR creates the background upgrade task under a non-admin user which simply won't work. I see machines having 4 or 5 background upgrade scheduled tasks, all created by Firefox ESR, and yet the software still won't update - there's a UAC prompt every time the program launches, and going to Help -> About shows "Restart Firefox to update..." but then when clicking the button to restart Firefox, we get the UAC prompt, user doesn't have privileges, so this goes around and around in circles.

Is there a reliable way to keep Firefox up to date without manually logging into each machine and going through the UAC prompts? Can we manually create a scheduled task with the correct user account that has privileges to actually upgrade Firefox?

The background auto update mechanism simply doesn't make sense to our team on a machine-wide install.

I am working on a stig for Mozilla Firefox and I'm trying to do a scap compliance scan but or some reason I am getting a score of zero on all systems. We do patch regularly and at some point one of the version upgrades caused our compliance scans stopped working. I need a fix and cannot find anything when searching for this issue.