Firefox 企業版 技術支援討論區

I would like to completely remove the address bar (url bar?) from Firefox 78 64bit. We had to update our Firefox at work and the old way of doing it through the userChrome.css file doesnt seem to work with the newer versions.

Hello! As you may know, FireFox does not use the Windows Certificate Store by default. Therefore I have to change the "security.enterprise-roots.enabled" in the preferences on each workstation. I have searched and found ways to enforce this change by GPE , but I wonder if there is a way to change firefox preferences, especially the one I've mentioned, via Registry Editor.

Hi,

We've GPOs in place for Edge and Chrome that set said browsers on all our Windows endpoints to open downloaded ICA files in Citrix Workspace.

I've imported the firefox.admx and mozilla.admx file along with assocaited .adml files, checked Github, checked through the GPO settings yet cannot figure out how to do the same with Firefox.

Is there a Mozila Firefox for Windows GPO ADMX setting I can use to control the "Firefox>Settings>General>Files and Applications>Applications" section to add "Content type: ica | Action: Use Citrix Workspace"?

Thanking you....

I manage SCCM in my environment, and have been successfully offering Firefox ESR for a while now, along with silent updates when new versions are released.

Today I realised that not all of my users are using the ESR version from the Software Centre (90.10.0), but have instead installed the normal version to their profile (ranging from 83.x.x to 101.x.x). These are clearly not being updated, and it's been flagged by security scans.

So, I'm looking for a way to remove them silently with a script that I can insert into the ESR deployment, and replace these unsupported versions.

Can anyone help me?

Hi all,

we are using Mozilla Firefox ESR in our enterprise environment.

Is there a documentation which URL's Firefox uses when (Mozilla Maintenance Service) when it tries to update his version ?

We have tried with following URL's on our Firewall:

aus.mozilla.org aus2.mozilla.org aus3.mozilla.org aus4.mozilla.org aus5.mozilla.org download.cdn.mozilla.net archive.mozilla.org ftp.mozilla.org

It is finding the new version, but when trying to download the update it fails.

Thank you for any help on this case.

Good morning,

I'm reaching out to see if I can get some assistance with Firefox on of our network. I'm System Admin at Goodfellow AFB. I've tried searching this issues on the web and found similar issues but solutions that were recommend online have not worked for us. Yes I have uninstalled Firefox completely and installed it from scratch. I know it has something to do with autoconfig file but not sure what exactly I'm looking for. Thanks.

Hello all,

We must use a third party application which can only be installed in user home directory. We'd like to create a GPO to manage user settings, and configure a handler for this application.

Is it possible to use an environnement variable (for example %LOCALAPPDATA%) in the path of a handler ?

Thank you.

Hello,

As the title mentions, applying a block to all extensions via "*" by utilizing Extension Management GPO will block about:debugging.

Is there a way to simultaneously have all extensions blocked and about:debugging available?

Here's the JSON - { "*": { "installation_mode": "blocked" } }

Appreciate your time and help, - Dom

Bonjour, Je travaille dans un musée. Nous utilisons Firefox sur des pc accessibles pour le public. Comment accéder à "aboutNetErrorCodes.js" pour l'éditer. Je souhaite remplacer le message par défaut de Firefox et rediriger vers une une page en local. Merci pour votre aide. Yves

I have been tasked to have our Firefox auto update without user interaction. We have a small enterprise of about 2000 or so PCs but only maybe 300 use Firefox consistently. According to the GPOs it claims that it will update even when the browser is not open. I have this working fine on Chrome and Edge. You can see my attached screenshots that my GPOs are dropping down correctly to my VM. When I open Firefox and leave it open I can see that an "updated" folder is created in the Program Files>Mozilla Firefox. If I close Firefox the updated folder disappears and and installs the latest update. Once I reopen Firefox I can see that it updated. I need this to happen without the browser being launched, closed and reopened. I went into Settings>General and noticed that my update section is missing some of the update options that I see when researching. Automatically Install Updates and When Firefox is not Running options (see screen shots) are missing from my install. I am pretty sure this is why it will not truly silently auto update. Does anyone know where those two options are controlled from and how do I get those to show on my installs?

Hi, I am looking for a security Hardening guidelines for Firefox from Mozilla. Could you please guide me to the right direction where I can find one.

Thanks Raju

Hi

  Anyone experiencing an issue with Firefox 91 ESR on Win10 with blocking downloads?  We have the desktop blocked with controlled folder access and a plugin loaded which stops downloads of most file types, but when clicked on, the box appears to save the file after regardless.  The user cannot select a file location, but if they just click save it saves to the desktop anyway.  Cannot seem to stop firefox doing this. Anyone know a fix ?

Thanks,

      Jon Dickens

Hello,

Applying Preferences & Extension Management GPO's will bug certain GUI settings. The three examples I have are HTTPS-Only Mode & Forms and Autofill within about:preferences, and Enable USB Devices within about:debugging.

When HTTPS-Only Mode is set to "Don't Enable HTTPS-Only Mode" and locked via Preferences GPO, Users can continue to toggle between the settings. Forms and Autofill settings will not populate within about:preferences if address and credit card formfill values are false and locked via Preferences GPO. However, when the same GPO is deployed from Active Directory, Forms and Autofill settings will populate with address available for User toggle. Key, the values within about:config reflect what is set via GPO, and do not change among toggle or User intervention.

When locking down Enable USB Devices within about:debugging by blocking the extension install via Extension Management GPO, Users can continue to toggle the button after the policy applied. Although, just as previously mentioned, the extension does not get installed and seems the policy intervenes.

My questions being, are these simply GUI bugs since the values respect group policy? Are there other methods to lock down these settings?

I understand this is quite a bit of information and appreciate your help and time!

Preferences JSON - { "extensions.formautofill.creditCards.available": {

   "Value": false,
   "Status": "locked"
 },

"extensions.formautofill.creditCards.enabled": {

   "Value": false,
   "Status": "locked"
 },
 "browser.formfill.enable": {
   "Value": false,
   "Status": "locked"
 },
 "extensions.formautofill.addresses.enabled": {
    "Value": false,
    "Status": "locked"
 }

}

Extension Management JSON - { "adb@mozilla.org": { "installation_mode": "blocked" } }

- Dom

Hello,

I used to deploy add-ons via group policies - this worked like a charm: Firefox esr (91.11.0esr x64), ADMX-templates in Sysvol\PolicyDefinitions, Group Policies: User configuration, administrative templates, mozilla, firefox, add-ons --> install add-ons --> https://addons.mozilla.org/firefox/downloads/file/1234567/goodaddon-1.0.01.xpi

A few months ago, we had to change our network-configuration. We were using a proxy before, but our proxy had direct access to the internet. Now our proxy forwards everything to another proxy. Since about that time, add-on-deployment via gpo doesn't work anymore. It could be something else, but i suspect the proxy-change.

I tried to deploy unc-paths, internal websites and different syntaxes; none of this works:

• http://192.168.100.10/goodaddon-1.0.01.xpi
• http://internalwebsite/goodaddon-1.0.01.xpi
• https://192.168.100.10/goodaddon-1.0.01.xpi
• https://internalwebsite/goodaddon-1.0.01.xpi
• \\192.168.100.20\netshare\goodaddon-1.0.01.xpi
• \\internalfileserver\netshare\goodaddon-1.0.01.xpi
• file://///192.168.100.20/netshare/goodaddon-1.0.01.xpi
• file://///internalfileserver/netshare/goodaddon-1.0.01.xpi

As you can see I tried using internal sites, so that no proxy would be needed. And I also added these sites to the allowed add-on-installation-sites (computer configuration, same group policy). The sites are all accessible; if I enter these addresses as url, firefox can access the xpi-file.

I know how to pack add-ons into the firefox-setup-file; that still works. But first of all, firefox is already installed on most of my clients. Second, after a fresh installation of firefox with this self-created package, all add-ons are installed, but not activated. And I would like to restrict activation/deactivation of add-ons via gpo.

1. 1 Are there other ways to deploy add-ons in a domain-network (e.g. script-based)?
2. 2 Are there any logs where I could find out what exactly goes wrong?
3. 3 Are there any other syntaxes I could try (group policy urls)?
4. 4 Can anyone guess what the problem is (why it is not working anymore)?

Help would be very much appreciated.

Best regards.

We have several servers with Firefox installed and automatic updates enabled to include "When Firefox is not running". However, our security scans indicate that the version is out of date. We have to connect to the box and finish the updates. The current version is at 103.0.1 and the previous version was above 100 (failing to remember exact version). Is there a way to ensure that Firefox remains up to date without connecting to the server?

We have a customer using our SaaS solution running through Firefox 91.12.0 ESR. The web application we provide requires access to the camera on the local machine so we can capture a photo. We give them instructions and they configure their instance of Firefox to ALLOW access to the camera, along with several other adjustments (like allowing pop-ups, and no autofill).

However, whenever they restart Firefox the camera permission reverts back to the DEFAULT of Always Ask. The other settings adjustments we make, like pop-ups and no autofill stick around, but not the camera setting.

We've checked the PREF.js file in the Profile folder and that doesn't appear to be a problem. On our in-house machines we are running the same version of Windows and Firefox and cannot reproduce the problem.

The customer has recently applied the upgrade from an earlier version of Firefox ESR to 91.12.0. The customer has also imaged the PC and copied over to a large number of additional machines for use around their organization. This problem is causing a serious disruption to their deployment of the updated PC's as we work with them to try and troubleshoot the problem.

Any ideas on what to try would be appreciated.

We use GPO to push out our Firefox homepage and bookmarks. I get totally different results for each user, some will make changes right away if I add a new book marks, but they don't see older ones?

I decided to build a few test machines (we don't have time to build a dev envir) and it applies the GPO for the home page but not the bookmarks, I can see the book marks in the registry even but nothing on firefox. Anyone have a guess?

thanks David

Some users in my organization have been complaining about FireFox location protection since the update to 103.0.2. We would like an option to completely disable this "feature". Our users are complaining about having to individually make exceptions via the shield icon and selecting custom and unchecking all boxes does not work for our use case scenario. Is there any option to disable this completely or are there plans in future releases to allow us a disable feature (like you used to have) or is the only solution to switch our users to Chrome? Thanks

Why isn't firefox ESR 102.1 available for download via this link, it still downloads 91.12 which has vulnerabilities. https://www.mozilla.org/en-US/firefox/enterprise/ I found it after digging around but it was a hassel.