ஆண்ட்ராய்டிற்கான பயர்பாக்சு ஆதரவு மன்றம்

We're exploring the possibility of implementing a mass update for Firefox through backend management, leveraging PowerShell scripts or any applicable method that can streamline the update process for our users.

Additionally, we've encountered instances where users have installed Firefox via local profiles, posing challenges for centralized updates. I'd appreciate any insights or guidance on how we can address this issue effectively to ensure these installations align with our centralized management approach.

Hello, from Terminal Servers, it is not possible to browse the Internet via FortiGate's explicit proxy from the Firefox browser, while there is no problem with Chrome or Edge. When the user tries to browse external sites, the proxy sends the error page "You need to authenticate to use this service". It seems that Firefox does not pass user authentication to FortiGate. The proxy authenticates users per session via Kerberos tickets.

Firefox version: 115.5.0esr

I also performed the following settings to pass the Kerberos ticket to the proxy without success: https://people.redhat.com/mikeb/negotiate/

I also noticed that it is not possible to change the "network.negotiate-auth.allow-proxies" setting from "false" to "true." Is this my problem? Is it normal that it cannot be changed?

Attached are the settings.

Thank you in advance.

Hi there,

I'm playing with policies.json on Linux/Ubuntu now, trying to improve my knowledge of Firefox customization through different policies and user interaction after the Firefox deployment. I added a custom bookmark and extension, which show and install okay when I restart the browser. But when I delete them from within the browser and restart Firefox, they show up again. To avoid this, I can delete /etc/firefox/policies/policies.json after the Firefox deployment. Hence my questions:

• Is the deletion of the JSON file after the Firefox deployment a reasonable option at all?
• If yes, how can I automate the process silently, without user interaction?
• If no, what would be your advice to let users modify the browser settings like removing extension(s) or bookmark(s) set in policies.json so that they do not reappear after the browser restart?

Thank you! Rustam

we want to control the actions over all browsers, don't want common users to download anything via firefox, how to disable the download in firefox via GPO? thanks.

I am wondering if I can get some help configuring some GPO for Firefox on our new domain we are building. I want to be able to block private browsing as well as I was wondering if there is an option to force firefox to sign in with certain accounts only so we can monitor students as we are a school district

Bonjour, Je travaille dans un musée. Nous utilisons Firefox sur des pc accessibles pour le public. Comment accéder à "aboutNetErrorCodes.js" pour l'éditer. Je souhaite remplacer le message par défaut de Firefox et rediriger vers une une page en local. Merci pour votre aide. Yves

Hi everyone, I'm trying to standardize the homepage for the browser which enrolled with Intune on MacOS. I have imported the .plist file as below with the preference domain name as "org.mozilla.firefox". After applied, it returned error and nothing has been changed on the browser. Thanks.

<key>Homepage</key> <key>URL</key> <string>http://example.com</string> <key>StartPage</key> <string>homepage</string>

I posted this previously and got zero response and the post is now archived. Hoping for better luck this time.

We have rolled Firefox ESR to all of our computers. On some of them the Maintenance Service is working correctly and installing updates with no user interaction. On other computers, users are getting a UAC prompt to enter admin credentials to install updates. I have tried various changes that I have found across the web from Deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MozillaMaintenance\Security to uninstalling and re-installing the Maintenance Service. All of the users/computers have the same policies applied via Group Policy (Application Autoupdate: Enabled and Disable Update: Disabled) and are not local admins.

We have about 35 versions of firefox running across the enterprise (38 to 91) and I have been tasked to update the EOL dates for all versions we have to help bring things up to speed and know what is/is not supported.

I found this page with release dates (https://www.mozilla.org/en-US/firefox/releases/) but nothing about when a version has reached it's EOL. Any help would be appreciated.

Hello, Qualys is detecting Vulnerabilites on our Firefox ESR 91.12 Versions which were patched by MFSA2022-29.

It is showing Vulnerabilities because MFSA2022-30 lists CVE's for ESR 102.X and we are on 91.12.

Is there anywhere I can go to get a list of all Vulnerabilities on 91.X to show our Security team, I believe CVE-2022-36314 and CVE-2022-2505 are not present in 91.12 because they are not listed in https://www.mozilla.org/en-US/security/advisories/mfsa2022-29/ but need evidence

Thank You,

Hi,

We've GPOs in place for Edge and Chrome that set said browsers on all our Windows endpoints to open downloaded ICA files in Citrix Workspace.

I've imported the firefox.admx and mozilla.admx file along with assocaited .adml files, checked Github, checked through the GPO settings yet cannot figure out how to do the same with Firefox.

Is there a Mozila Firefox for Windows GPO ADMX setting I can use to control the "Firefox>Settings>General>Files and Applications>Applications" section to add "Content type: ica | Action: Use Citrix Workspace"?

Thanking you....

Hello! As you may know, FireFox does not use the Windows Certificate Store by default. Therefore I have to change the "security.enterprise-roots.enabled" in the preferences on each workstation. I have searched and found ways to enforce this change by GPE , but I wonder if there is a way to change firefox preferences, especially the one I've mentioned, via Registry Editor.

Launch Firefox, manually check for latest update by going to settings > Help > About Firefox. However the manual update keep showing update failed. Other than Mozilla config file, can we use GPO to configure auto update for Firefox browser?

Launch Firefox, manually check for latest update by going to settings > Help > About Firefox. However the manual update keep showing update failed. Other than Mozilla config file, can we use GPO to configure auto update for Firefox browser?

Hello, I am trying to customize the Firefox Homepage XML file and need some assistance as to what fields need to modified with the url to set the default homepage. Please let me know if you have any questions. Thanks

<plist version="1.0"> <dict> <key>EnterprisePoliciesEnabled</key> <true/> <key>AllowedDomainsForApps</key> <string>managedfirefox.com,example.com</string> <key>AppAutoUpdate</key> <true/> <key>AppUpdateURL</key> <string>https://www.example.com/update.xml</string> <key>Authentication</key> <dict> <key>SPNEGO</key> <array> <string>mydomain.com</string> <string>https://myotherdomain.com</string> </array> <key>Delegated</key> <array> <string>mydomain.com</string> <string>https://myotherdomain.com</string> </array> <key>NTLM</key> <array> <string>mydomain.com</string> <string>https://myotherdomain.com</string> </array> <key>AllowNonFQDN</key> <dict> <key>SPNEGO</key> <true/> <key>NTLM</key> <true/> </dict> <key>AllowProxies</key> <dict> <key>SPNEGO</key> <true/> <key>NTLM</key> <true/> </dict> <key>PrivateBrowsing</key> <true/> <key>Locked</key> <true/> </dict> <key>AutoLaunchProtocolsFromOrigins</key> <array> <dict> <key>protocol</key> <string>zoommtg</string> <key>allowed_origins</key> <array> <string>https://somesite.zoom.us</string> </array> </dict> </array> <key>BlockAboutAddons</key> <true/> <key>BlockAboutConfig</key> <true/> <key>BlockAboutProfiles</key> <true/> <key>BlockAboutSupport</key> <true/> <key>Bookmarks</key> <array> <dict> <key>Title</key> <string>Example1</string> <key>URL</key> <string>https://www.example.org</string> <key>Favicon</key> <string>https://www.example.org/favicon.ico</string> <key>Placement</key> <string>toolbar</string> <key>Folder</key> <string>Example1Folder</string> </dict> <dict> <key>Title</key> <string>Example2</string> <key>URL</key> <string>https://www.example.com</string> <key>Favicon</key> <string>https://www.example.com/favicon.ico</string> <key>Placement</key> <string>menu</string> <key>Folder</key> <string>Example2Folder</string> </dict> </array> <key>CaptivePortal</key> <false/> <key>Certificates</key> <dict> <key>ImportEnterpriseRoots</key> <true/> <key>Install</key> <array> <string>cert1.der</string> <string>cert2.pem</string> </array> </dict> <key>Cookies</key> <dict> <key>Allow</key> <array> <string>https://www.example.org/</string> </array> <key>Allowsession</key> <array> <string>https://www.example.edu/</string> </array> <key>Block</key> <array> <string>https://www.example.edu/</string> </array> <key>Behavior</key> <string>limit-foreign</string> <key>Locked</key> <true/> </dict> <key>DefaultDownloadDirectory</key> <string>${home}/Downloads</string> <key>DownloadDirectory</key> <string>${home}/Downloads</string> <key>DNSOverHTTPS</key> <dict> <key>Enabled</key> <false/> <key>ProviderURL</key> <string>URL_TO_ALTERNATE_PROVIDER</string> <key>Locked</key> <true/> <key>ExcludedDomains</key> <array> <string>example.com</string> </array> </dict> <key>DisableAppUpdate</key> <true/> <key>DisableBuiltinPDFViewer</key> <true/> <key>DisabledCiphers</key> <dict> <key>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</key> <true/> <key>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</key> <true/> <key>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</key> <true/> <key>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</key> <true/> <key>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</key> <true/> <key>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</key> <true/> <key>TLS_RSA_WITH_AES_128_CBC_SHA</key> <true/> <key>TLS_RSA_WITH_AES_256_CBC_SHA</key> <true/> <key>TLS_RSA_WITH_3DES_EDE_CBC_SHA</key> <true/> <key>TLS_RSA_WITH_AES_128_GCM_SHA256</key> <false/> <key>TLS_RSA_WITH_AES_256_GCM_SHA384</key> <false/> </dict> <key>DisableDeveloperTools</key> <true/> <key>DisableFeedbackCommands</key> <true/> <key>DisableFirefoxAccounts</key> <true/> <key>DisableFirefoxScreenshots</key> <true/> <key>DisableFirefoxStudies</key> <true/> <key>DisableForgetButton</key> <true/> <key>DisableFormHistory</key> <true/> <key>DisableMasterPasswordCreation</key> <true/> <key>DisablePasswordReveal</key> <true/> <key>DisablePocket</key> <true/> <key>DisablePrivateBrowsing</key> <true/> <key>DisableProfileImport</key> <true/> <key>DisableProfileRefresh</key> <true/> <key>DisableSafeMode</key> <true/> <key>DisableSecurityBypass</key> <dict> <key>InvalidCertificate</key> <true/> <key>SafeBrowsing</key> <true/> </dict> <key>DisableSetDesktopBackground</key> <true/> <key>DisableSystemAddonUpdate</key> <true/> <key>DisableTelemetry</key> <true/> <key>DisplayBookmarksToolbar</key> <true/> <key>DontCheckDefaultBrowser</key> <true/> <key>EnableTrackingProtection</key> <dict> <key>Value</key> <true/> <key>Locked</key> <true/> <key>Cryptomining</key> <true/> <key>Fingerprinting</key> <true/> <key>Exceptions</key> <array> <string>https://example.com</string> </array> </dict> <key>EncryptedMediaExtensions</key> <dict> <key>Enabled</key> <false/> <key>Locked</key> <false/> </dict> <key>Extensions</key> <dict> <key>Install</key> <array> <string>https://addons.mozilla.org/firefox/downloads/file/1053714/ghostery_privacy_ad_blocker-8.2.4-an+fx.xpi</string> </array> <key>Uninstall</key> <array/> <key>Locked</key> <array> <string>firefox@ghostery.com</string> </array> </dict> <key>ExtensionSettings</key> <dict> <key>*</key> <dict> <key>blocked_install_message</key> <string>Custom error message.</string> <key>install_sources</key> <array> <string>https://addons.mozilla.org/</string> </array> <key>installation_mode</key> <string>blocked</string> </dict> <key>uBlock0@raymondhill.net</key> <dict> <key>installation_mode</key> <string>force_installed</string> <key>install_url</key> <string>https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi</string> </dict> </dict> <key>ExtensionUpdate</key> <false/> <key>FirefoxHome</key> <dict> <key>Search</key> <true/> <key>TopSites</key> <true/> <key>SponsoredTopSites</key> <false/> <key>Highlights</key> <true/> <key>Pocket</key> <false/> <key>SponsoredPocket</key> <false/> <key>Snippets</key> <false/> <key>Locked</key> <true/> </dict> <key>FlashPlugin</key> <dict> <key>Allow</key> <array> <string>https://www.example.com</string> </array> <key>Block</key> <array> <string>https://www.example.org</string> </array> <key>Default</key> <true/> <key>Locked</key> <true/> </dict> <key>Handlers</key> <dict> <key>mimeTypes</key> <dict> <key>application/msword</key> <dict> <key>action</key> <string>useSystemDefault</string> <key>ask</key> <false/> </dict> </dict> <key>schemes</key> <dict> <key>mailto</key> <dict> <key>action</key> <string>useHelperApp</string> <key>ask</key> <false/> <key>handlers</key> <array> <dict> <key>name</key> <string>Gmail</string> <key>uriTemplate</key> <string>https://mail.google.com/mail/?extsrc=mailto&url=%s</string> </dict> </array> </dict> </dict> <key>extensions</key> <dict> <key>pdf</key> <dict> <key>action</key> <string>useHelperApp</string> <key>ask</key> <false/> <key>handlers</key> <array> <dict> <key>name</key> <string>Adobe Acrobat</string> <key>path</key> <string>/System/Applications/Preview.app</string> </dict> </array> </dict> </dict> </dict> <key>HardwareAcceleration</key> <false/> <key>Homepage</key> <dict> <key>URL</key> <string>http://example.com</string> <key>Locked</key> <true/> <key>Additional</key> <array> <string>https://www.example.com/extra-home1.htm</string> <string>https://www.example.com/extra-home2.htm</string> <string>https://www.example.com/extra-home3.htm</string> </array> <key>StartPage</key> <string>homepage</string> </dict> <key>InstallAddonsPermission</key> <dict> <key>Allow</key> <array> <string>https://example.org</string> <string>https://example.edu</string> </array> <key>Default</key> <false/> </dict> <key>LocalFileLinks</key> <array> <string>http://example.org</string> <string>http://example.edu</string> </array> <key>PrimaryPassword</key> <true/> <key>NetworkPrediction</key> <false/> <key>NewTabPage</key> <false/> <key>NoDefaultBookmarks</key> <true/> <key>OfferToSaveLogins</key> <false/> <key>OfferToSaveLoginsDefault</key> <true/> <key>OverrideFirstRunPage</key> <string>https://www.example.com</string> <key>OverridePostUpdatePage</key> <string></string> <key>PasswordManagerEnabled</key> <false/> <key>PDFjs</key> <dict> <key>Enabled</key> <false/> <key>EnablePermissions</key> <false/> </dict> <key>Permissions</key> <dict> <key>Camera</key> <dict> <key>Allow</key> <array> <string>https://example.org</string> </array> <key>Block</key> <array> <string>https://example.edu</string> </array> <key>BlockNewRequests</key> <true/> <key>Locked</key> <true/> </dict> <key>Microphone</key> <dict> <key>Allow</key> <array> <string>https://example.org</string> </array> <key>Block</key> <array> <string>https://example.edu</string> </array> <key>BlockNewRequests</key> <true/> <key>Locked</key> <true/> </dict> <key>Location</key> <dict> <key>Allow</key> <array> <string>https://example.org</string> </array> <key>Block</key> <array> <string>https://example.edu</string> </array> <key>BlockNewRequests</key> <true/> <key>Locked</key> <true/> </dict> <key>Notifications</key> <dict> <key>Allow</key> <array> <string>https://example.org</string> </array> <key>Block</key> <array> <string>https://example.edu</string> </array> <key>BlockNewRequests</key> <true/> <key>Locked</key> <true/> </dict> <key>Autoplay</key> <dict> <key>Allow</key> <array> <string>https://example.org</string> </array> <key>Block</key> <array> <string>https://example.edu</string> </array> <key>Default</key> <string>block-audio</string> <key>Locked</key> <true/> </dict> <key>VirtualReality</key> <dict> <key>Allow</key> <array> <string>https://example.org</string> </array> <key>Block</key> <array> <string>https://example.edu</string> </array> <key>BlockNewRequests</key> <true/> <key>Locked</key> <true/> </dict> </dict> <key>PictureInPicture</key> <dict> <key>Enabled</key> <false/> <key>Locked</key> <true/> </dict> <key>PopupBlocking</key> <dict> <key>Allow</key> <array> <string>https://www.example.org</string> <string>https://www.example.edu</string> </array> <key>Default</key> <true/> <key>Locked</key> <true/> </dict> <key>Preferences</key> <dict> <key>accessibility.force_disabled</key> <dict> <key>Value</key> <integer>1</integer> <key>Status</key> <string>default</string> </dict> <key>browser.cache.disk.parent_directory</key> <dict> <key>Value</key> <string>SOME_NATIVE_PATH</string> <key>Status</key> <string>user</string> </dict> <key>browser.tabs.warnOnClose</key> <dict> <key>Value</key> <false/> <key>Status</key> <string>locked</string> </dict> </dict> <key>Proxy</key> <dict> <key>SocksVersion</key> <string>4</string> <key>Mode</key> <string>manual</string> <key>HTTPProxy</key> <string>proxy.example.com:80</string> <key>Locked</key> <true/> </dict> <key>RequestedLocales</key> <array> <string>de</string> <string>en-US</string> </array> <key>SanitizeOnShutdown</key> <true/> <key>SearchBar</key> <string>separate</string> <key>UserMessaging</key> <dict> <key>WhatsNew</key> <false/> <key>ExtensionRecommendations</key> <false/> <key>FeatureRecommendations</key> <false/> <key>UrlbarInterventions</key> <false/> <key>SkipOnboarding</key> <true/> </dict> <key>WebsiteFilter</key> <dict> <key>Block</key> <array> <string><all_urls></string> </array> <key>Exceptions</key> <array> <string>https://www.google.com/*</string> <string>https://www.yahoo.com/*</string> </array> </dict> <key>SecurityDevices</key> <dict> <key>NAME_OF_DEVICE</key> <string>PATH_TO_LIBRARY_FOR_DEVICE</string> </dict> <key>ShowHomeButton</key> <true/> <key>SSLVersionMin</key> <string>tls1.2</string> <key>SSLVersionMax</key> <string>tls1.3</string> <key>SupportMenu</key> <dict> <key>Title</key> <string>Click here for help</string> <key>URL</key> <string>http://example.edu/</string> <key>AccessKey</key> <string>C</string> </dict> </dict> </plist>

Is there a global way to turn off dns over https and also make firefox use the system certificate store?

We have a dns filter that needs to resolve all dns querys and we need a certificate on all systems to allow our Fortigate to do deep packed inspection on all traffic including encrypted.

We block our user's access to about:config in Firefox for security reasons. I need to set the browser.cache.disk.capacity and browser.cache.disk.max_entry_size for a group of users as recommended by an online services provider. Those values are not available under the preferences policy in the ADMX template for Firefox. How can I set these values in group policy? Is there a registry entry I can make? I tried changing them on my computer and then finding the change in the registry but was unable to find the changed values.

i am switching preference / policy management from the mozilla.cfg file to the admin template/GPO. i need to know if the following are still supported in the current release of Firefox ESR.

lockPref("app.update.enabled", false); lockPref("browser.download.dir", "N:"); lockPref("browser.download.downloadDir", "N:"); lockPref("browser.shell.checkDefaultBrowser", false); lockPref("dom.disable_open_during_load", true); lockPref("privacy.item.history", false); lockPref("xpinstall.whitelist.required", true); lockPref("browser.newtabpage.activity-stream.feeds.section.highlights", false); lockPref("browser.newtabpage.activity-stream.feeds.section.topstories", false); lockPref("browser.urlbar.autocomplete.enabled", false); lockPref("network.automatic-ntlm-auth.allow-non-fqdn", true); lockPref("plugin.default_plugin_disabled", "PDF, FDF, XFDF, LSL, LSO, LSS, IQY, RQY, XLK, XLS, XLT, POT, PPS, PPT, DOS, DOT, WKS, BAT, PS, EPS, WCH, WCM, WB1, WB3, RTF, DOC, MDB, MDE, WBK, WB1, WCH, WCM, AD, ADP"); lockPref("privacy.sanitize.promptOnSanitize", false); lockPref("privacy.sanitize.timeSpan", 40); lockPref("security.enable_ssl2", false); lockPref("security.enable_ssl3", false); lockPref("startup.homepage_welcome_url", ""); lockPref("startup.homepage_welcome_url.additional", ""); lockPref("toolkit.crashreporter.enabled", false);

if they are no longer supported, i need to know when (which release) they became unsupported. if there is a link that details all afailable preference and their support status, please provide that as well.

Thanks in advance.

I downloaded the admx files for Mozilla Firefox and put them in with the other Windows provided Administrative Local Policy Templates, thinking that it SHOULD show up in the Group Policy Editor tool provided with Windows 10. Apparently I could not have been more wrong. Does anybody know how to make the template show up on a non-domain (Home PC running Windows 10 Pro) computer? Granted, I know I can't control it from "Active Directory" since there is none, but I still want to add this functionality to the PC.

What I have tried: I renamed C:\Windows\PolicyDefinitions to C:\Windows\PolicyDefinitions.old I then Reopened GPEditor and verified all templates had been cleared of viewing (Empty set). I then created a new folder called C:\Windows\PolicyDefinitions and copied the files into it. It refuses to read the Firefox, but everything else shows back up. I downloaded the files again, and reinstalled them, but it still does not show up. I then Rebooted the PC, but my attempts were futile. Any assistance would be appreciated.

Hello

I'm Bae, and i'm sorry for my poor English.

I want to make my users be able to use seamless single sign on to Microsoft Azure by setting Firefox config with Active Directory group policy.

First, I created the 'user.js' file and wrote 'user_pref("network.negotiate-auth.trusted-uris","https://autologon.microsoftazuread-sso.com");' and 'user_pref("network.negotiate-auth.delegation-uris","https://autologon.microsoftazuread-sso.com");' in it.

Second, I put this user.js file in the Firefox¥Profiles folder (such as xxx.default-release).

Third, I checked that the setting was changed on about:config.

Last, I also checked that I could use seamless single sign on to "www.office.com".

What I want to do is to distribute this user.js file to my domain users (exactly, to users' firefox profiles folder) by group policy. Please tell me how to do.

Or, if there is any way to set 'network.negotiate-auth.trusted-uris' and 'network.negotiate-auth.delegation-uris' without user.js file, such as Firefox group policy template, please tell me which one I should modify.

Thanks.