- Archived
Firefox and GPO
Can the latest release of Firefox be hardened to DISA standards through GPOs only.
Can the latest release of Firefox be hardened to DISA standards through GPOs only.
Hello! As you may know, FireFox does not use the Windows Certificate Store by default. Therefore I have to change the "security.enterprise-roots.enabled" in the preferenc… (மேலும் படிக்க)
Hello! As you may know, FireFox does not use the Windows Certificate Store by default. Therefore I have to change the "security.enterprise-roots.enabled" in the preferences on each workstation. I have searched and found ways to enforce this change by GPE , but I wonder if there is a way to change firefox preferences, especially the one I've mentioned, via Registry Editor.
Hello We use our own CA to secure some websites on the internal network. Until version 101.0, the SSL was working correctly. I have updated today to firefox 101 and all … (மேலும் படிக்க)
Hello
We use our own CA to secure some websites on the internal network. Until version 101.0, the SSL was working correctly. I have updated today to firefox 101 and all our internal websites started giving SSL_ERROR_BAD_CERT_DOMAIN. There are no issues with external CA issued certificates, so I'm assuming it is something related to the way we generate the certificates. Were there any changes done at version 101 which might reject certificates with a valid common name? Is there a way to disable it and revert to version 100 options?
Thank you
I would like to completely remove the address bar (url bar?) from Firefox 78 64bit. We had to update our Firefox at work and the old way of doing it through the userChrom… (மேலும் படிக்க)
I would like to completely remove the address bar (url bar?) from Firefox 78 64bit. We had to update our Firefox at work and the old way of doing it through the userChrome.css file doesnt seem to work with the newer versions.
Hi, We've GPOs in place for Edge and Chrome that set said browsers on all our Windows endpoints to open downloaded ICA files in Citrix Workspace. I've imported the fi… (மேலும் படிக்க)
Hi,
We've GPOs in place for Edge and Chrome that set said browsers on all our Windows endpoints to open downloaded ICA files in Citrix Workspace.
I've imported the firefox.admx and mozilla.admx file along with assocaited .adml files, checked Github, checked through the GPO settings yet cannot figure out how to do the same with Firefox.
Is there a Mozila Firefox for Windows GPO ADMX setting I can use to control the "Firefox>Settings>General>Files and Applications>Applications" section to add "Content type: ica | Action: Use Citrix Workspace"?
Thanking you....
Hello, As the title mentions, applying a block to all extensions via "*" by utilizing Extension Management GPO will block about:debugging. Is there a way to simultaneou… (மேலும் படிக்க)
Hello,
As the title mentions, applying a block to all extensions via "*" by utilizing Extension Management GPO will block about:debugging.
Is there a way to simultaneously have all extensions blocked and about:debugging available?
Here's the JSON - { "*": { "installation_mode": "blocked" } }
Appreciate your time and help,
-
Dom
I have been tasked to have our Firefox auto update without user interaction. We have a small enterprise of about 2000 or so PCs but only maybe 300 use Firefox consistentl… (மேலும் படிக்க)
I have been tasked to have our Firefox auto update without user interaction. We have a small enterprise of about 2000 or so PCs but only maybe 300 use Firefox consistently. According to the GPOs it claims that it will update even when the browser is not open. I have this working fine on Chrome and Edge. You can see my attached screenshots that my GPOs are dropping down correctly to my VM. When I open Firefox and leave it open I can see that an "updated" folder is created in the Program Files>Mozilla Firefox. If I close Firefox the updated folder disappears and and installs the latest update. Once I reopen Firefox I can see that it updated. I need this to happen without the browser being launched, closed and reopened. I went into Settings>General and noticed that my update section is missing some of the update options that I see when researching. Automatically Install Updates and When Firefox is not Running options (see screen shots) are missing from my install. I am pretty sure this is why it will not truly silently auto update. Does anyone know where those two options are controlled from and how do I get those to show on my installs?
We have several servers with Firefox installed and automatic updates enabled to include "When Firefox is not running". However, our security scans indicate that the versi… (மேலும் படிக்க)
We have several servers with Firefox installed and automatic updates enabled to include "When Firefox is not running". However, our security scans indicate that the version is out of date. We have to connect to the box and finish the updates. The current version is at 103.0.1 and the previous version was above 100 (failing to remember exact version). Is there a way to ensure that Firefox remains up to date without connecting to the server?
Hello, I want to download an extension using firefox policy templates. I put the location folder and extension id so that it cannot be deleted, but for some reason it do… (மேலும் படிக்க)
Hello,
I want to download an extension using firefox policy templates. I put the location folder and extension id so that it cannot be deleted, but for some reason it doesn't want to install most of the times. The policy is added after using the gpupdate /force command and restarting the machine then open and close the browser. I wait 10 minutes for the policy to be configured on the computer and open the browser again and nothing happens. Also, the keys in the registry have the corresponding value type (checked in site https://admx.help/?Category=Firefox&Policy=Mozilla.Policies.Firefox::Extensions_Locked). But when I drag and drop with a mouse, the extension is installed and cannot be deleted. Can you tell me why does the extension not install when the policy is in effect?
I sent pictures from Group Policy Manager, Registry editor and showing that the extension can not be deleted after drag and drop with a mouse.
Thank you in advanced!
We have a customer using our SaaS solution running through Firefox 91.12.0 ESR. The web application we provide requires access to the camera on the local machine so we ca… (மேலும் படிக்க)
We have a customer using our SaaS solution running through Firefox 91.12.0 ESR. The web application we provide requires access to the camera on the local machine so we can capture a photo. We give them instructions and they configure their instance of Firefox to ALLOW access to the camera, along with several other adjustments (like allowing pop-ups, and no autofill).
However, whenever they restart Firefox the camera permission reverts back to the DEFAULT of Always Ask. The other settings adjustments we make, like pop-ups and no autofill stick around, but not the camera setting.
We've checked the PREF.js file in the Profile folder and that doesn't appear to be a problem. On our in-house machines we are running the same version of Windows and Firefox and cannot reproduce the problem.
The customer has recently applied the upgrade from an earlier version of Firefox ESR to 91.12.0. The customer has also imaged the PC and copied over to a large number of additional machines for use around their organization. This problem is causing a serious disruption to their deployment of the updated PC's as we work with them to try and troubleshoot the problem.
Any ideas on what to try would be appreciated.
Hello, Qualys is detecting Vulnerabilites on our Firefox ESR 91.12 Versions which were patched by MFSA2022-29. It is showing Vulnerabilities because MFSA2022-30 lists CV… (மேலும் படிக்க)
Hello, Qualys is detecting Vulnerabilites on our Firefox ESR 91.12 Versions which were patched by MFSA2022-29.
It is showing Vulnerabilities because MFSA2022-30 lists CVE's for ESR 102.X and we are on 91.12.
Is there anywhere I can go to get a list of all Vulnerabilities on 91.X to show our Security team, I believe CVE-2022-36314 and CVE-2022-2505 are not present in 91.12 because they are not listed in https://www.mozilla.org/en-US/security/advisories/mfsa2022-29/ but need evidence
Thank You,
Some users in my organization have been complaining about FireFox location protection since the update to 103.0.2. We would like an option to completely disable this "fea… (மேலும் படிக்க)
Some users in my organization have been complaining about FireFox location protection since the update to 103.0.2. We would like an option to completely disable this "feature". Our users are complaining about having to individually make exceptions via the shield icon and selecting custom and unchecking all boxes does not work for our use case scenario. Is there any option to disable this completely or are there plans in future releases to allow us a disable feature (like you used to have) or is the only solution to switch our users to Chrome? Thanks
We use GPO to push out our Firefox homepage and bookmarks. I get totally different results for each user, some will make changes right away if I add a new book marks, but… (மேலும் படிக்க)
We use GPO to push out our Firefox homepage and bookmarks. I get totally different results for each user, some will make changes right away if I add a new book marks, but they don't see older ones?
I decided to build a few test machines (we don't have time to build a dev envir) and it applies the GPO for the home page but not the bookmarks, I can see the book marks in the registry even but nothing on firefox. Anyone have a guess?
thanks David
I am an administrator at a university and we use Blackboard and Zoom as a couple of the tools at our university. We install Firefox on all of our PCs across campus. After… (மேலும் படிக்க)
I am an administrator at a university and we use Blackboard and Zoom as a couple of the tools at our university. We install Firefox on all of our PCs across campus. After a recent update, when our instructors try to launch Zoom using the integration setup in Blackboard, the meeting fails to launch. We have found that disabling Enhanced Protection fixes this issue. Is there a way to add this exception to an install file that can be sent across many PCs on our campus? We have hundreds of PCs and going from one to another to install this exception would not be practical.
Do you have any suggestions? Justin
Hi We have had FF ers for some time. The old "no longer employed" sccm manager had the 64 bit version install in the x86 dir. We are now trying to use Qualys for patchin… (மேலும் படிக்க)
Hi We have had FF ers for some time. The old "no longer employed" sccm manager had the 64 bit version install in the x86 dir. We are now trying to use Qualys for patching. How can i move the 12k users bookmarks to the correct install path so Qualys can update when needed. Thanks TJ
Hi, I've been tasked to make some changes to the way users deal with logins and passwords in the office. So, in short, one of the issues is this: is there ANY way to dis… (மேலும் படிக்க)
Hi,
I've been tasked to make some changes to the way users deal with logins and passwords in the office. So, in short, one of the issues is this: is there ANY way to disable (I'd say "hide" is more accurate) the about:logins page on Firefox?
As for policies:
Any help is appreciated. Thanks in advance!
We have about 35 versions of firefox running across the enterprise (38 to 91) and I have been tasked to update the EOL dates for all versions we have to help bring things… (மேலும் படிக்க)
We have about 35 versions of firefox running across the enterprise (38 to 91) and I have been tasked to update the EOL dates for all versions we have to help bring things up to speed and know what is/is not supported.
I found this page with release dates (https://www.mozilla.org/en-US/firefox/releases/) but nothing about when a version has reached it's EOL. Any help would be appreciated.
Hi, Background: a few months ago I had to redeploy the CA for a network I manage. I was able to do so and publish the new intermediate CA's cert via Active Directory. Sin… (மேலும் படிக்க)
Hi, Background: a few months ago I had to redeploy the CA for a network I manage. I was able to do so and publish the new intermediate CA's cert via Active Directory. Since then, I've updated certs on webhosts with certs from the new CA. Whenever a user uses FF (version 91.12.0) to browse to a site with the newly signed cert, I get an error stating "sec_error_ocsp_old". I've been able to temporarily advise users to disable OCSP Validation in FF security settings, but I'd REALLY like to fix this.
Other browsers (Edge, Chrome, Opera) all load the sites without issue.
Using this the below article, I double checked the time settings on the CA, Webserver, and clients: https://support.mozilla.org/en-US/kb/troubleshoot-time-errors-secure-websites
All the machines/VMs in question show the same time source, time, time zone, and sync interval.
I'm at a loss for what is happening. Any help would be greatly appreciated.
OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy Value (string): <enabled/> <data id="ProxyLocked" value="true | false"/> <data i… (மேலும் படிக்க)
OMA-URI:
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy Value (string):
<enabled/> <data id="ProxyLocked" value="true | false"/> <data id="ConnectionType" value="none | system | manual | autoDetect | autoConfig"/> <data id="HTTPProxy" value="https://httpproxy.example.com"/> <data id="UseHTTPProxyForAllProtocols" value="true | false"/> <data id="SSLProxy" value="https://sslproxy.example.com"/> <data id="FTPProxy" value="https://ftpproxy.example.com"/> <data id="SOCKSProxy" value="https://socksproxy.example.com"/> <data id="SOCKSVersion" value="4 | 5"/> <data id="AutoConfigURL" value="URL_TO_AUTOCONFIG"/> <data id="Passthrough" value="<local>" >="" <data="" <="" p=""></data>
This has mixure of String and Integer , when we configure as string and use one from the above or leaving blank or setting only string , it failed the policy with error -
-2016281112
From my point of view, the setting " What should Firefox do with other files?" has been added in the current ESR version. "What should Firefox do with other files?" ("Wi… (மேலும் படிக்க)
From my point of view, the setting " What should Firefox do with other files?" has been added in the current ESR version.
"What should Firefox do with other files?" ("Wie soll Firefox mit anderen Dateien verfahren?") . "Save files" ("Dateien speichern") . "Ask whether to open or save files" ("Fragen, ob Dateien geöffnet oder gespeichert werden sollen")
How can I control/change this setting using mozilla.cfg?
By the way:
// What should Firefox do with other files? - Wie soll Firefox mit anderen Dateien verfahren? lockPref("applications-ask-before-handling", false);
// What should Firefox do with other files? - Wie soll Firefox mit anderen Dateien verfahren? lockPref("applications-ask-before-handling", true);
works detectably via about:config but does not change the setting for "What should Firefox do with other files?".