Firefox for Enterprise Community Forum

Hello,

I am reaching out to gain information on ADMX GPO policies. We are retiring Policy Pak which used to add all the policies and secure Firefox for Enterprise. What we noticed is that Policy Pak used the app set to apply these policies and we are noticing that native GPO's for the most part to match the Policy Pak policies is not as accurate for GPO's My ask here is there any Most Viable Product suggestions to apply Native GPO's for securing Firefox.

We use ESR due to its stability and long term security updates, and we use Duo as our SSO/IDP.

We have Duo set to deny login when the browser is more than 6 mo out of date, but due to the way FF reports only the main version number via the user agent Duo is unable to determine that FF ESR is actually up to date and thinks that it's too old and my users are being denied login or getting an erroneous message about needing to update their browser.

Is there a way to set FF to report it's whole version to Duo? We would prefer not to have to "outlaw" FF in our prod environment if at all possible.

My company has been using the same customized autoconfig.js without issue since last year's FF 115 esr release on our Ubuntu servers.

cat /opt/firefox-115.13.0esr/defaults/pref/autoconfig.js pref("browser.tabs.inTitlebar", 0); pref("general.config.filename", "firefox.cfg"); pref("general.config.obscure_value", 0); pref("general.config.sandbox_enabled", false); pref("pdfjs.annotationEditorMode", 1);

Now we are testing the 128 esr next releases with the same config and getting the failed to read the configuration file. please contact your system administrator error

cat /opt/firefox-128.1.0esr/defaults/pref/autoconfig.js pref("browser.tabs.inTitlebar", 0); pref("general.config.filename", "firefox.cfg"); pref("general.config.obscure_value", 0); pref("general.config.sandbox_enabled", false); pref("pdfjs.annotationEditorMode", 1);

If remove pref("general.config.obscure_value", 0); or set it to 1, the error goes away, but our actual firefox.cfg does not get read and are configs are not present at all.

We followed the links below to block internet access in Firefox browser:

https://www.youtube.com/watch?v=fAGYYX5hYb8 https://github.com/mozilla/policy-templates/releases

We downloaded the ADMX and ADML files. Using these files, we were able to locate Mozilla Firefox in Group Policy Management and successfully block all websites in the Firefox browser using the pattern :///*.

However, we encountered an issue with exceptions. We do not wish to block certain websites, including localhost. We attempted to use the "Exceptions to block websites" option, providing values such as ://msn.com/ to exclude specific sites. Unfortunately, this approach did not work as intended. For instance, msn.com is one of the websites we want to allow, among others and also localhost.

We require assistance with the following issue: "Exceptions to block websites" is not functioning properly within the group policy of Mozilla Firefox.

Hello,

I am using firefox 126.0 on linux mint 21.2 with an policy file in the directory "/usr/lib/firefox/distribution/policies.json". This is just working fine with one little problem. When opening firefox the first time, it does not apply the policy to set the startpage to the url in the policy file. All other policies seem to be applied correctly. I figured out, that at the first start of firefox, no user profile (folder) "~/.mozilla/" exists. When i click the little "house" button on the the top besides the refresh buton, the correct startpage is shown. After the first start this folder is created and then the policies work fine even the startpage shows up directly. Can I somehow use a template profiles-folder for new users, so they have the correct firefox feeling at the first start or is there something missing in my policy file ? The policy file has rights set to "644 root:root" Image of the policy file is attached because I can't upload files other then images.

Thank you.

Hello,

My company recently started using ActivTrak Monitoring software and I need some help configuring the setup for Apple computers. I'm trying to create a custom .mobileconfig to automatically turn on the browser extension and then stop the end users from turning the add-on off. I can successfully install and lock the extension on once installed but need to manually activate the add-on first. What do I need to add to the plist to enable the extension automatically?

Thank you!

Hi supporting teams / volunteers,

A Microsoft Purview extension was added via GPO previously, and we would like to enable the two settings (indicated with red box), may I know if anyone might have clues on that please? Also, would like to also check if we could remove the extension from users' end, since it said "can't be removed". Many thanks.

Best regards, Vincent

Hi all

I like to enforce the following setting "Require device sign in to fill and mange passwords" in the mozilla.cfg but I couldn't find the setting in about:config.

Can anyone help?

Regards

Ogami

Hello,

I have enabled the Allow Windows single sign-on for Microsoft, work, and school accounts setting via GPO for Desktops, and it is showing as ticked.

Additionally, within Settings > Email & Accounts, my account is showing underneath Accounts used by other apps

However SSO does not seem to be working whenever I go to the likes of office.com

However, within the likes of Google Chrome (with the Microsoft Single Sign On Extension), SSO works seamlessly.

Does anyone have any ideas?

Thanks so much.

I'm having trouble find clear directions online on how to import Firefox Developer Edition into my Intune App Catalog to deploy it to users. I was able to convert the .exe installer into a .intunewin file but Intune won't import it for some reason. All the other directions i keep finding just direct me to creating a custom configuration policy around FireFox but it looks like it is just the basic Firefox for Enterprise.

I'm hoping to either get directed to actual directions for this or even a .msi installer for the developer edition. Does that exist?

I have a number of servers which need firefox updating They do not have internet.

There is one machine that does have internet

How do i get them to point to that server for updates?

FF should have an easy deployment console for rolling out their product.

I saw something about an MAR server however its not clear.

We just have WSUS so cant use that to update like Edge.

Hello!

I manage our browser configuration for our enterprise. We use group policy to restrict browser addons until they clear our internal security review.

I'm looking for a way to allow specific addons using group policy, while generally blocking everything else.

I've found the setting to enforce the installation of addons, but we'd like to avoid forcing every addon to install on every system as there would be overlap between things like password managers and such.

Is there a way to accomplish this?

Hello,

We have a client using Azure Virtual Desktops. Most of the users prefer to use Firefox. We are having an issue that anytime we update Firefox and reimage the virtual hosts. When the users login they get a new Firefox profile. We have to remote in and copy their old profile data to the new profile.

Is there a better way for us to handle Firefox and profiling in and Azure Virtual Desktop deployment?

Unattended software (kiosk) here.

Sometimes (so rarely that I cannot reproduce in dev) the client sees this error screen: "Firefox closed unexpectedly while starting..." (see image in attachment)

Sometimes when rebooting the error goes away and Firefox starts normally.

Sometimes even when rebooting the system - this vertical error screen appears, and one solution is to reinstall Firefox, but I'd like not to (if not necessary) or at least programmatically detect the issue and perform the needed actions.

QUESTIONS: How to programmatically detect (bash i.e.) that this error window is present and get rid of it properly? Or, how to (for debugging) force that screen to appear (to force that broken state)?

PS: I'm running Firefox using:

nohup firefox -P ff_custom_profile -new-instance -private-window -kiosk "$url" > /dev/null 2>&1 &

Thank you for any assistance or insight

Hi,

I already have the admx and adml templates installed on my gpo. I would like to control or prevent the install of vpn extensions on the firefox browser.

Specifically I would like to prevent the install of all vpn extensions to the firefox browser for the users in my company. I would like them to download and install other extensions. How could I do this through modifying the json file in the extensions folder of the firefox template in my gpo.

Thanks in advance, Floyd,

Hello,

We would like to deploy a configuration profile to our macbooks running Sonoma 14.5 and above. This is being done via Jamf MDM. However when we use our current plist to configure settings, They are not being applied correctly, The issue seems to be with the firefox plist itself and not our Jamf deployment. Would you be be able to advise or could we ask for a plist template that could achieve this?

Thanks.

Does anyone possess expertise in executing a forced update for Firefox within the user's profile directory located at "AppData\Local\Mozilla Firefox"? It would be advantageous to employ a PowerShell script for rectifying this issue. It appears that certain users are not frequently opening Firefox, thus impeding the automatic update process.

Hi, I would like to implement GPO settings for Firefox, and would like to review the list of the policies with description (explanation of what the policy is about and what happens if its enabled or disabled) on a table or excel format. Is there a site or page that will give me that list?

We are deploying Firefox installed via the v122 binary on Ubuntu 22.04.4 Server w/ubuntu-desktop-minimal --no-install-recommends (we need to have no-user-interaction install). We are using an Ansible playbook to copy over and unarchive the tarball, then create a firefox/distribution folder in the install directory and copying a profiles.json file to said folder, links the install directory to the /usr/bin/local directory, and setting firefox.desktop as the system default browser.

Using the instructions from: https://mozilla.github.io/policy-templates/

What we are hoping to accomplish is the user who has never launched Firefox will click on a link in an application, which will launch Firefox and go directly to the requested page. As it stands right now, the first time a user clicks the link, it launches firefox and shows a start page. The user must then close this window, and click the link again. This brings up a "Use Firefox as the default browser" prompt, which the user must accept, but then does not display the link. The third time the user clicks the link, the requested page pops up, and works from this time out.

We would like to have this be a one-click experience for the user. Looking at the options in about:config after getting firefox to launch, it appears firefox is not getting the options from the profiles.json file. Are we missing something about placement of this file? Missing some lines? Should we be using AutoConfig instead? Thank you for any assistance!

{

   "policies": {
       "Homepage": {
           "StartPage": "none"
       },
       "Preferences": {
           "browser.shell.checkDefaultBrowser": {
               "Value": false,
               "Status": "default",
               "Type": "boolean"
           },
           "browser.shell.skipDefaultBrowserCheckOnFirstRun": {
               "Value": true,
               "Status": "default",
               "Type": "boolean"
           },
           "browser.startup.homepage_override.mstone": {
               "Value": "ignore",
               "Status": "default",
               "Type": "string"
           }
       },
       "PopupBlocking": {
           "Default": false
       },
       "DontCheckDefaultBrowser": true,
       "OverrideFirstRunPage": "",
       "OverridePostUpdatePage": ""
   }

}

Hi,

We are using Firefox Enterprise on Windows Server 2016 Remote Desktop for approx 100 users.

The users need very often to create a new profile when launching FireFox, and then loose all their bookmarks.

Is there a way to manage the profiles correctly to bypass this problem ?

Thank you for your help ! Have a nice day.