すべての製品 Support Forum

Hi,

we want to switch our Firefox configuration from file-based (policies.json) to GPO-based. We rolled out the GPO on some test clients and it worked like a charm.

But... It shows that there are some clients which need a second firefox installation for a special purpose, which is not allowed to enter the internet or update itself.

The file-base configuration can handle these to different installations with two differend policies.json files.

Is there a way to accomplish this scenario with the use of GPOs? The GPO-base configuration seems to be global for every client.

At this moment i don't see a solution for our problem. Do you see one?

Hi!

Using Intune, we are setting some settings in Firefox. One that is a bit troublesome is the ExtensionSettings

Currently looks like this:

{

 "*": {
   "blocked_install_message": "Blocked.",
   "installation_mode": "blocked"
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "allowed"
 },
 "addon@darkreader.org": {
   "installation_mode": "allowed"
 },
 "@react-devtools": {
   "installation_mode": "allowed"
 }

}

I get the Blocked message if I try any of the allowed extentions like uBlock, Dark Reader or React Dev Tools.

I can add that uBlock had "force_installed" (With URL since that is required for force) and that worked fine.

I am reviewing my user.js and pref.js files in anticipation of deploying policy settings in GPO. As a part of the review, I am trying to document what each of the preferences in those files actually do, in order to be able to see in the future why a setting was set the way it was.

I am presently at the preference "pref.browser.language.disable_button.remove". Based on the name of the preference, I would think that if set to true, it would disable the remove button in the Webpage Language Settings window. (Hamburger menu -> Settings -> General -> Language -> Choose your preferred language for displaying pages)

When I set it to true, it does not disable the remove button but when I use the remove button, the preference is set to false.

Am I misunderstanding the purpose of this preference or is there more to using this preference than just setting its value in about:config?

Also, I see there are a number of other preferences that contain disable_button but that only one, "pref.privacy.disable_button.view_passwords", has a GPO policy for setting. I would expect that these preferences containing disable_button would all work in a similar way just each for a different button in the Firefox GUI.

If it matters, I'm running Firefox 115.3.1esr 64-bit en-ca on Windows 10.

Hi there,

We would like to disable ECH on our browsers as it is interfering with our Anti-virus Website blocks. I have identified the settings that need to be changed in about:config and was able to configure 2 of them to be controlled via a registry key but was not able to for another 3 as their keys should be placed in a different Key in the registry. I have searched all over but cannot identify the name for this Key.

The settings I need to manage are in the image. I was able to configure the settings beginning with network.dns but I am not sure how to manage the settings beginning with security.tls.ech

Any help would be much appreciated

I am trying trying to install the keeper extension via intune but am having trouble with the oma-uri. It looks right to me but I might be missing something. Prior to running this I followed https://mzl.la/3vYAIYT and added the Firefox ADMX. Both run successfully but it does not add the extension. Firefox version 116.0.3

OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings

String: <enabled/> <data id="ExtensionSettings" value=' {

 "*": {
   "blocked_install_message": Opps, this may have been a mistake reach out to IT.",
   "install_sources":["about:addons","https://addons.mozilla.org/"],
   "installation_mode": "allowed",
   "allowed_types": ["extension" ,"theme"]
 },
 "KeeperFFStoreExtension@KeeperSecurityInc": {
   "installation_mode": "normal_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/keeper-password-manager/latest.xpi",

"default_area": "navbar"

 },

}'/>

I have seen many references to this problem that Mozilla does not seem to want to fix.

I have to log in to my (remote) server regulary using the server IP address - there is not a domain name.

Every time (cookies/history always cleared on exit) it presents the message "Warning: Potential Security Risk Ahead" and then have to click advanced then accept the risk. Under previous versions I use, this could be stored so you do not have to go thrugh this process EVERY time on logging in to the server.

Everyone knows you can NOT assign a security certificate to an IP address so why does Mozilla not take this into consideration?

Will they change this in future versions?

Is there a work around (no config changes seem to work or chrome changes)

rgds JR UK

Hello I have installed german Firefox Version 117.0 (Build-ID 20230824132758) on Windows 10.

The following ExtensionSettings policy works as expected. The addons ublock and TreeTabs are both installed automatically.

{

 "*": {
   "blocked_install_message": "My Message",
   "install_sources": ["https://addons.mozilla.org/"],
   "installation_mode": "blocked",
   "allowed_types": ["locale", "extension"]
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi",
   "default_area": "navbar"
 },
 "TreeTabs@jagiello.it": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/tree-tabs/latest.xpi"
 }

}

But I don't want TreeTabs to be installed automatically on all workstations. So I want to change installation_mode to allowed.

{

 "*": {
   "blocked_install_message": "My Message",
   "install_sources": ["https://addons.mozilla.org/"],
   "installation_mode": "blocked",
   "allowed_types": ["locale", "extension"]
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi",
   "default_area": "navbar"
 },
 "TreeTabs@jagiello.it": {
   "installation_mode": "allowed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/tree-tabs/latest.xpi"
 }

}

But with this setting I'm unable to install it manually from https://addons.mozilla.org/de/firefox/addon/tree-tabs/ The message "An unexpected error occurred during installation." and a popup with the "blocked_install_message" "My Message" is displayed.

The same error occurs without the line (and the comma) "install_url": "https://addons.mozilla.org/firefox/downloads/latest/tree-tabs/latest.xpi"

I don't know why this does not work. Please help. Thank you.

One of our vendors websites does not load under Firefox ESR, with errors in the console pointing to CSP. Error is: Content Security Policy: The page's settings blocked the loading of a resource at inline ("default-src")

However if I load the site under the normal Firefox release, it displays correctly. When looking at errors in console, it is showing 3 errors for CSP, however it does not stop the site from working correctly. Content-Security-Policy: The page's settings blocked the loading of a resources at https://..... ("connect-src") or ("img-src")

The site is https://app.approvalmax.com If you get the login screen then the site is working otherwise just getting a green background when it is not working.

I am unsure why ESR and RR versions are behaving differently in this case. Using the latest versions of each.

I need to set the max TLS version to 1.3 and the min version to 1.2 on my shstems. The max and min TLS versions are set to 4 and 3 by default in about:config. If I use lockPref(“security.tls.version.max”,”3”), it is still 4 in about:config for some reason. If I set the min version to 2, it is still 3. This also doesn’t work if I use “SSLVersionMin”: “tls1.2” how can I fix this issue? Thank you in advance!

Are these supposed to look different, or am I just doing something wrong? In the image I included here, SanitizeOnShutdown and Preferences look different from FirefoxHome and look incorrect. I removed other policies to make this simpler, but all of the other policies with multiple policy values look just like FirefoxHome. It appears that SanitizeOnShutdown is at least working since my history is indeed getting cleared on shutdown, but I'm unsure whether this actually works when I set these to the settings they should be since they should all be false other than Locked. Am I doing something wrong here or are these two policies supposed to look like that for some reason? Thank you in advance for the help!

``` {

   "policies": {

"DisablePrivateBrowsing": true,

       "SanitizeOnShutdown": {
           "Cache": false,
           "Cookies": false,
           "Downloads": false,
           "FormData": false,
           "History": true,
           "Sessions": false,
           "SiteSettings": false,
           "OfflineApps": false,

"Locked": true

       },
       "FirefoxHome": {
           "TopSites": false,
           "Search": false,
           "SponsoredTopSites": false,
           "Pocket": false,
           "SponsoredPocket": false,
           "Highlights": false,
           "Snippets": false,
           "Locked": true
       }

"Preferences": {

   	    "browser.contentblocking.category": {
   			"Value": "strict",
   			"Status": "locked"
   		},
   		"extensions.htmlaboutaddons.recommendations.enabled": {
   		    "Value": false,
   		    "Status": false
   		}

}

   }

} ```

I am using the intune preview feature which allows you to import admx/adml instead of using the custom injection method. Everything works far better then with the injection method, except for one settings:

ExtensionSettings this setting is working when I have only one setting set (ex):

{"someplugin@test.com": { "installation_mode" : "allowed" }}

If I add a second line to the entry:

{"someotherplugin@test.com":{ "installation_mode" : "allowed"}}

I understand this is a new feature, but if I had the correct format that would work for HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\ExtensionSettings to allow two plugins to work I belive I shouldn't have any issue getting the admx feature to do this, I even tried manually editing the registry setting and it breaks whenever I add the second line to it.

I recently deployed Mozilla Firefox 102.4 ESR here in our environment expecting that when a new version is released Firefox would automatically update on clients computers. Well today I noticed at a new release is out but isn't automatically updating on end users workstations. Does Firefox ESR not automatically update?

In Supernova (v115) on Windows 11, when I view a message by double-clicking it to open it in a new window, I can set the Mail Toolbar to visible, then right click on it and select Customize. In previous versions I would put large icon/text button up there for Reply, Reply All, Forward, Print, and Delete. Those buttons don't appear to be available in Supernova for this toolbar.

Some of them appear to be in a fixed area as buttons with text beside the icon, and this area does not appear to have any customization available. For example, I don't use the Junk and Archive buttons, so if this "button area" must remain visible in this position, I'd like to be able to customize which of these buttons are visible.

My real preference would be to not have these buttons appear where they are now (to the right of the FROM: info), but instead to be able to have them in the Mail Toolbar at the top of the window as I could in the past. See attached screenshot for clarification of the Mail Toolbar->Customize window that doesn't currently allow for Reply, Reply All, Forward, Print and Delete to be added to the top Mail Toolbar.

Hi All,

I have recently been enhaciing our security posture and have started sorting out our browser extensions, however I seem to be having errors allowing 2 extensions

• 1Password; and
• Firefox Multi Containers.

This is my json:

{ "*": { "blocked_install_message": "version 0.4 - Addon or Extension is not approved. Please submit a ticket to Help Desk if you need access to this extension.", "install_sources": ["https://addons.mozilla.org/"], "installation_mode": "blocked" }, "{bc8367b6-d946-484e-8da6-37691f23ee64}": { "installation_mode": "allowed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/1password-x-password-manager/latest.xpi" }, "{2a28e7e4-64c9-4e7f-81fb-0475af840c0f}": { "installation_mode": "allowed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/multi-account-containers/latest.xpi" } }

I have tried the obvious and removed the {} from both extensions, however still having troubles.

Is someone able to point me in the right direction?

GOOGLE WILL NOT LET ME SIGN IN ON FIREFOX. I can sign in will all other browsers but I get this message on Firefox:

Couldn’t sign you in This browser or app may not be secure.

I have cleared cache, cookies. Checked for updates...rebooted, ect. Nothing works.

HELP!!!!

Version: Firefox ESR 102.9.0 (64-bit) - Windows 10 Enterprise 22H2

Customers have been complaining for about 6 months that they can no longer drag and drop email attachments from Outlook (Microsoft Office Professional Plus 2019 - Exchange) into a Help Desk formula. I tested dragging from Outlook desktop and from the web version.

Drag and Drop works when using Edge and Chrome.

This is not a major issue, since customers can use the other browsers, but since they would prefer to use Firefox, a fix would really be appreciated.  :-)

I figured out that Comcast hijacked all my Firefox bookmarks and moved them to their internet email platform. I still like and will always use Fire-Fox. I today removed all my bookmarks from the Comcast platform that were my Fire Fox bookmarks and only left their one and only email bookmark on Comcast platform. I can only assume this was a per-arranged maneuver and you were aware of this. I sure the long 4th weekend made time for a underhanded switch over for Comcast.

Dear Team, Our application is accessible on Firefox v101.0.1. But recently we have upgraded our desktops with Firefox v112.0.1. The same application accessible on Firefox 101.0.1 is not able to accessible on v112.0.1.

The error code we could see on browser is SEC_ERROR+PKCS11_GENERAL_ERROR. We have already raised a case with HTTP support team but they have suggested to check at browser level. We had also collected traces from firefox but unable to upload the same. Kindly help here at the earliest. Thanks, Shruti Fegade

Good morning,

Can you please answer some questions regarding the Rapid Risk Assessment tool that is available at the following link:

https://infosec.mozilla.org/guidelines/risk/rapid_risk_assessment.html

1. Will any information input into the tool be hosted within the United Kingdom's Servers? 2. Can you please clarify if any information submitted to the RRA toll is retained on your Servers? 3. Is there the option to configure the tool so that no information submitted is retained after the session has terminated.

Kind Regards,

Mark Gormley.

This might be a simple question. Does Firefox ESR still supports NTLM v1 ? Can we still add the value "network.negotiate-auth.delegation-uris" in preference. Does that enabled NTLM v1. Is there any document or release notes that states Firefox is disabling this setting from Firefox 78 and later. Some how I am not able to find it in release notes.