Firefox for Enterprise Support Forum

In our organization, we enforce through group policy to clear cookies and site data each time the browser is closed. I see there's an exception list to define certain sites that it will not clear cookies or site data. Where in group policy can this exception be set.

This option can be seen (allow) from the article here under Block cookies and site data for more than one website > Step 3 https://support.mozilla.org/en-US/kb/block-websites-storing-cookies-site-data-firefox

Thanks,

on GitHub the commands are all based on Java https://github.com/mozilla/policy-templates#preferences

Is there a list of all available registry settings? Or where do these Java options come from, where can I read them out?

Hello

I am looking for a way to disable the QUIC protocol in Firefox by GPO. I got your latest AMDX templates but I don't see the option to modify network.http.http3.enabled.

Either an AMDX template with this option or a Registry will do the trick

Thanks

I am installing Firefox via microsoft endpoint, and deploying multi account containers with the OMA-URI policy for extensions. (this blog page is super helpful! https://securitygeneralist.blogspot.com/2019/08/auto-installing-extensions-on-firefox.html )

The extension by default has containers for Personal, Work, Banking, Shopping.

Is there a way to automatically remove that default container list as part of the install?

Even better, is there a way to create a different default containers list through Endpoint?

Thanks

We have a requirement to limit Firefox to just one internal website. Other browsers should have unlimited access, so we do not want to block websites on operating system level. I do not find any solutions in ADMX or add-ons. Please advise if anybody has a trick under the sleeves ? Thank you.

Environment: Windows 10 22h2 clients, latest ESR build, Domain servers Windows 2016 or better.

So I followed the guide https://github.com/mozilla/policy-templates/blob/master/README.md#extensionsettings and tried to set up the config. We are using the latest ESR build but after the settings is applied I still dont have working extensions.

Here is the code

{
     "*": {
           "blocked_install_message": "Addon or Extension is not approved. Please submit a ticket to Help Desk if you need access to this extension.",
           "install_sources": ["https://addons.mozilla.org/"],
           "installation_mode": "blocked"
     },
     "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/adblock-plus/latest.xpi"
           },
     "ciscowebexstart1@cisco.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/cisco-webex-extension/latest.xpi"
     },
     "{d0210f13-a970-4f1e-8322-0f76ec80adde}": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/instapaper-official/latest.xpi"
           },
     "appstore-mini@feedly.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/feedly_mini/latest.xpi"
           },
     "extension@one-tab.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/onetab/latest.xpi"
           },
     "support@lastpass.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/lastpass-password-manager/latest.xpi"
           },
     "sweb2pdfextension.4@kofax.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/kofax-pdf-create-4-0/latest.xpi"
           },
     "Aternity-WebExt-12.1.4@aternity.com": {
           "installation_mode": "allowed",
           },
     "its_addons_wrap@onelog.com": {
           "installation_mode": "allowed",
           "install_url": "https://extensions.onelog.com/extension/onelog.xpi"
     }

}

I have placed the settings in HKCU but also tried in HKLM and there has been no difference. in each case I get Unable to parse JSON for Extensionsettings when checking the about:policies section and when I look at the registry I see the REG_MULTI_SZ value but when i click on it to read it I get another error message. Cannot edit ExtensionSettings: Error reading the values contents.

I tried re-entering the code and tried not listing the install URLs and even tried only listing 1 item. I haven't been able to get past this error so any help would be greatly appreciated.

Hello,

We have a vulnerability scanner in our environment that tells us when Firefox needs to be updated. We found that in order to update it, we need to go the settings tab and then to the updates portion of the menu to initiate the update. After this we are asked to restart. Any way to avoid this entire process?

Hello, in Firefox browser, my organization has always blocked all extensions except for ones we allow through OMA-URI ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings.

About a month ago this stopped working and our end users can now install any extension in the Firefox browser that they choose, without approval, creating a security risk.

When checking in about:policies, there is a policy error: Unable to parse JSON for ExtensionSettings. We have checked with Microsoft Intune support and they verified that the policy looks to be configured and targeted correctly.

Here is a snippet of our JSON, this is a test policy where microsoft support had us remove "about:addons" from the 'install sources'. Both test and production policies are not working.

<enabled/>
<data id="ExtensionSettings" value='
{
    "*": {
        "blocked_install_message": "Contact Service Line",
        "install_sources": ["https://addons.mozilla.org/*"],
        "installation_mode": "blocked",
        "allowed_types": ["extension"]
    },
    "cloudmetering@snowsoftware.com": {
        "installation_mode": "force_installed",
        "install_url": "file:///C:/Program Files/Snow Software/Inventory/Agent/FFCloudmetering.xpi"
    },
    "fpdlpffext2@forcepoint.com": {
        "installation_mode": "force_installed",
        "install_url": "file:///C:/Program Files/Websense/Websense Endpoint/winFFext.xpi"
    },
    "jid1-5AULKXLKGyjuLQ@jetpack": {
        "installation_mode": "allowed"
    },
    "abb@amazon.com": {
        "installation_mode": "allowed"
    },
    "ciscowebexstart1@cisco.com": {
        "installation_mode": "allowed"
    },
    "linkedinConverted@firefox-extension": {
        "installation_mode": "allowed"
    },
    "{7bc53591-5218-45a0-b572-4366979097fd}": {
        "installation_mode": "allowed"
    },
    "queryamoid@kaply.com": {
        "installation_mode": "allowed"
    },
    "jid1-93WyvpgvxzGATw@jetpack": {
        "installation_mode": "allowed"
    },

Is this a bug? Or something wrong with our configuration? Has firefox changed the requirements of the extensionsettings OMA-URI?

Thanks for any help in advance.

Hello,

We have set up a GPO in our Active Directory environment for the install of Firefox which works great, however since at least version 90, we have had an issue where Firefox won't uninstall automatically when removing the computer object from the security group associated with the GPO. The box is ticked to "uninstall this application when it falls out of scope of management", which works for every other GPO we have created. The computer removes the assignment of the application, but does not then remove the application as it should.

Are you aware of this issue?

Thanks.

Hi all,

I need to be able to disable the option to save Credit Card/Debit cards through group policy, has anyone got a few steps to help me through this?

Thank You

Hi,

I'm blocked because for my company i have to make a GPO that will setup the default handler for pdf files. I picked up different codes on internet but it went the same way for all of them, it didn't work. Im pretty sure that's not a GPO application issue because actually all the others setings are working perfectly.

The json code was paste on the Handlers settings as u can see in the attachement.

Hopefully that i will find help there.

Cordially.

My organization would like to keep automatic updates for Firefox enabled. However, each update prompts end users to create a new profile. We've provided them with instructions on how to navigate to about:Profiles and find the Firefox profile that has their bookmarks. The same set of instructions then guides them on how to save that profile as their default too. Unfortunately, our end users aren't very good at this and sometimes they have to repeat the process for a few days in a row. Which I assume is due to subsequent Firefox updates, but I'm not sure.

That said, is there anything we can do that'd avoid end users from having to go through this process for every Firefox update?

Hello,

I am managing Firefox for a very large organization. We have several extension that we deploy using registry keys and we don't allow users to install additional addons. However, since version 102.3 I noticed some extensions that are present on the machine as .xpi files, but should not install unless a specific application is also present, are also being activated. They are enabled in the add-on manager, the information is present in the "extensions.json" and "extension-preferences.json" files. This should not happen. Is there any way to prevent the activation of these files?

Thank you!

I am currently trying to configure a very old network switch that requires Java. I have tried using the Firefox ESR (Extended Support Release) but i cannot seem to find or get the java plugin installed. I also tried downloading and installing firefox version 51.

What could i do to resolve this issue? I also tried using internet explorer but my computer refuses to install internet explorer because "it is already installed" even though it is not.

We have put user and computer startup scripts to detect and delete firefox from our enterprise customers. Firefox cannot be kept SAFe through InfoSec.

InfoSec and SAFe require the business be in charge of security which is what our customers understand. They constantly find firefox out of date and vulnerable. We have tried over and over to use the firefox admx files to force background update both at the computer and user OUs but find that users can uncheck the box and it remains vulnerable and out of compliance. Edge and Chrome can be controlled by the business (not end user) through group policy and kept up to date and we never find either out of date by implementing our policies.

Firefox constantly tells end users how to check the boxes and no group policy can enforce them as we don't see the registry updated even though we even put a registry patch in, firefox is still in the control of the end user and not SAFe. If you don't know what I mean by SAFe, check this out.

https://www.scaledagileframework.com/devops/

Hi,

I've been struggling for a week to try and get our extensions managed in Firefox. Firstly I tried doing it in Intune through the Extension Management setting in the ADMX however that wouldn't work as it couldn't parse the JSON. Then I've tried using the OMA-URI ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings

I'm now getting a straight up error in Intune -2016281112 (0x87d1fde8). I've followed the documentation as best as I can but it still doesn't seem to work. In the Intune logs there is no record of the Config profile even being attempted. Any ideas as to what is causing this error? Here is the full code being used for the OMA-URI string:

<enabled/>
<data id="ExtensionSettings" value='
{

   "*": {
       "blocked_install_message": "This extension is blocked. Please contact the helpdesk for further assistance.",
       "install_sources": ["about:addons","https://addons.mozilla.org/*"],
       "installation_mode": "blocked",
       "allowed_types": ["extension"]
   },
   "rested@restedclient": {
       "installation_mode": "allowed"
   },
   "{c45c406e-ab73-11d8-be73-000a95be3b12}": {
       "installation_mode": "allowed"
   },
   "{5caff8cc-3d2e-4110-a88a-003cc85b3858}": {
       "installation_mode": "allowed"
   },
   "selenium-ide": {
       "installation_mode": "allowed"
   },
   "{a6fd85ed-e919-4a43-a5af-8da18bda539f}": {
       "installation_mode": "allowed"
   },
   "{16a49f65-1369-4839-a5ef-db2581e08b16}": {
       "installation_mode": "allowed"
   },
   "{5384767E-00D9-40E9-B72F-9CC39D655D6F}": {
       "installation_mode": "allowed"
   },
   "{83efb7a7-cf21-4f94-840a-316f651053ef}": {
       "installation_mode": "allowed"
   },
   "{edfc63b3-fc9b-4b6b-b9bf-4561ad548044}": {
       "installation_mode": "allowed"
   },
    "{f1a3d59a-f759-4d03-9545-6f741e64524e}": {
       "installation_mode": "allowed"
   },
    "cors-everywhere@spenibus": {
       "installation_mode": "allowed"
   }
}'/>

We have configured Windows Single Sign On to Microsoft 365 in Firefox 102.6.0esr (64-Bit).

We have embedded a Video from the new Microsoft Stream on SharePoint Online into a SharePoint 2019 onpremise Site via the provided iFrame. Here every user gets an endless Login Loop (see Screenshot).

If you open the deeplink to the video, Single Sign On works perfectly.

And this also works in Microsoft Edge, why the Microsoft support is not willing to analyse this issue further.

Do you have any ideas how to narrow down the problem?

Hello,

Firefox 102.6.0esr (x64) Firefox 108.2.0 (x64)

after implementing the bookmarks (JSON) setting by GPO policy, it turns out that an entry for Bookmarks is created in the registry and not ManagedBookmarks, which causes bookmarks not to appear in the bookmarks bar. When I manually rename a registry entry from Bookmarks to ManagedBookmarks, the bookmarks appear properly. Please let me know if I'm doing something wrong or if there really is a problem reported by me.

Yours sincerely Bart