• Kusonjululiwe
  • Okugcinwe kunqolobane

Can no longer play media with Firefox ESR 102.x

Hello, ever since we moved endpoints from Firefox ESR 91.13 to 102.3, it has become impossible to play any media with Firefox. No video will play in youtube, for instanc… (funda kabanzi)

Hello, ever since we moved endpoints from Firefox ESR 91.13 to 102.3, it has become impossible to play any media with Firefox.

No video will play in youtube, for instance (it just loads endlessly as if it would start, but it doesn't).

Can't use radio websites either. Anything with a "play" button (video or sound) does nothing.

This has been tested with a clean profile, a clean install, after allowing autoplay in the settings.

Is there any info on what exactly changed between ESR 91 and 102 that might explain this ? There has been no system change, If I reinstall 91 instead it works again as usual.

No issues anywhere else on the endpoints (Edge, Windows), this is on Windows 10 if it makes any difference.

Tanks for any help on this.

Asked by OdeonFF 1 unyaka odlule

Answered by OdeonFF 1 unyaka odlule

  • Kusonjululiwe

Firefox Intune OMA-URI error

Dear Everyone, Facing issue with deploying Configuration Profile for Extension Settings via Intune. Tried ADMX imported template with adding there "block all extensions"… (funda kabanzi)

Dear Everyone, Facing issue with deploying Configuration Profile for Extension Settings via Intune. Tried ADMX imported template with adding there "block all extensions" and allow certain ones. Worked perfect in Jamf, for Intune failing all time. We are using Firefox v.121, policies are for v.120, but I am in doubt that this is the issue. Can someone review and let me know if there any issue or may be changes? Using latest instructions https://mozilla.github.io/policy-templates/#extensionsettings Also here is my OMA, very easy.

OMA used ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings

Value(string):

<enabled/> <data id="ExtensionSettings" value=' {

 "*": {
   "blocked_install_message": "Security Test",
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "{bf855ead-d7c3-4c7b-9f88-9a7e75c0efdf}": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/zoom-new-scheduler/latest.xpi"
 },
   "@react-devtools": {
   "installation_mode": "allowed"
 }

}'/>

Asked by Valery Volos 5 izinyanga ezidlule

Answered by Mike Kaply 5 izinyanga ezidlule

  • Kusonjululiwe
  • Okugcinwe kunqolobane

AutoConfig Alert

Good morning, I'm reaching out to see if I can get some assistance with Firefox on of our network. I'm System Admin at Goodfellow AFB. I've tried searching this issues … (funda kabanzi)

Good morning,

I'm reaching out to see if I can get some assistance with Firefox on of our network. I'm System Admin at Goodfellow AFB. I've tried searching this issues on the web and found similar issues but solutions that were recommend online have not worked for us. Yes I have uninstalled Firefox completely and installed it from scratch. I know it has something to do with autoconfig file but not sure what exactly I'm looking for. Thanks.

Asked by Chase Cathey 1 unyaka odlule

Answered by jscher2000 - Support Volunteer 1 unyaka odlule

  • Kusonjululiwe
  • Okugcinwe kunqolobane

deploying firefox-add-ons via group policies doesn't work anymore after proxy-change

Hello, I used to deploy add-ons via group policies - this worked like a charm: Firefox esr (91.11.0esr x64), ADMX-templates in Sysvol\PolicyDefinitions, Group Policies: … (funda kabanzi)

Hello,

I used to deploy add-ons via group policies - this worked like a charm: Firefox esr (91.11.0esr x64), ADMX-templates in Sysvol\PolicyDefinitions, Group Policies: User configuration, administrative templates, mozilla, firefox, add-ons --> install add-ons --> https://addons.mozilla.org/firefox/downloads/file/1234567/goodaddon-1.0.01.xpi

A few months ago, we had to change our network-configuration. We were using a proxy before, but our proxy had direct access to the internet. Now our proxy forwards everything to another proxy. Since about that time, add-on-deployment via gpo doesn't work anymore. It could be something else, but i suspect the proxy-change.

I tried to deploy unc-paths, internal websites and different syntaxes; none of this works:

  • http://192.168.100.10/goodaddon-1.0.01.xpi
  • http://internalwebsite/goodaddon-1.0.01.xpi
  • https://192.168.100.10/goodaddon-1.0.01.xpi
  • https://internalwebsite/goodaddon-1.0.01.xpi
  • \\192.168.100.20\netshare\goodaddon-1.0.01.xpi
  • \\internalfileserver\netshare\goodaddon-1.0.01.xpi
  • file://///192.168.100.20/netshare/goodaddon-1.0.01.xpi
  • file://///internalfileserver/netshare/goodaddon-1.0.01.xpi

As you can see I tried using internal sites, so that no proxy would be needed. And I also added these sites to the allowed add-on-installation-sites (computer configuration, same group policy). The sites are all accessible; if I enter these addresses as url, firefox can access the xpi-file.

I know how to pack add-ons into the firefox-setup-file; that still works. But first of all, firefox is already installed on most of my clients. Second, after a fresh installation of firefox with this self-created package, all add-ons are installed, but not activated. And I would like to restrict activation/deactivation of add-ons via gpo.

  1. 1 Are there other ways to deploy add-ons in a domain-network (e.g. script-based)?
  2. 2 Are there any logs where I could find out what exactly goes wrong?
  3. 3 Are there any other syntaxes I could try (group policy urls)?
  4. 4 Can anyone guess what the problem is (why it is not working anymore)?

Help would be very much appreciated.

Best regards.

Asked by mozilla355 1 unyaka odlule

Answered by mozilla355 1 unyaka odlule

  • Kusonjululiwe
  • Okugcinwe kunqolobane

Firefox ESR 91.12

Hello, Qualys is detecting Vulnerabilites on our Firefox ESR 91.12 Versions which were patched by MFSA2022-29. It is showing Vulnerabilities because MFSA2022-30 lists CV… (funda kabanzi)

Hello, Qualys is detecting Vulnerabilites on our Firefox ESR 91.12 Versions which were patched by MFSA2022-29.

It is showing Vulnerabilities because MFSA2022-30 lists CVE's for ESR 102.X and we are on 91.12.

Is there anywhere I can go to get a list of all Vulnerabilities on 91.X to show our Security team, I believe CVE-2022-36314 and CVE-2022-2505 are not present in 91.12 because they are not listed in https://www.mozilla.org/en-US/security/advisories/mfsa2022-29/ but need evidence

Thank You,

Asked by mriley1 1 unyaka odlule

Answered by Mike Kaply 1 unyaka odlule

  • Kusonjululiwe
  • Okugcinwe kunqolobane

Intune ExtensionSettings Policy No Longer Working in Firefox

Hello, in Firefox browser, my organization has always blocked all extensions except for ones we allow through OMA-URI ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~fi… (funda kabanzi)

Hello, in Firefox browser, my organization has always blocked all extensions except for ones we allow through OMA-URI ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings.

About a month ago this stopped working and our end users can now install any extension in the Firefox browser that they choose, without approval, creating a security risk.

When checking in about:policies, there is a policy error: Unable to parse JSON for ExtensionSettings. We have checked with Microsoft Intune support and they verified that the policy looks to be configured and targeted correctly.

Here is a snippet of our JSON, this is a test policy where microsoft support had us remove "about:addons" from the 'install sources'. Both test and production policies are not working.

<enabled/>
<data id="ExtensionSettings" value='
{
    "*": {
        "blocked_install_message": "Contact Service Line",
        "install_sources": ["https://addons.mozilla.org/*"],
        "installation_mode": "blocked",
        "allowed_types": ["extension"]
    },
    "cloudmetering@snowsoftware.com": {
        "installation_mode": "force_installed",
        "install_url": "file:///C:/Program Files/Snow Software/Inventory/Agent/FFCloudmetering.xpi"
    },
    "fpdlpffext2@forcepoint.com": {
        "installation_mode": "force_installed",
        "install_url": "file:///C:/Program Files/Websense/Websense Endpoint/winFFext.xpi"
    },
    "jid1-5AULKXLKGyjuLQ@jetpack": {
        "installation_mode": "allowed"
    },
    "abb@amazon.com": {
        "installation_mode": "allowed"
    },
    "ciscowebexstart1@cisco.com": {
        "installation_mode": "allowed"
    },
    "linkedinConverted@firefox-extension": {
        "installation_mode": "allowed"
    },
    "{7bc53591-5218-45a0-b572-4366979097fd}": {
        "installation_mode": "allowed"
    },
    "queryamoid@kaply.com": {
        "installation_mode": "allowed"
    },
    "jid1-93WyvpgvxzGATw@jetpack": {
        "installation_mode": "allowed"
    },

Is this a bug? Or something wrong with our configuration? Has firefox changed the requirements of the extensionsettings OMA-URI?

Thanks for any help in advance.

Asked by victoria.gray 1 unyaka odlule

Answered by victoria.gray 1 unyaka odlule

  • Kusonjululiwe
  • Okugcinwe kunqolobane

GPO Settings for AutoFill Address and Credit Cards

We downloaded the GPO Templates for AD and looking to customize Firefox. We would like to disable Forms and Autofill: Autofill addresses Autofill credit cards Also wou… (funda kabanzi)

We downloaded the GPO Templates for AD and looking to customize Firefox.

We would like to disable Forms and Autofill: Autofill addresses Autofill credit cards

Also would like to lock down so they can't reenable if possible.

We would like to do this all through GPOs if possible. I found these in the about:config: extensions.formautofill.addresses.enabled extensions.formautofill.creditCards.enabled

But again want to do through the GPO. Is this possible?

Side note while working on GPOs, I set Exceptions for the popup blocker and they are not showing up in the browser. I also filled out to remove Search Engines but they all still appear in the browsers. These two GPO settings don't appear to be working.

Asked by Joshua_Calais 1 unyaka odlule

Answered by Mike Kaply 1 unyaka odlule

  • Kusonjululiwe
  • Okugcinwe kunqolobane

how to disable common users to modify the settings of "No proxy for" in "Connection Settings"

I am an admin of some servers, i modify the proxy settings of firefox in a GPO, and it works, but now ont thing is that users can modify the settings of "No proxy for" in… (funda kabanzi)

I am an admin of some servers, i modify the proxy settings of firefox in a GPO, and it works, but now ont thing is that users can modify the settings of "No proxy for" in Connection Settings, then add the urls, then users can access to any web site which they want to, is there a method to disable this? thanks.

Asked by fas910 11 izinyanga ezidlule

Answered by Mike Kaply 11 izinyanga ezidlule

  • Kusonjululiwe
  • Okugcinwe kunqolobane

Firefox 102.3.0 ESR, installs extension without permission

Hello, I am managing Firefox for a very large organization. We have several extension that we deploy using registry keys and we don't allow users to install additional a… (funda kabanzi)

Hello,

I am managing Firefox for a very large organization. We have several extension that we deploy using registry keys and we don't allow users to install additional addons. However, since version 102.3 I noticed some extensions that are present on the machine as .xpi files, but should not install unless a specific application is also present, are also being activated. They are enabled in the add-on manager, the information is present in the "extensions.json" and "extension-preferences.json" files. This should not happen. Is there any way to prevent the activation of these files?

Thank you!

Asked by antoniu-laurentiu.imbrea 1 unyaka odlule

Answered by antoniu-laurentiu.imbrea 1 unyaka odlule

  • Kusonjululiwe

HTTPs Only Mode

Hello, I have a problem with setting up HTTPs only Mode in my Organization, I read a lot about that, but I dont see the "dom.security.https_only_mode" switch in GPO, we h… (funda kabanzi)

Hello, I have a problem with setting up HTTPs only Mode in my Organization, I read a lot about that, but I dont see the "dom.security.https_only_mode" switch in GPO, we have the newest admx for Firefox. We need that to specific container, but still I dont know how to set it up, even via regedit, or preferences. Can someone describe me when can I set it up ? It could be using json file (which exactly file and how?), registry or just gpo. Regards, M.

Asked by marcin.markiewicz 5 izinyanga ezidlule

Answered by Mike Kaply 5 izinyanga ezidlule

  • Kusonjululiwe

Application Handlers

Hi All, I have been on the struggle bus lately trying to get the application handlers set properly in our GPO. I am trying to get PDF, webp, avif to open in browser, and… (funda kabanzi)

Hi All, I have been on the struggle bus lately trying to get the application handlers set properly in our GPO. I am trying to get PDF, webp, avif to open in browser, and jnlp to auto launch Java. Any help will be greatly appreciated!

{"application/pdf":{"action":3,"extensions":["pdf"]},"image/webp":{"action":3,"extensions":["webp"]},"image/avif":{"action":3,"extensions":["avif"]},"application/x-java-jnlp-file":{"action":4,"handlers":[{"name":"javaws.exe","path":"C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\javaws.exe"}],"extensions":["jnlp"]}}

Asked by Chris Wilkerson 3 izinyanga ezidlule

Answered by Mike Kaply 3 izinyanga ezidlule

  • Kusonjululiwe
  • Okugcinwe kunqolobane

I can’t change the min and max TLS versions with either policies.json or mozilla.cfg

I need to set the max TLS version to 1.3 and the min version to 1.2 on my shstems. The max and min TLS versions are set to 4 and 3 by default in about:config. If I use lo… (funda kabanzi)

I need to set the max TLS version to 1.3 and the min version to 1.2 on my shstems. The max and min TLS versions are set to 4 and 3 by default in about:config. If I use lockPref(“security.tls.version.max”,”3”), it is still 4 in about:config for some reason. If I set the min version to 2, it is still 3. This also doesn’t work if I use “SSLVersionMin”: “tls1.2” how can I fix this issue? Thank you in advance!

Asked by Terwassolam21434 9 izinyanga ezidlule

Answered by jscher2000 - Support Volunteer 9 izinyanga ezidlule

  • Kusonjululiwe
  • Okugcinwe kunqolobane

Firefox ESR deployment with MDT Error: 1618

We use Microsoft MDT for computer deployment. We have been installing the Standard version of Firefox for a long time with no problem. Recently we started using AD GPO Te… (funda kabanzi)

We use Microsoft MDT for computer deployment. We have been installing the Standard version of Firefox for a long time with no problem. Recently we started using AD GPO Templates to configure firefox. To be able to configure certain settings you need to be running the ESR version. I downloaded the more recent ESR version: 102.12.0esr.msi file.

When deploying machine MDT to install Mozilla firefox I keep getting this error: Application Mozilla Firefox ESR returned an unexpected return code: 1618

This is the only application having issues and this issue only came up since I change the installation file to the ESR version.

This is the install command being used in MDT: msiexec /i "Firefoxesr.msi" /qn /norestart

I am posting here and not with MDT support, as this only started happening when I changed the installation file to the ESR version. Has anybody else had a problem deploying ESR version through MDT? Any help on how to fix?

Asked by Joshua_Calais 11 izinyanga ezidlule

Answered by Joshua_Calais 10 izinyanga ezidlule

  • Kusonjululiwe
  • Okugcinwe kunqolobane

ManagedBookmarks [JSON]

Hello, Firefox 102.6.0esr (x64) Firefox 108.2.0 (x64) after implementing the bookmarks (JSON) setting by GPO policy, it turns out that an entry for Bookmarks is created… (funda kabanzi)

Hello,

Firefox 102.6.0esr (x64) Firefox 108.2.0 (x64)

after implementing the bookmarks (JSON) setting by GPO policy, it turns out that an entry for Bookmarks is created in the registry and not ManagedBookmarks, which causes bookmarks not to appear in the bookmarks bar. When I manually rename a registry entry from Bookmarks to ManagedBookmarks, the bookmarks appear properly. Please let me know if I'm doing something wrong or if there really is a problem reported by me.

Yours sincerely Bart

Asked by bartekbrzozka 1 unyaka odlule

Answered by Mike Kaply 1 unyaka odlule

  • Kusonjululiwe

How to disable Quic protocol in Windows with MS Intune

Hello I am looking for a way to disable the QUIC protocol in Firefox through Intune. tried by below value but its not working, anyone did the settings in MS Intune for W… (funda kabanzi)

Hello

I am looking for a way to disable the QUIC protocol in Firefox through Intune. tried by below value but its not working, anyone did the settings in MS Intune for Windows? <enabled/> <data id="JSON" value=' {

 "network.http.http3.enable": {
   "Value": 0,
   "Status": "user"
 },

{

 "network.http.http3.enable_0rtt": {
   "Value": 0,
   "Status": "user"
 }

}'/>

Thanks

Asked by Shri Sivakumaran 5 izinyanga ezidlule

Answered by Shri Sivakumaran 5 izinyanga ezidlule

  • Kusonjululiwe
  • Okugcinwe kunqolobane

Firefox Install Location/Versions

Hello, I am working to convert my Org to Firefox ESR, but in order to this I need to uninstall the per user install of Firefox. We have many users that have the Firefox.… (funda kabanzi)

Hello,

I am working to convert my Org to Firefox ESR, but in order to this I need to uninstall the per user install of Firefox. We have many users that have the Firefox.exe located in their Local Appdata folder. So I need to test the uninstall of the Appdata install and then the install of ESR. But the problem is I haven't been able to get Firefox to automatically install into the appdata folder. How am I able to do this? The users who have it installed in the appdata folder are not admins on their computers. When I'm testing I've also been using a normal user account. Please let me know how I can install the exe into the appdata folder automatically without me specifically placing it there or which exe version I need to do this.

Thanks!

Asked by tmlloyd 10 izinyanga ezidlule

Answered by tmlloyd 10 izinyanga ezidlule

  • Kusonjululiwe
  • Okugcinwe kunqolobane

Can I set Multi Account Containers default containers with endpoint deployment?

I am installing Firefox via microsoft endpoint, and deploying multi account containers with the OMA-URI policy for extensions. (this blog page is super helpful! https:/… (funda kabanzi)

I am installing Firefox via microsoft endpoint, and deploying multi account containers with the OMA-URI policy for extensions. (this blog page is super helpful! https://securitygeneralist.blogspot.com/2019/08/auto-installing-extensions-on-firefox.html )

The extension by default has containers for Personal, Work, Banking, Shopping.

Is there a way to automatically remove that default container list as part of the install?

Even better, is there a way to create a different default containers list through Endpoint?

Thanks

Asked by Chris 1 unyaka odlule

Answered by Mike Kaply 1 unyaka odlule

  • Kusonjululiwe
  • Okugcinwe kunqolobane

Install extention using GPO

Hello, I want to download an extension using firefox policy templates. I put the location folder and extension id so that it cannot be deleted, but for some reason it do… (funda kabanzi)

Hello,

I want to download an extension using firefox policy templates. I put the location folder and extension id so that it cannot be deleted, but for some reason it doesn't want to install most of the times. The policy is added after using the gpupdate /force command and restarting the machine then open and close the browser. I wait 10 minutes for the policy to be configured on the computer and open the browser again and nothing happens. Also, the keys in the registry have the corresponding value type (checked in site https://admx.help/?Category=Firefox&Policy=Mozilla.Policies.Firefox::Extensions_Locked). But when I drag and drop with a mouse, the extension is installed and cannot be deleted. Can you tell me why does the extension not install when the policy is in effect?

I sent pictures from Group Policy Manager, Registry editor and showing that the extension can not be deleted after drag and drop with a mouse.

Thank you in advanced!

Asked by thristov1980 1 unyaka odlule

Answered by Mike Kaply 1 unyaka odlule

  • Kusonjululiwe
  • Okugcinwe kunqolobane

Dragging and Dropping email attachments into a formula not working

Version: Firefox ESR 102.9.0 (64-bit) - Windows 10 Enterprise 22H2 Customers have been complaining for about 6 months that they can no longer drag and drop email attach… (funda kabanzi)

Version: Firefox ESR 102.9.0 (64-bit) - Windows 10 Enterprise 22H2

Customers have been complaining for about 6 months that they can no longer drag and drop email attachments from Outlook (Microsoft Office Professional Plus 2019 - Exchange) into a Help Desk formula. I tested dragging from Outlook desktop and from the web version.

Drag and Drop works when using Edge and Chrome.

This is not a major issue, since customers can use the other browsers, but since they would prefer to use Firefox, a fix would really be appreciated.  :-)

Asked by fischer404 1 unyaka odlule

Answered by Mike Kaply 1 unyaka odlule

  • Kusonjululiwe
  • Okugcinwe kunqolobane

Group Policy Templates / Preferences (Deprecated)

I am looking for information regarding the support life for settings that are defined in the Preferences (Deprecated) section of the ADMX templates provided in GitHub. Th… (funda kabanzi)

I am looking for information regarding the support life for settings that are defined in the Preferences (Deprecated) section of the ADMX templates provided in GitHub. There doesn't appear to be a definitive answer as to when these preferences are no longer applicable to a version of Firefox. The term "Deprecated" certainly applies they're on their way to extinction. But only a small handful of preferences have been ported over to non-deprecated template settings (like Auto Update). Is there an expected version of Firefox where all these preferences are meaningless? Or will they be supported indefinitely? "Industry recommendations' from 3rd party security vendors are bloating my policies in the domain space and I can't definitively say they are 'no longer supported as of version xyz' for all these Firefox Preference settings, which happen to be about 80% of the security parameters defined by STIG and/or CIS Workbench.

Asked by rott3nhippi3 1 unyaka odlule

Answered by TyDraniu 1 unyaka odlule