Kukhonjiswa imibuzo ethegiwe: Veza yonke imibuzo

Permission Problem with Camera

We have a customer using our SaaS solution running through Firefox 91.12.0 ESR. The web application we provide requires access to the camera on the local machine so we ca… (funda kabanzi)

We have a customer using our SaaS solution running through Firefox 91.12.0 ESR. The web application we provide requires access to the camera on the local machine so we can capture a photo. We give them instructions and they configure their instance of Firefox to ALLOW access to the camera, along with several other adjustments (like allowing pop-ups, and no autofill).

However, whenever they restart Firefox the camera permission reverts back to the DEFAULT of Always Ask. The other settings adjustments we make, like pop-ups and no autofill stick around, but not the camera setting.

We've checked the PREF.js file in the Profile folder and that doesn't appear to be a problem. On our in-house machines we are running the same version of Windows and Firefox and cannot reproduce the problem.

The customer has recently applied the upgrade from an earlier version of Firefox ESR to 91.12.0. The customer has also imaged the PC and copied over to a large number of additional machines for use around their organization. This problem is causing a serious disruption to their deployment of the updated PC's as we work with them to try and troubleshoot the problem.

Any ideas on what to try would be appreciated.

Asked by mfranke62 2 emasontweni adlule

Last reply by jscher2000 - Support Volunteer 1 usuku oludlule

Hardening Firefox browser

Hi, I am looking for a security Hardening guidelines for Firefox from Mozilla. Could you please guide me to the right direction where I can find one. Thanks Raju … (funda kabanzi)

Hi, I am looking for a security Hardening guidelines for Firefox from Mozilla. Could you please guide me to the right direction where I can find one.

Thanks Raju

Asked by raju.singanna 1 inyanga edlule

Last reply by Mike Kaply 1 inyanga edlule

Firefox ESR | Update and Download URL

Hi all, we are using Mozilla Firefox ESR in our enterprise environment. Is there a documentation which URL's Firefox uses when (Mozilla Maintenance Service) when it trie… (funda kabanzi)

Hi all,

we are using Mozilla Firefox ESR in our enterprise environment.

Is there a documentation which URL's Firefox uses when (Mozilla Maintenance Service) when it tries to update his version ?

We have tried with following URL's on our Firewall:

aus.mozilla.org aus2.mozilla.org aus3.mozilla.org aus4.mozilla.org aus5.mozilla.org download.cdn.mozilla.net archive.mozilla.org ftp.mozilla.org

It is finding the new version, but when trying to download the update it fails.

Thank you for any help on this case.

Asked by oerneka 2 izinyanga ezidlule

Last reply by Mike Kaply 1 inyanga edlule

Completely remove address bar

I would like to completely remove the address bar (url bar?) from Firefox 78 64bit. We had to update our Firefox at work and the old way of doing it through the userChrom… (funda kabanzi)

I would like to completely remove the address bar (url bar?) from Firefox 78 64bit. We had to update our Firefox at work and the old way of doing it through the userChrome.css file doesnt seem to work with the newer versions.

Asked by pingaaron 2 izinyanga ezidlule

Last reply by Mike Kaply 2 izinyanga ezidlule

Silent uninstall of Firefox from User Profiles

I manage SCCM in my environment, and have been successfully offering Firefox ESR for a while now, along with silent updates when new versions are released. Today I realis… (funda kabanzi)

I manage SCCM in my environment, and have been successfully offering Firefox ESR for a while now, along with silent updates when new versions are released.

Today I realised that not all of my users are using the ESR version from the Software Centre (90.10.0), but have instead installed the normal version to their profile (ranging from 83.x.x to 101.x.x). These are clearly not being updated, and it's been flagged by security scans.

So, I'm looking for a way to remove them silently with a script that I can insert into the ESR deployment, and replace these unsupported versions.

Can anyone help me?

Asked by jon.tydda 2 izinyanga ezidlule

Last reply by Mike Kaply 2 izinyanga ezidlule

Silent Auto Update for Firefox ESR

Hi All- I am in charge of deploying Firefox ESR to my company and trying to get it to silently auto update on it's on with user interaction. We have policies in place (GP… (funda kabanzi)

Hi All- I am in charge of deploying Firefox ESR to my company and trying to get it to silently auto update on it's on with user interaction. We have policies in place (GPO) that prevent it at this point. I need some guidance on whether I should use just GPOs to manage this or should I go the route of the .cfg file? If someone has a step by step on how to best achieve this I would appreciate it. I am currently using the .msi installer.

Here is settings in an old .cfg file that I am testing with:

lockPref("app.update.mode", 1); lockPref("app.update.service.enabled", true); lockPref("extensions.update.enabled", false); lockPref("extensions.update.autoUpdateEnabled", false);

// Set default homepage - users can change // Requires a complex preference defaultPref("browser.startup.homepage","data:text/plain,browser.startup.homepage=http://workday");

// Don't ask to install the Flash plugin lockPref("plugins.notifyMissingFlash", false);

// Disable Search Engine automatic updates lockPref("browser.search.update", false);

//Disable telemetry lockPref("toolkit.telemetry.prompted", 2); lockPref("toolkit.telemetry.rejected", true); lockPref("toolkit.telemetry.enabled", false);

// Disable health reporter lockPref("datareporting.healthreport.service.enabled", false); lockPref("datareporting.healthreport.logging.consoleEnabled", false); lockPref("datareporting.healthreport.uploadEnabled", false);

// Disable all data upload (Telemetry and FHR) lockPref("datareporting.policy.dataSubmissionEnabled", false);

// Disable crash reporter lockPref("toolkit.crashreporter.enabled", false); Components.classes["@mozilla.org/toolkit/crash-reporter;1"].getService(Components.interfaces.nsICrashReporter).submitReports = false;

// Don't show WhatsNew on first run after every update pref("browser.startup.homepage_override.mstone","ignore");

// Don't show 'know your rights' on first run pref("browser.rights.3.shown", true);

Asked by CherishYourLife 2 izinyanga ezidlule

Last reply by cor-el 2 izinyanga ezidlule

Poisoned Websites – Malware, etc.

I am a Cyber Security Specialist and System Integrator (www.techwareusa.com and www.cybersecureusa.com ). I have developed a pretty good Cyber Security Stack with the ex… (funda kabanzi)

I am a Cyber Security Specialist and System Integrator (www.techwareusa.com and www.cybersecureusa.com ). I have developed a pretty good Cyber Security Stack with the exception of one chink in my armor. I have been running the Stack on my Clients systems (about 100 total) for over two years and have had only one breach. That breach was caused by the Client not following my suggestion (read any popup and don’t just click through it). He does now.

Part of my Stack is Firefox which I like a lot except that your cyber security leaves one thing as an exposure.

If one were to browse to a poisoned website (namely one infected with malware of some type) and click on an inserted link, malware is automatically downloaded and installed. Firefox does nothing to stop the system from being infected. This kind of website is one that pops up with a big red screen saying your machine has been infected with a “trojan” or some such. Do not attempt to turn off your system and call Microsoft Support at xxx-xxx-xxxx” (often an 800 #). Indeed, the browser is locked and can’t be closed from a normal action. (When I install Firefox, I setup the security features for my Clients including telling it to block pop-up windows and Warn you when websites try to install add-ons in the Privacy & Security, Permissions section. I have my Clients systems under my control via Splashtop Remote Support into my office. If the “Tech” hasn’t messed up my Splashtop install, I will go in, use Task Manager to shut down Firefox and then clean the system. If the “Tech” did mess up my Splashtop install, the system will have to be sent to me to fix. I have Clients in several states across the southern part of the country.

If the Client calls the 800# the “tech” will remotely access their system and totally messes it up with registry entry’s, replacing files with corrupted versions and such actions. All of this to raise the cost to my Client. They will charge the Client about $700 to $800 but also they will get the Client’s Credit card information to sell. The Client will then call me and often the system is so messed up that I have to reload the OS and missing applications plus my time and the total cost to the Client is often well over $1,000.

I have been looking for software that will block these poisoned websites. The only one that I have found that looks like it will work is Threatlocker. While a good product, the company has its head in the wrong place as far as setting up resellers. I am a reseller and have been in business for over 28 years and have had many vendor relationships. These folks want us to sign both an End User Agreement (that makes me responsible for the way that my Clients use their software) plus they want me to sign a Partner Agreement. In my mind I cannot be both and certainly will not agree to be the end user.

Back to what I am asking help on is the automatic install of the malware off of the poisoned website. Perhaps a browser “setting” to ask for an override button option to be able to install software on the system. If I chose this in the Firefox Settings it will take an action on the part of the user to override the automatic install. In fact, if we could add to the option a number of times (and maybe a message, like CALL BILL before you proceed) that the override button has to be pressed to do the install. The more I can get the user to think, the better it will be for them and the more they will appreciate Firefox and me. No other browser has any feature like this.

Asked by wjett 4 izinyanga ezidlule

Last reply by Amelia 3 izinyanga ezidlule

Why Firefox (ESR version) manual update is failed on selective machines

Launch Firefox, manually check for latest update by going to settings > Help > About Firefox. However the manual update keep showing update failed. Other than Mozil… (funda kabanzi)

Launch Firefox, manually check for latest update by going to settings > Help > About Firefox. However the manual update keep showing update failed. Other than Mozilla config file, can we use GPO to configure auto update for Firefox browser?

Asked by chin_leng_ooi 4 izinyanga ezidlule

Last reply by Mike Kaply 3 izinyanga ezidlule

Why Firefox (ESR version) manual update is failed on selective machines

Launch Firefox, manually check for latest update by going to settings > Help > About Firefox. However the manual update keep showing update failed. Other than Mozil… (funda kabanzi)

Launch Firefox, manually check for latest update by going to settings > Help > About Firefox. However the manual update keep showing update failed. Other than Mozilla config file, can we use GPO to configure auto update for Firefox browser?

Asked by chin_leng_ooi 4 izinyanga ezidlule

Last reply by Mike Kaply 4 izinyanga ezidlule

Symlink for policy.json disappears after an update

I've been using symlink policy.json for quite some time but I think ever since 91.x version of FF ESR, every incremental update removes symbolic link for policy.json. Any… (funda kabanzi)

I've been using symlink policy.json for quite some time but I think ever since 91.x version of FF ESR, every incremental update removes symbolic link for policy.json. Any idea why that happens and how to fix that??

Asked by Serpher 4 izinyanga ezidlule

Last reply by Mike Kaply 4 izinyanga ezidlule

Add exception to self-signed URL system wide

Hello everyone. We are using a software in my company that runs a local server with a self-signed certificate. In order to access the software right now we need to instr… (funda kabanzi)

Hello everyone.

We are using a software in my company that runs a local server with a self-signed certificate. In order to access the software right now we need to instruct the users to manually bypass the warning page for potencial security risks.

Is there a way to use an autoconfig or policy to automatically add the exception to that specific URL? I see that copying the cert_override.txt file in users profiles will add the exception, but I'd like to avoid that. I've also looked at a question with a similar problem here, but I couldn't get this specific solution to work on my end (Firefox ESR 91): https://support.mozilla.org/en-US/questions/1287443

Asked by marcelohmoraes 4 izinyanga ezidlule

Last reply by Mike Kaply 4 izinyanga ezidlule

Is there a global way to turn off dns over https and also make firefox use the system certificate store?

Is there a global way to turn off dns over https and also make firefox use the system certificate store? We have a dns filter that needs to resolve all dns querys and we … (funda kabanzi)

Is there a global way to turn off dns over https and also make firefox use the system certificate store?

We have a dns filter that needs to resolve all dns querys and we need a certificate on all systems to allow our Fortigate to do deep packed inspection on all traffic including encrypted.

Asked by dcrawford1 4 izinyanga ezidlule

Last reply by Mike Kaply 4 izinyanga ezidlule

  • Okugcinwe kunqolobane

Change Cache Size via Group Policy

We block our user's access to about:config in Firefox for security reasons. I need to set the browser.cache.disk.capacity and browser.cache.disk.max_entry_size for a gro… (funda kabanzi)

We block our user's access to about:config in Firefox for security reasons. I need to set the browser.cache.disk.capacity and browser.cache.disk.max_entry_size for a group of users as recommended by an online services provider. Those values are not available under the preferences policy in the ADMX template for Firefox. How can I set these values in group policy? Is there a registry entry I can make? I tried changing them on my computer and then finding the change in the registry but was unable to find the changed values.

Asked by scott.langley 7 izinyanga ezidlule

Last reply by Mike Kaply 7 izinyanga ezidlule

  • Okugcinwe kunqolobane

Supported Preferences

i am switching preference / policy management from the mozilla.cfg file to the admin template/GPO. i need to know if the following are still supported in the current rel… (funda kabanzi)

i am switching preference / policy management from the mozilla.cfg file to the admin template/GPO. i need to know if the following are still supported in the current release of Firefox ESR.

lockPref("app.update.enabled", false); lockPref("browser.download.dir", "N:"); lockPref("browser.download.downloadDir", "N:"); lockPref("browser.shell.checkDefaultBrowser", false); lockPref("dom.disable_open_during_load", true); lockPref("privacy.item.history", false); lockPref("xpinstall.whitelist.required", true); lockPref("browser.newtabpage.activity-stream.feeds.section.highlights", false); lockPref("browser.newtabpage.activity-stream.feeds.section.topstories", false); lockPref("browser.urlbar.autocomplete.enabled", false); lockPref("network.automatic-ntlm-auth.allow-non-fqdn", true); lockPref("plugin.default_plugin_disabled", "PDF, FDF, XFDF, LSL, LSO, LSS, IQY, RQY, XLK, XLS, XLT, POT, PPS, PPT, DOS, DOT, WKS, BAT, PS, EPS, WCH, WCM, WB1, WB3, RTF, DOC, MDB, MDE, WBK, WB1, WCH, WCM, AD, ADP"); lockPref("privacy.sanitize.promptOnSanitize", false); lockPref("privacy.sanitize.timeSpan", 40); lockPref("security.enable_ssl2", false); lockPref("security.enable_ssl3", false); lockPref("startup.homepage_welcome_url", ""); lockPref("startup.homepage_welcome_url.additional", ""); lockPref("toolkit.crashreporter.enabled", false);

if they are no longer supported, i need to know when (which release) they became unsupported. if there is a link that details all afailable preference and their support status, please provide that as well.

Thanks in advance.

Asked by grahjame 7 izinyanga ezidlule

Last reply by TyDraniu 7 izinyanga ezidlule

  • Okugcinwe kunqolobane

Using Local Policy on a NON-DOMAIN COMPUTER

I downloaded the admx files for Mozilla Firefox and put them in with the other Windows provided Administrative Local Policy Templates, thinking that it SHOULD show up in … (funda kabanzi)

I downloaded the admx files for Mozilla Firefox and put them in with the other Windows provided Administrative Local Policy Templates, thinking that it SHOULD show up in the Group Policy Editor tool provided with Windows 10. Apparently I could not have been more wrong. Does anybody know how to make the template show up on a non-domain (Home PC running Windows 10 Pro) computer? Granted, I know I can't control it from "Active Directory" since there is none, but I still want to add this functionality to the PC.

What I have tried: I renamed C:\Windows\PolicyDefinitions to C:\Windows\PolicyDefinitions.old I then Reopened GPEditor and verified all templates had been cleared of viewing (Empty set). I then created a new folder called C:\Windows\PolicyDefinitions and copied the files into it. It refuses to read the Firefox, but everything else shows back up. I downloaded the files again, and reinstalled them, but it still does not show up. I then Rebooted the PC, but my attempts were futile. Any assistance would be appreciated.

Asked by Twidget0831 8 izinyanga ezidlule

Last reply by Mike Kaply 8 izinyanga ezidlule

  • Okugcinwe kunqolobane

group policy

My purpose is deploy specific Certification Authority, which is available in network share, to Firefox by Active Directory group policy (Windows 2012 R2) or alternately t… (funda kabanzi)

My purpose is deploy specific Certification Authority, which is available in network share, to Firefox by Active Directory group policy (Windows 2012 R2) or alternately to set 'security. enterprise_roots' to 'enabled' so that Firefox can use Windows Certificate Store. Clients are using Firefox on Windows XP, 7, 10 and consequentially different Firefox version. Can I apply my task ? Suggestions ?

Asked by riccardo.castellani 9 izinyanga ezidlule

Last reply by Mike Kaply 9 izinyanga ezidlule

  • Okugcinwe kunqolobane

Policy.json wins over GPO

Thanks Mike for the description here: https://support.mozilla.org/en-US/kb/firefox-enterprise-87-release-notes by Mike Kaply Does the following section meant that policie… (funda kabanzi)

Thanks Mike for the description here: https://support.mozilla.org/en-US/kb/firefox-enterprise-87-release-notes by Mike Kaply

Does the following section meant that policies.json would win a conflict with a setting that is also set in GPO: The policies.json file is no longer ignored if policies are specified via GPO (Windows) or configuration profiles (macOS). The policies are combined with GPO or configuration profile taking precedence over policies.json where there are conflicts.

Asked by LEnS Amir 9 izinyanga ezidlule

Last reply by Mike Kaply 9 izinyanga ezidlule

  • Okugcinwe kunqolobane

distributing a customized Firefox in small enterprise

Hello everyone, I got around 50 windows clients to deal with and I wonder how to create a customized version to distribute via Kaspersky Security Center. What I intend i… (funda kabanzi)

Hello everyone,

I got around 50 windows clients to deal with and I wonder how to create a customized version to distribute via Kaspersky Security Center.

What I intend is to create an .msi, a folder or something to install. It should include some extensions like ublock or https-everywhere and such. I also like to have a customized theme included.

There are some ressources like AutoConfig or GPO GPO or repackaging installer. But I don't know if the procedures still work since the documents are three years old and, to be honest, I didn't manage to get anything work that way.

Isn't there a simple way to roll out Firefox in a company with some customization?

Thanks.

Asked by MagisterNavis 10 izinyanga ezidlule

Last reply by Mike Kaply 10 izinyanga ezidlule