Firefox for Enterprise Isithangami Sokwesekwa

Hi, I would like to implement GPO settings for Firefox, and would like to review the list of the policies with description (explanation of what the policy is about and what happens if its enabled or disabled) on a table or excel format. Is there a site or page that will give me that list?

We are deploying Firefox installed via the v122 binary on Ubuntu 22.04.4 Server w/ubuntu-desktop-minimal --no-install-recommends (we need to have no-user-interaction install). We are using an Ansible playbook to copy over and unarchive the tarball, then create a firefox/distribution folder in the install directory and copying a profiles.json file to said folder, links the install directory to the /usr/bin/local directory, and setting firefox.desktop as the system default browser.

Using the instructions from: https://mozilla.github.io/policy-templates/

What we are hoping to accomplish is the user who has never launched Firefox will click on a link in an application, which will launch Firefox and go directly to the requested page. As it stands right now, the first time a user clicks the link, it launches firefox and shows a start page. The user must then close this window, and click the link again. This brings up a "Use Firefox as the default browser" prompt, which the user must accept, but then does not display the link. The third time the user clicks the link, the requested page pops up, and works from this time out.

We would like to have this be a one-click experience for the user. Looking at the options in about:config after getting firefox to launch, it appears firefox is not getting the options from the profiles.json file. Are we missing something about placement of this file? Missing some lines? Should we be using AutoConfig instead? Thank you for any assistance!

{

   "policies": {
       "Homepage": {
           "StartPage": "none"
       },
       "Preferences": {
           "browser.shell.checkDefaultBrowser": {
               "Value": false,
               "Status": "default",
               "Type": "boolean"
           },
           "browser.shell.skipDefaultBrowserCheckOnFirstRun": {
               "Value": true,
               "Status": "default",
               "Type": "boolean"
           },
           "browser.startup.homepage_override.mstone": {
               "Value": "ignore",
               "Status": "default",
               "Type": "string"
           }
       },
       "PopupBlocking": {
           "Default": false
       },
       "DontCheckDefaultBrowser": true,
       "OverrideFirstRunPage": "",
       "OverridePostUpdatePage": ""
   }

}

We have recently enabled background updates in our organization, however I noticed that a requirement for this to work is that Firefox needs to be run with the default profile at least once after the feature is enabled. The issue we have is that not all users are actively using Firefox and therefore they are not being updated. I realize the security flaws won't be exposed if it's not in use, but management doesn't like seeing out of date browsers. Is there a way to force auto updates on all device where Firefox isn't not being used. Background updating is working for the majority of those that do use Firefox.

Also, we do have a couple of users reporting a credential prompt when updating from 119 to 119.0.1. These same users had no issues updating from 118 to 119. I have not figured out why this is happening just yet and why only for a handful of users so far. Would anyone have an idea why that is happening?

Welcome, We are implementing redirected folders in our company via Widnows Server. We are also redirecting the Appdata folder. We have offline mode enabled which means that the folders are synchronised every 5 minutes. The synchronised Appdata folder has a Firefox profile which causes a lot of conflicts. Every time the folder is synced there are conflicts like "Both versions have been updated since the last sync" or "Cannot sync now. Try again". I attach a screen shot of how much of this there is. No other applications cause such errors. Only Firefox blocks us from a large deployment. If the problem cannot be resolved we will be forced to abandon the FireFox browser altogether. Has anyone had a similar problem?

Hi there,

We are currently utilizing Windows Server 2019 as our development server. To maintain security protocols, we have implemented a Group Policy to block internet access on this server. Initially, this configuration successfully restricted internet access on all browsers, including Firefox. However, recently we encountered an issue where internet access became available solely through the Firefox browser, posing a significant data security risk.

Upon investigation, we discovered that Firefox allows users to modify proxy settings, effectively bypassing our Group Policy restrictions. Unlike other browsers, Firefox permits users to adjust proxy settings without sufficient rights, thus overriding our established restrictions.

To mitigate this issue, we require guidance on enforcing Group Policy settings within Firefox to prevent unauthorized alterations to proxy settings and ensure internet access remains restricted. It's important to note that Firefox is exclusively utilized for development purposes on our server.

Your assistance in resolving this matter would be greatly appreciated.

Regards, Hiten

Attempting to disable FF Password manager completely for my org via a plist.

Currently have the password manager itself disabled but can't figure out how to disable the Auto-fill settings with previously saved passwords prior to the password manager being disabled?

Is this possible? Or is this disabled already when the password manager itself is disabled?

Currently have this set via a plist:

<key>PasswordManagerEnabled</key> <false/>

I am writing from an enterprise environment and I have been directed to the community page by Mozilla support to seek answers. This approach seems somewhat unreasonable for an enterprise setting and it has led me to consider discontinuing their product within our organization. I had requested support to send me a copy of my previous correspondence as I had forgotten some details, but this request was ignored, which is disappointing.

I am skeptical about receiving the help or answers I need here. If there is a more direct line to Mozilla support, I would greatly appreciate being redirected there.

We are currently using Firefox 121.0 and are attempting to implement the Applied Epic extension. I have updated the ADMX policy.

Originally, the reg key flip I created did work but something has changed since then. See screenshot of this. I followed the guide provided at https://github.com/mozilla/policy-templates/blob/v5.5/docs/index.md, which instructed me to place the registry key in Software\Policies\Mozilla\Firefox\Extensions\Install\1. However, the guide did not specify whether this should be in HKLM or HKCU. I tried this instead, and it did not work.

I also attempted to implement the extension via GPO, but this was unsuccessful. I tried the new Extension Management system as well, but to no avail.

Here is the JSON configuration I used: {

 "AppliedEpicExtension@gmail.com": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/file/4143256/applied_epic_extension-3.16.3.xpi"
 }

}

Despite following the guide and trying multiple methods, none of the options seem to work. I would appreciate any guidance on what I might be doing wrong.

Seems to be new in 122.0 because i never received that before. It asks if you want to open links with Firefox and if you do, it sets file associations for htm / html and things like that. However in a company environment i want to supress that notification

We are currently attempting to automate our Firefox update processes. Currently we use robocopy to push out new versions on release, but ideally we'd like to use the background updater instead. We are currently on 64-bit 119.0.1, on Windows 10 Pro 22H2. We'd prefer not to switch over to ESR if at all possible. I've already reactivated the AppAutoUpdate and BackgroundAppUpdate policies, and DisableAppUpdate is disabled, but I'm still being hit with a UAC Admin prompt when I try to launch Firefox. I tried to bypass it through the registry at [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers], with "C:\Program Files\Mozilla Firefox\firefox.exe" = "RUNASINVOKER", but that also doesn't seem to have done anything. Any and all assistance would be appreciated

We are currently looking at devices with out-of-date Firefox versions these are listed with vulnerabilities within our environment and need to be patched to the latest version to cover those vulnerabilities.

With the volume of patching required, we want to be able to enable auto-update and allow the application to patch itself.

However, the current options via group policy don't seem to work as I've read on such threads https://bugzilla.mozilla.org/show_bug.cgi?id=1876302.

The application Autoupdate has been enabled within local group policy as a test and nothing seems to force the application to update unless a user enters the application and selects about.

Reading into how Firefox does this it doesn't seem viable to enable an auto-update feature without specifying the version it needs to upgrade to, we can currently patch to specific versions using SCCM.

Is anyone aware of a solution to this problem or another method?

Looked into calling updater.exe and the maintenance service but nothing i successful when trying to call on these.

We followed the links below to block internet access in Firefox browser:

https://www.youtube.com/watch?v=fAGYYX5hYb8 https://github.com/mozilla/policy-templates/releases

We downloaded the ADMX and ADML files. Using these files, we were able to locate Mozilla Firefox in Group Policy Management and successfully block all websites in the Firefox browser using the pattern :///*.

However, we encountered an issue with exceptions. We do not wish to block certain websites, including localhost. We attempted to use the "Exceptions to block websites" option, providing values such as ://msn.com/ to exclude specific sites. Unfortunately, this approach did not work as intended. For instance, msn.com is one of the websites we want to allow, among others and also localhost.

We require assistance with the following issue: "Exceptions to block websites" is not functioning properly within the group policy of Mozilla Firefox.

Hello, from Terminal Servers, it is not possible to browse the Internet via FortiGate's explicit proxy from the Firefox browser, while there is no problem with Chrome or Edge. When the user tries to browse external sites, the proxy sends the error page "You need to authenticate to use this service". It seems that Firefox does not pass user authentication to FortiGate. The proxy authenticates users per session via Kerberos tickets.

Firefox version: 115.5.0esr

I also performed the following settings to pass the Kerberos ticket to the proxy without success: https://people.redhat.com/mikeb/negotiate/

I also noticed that it is not possible to change the "network.negotiate-auth.allow-proxies" setting from "false" to "true." Is this my problem? Is it normal that it cannot be changed?

Attached are the settings.

Thank you in advance.

Is there a way to trigger a Firefox browser update through command line or script? I need to trigger an update across a few hundered computers and I can do this, but through command line or script automation. What is the command line syntax to do this, if there is any?

Thank you for your help

Hi,

we want to switch our Firefox configuration from file-based (policies.json) to GPO-based. We rolled out the GPO on some test clients and it worked like a charm.

But... It shows that there are some clients which need a second firefox installation for a special purpose, which is not allowed to enter the internet or update itself.

The file-base configuration can handle these to different installations with two differend policies.json files.

Is there a way to accomplish this scenario with the use of GPOs? The GPO-base configuration seems to be global for every client.

At this moment i don't see a solution for our problem. Do you see one?

Hi,

We are using Firefox Enterprise on Windows Server 2016 Remote Desktop for approx 100 users.

The users need very often to create a new profile when launching FireFox, and then loose all their bookmarks.

Is there a way to manage the profiles correctly to bypass this problem ?

Thank you for your help ! Have a nice day.

We're exploring the possibility of implementing a mass update for Firefox through backend management, leveraging PowerShell scripts or any applicable method that can streamline the update process for our users.

Additionally, we've encountered instances where users have installed Firefox via local profiles, posing challenges for centralized updates. I'd appreciate any insights or guidance on how we can address this issue effectively to ensure these installations align with our centralized management approach.

I would like to prevent users to navigate on the Linux system when they view a PDF and then use the Save option. The "PDFjs" policy enables or disables the PDF Viewer but does not control the built-in PDF Viewer menus.

HI Team,

I am working for an organization, members have different versions installed and need help to uninstall the Firefox completely, Member able to see the application installed in Apps and features and but files do not exist in program files or program files x86, please someone please contact me for my queries [removed phone# from support forum]. my email id [edited] @gmail.com

The script is not removing the application

IF EXIST "%ProgramFiles%\Mozilla Firefox\" ( "%ProgramFiles%\Mozilla Firefox\uninstall\helper.exe" /s )

IF EXIST "%Program Files (x86)%\Mozilla Firefox\" ( "%Program Files (x86)%\Mozilla Firefox\uninstall\helper.exe" /s )

Looking to specify homepage, homepage button, and new tab page within Firefox on our Mac fleet.

I was able to create a plist file for macs, and it was "deployed successfully" according to Intune, but no changes actually happened on my test machines.

I've uploaded a redacted version of the used plist.

Anyone out there have any ideas?