Firefox for Enterprise Isithangami Sokwesekwa

we want to control the actions over all browsers, don't want common users to download anything via firefox, how to disable the download in firefox via GPO? thanks.

I recently deployed Mozilla Firefox 102.4 ESR here in our environment expecting that when a new version is released Firefox would automatically update on clients computers. Well today I noticed at a new release is out but isn't automatically updating on end users workstations. Does Firefox ESR not automatically update?

Hello,

We have a vulnerability scanner in our environment that tells us when Firefox needs to be updated. We found that in order to update it, we need to go the settings tab and then to the updates portion of the menu to initiate the update. After this we are asked to restart. Any way to avoid this entire process?

Can we set up these gpo`s so that there is a check for dependencies?

Windows (GPO)

Software\Policies\Mozilla\Firefox\SecurityDevices\Add\NAME_OF_DEVICE_TO_ADD = PATH_TO_LIBRARY_FOR_DEVICE Software\Policies\Mozilla\Firefox\SecurityDevices\Remove\1 = NAME_OF_DEVICE_TO_REMOVE

Thank you.

Is there a way to force Firefox updates within a specified time window via group policy? The ADMX templates appear to allow enabling or disabling updates or enforcing background updates, but we are not seeing an option in Group Policy to configure a delay or time window for searching for app updates.

I figured out that Comcast hijacked all my Firefox bookmarks and moved them to their internet email platform. I still like and will always use Fire-Fox. I today removed all my bookmarks from the Comcast platform that were my Fire Fox bookmarks and only left their one and only email bookmark on Comcast platform. I can only assume this was a per-arranged maneuver and you were aware of this. I sure the long 4th weekend made time for a underhanded switch over for Comcast.

Good morning,

Can you please answer some questions regarding the Rapid Risk Assessment tool that is available at the following link:

https://infosec.mozilla.org/guidelines/risk/rapid_risk_assessment.html

1. Will any information input into the tool be hosted within the United Kingdom's Servers? 2. Can you please clarify if any information submitted to the RRA toll is retained on your Servers? 3. Is there the option to configure the tool so that no information submitted is retained after the session has terminated.

Kind Regards,

Mark Gormley.

I've successfully added all the admx profile settings we want for our deployment except I can't seem to get right syntax for adding multiple sites to the exception list. We've successfully blocked all urls in the block oma-uri but for the exception it only shows a single example not multiple. (https://github.com/mozilla/policy-templates#websitefilter site) OMA-URI:

./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Exceptions

Value (string):

<enabled/> <data id="WebsiteFilter" value="1*://*companyurl.com/*"/>

this works.. all internal sites are accessable. what i want to do is as well make these sites avail as well *://company.sharepoint.com/* accessable and

• //login.microsoftonline.com/*

I've looked at https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Match_patterns but i can't seem to find proper format for multiple that doesn't cause line to either be ignored or errored out

any assistance would be appreciated

I am using the most recent Firefox ADMX templates and I am unable to get bookmarks to show up using JSON. I have verified that the GPO is applied, and there is a registry key being created under the user's profile, however it is not the right registry key.

The key it is creating: SOFTWARE\Policies\Mozilla\Firefox\Bookmarks Type: Reg_Multi-SZ

If I rename this registry key from Bookmarks to ManagedBookmarks, the bookmarks show up and work as intended.

I do not see "ManagedBookmarks" in the GPO anywhere. If I am not setting "ManagedBookmarks" in the correct location then please show me where I am supposed to set them. I am tempted to just modify the ADMX template and have it create the registry key "ManagedBookmarks" instead of "Bookmarks" as that seems to work, but I can't imagine this is how the devs wanted this.

I work in an enterprise environment. We have certain requirements that we must maintain for our system to maintain accreditation. One of these requirements is to prevent the installation of add-ons using the policies.json file.

We are also trying to develop an extension that adds banners to each page the user interacts with. I understand this can be loaded using the process [https://support.mozilla.org/en-US/kb/deploying-firefox-with-extensions|he...] and does not have to be signed following this [https://support.mozilla.org/en-US/kb/install-system-add-ons-firefox-enter...] .

My question is, before embarking on the journey to create this web extension, can it still be installed following the enterprise process, despite being denied by default by the policies.json? Or is there a way to allow for the extension to be installed by changing the policy?

Been managing bookmarks for users through Intune, but for some reason on my HP Elitebook 840 I keep getting an error "Unable to parse JSON for ManagedBookmarks" I haven't changed anything to the bookmarks before swapping to the HP laptop from a Dell 5410. I have double-checked GitHub for the proper string for bookmarks and everything looks to be correct as well as submitting a support case with Microsoft who checked it and say it is something on Firefox's side that needs fixing.

I am also constantly getting this unknown extension setting. Not sure why I have this or where I can remove it.

ExtensionSettings {"firefoxhpsureclicksecurebrowsing@bromium.com":{"installation_mode":"blocked"},"firefoxhpwolfsecurityextension@bromium.com":{"installation_mode":"blocked"}}

We have Firefox-ESR in use and we are using Applocker.

When we enable applocker dll Rule policys and start https://shaka-player-demo.appspot.com page clearkey addon crashes.

We have allowed widevinedrm.dll in applocker rule policys, and we have used Process Monitor to track which dll file / files are being "locked" but we cant seem to pinpoint it.

Where does Firefox-ESR run DRM content and which dll files are needed to run ?

What we know that it is caused by applocker DLL rule policys, when disabling it clearkey addon does not crash and drm content can be played.

Also Applocker eventlogs does not show anything related to this.

br Ben

Hello. I have trying to test a GPO this week that will lock down the use of extensions. In summary we are shifting to a complete "deny all/allow by exception format".

As a reference I have been using the below article as my source on how to set this up. https://github.com/mozilla/policy-templates#extensionsettings

After reading through the article the base example they have works flawlessly. I have put this base example below.

{

 "*": {
   "blocked_install_message": "Custom error message.",
   "install_sources": ["https://yourwebsite.com/*"],
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
 },
 "https-everywhere@eff.org": {
   "installation_mode": "allowed"
 }

}

The minute I try to change it though the whole thing breaks. For context, I have tried adding 1 password as a forced installed add in, and also try placing it below under allowed. See my example below of the one where I am putting it is allowed. Any idea of what I am doing wrong?

{

 "*": {
   "blocked_install_message": "Custom error message.",
   "install_sources": ["https://yourwebsite.com/*"],
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
 },
 "*": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/1password-x-password-manager/latest.xpi"
 }

}

Hi there,

we trying to restrict internet access that used Mozilla Firefox on client computers through Microsoft Intune.

We have already configured policy by uploading ADMX template & Custom OMA-URI as described in https://github.com/mozilla/policy-templates/blob/master/README.md 

We are trying to add custom allowed web sites to "WebsiteFilter" OMA-URI ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Exceptions. added web sites are not allowed. my question is what is the best way to enter URLs (I mean format) to allow list & how I can used wild card to allow all the web sites of one specific domain. eg:- microsoft

I work for the local County and we recently got a new content provider that allows for SSL Inspection (Barracuda 410) but it requires a certificate to be installed on every device to work. I am aware of Edge having a way to create a custom installer that would allow us to preinstall the proper certificate, but was wondering if Firefox had the same thing. I am also needing to know that if we push out the version of Firefox with the certificate preinstalled, would it auto import our user's data from their current install of standard Firefox?

In our organization, we enforce through group policy to clear cookies and site data each time the browser is closed. I see there's an exception list to define certain sites that it will not clear cookies or site data. Where in group policy can this exception be set.

This option can be seen (allow) from the article here under Block cookies and site data for more than one website > Step 3 https://support.mozilla.org/en-US/kb/block-websites-storing-cookies-site-data-firefox

Thanks,

on GitHub the commands are all based on Java https://github.com/mozilla/policy-templates#preferences

Is there a list of all available registry settings? Or where do these Java options come from, where can I read them out?

Hello,

We have set up a GPO in our Active Directory environment for the install of Firefox which works great, however since at least version 90, we have had an issue where Firefox won't uninstall automatically when removing the computer object from the security group associated with the GPO. The box is ticked to "uninstall this application when it falls out of scope of management", which works for every other GPO we have created. The computer removes the assignment of the application, but does not then remove the application as it should.

Are you aware of this issue?

Thanks.

We have put user and computer startup scripts to detect and delete firefox from our enterprise customers. Firefox cannot be kept SAFe through InfoSec.

InfoSec and SAFe require the business be in charge of security which is what our customers understand. They constantly find firefox out of date and vulnerable. We have tried over and over to use the firefox admx files to force background update both at the computer and user OUs but find that users can uncheck the box and it remains vulnerable and out of compliance. Edge and Chrome can be controlled by the business (not end user) through group policy and kept up to date and we never find either out of date by implementing our policies.

Firefox constantly tells end users how to check the boxes and no group policy can enforce them as we don't see the registry updated even though we even put a registry patch in, firefox is still in the control of the end user and not SAFe. If you don't know what I mean by SAFe, check this out.

https://www.scaledagileframework.com/devops/