Firefox for Enterprise Support Forum

Is there a way to force Firefox updates within a specified time window via group policy? The ADMX templates appear to allow enabling or disabling updates or enforcing background updates, but we are not seeing an option in Group Policy to configure a delay or time window for searching for app updates.

I work in an enterprise environment. We have certain requirements that we must maintain for our system to maintain accreditation. One of these requirements is to prevent the installation of add-ons using the policies.json file.

We are also trying to develop an extension that adds banners to each page the user interacts with. I understand this can be loaded using the process [https://support.mozilla.org/en-US/kb/deploying-firefox-with-extensions|he...] and does not have to be signed following this [https://support.mozilla.org/en-US/kb/install-system-add-ons-firefox-enter...] .

My question is, before embarking on the journey to create this web extension, can it still be installed following the enterprise process, despite being denied by default by the policies.json? Or is there a way to allow for the extension to be installed by changing the policy?

Hello. I have trying to test a GPO this week that will lock down the use of extensions. In summary we are shifting to a complete "deny all/allow by exception format".

As a reference I have been using the below article as my source on how to set this up. https://github.com/mozilla/policy-templates#extensionsettings

After reading through the article the base example they have works flawlessly. I have put this base example below.

{

 "*": {
   "blocked_install_message": "Custom error message.",
   "install_sources": ["https://yourwebsite.com/*"],
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
 },
 "https-everywhere@eff.org": {
   "installation_mode": "allowed"
 }

}

The minute I try to change it though the whole thing breaks. For context, I have tried adding 1 password as a forced installed add in, and also try placing it below under allowed. See my example below of the one where I am putting it is allowed. Any idea of what I am doing wrong?

{

 "*": {
   "blocked_install_message": "Custom error message.",
   "install_sources": ["https://yourwebsite.com/*"],
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
 },
 "*": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/1password-x-password-manager/latest.xpi"
 }

}

I have one extension to be installed on the enterprise network machines. There are host permissions required to access All websites data. How can I, as an Admin, enable this host permissions for the installation ?

I'm setting up addon installation through `policy.json`. Below is an example. I am wondering howto configure addons thus installed using the same file. Is it possible? If yes: where to find addon-specific keys/options? As an example: when providing below `policy.json`, starting any fresh firefox profile/installation produces the dialog "Startpage.com - Private Search Engine would like to change your default search engine from Google to Startpage.com - English. Is that OK?", followed by yes/no buttons. I would like to be able to just make the addon do so forgoing the dialog.

Thanks for any pointers.

{

 "policies": {
   "ExtensionSettings": {
     "*": {
       "blocked_install_message": "Installation of extensions only allowed from 'policy.json'.",
       "installation_mode": "blocked"
     },
     "{20fc2e06-e3e4-4b2b-812b-ab431220cada}": {
       "installation_mode": "force_installed",
       "install_url": "https://addons.mozilla.org/firefox/downloads/latest/startpage-private-search/latest.xpi"
     }
   },
   "ExtensionUpdate": true
 }

}

Hi Dear support mozila Firefox IT team,

I need to find out if there is an option on the user's computer in the local network, how to connect to the bypass list of the Firefox browser with a hidden version. Which aims to adjust, add and modify without bothering the user to quickly organize the work. If there is an option, please send me a guide.

In our organization, we enforce through group policy to clear cookies and site data each time the browser is closed. I see there's an exception list to define certain sites that it will not clear cookies or site data. Where in group policy can this exception be set.

This option can be seen (allow) from the article here under Block cookies and site data for more than one website > Step 3 https://support.mozilla.org/en-US/kb/block-websites-storing-cookies-site-data-firefox

Thanks,

Hello, in Firefox browser, my organization has always blocked all extensions except for ones we allow through OMA-URI ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings.

About a month ago this stopped working and our end users can now install any extension in the Firefox browser that they choose, without approval, creating a security risk.

When checking in about:policies, there is a policy error: Unable to parse JSON for ExtensionSettings. We have checked with Microsoft Intune support and they verified that the policy looks to be configured and targeted correctly.

Here is a snippet of our JSON, this is a test policy where microsoft support had us remove "about:addons" from the 'install sources'. Both test and production policies are not working.

<enabled/>
<data id="ExtensionSettings" value='
{
    "*": {
        "blocked_install_message": "Contact Service Line",
        "install_sources": ["https://addons.mozilla.org/*"],
        "installation_mode": "blocked",
        "allowed_types": ["extension"]
    },
    "cloudmetering@snowsoftware.com": {
        "installation_mode": "force_installed",
        "install_url": "file:///C:/Program Files/Snow Software/Inventory/Agent/FFCloudmetering.xpi"
    },
    "fpdlpffext2@forcepoint.com": {
        "installation_mode": "force_installed",
        "install_url": "file:///C:/Program Files/Websense/Websense Endpoint/winFFext.xpi"
    },
    "jid1-5AULKXLKGyjuLQ@jetpack": {
        "installation_mode": "allowed"
    },
    "abb@amazon.com": {
        "installation_mode": "allowed"
    },
    "ciscowebexstart1@cisco.com": {
        "installation_mode": "allowed"
    },
    "linkedinConverted@firefox-extension": {
        "installation_mode": "allowed"
    },
    "{7bc53591-5218-45a0-b572-4366979097fd}": {
        "installation_mode": "allowed"
    },
    "queryamoid@kaply.com": {
        "installation_mode": "allowed"
    },
    "jid1-93WyvpgvxzGATw@jetpack": {
        "installation_mode": "allowed"
    },

Is this a bug? Or something wrong with our configuration? Has firefox changed the requirements of the extensionsettings OMA-URI?

Thanks for any help in advance.

Hi all,

I need to be able to disable the option to save Credit Card/Debit cards through group policy, has anyone got a few steps to help me through this?

Thank You

Hi,

I've been struggling for a week to try and get our extensions managed in Firefox. Firstly I tried doing it in Intune through the Extension Management setting in the ADMX however that wouldn't work as it couldn't parse the JSON. Then I've tried using the OMA-URI ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings

I'm now getting a straight up error in Intune -2016281112 (0x87d1fde8). I've followed the documentation as best as I can but it still doesn't seem to work. In the Intune logs there is no record of the Config profile even being attempted. Any ideas as to what is causing this error? Here is the full code being used for the OMA-URI string:

<enabled/>
<data id="ExtensionSettings" value='
{

   "*": {
       "blocked_install_message": "This extension is blocked. Please contact the helpdesk for further assistance.",
       "install_sources": ["about:addons","https://addons.mozilla.org/*"],
       "installation_mode": "blocked",
       "allowed_types": ["extension"]
   },
   "rested@restedclient": {
       "installation_mode": "allowed"
   },
   "{c45c406e-ab73-11d8-be73-000a95be3b12}": {
       "installation_mode": "allowed"
   },
   "{5caff8cc-3d2e-4110-a88a-003cc85b3858}": {
       "installation_mode": "allowed"
   },
   "selenium-ide": {
       "installation_mode": "allowed"
   },
   "{a6fd85ed-e919-4a43-a5af-8da18bda539f}": {
       "installation_mode": "allowed"
   },
   "{16a49f65-1369-4839-a5ef-db2581e08b16}": {
       "installation_mode": "allowed"
   },
   "{5384767E-00D9-40E9-B72F-9CC39D655D6F}": {
       "installation_mode": "allowed"
   },
   "{83efb7a7-cf21-4f94-840a-316f651053ef}": {
       "installation_mode": "allowed"
   },
   "{edfc63b3-fc9b-4b6b-b9bf-4561ad548044}": {
       "installation_mode": "allowed"
   },
    "{f1a3d59a-f759-4d03-9545-6f741e64524e}": {
       "installation_mode": "allowed"
   },
    "cors-everywhere@spenibus": {
       "installation_mode": "allowed"
   }
}'/>

We have 50 workstations set up for certain jobs and the users roam as needed. Each workstation has two printers using different media. the printers are controlled by having two instances of Firefox with each having a user profile to use one printer or the other. In addition to printer settings we set a number of other profile settings such as silent printing etc.

Having a profile per user requires a great deal of setup work to allow different users to log in with authentication and to align the printers with the programs which will print to them.

A solution that would allow us to write a copy of a master profile to each new user via a program would be nearly perfect. Thank you,

I'm trying to configure the "Extension Management" policy for firefox in my company. We have 14 addons to manage. using JSON this will end to a line of about 2500 characters.

when I try to copy the code into the gpo I get a message telling me the limit is 2048 characters.

Is there a way to baypass this limitation ?

thank you

Hi,

I deployed the last Firefox ESR update and I just found about this new feature : https://support.mozilla.org/en-US/kb/manage-downloads-preferences-using-downloads-menu

So files are now downloaded and users are no longer prompted for what to do. My question is can we change this to "Ask whether to open or save files" using policies.json?

Kind regards,

McB

From my point of view, the setting " What should Firefox do with other files?" has been added in the current ESR version.

"What should Firefox do with other files?" ("Wie soll Firefox mit anderen Dateien verfahren?") . "Save files" ("Dateien speichern") . "Ask whether to open or save files" ("Fragen, ob Dateien geöffnet oder gespeichert werden sollen")

How can I control/change this setting using mozilla.cfg?

By the way:

// What should Firefox do with other files? - Wie soll Firefox mit anderen Dateien verfahren? lockPref("applications-ask-before-handling", false);

// What should Firefox do with other files? - Wie soll Firefox mit anderen Dateien verfahren? lockPref("applications-ask-before-handling", true);

works detectably via about:config but does not change the setting for "What should Firefox do with other files?".

OMA-URI:

./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy Value (string):

<enabled/> <data id="ProxyLocked" value="true | false"/> <data id="ConnectionType" value="none | system | manual | autoDetect | autoConfig"/> <data id="HTTPProxy" value="https://httpproxy.example.com"/> <data id="UseHTTPProxyForAllProtocols" value="true | false"/> <data id="SSLProxy" value="https://sslproxy.example.com"/> <data id="FTPProxy" value="https://ftpproxy.example.com"/> <data id="SOCKSProxy" value="https://socksproxy.example.com"/> <data id="SOCKSVersion" value="4 | 5"/> <data id="AutoConfigURL" value="URL_TO_AUTOCONFIG"/> <data id="Passthrough" value="<local>" >="" <data="" <="" p=""></data>

This has mixure of String and Integer , when we configure as string and use one from the above or leaving blank or setting only string , it failed the policy with error - -2016281112

We use GPO to push out our Firefox homepage and bookmarks. I get totally different results for each user, some will make changes right away if I add a new book marks, but they don't see older ones?

I decided to build a few test machines (we don't have time to build a dev envir) and it applies the GPO for the home page but not the bookmarks, I can see the book marks in the registry even but nothing on firefox. Anyone have a guess?

thanks David

We have several servers with Firefox installed and automatic updates enabled to include "When Firefox is not running". However, our security scans indicate that the version is out of date. We have to connect to the box and finish the updates. The current version is at 103.0.1 and the previous version was above 100 (failing to remember exact version). Is there a way to ensure that Firefox remains up to date without connecting to the server?

Hello,

I used to deploy add-ons via group policies - this worked like a charm: Firefox esr (91.11.0esr x64), ADMX-templates in Sysvol\PolicyDefinitions, Group Policies: User configuration, administrative templates, mozilla, firefox, add-ons --> install add-ons --> https://addons.mozilla.org/firefox/downloads/file/1234567/goodaddon-1.0.01.xpi

A few months ago, we had to change our network-configuration. We were using a proxy before, but our proxy had direct access to the internet. Now our proxy forwards everything to another proxy. Since about that time, add-on-deployment via gpo doesn't work anymore. It could be something else, but i suspect the proxy-change.

I tried to deploy unc-paths, internal websites and different syntaxes; none of this works:

• http://192.168.100.10/goodaddon-1.0.01.xpi
• http://internalwebsite/goodaddon-1.0.01.xpi
• https://192.168.100.10/goodaddon-1.0.01.xpi
• https://internalwebsite/goodaddon-1.0.01.xpi
• \\192.168.100.20\netshare\goodaddon-1.0.01.xpi
• \\internalfileserver\netshare\goodaddon-1.0.01.xpi
• file://///192.168.100.20/netshare/goodaddon-1.0.01.xpi
• file://///internalfileserver/netshare/goodaddon-1.0.01.xpi

As you can see I tried using internal sites, so that no proxy would be needed. And I also added these sites to the allowed add-on-installation-sites (computer configuration, same group policy). The sites are all accessible; if I enter these addresses as url, firefox can access the xpi-file.

I know how to pack add-ons into the firefox-setup-file; that still works. But first of all, firefox is already installed on most of my clients. Second, after a fresh installation of firefox with this self-created package, all add-ons are installed, but not activated. And I would like to restrict activation/deactivation of add-ons via gpo.

1. 1 Are there other ways to deploy add-ons in a domain-network (e.g. script-based)?
2. 2 Are there any logs where I could find out what exactly goes wrong?
3. 3 Are there any other syntaxes I could try (group policy urls)?
4. 4 Can anyone guess what the problem is (why it is not working anymore)?

Help would be very much appreciated.

Best regards.