• 已解决

Can I disable browser using http3 protocol externally ?

I know users are allow to disable http3 through "about:config", and it works. However, I have to apply to multiple devices by script and the risk page might be a challeng… (了解更多)

I know users are allow to disable http3 through "about:config", and it works.

However, I have to apply to multiple devices by script and the risk page might be a challenge for me.

I tried to edit prefs.js, but it will still be overwrite even I restart my device. (Re-install is not allowed)

Is there any alternative way to disable http3, such as regedit key?

Or is there method to keep pref.js unchangeable?

询问者 Dali 于 6 天前

回答者 andmagdo 于 6 天前

  • 已解决

Firefox tries to connect to high risk IP

We realized that our Firefox ESR 91.4.1 (installed on couple of hundreds of PCs) tries to connect to the IP 34.107.221.82 which is marked as high risk. How is it possibl… (了解更多)

We realized that our Firefox ESR 91.4.1 (installed on couple of hundreds of PCs) tries to connect to the IP 34.107.221.82 which is marked as high risk. How is it possible? What exactly wants Firefox to do with this IP.

It is strange that connection to this IP goes directly and be blocked on our corporate firewall. Why does it go directly even if proxy is enabled and works. ?

Kind regards Vladimir

询问者 dovlaze 于 1 周前

回答者 andmagdo 于 1 周前

Extensions -> can't auto enable them

Hi, I'm trying to auto enable 2 extensions for my users, and after hours on the issue, I cannot find any fix. We are using: ESR 91.4 32 bits I've tried to use: - Group Po… (了解更多)

Hi,

I'm trying to auto enable 2 extensions for my users, and after hours on the issue, I cannot find any fix.

We are using: ESR 91.4 32 bits

I've tried to use: - Group Policy -> ExtensionSettings {

 "policies": {
   "ExtensionSettings": {

"uBlock0@asipsante.fr": { "installation_mode": "force_installed", "install_url": "file:///c:/Program Files (x86)/Ivanti/Workspace Control/Data/DBCache/Resources/custom_resources/Logiciels/Mozilla/extensions/CPS2ter-2020_Firefox@asipsante.fr.xpi" }, "uBlock1@netsoins.org": { "installation_mode": "force_installed", "install_url": "https://maintenance.netsoins.org/cpsvitale/firefox.xpi" } } } }

- and Registry HKCU\Software\Policies\Mozilla\Firefox -> ExtensionSettings (REG_MULTI_SZ): { "uBlock0@asipsante.fr": { "installation_mode": "force_installed", "install_url": "file:///c:/Program Files (x86)/Ivanti/Workspace Control/Data/DBCache/Resources/custom_resources/Logiciels/Mozilla/extensions/CPS2ter-2020_Firefox@asipsante.fr.xpi" }, "uBlock1@netsoins.org": { "installation_mode": "force_installed", "install_url": "https://maintenance.netsoins.org/cpsvitale/firefox.xpi" } }

-> HKCU\Software\Policies\Mozilla\Firefox\Extensions\Install 1 (REG_SZ): c:\Program Files (x86)\Ivanti\Workspace Control\Data\DBCache\Resources\custom_resources\Logiciels\Mozilla\extensions\CPS2ter-2020_Firefox@asipsante.fr.xpi 2 (REG_SZ): https://maintenance.netsoins.org/cpsvitale/firefox.xpi


The result is: extension are installed, but always disabled. I have to manually enable them.

Would you have any idea?

thanks for help

询问者 pierre.rodriguez 于 3 周前

最后回复者 Mike Kaply 于 2 周前

Change Cache Size via Group Policy

We block our user's access to about:config in Firefox for security reasons. I need to set the browser.cache.disk.capacity and browser.cache.disk.max_entry_size for a gro… (了解更多)

We block our user's access to about:config in Firefox for security reasons. I need to set the browser.cache.disk.capacity and browser.cache.disk.max_entry_size for a group of users as recommended by an online services provider. Those values are not available under the preferences policy in the ADMX template for Firefox. How can I set these values in group policy? Is there a registry entry I can make? I tried changing them on my computer and then finding the change in the registry but was unable to find the changed values.

询问者 scott.langley 于 4 周前

最后回复者 Mike Kaply 于 2 周前

Supported Preferences

i am switching preference / policy management from the mozilla.cfg file to the admin template/GPO. i need to know if the following are still supported in the current rel… (了解更多)

i am switching preference / policy management from the mozilla.cfg file to the admin template/GPO. i need to know if the following are still supported in the current release of Firefox ESR.

lockPref("app.update.enabled", false); lockPref("browser.download.dir", "N:"); lockPref("browser.download.downloadDir", "N:"); lockPref("browser.shell.checkDefaultBrowser", false); lockPref("dom.disable_open_during_load", true); lockPref("privacy.item.history", false); lockPref("xpinstall.whitelist.required", true); lockPref("browser.newtabpage.activity-stream.feeds.section.highlights", false); lockPref("browser.newtabpage.activity-stream.feeds.section.topstories", false); lockPref("browser.urlbar.autocomplete.enabled", false); lockPref("network.automatic-ntlm-auth.allow-non-fqdn", true); lockPref("plugin.default_plugin_disabled", "PDF, FDF, XFDF, LSL, LSO, LSS, IQY, RQY, XLK, XLS, XLT, POT, PPS, PPT, DOS, DOT, WKS, BAT, PS, EPS, WCH, WCM, WB1, WB3, RTF, DOC, MDB, MDE, WBK, WB1, WCH, WCM, AD, ADP"); lockPref("privacy.sanitize.promptOnSanitize", false); lockPref("privacy.sanitize.timeSpan", 40); lockPref("security.enable_ssl2", false); lockPref("security.enable_ssl3", false); lockPref("startup.homepage_welcome_url", ""); lockPref("startup.homepage_welcome_url.additional", ""); lockPref("toolkit.crashreporter.enabled", false);

if they are no longer supported, i need to know when (which release) they became unsupported. if there is a link that details all afailable preference and their support status, please provide that as well.

Thanks in advance.

询问者 grahjame 于 3 周前

最后回复者 TyDraniu 于 3 周前

  • 已解决

Does using policies.json turn of the effects of all about:config changes done before?

I just created a policies.json file in the appropriate distribution folder with ONE policiy, then restarted the browser, and now the browser shows: The browser is managed… (了解更多)

I just created a policies.json file in the appropriate distribution folder with ONE policiy, then restarted the browser, and now the browser shows: The browser is managed by your organisation. ("Der Browser wird durch Ihre Organisation verwaltet." in German.)

Now the question occured to me: Has this any effect on the changes I made before manually in the about:config section, or in the settings UI, other than the one change by the one policy I put in the policies.json?

Firefox 91.3.0esr (64-Bit)

询问者 Bill Smith 于 3 周前

回答者 Mike Kaply 于 3 周前

Mendeley plugin installed via registry setting pointing to plugin file has stopped working

I make the Mendeley Firefox plugin available to managed windows 10 workstations by downloading the plugin file to this location on a workstation: C:\Program Files (x86)\M… (了解更多)

I make the Mendeley Firefox plugin available to managed windows 10 workstations by downloading the plugin file to this location on a workstation:

C:\Program Files (x86)\Mendeley Desktop\Firefox Importer\mendeley_web_importer-3.2.65-fx.xpi

and then add a registry setting to the machine as follows:

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions] "@mendeleyimporter"="C:\\Program Files (x86)\\Mendeley Desktop\\Firefox Importer\\mendeley_web_importer-3.2.65-fx.xpi"

This method worked for previous versions of Firefox and Mendeley Importer, but for the latest versions of both the plugin no longer appears in Firefox.

No error messages are generated.

Is this method still supported by Firefox?

Thanks Mike

询问者 alder-woolf 于 1 个月前

最后回复者 cor-el 于 1 个月前

WindowsSSO not working on 95.0.2

Am trying to configure it via oma-uri on Intune Set it via ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/WindowsSSO With the value <enabled/> But does… (了解更多)

Am trying to configure it via oma-uri on Intune Set it via ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/WindowsSSO With the value

<enabled/>

But does not appear on about:policies Manually toggling it on via privacy and security "Allow Windows single sign-on for microsoft, work and school accounts" works.

All other policies are appearing.

询问者 yli 于 1 个月前

Firefox update in the enterprise

Multiple banks are removing Firefox due to vulnerabilities. They have found as I have told them multiple times that there is no centralized method to ensuring firefox rem… (了解更多)

Multiple banks are removing Firefox due to vulnerabilities. They have found as I have told them multiple times that there is no centralized method to ensuring firefox remains up to date. The admx files from github do set the appautoupdate and backgroundappupdate to a value of 1 to indicate updates but all PCs are at different levels from 90.0 to 95.0 and I've found that even with the auto update switch on that many pcs do not auto update due to users leaving firefox up and ignoring the restart. The autoupdate task runs only if the user is logged on and that allows users to browse with an insecure version of Firefox that can lead to data breaches. CVEs lead to threats to exploit the CVE and that leads to risk that leads to data breaches. These CVEs are tracked by the NVD and this puts security in the hands of users instead of the business and the business has decided to remove firefox from their environments due to this fact.

I know mozilla is NFP but to maintain firefox in an enterprise environment, it need a better update process such as Google Chrome and Edge Chromium.

CVE-2021-38503 CVE-2021-38504 CVE-2021-38505 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-38510

The above are current CVEs of High risk in one environment that has decided firefox will no longer be used.

询问者 bruce92 于 1 个月前

最后回复者 bruce92 于 1 个月前

Using Local Policy on a NON-DOMAIN COMPUTER

I downloaded the admx files for Mozilla Firefox and put them in with the other Windows provided Administrative Local Policy Templates, thinking that it SHOULD show up in … (了解更多)

I downloaded the admx files for Mozilla Firefox and put them in with the other Windows provided Administrative Local Policy Templates, thinking that it SHOULD show up in the Group Policy Editor tool provided with Windows 10. Apparently I could not have been more wrong. Does anybody know how to make the template show up on a non-domain (Home PC running Windows 10 Pro) computer? Granted, I know I can't control it from "Active Directory" since there is none, but I still want to add this functionality to the PC.

What I have tried: I renamed C:\Windows\PolicyDefinitions to C:\Windows\PolicyDefinitions.old I then Reopened GPEditor and verified all templates had been cleared of viewing (Empty set). I then created a new folder called C:\Windows\PolicyDefinitions and copied the files into it. It refuses to read the Firefox, but everything else shows back up. I downloaded the files again, and reinstalled them, but it still does not show up. I then Rebooted the PC, but my attempts were futile. Any assistance would be appreciated.

询问者 Twidget0831 于 1 个月前

最后回复者 Mike Kaply 于 1 个月前

  • 已解决

Is there any way to set firefox config by active directory group policy?

Hello I'm Bae, and i'm sorry for my poor English. I want to make my users be able to use seamless single sign on to Microsoft Azure by setting Firefox config with Active … (了解更多)

Hello

I'm Bae, and i'm sorry for my poor English.

I want to make my users be able to use seamless single sign on to Microsoft Azure by setting Firefox config with Active Directory group policy.

First, I created the 'user.js' file and wrote 'user_pref("network.negotiate-auth.trusted-uris","https://autologon.microsoftazuread-sso.com");' and 'user_pref("network.negotiate-auth.delegation-uris","https://autologon.microsoftazuread-sso.com");' in it.

Second, I put this user.js file in the Firefox¥Profiles folder (such as xxx.default-release).

Third, I checked that the setting was changed on about:config.

Last, I also checked that I could use seamless single sign on to "www.office.com".

What I want to do is to distribute this user.js file to my domain users (exactly, to users' firefox profiles folder) by group policy. Please tell me how to do.

Or, if there is any way to set 'network.negotiate-auth.trusted-uris' and 'network.negotiate-auth.delegation-uris' without user.js file, such as Firefox group policy template, please tell me which one I should modify.

Thanks.

询问者 sherlocksh 于 1 个月前

回答者 Mike Kaply 于 1 个月前

prevent users from enable menu bar in firefox

Hello, How can i prevent users from enable menu bar in firefox with Mozilla .cfg file or GPO? i hide successfully the menu bar with userChrome.css but users can enable it… (了解更多)

Hello,

How can i prevent users from enable menu bar in firefox with Mozilla .cfg file or GPO?

i hide successfully the menu bar with userChrome.css but users can enable it with righ click -> and check menu bar option.

I would also like to configure in the same way (GPO or .cfg) the option to "Always ask where to save the files"

Thank you,

询问者 t.santos-ext 于 1 个月前

最后回复者 jscher2000 于 1 个月前

Replacing Rogue Installations with Managed ESR Versions

We are deploying Firefox ESR using Ivanti and have reached a point were were need to start cleaning up rogue installs of Firefox that we are not managing. Has anyone depl… (了解更多)

We are deploying Firefox ESR using Ivanti and have reached a point were were need to start cleaning up rogue installs of Firefox that we are not managing. Has anyone deployed ESR over a local install of Firefox. Does the end user end up with two version of Firefox install or does the ESR version write over the previously installed version? Does the end user lose their bookmarks and history? I'm just curious as too what others have experienced so I can notify my first test group on what they can expect.

询问者 Brian 于 1 个月前

最后回复者 Mike Kaply 于 1 个月前

  • 已解决

Block websites and exceptions to blocked websites not working

Hello, I have a series of laptops that I need to block access to all URLs and only allow access to one. These laptops are not joined to an AD domain so I downloaded the … (了解更多)

Hello, I have a series of laptops that I need to block access to all URLs and only allow access to one. These laptops are not joined to an AD domain so I downloaded the ADMX templates and copied them to c:\windows\policydefinitions. I ran gpedit.msc and added <all_urls> to the Blocked Websites policy and then added the specific URL to the Exceptions to Blocked Websites policy. However I am unable to access the allowed URL as Firefox is blocking it, despite having the URL defined in the exceptions policy.

I have added various other URLs to the exceptions policy like https://www.msn.com, https://www.yahoo.com, and https://www.mozilla.org, and all are blocked. I have tried different match patterns in the blocked policy and none blocked any URL, which I didn't expect them to anyway. I tried these patterns:

*://*.*.*
https://*.*.*
http://*.*.*
*

Also in my testing I added https://www.yahoo.com to the block policy, did not enable the exceptions policy and found Firefox did not block that site, which makes zero sense. Am I missing something? I was able to do something similar to this in Chrome with its ADMX templates copied locally to a non-domain joined PC, and it worked flawlessly.

询问者 mgorski10 于 1 个月前

回答者 mgorski10 于 1 个月前

Intune MSI LOB Deployment Return Codes

Hi, I want to deploy the Firefox .msi installer using Intune as Line of Business application. I can deploy any other msi in this manner successfully, except Firefox. The… (了解更多)

Hi,

I want to deploy the Firefox .msi installer using Intune as Line of Business application.

I can deploy any other msi in this manner successfully, except Firefox. The application installs, but never reports back to Intune that it was a success, just pending, which makes my AutoPilot deployment fail.

Here are a couple forms from people having the same issue.

https://www.reddit.com/r/Intune/comments/mvp80t/firefox_msi_always_waiting_for_install_status/

https://www.reddit.com/r/Intune/comments/lych1h/deployed_msi_stuck_on_pending_install/

It seems that the only way people can fix it is by wrapping the .exe installer as win32 app in Intune. While that technically works, it removes abilities to control versions in a large company.

We really need the MSI to return success codes properly, or we have to stop using Firefox.

Anyone know of any workarounds? Is there something in the MSI I can tweak with Orca?

Thanks

Jeff

询问者 rosejef 于 3 个月前

最后回复者 Mike Kaply 于 1 个月前

Firefox CIS baselines deployment with Intune

Hi all, I'm trying to create configuration profile to deploy CIS baselines using Intune. Configured custom schema and able to deploy certain settings. However, while depl… (了解更多)

Hi all,

I'm trying to create configuration profile to deploy CIS baselines using Intune. Configured custom schema and able to deploy certain settings. However, while deploying preferences, I'm getting error and none of the preferences are being deployed. Enclosing the error screenshots. Did anyone configured preference settings. if yes, can you please suggest how to configure.

询问者 Ramesh 于 4 个月前

最后回复者 Mike Kaply 于 2 个月前

MDM Management - 'Open Links in tabs instead of new windows'

Hi Looking to control the following tab options via Intune but i cannot seem to identify the OMI-url settings. Are these setting manageable via OMI-url? Settings>Tabs&… (了解更多)

Hi Looking to control the following tab options via Intune but i cannot seem to identify the OMI-url settings. Are these setting manageable via OMI-url?

Settings>Tabs>Open links in tabs instead of a new window Settings>Tabs>When you open a link or media in a new tab, switch to it immediately

Thanks in advance

询问者 russell.stead 于 2 个月前

最后回复者 Mike Kaply 于 2 个月前

Firefox version keeps changing from ESR to release version automatically

I originally had the latest release version of Firefox but started to experience issues with certain banking websites, and misc printing issues. So I decided to downgrade… (了解更多)

I originally had the latest release version of Firefox but started to experience issues with certain banking websites, and misc printing issues. So I decided to downgrade from the release version to the extended support release.

I uninstalled the release version, and went into the Appdata folder and deleted anything Firefox related. Then I installed the ESR version. It worked fine for the day, but a restart the next day, I discovered that my install changed from ESR to the release channel. I once again went through the install process mentioned above, and the next day, the same thing happened. Any idea on why this might be changing?

Note: I have tried both the MSI and .exe versions and experience the same issue. I am the only one that logs into this workstation. This workstation is actually a Azure Virtual Desktop with a variation of windows 10. (Screenshot attached with the OS).

询问者 huntsdabibil 于 3 个月前

最后回复者 cor-el 于 2 个月前