Firefox for Enterprise Support Forum

I am installing Firefox via microsoft endpoint, and deploying multi account containers with the OMA-URI policy for extensions. (this blog page is super helpful! https://securitygeneralist.blogspot.com/2019/08/auto-installing-extensions-on-firefox.html )

The extension by default has containers for Personal, Work, Banking, Shopping.

Is there a way to automatically remove that default container list as part of the install?

Even better, is there a way to create a different default containers list through Endpoint?

Thanks

Hello,

We have a vulnerability scanner in our environment that tells us when Firefox needs to be updated. We found that in order to update it, we need to go the settings tab and then to the updates portion of the menu to initiate the update. After this we are asked to restart. Any way to avoid this entire process?

Hello,

We have set up a GPO in our Active Directory environment for the install of Firefox which works great, however since at least version 90, we have had an issue where Firefox won't uninstall automatically when removing the computer object from the security group associated with the GPO. The box is ticked to "uninstall this application when it falls out of scope of management", which works for every other GPO we have created. The computer removes the assignment of the application, but does not then remove the application as it should.

Are you aware of this issue?

Thanks.

We have put user and computer startup scripts to detect and delete firefox from our enterprise customers. Firefox cannot be kept SAFe through InfoSec.

InfoSec and SAFe require the business be in charge of security which is what our customers understand. They constantly find firefox out of date and vulnerable. We have tried over and over to use the firefox admx files to force background update both at the computer and user OUs but find that users can uncheck the box and it remains vulnerable and out of compliance. Edge and Chrome can be controlled by the business (not end user) through group policy and kept up to date and we never find either out of date by implementing our policies.

Firefox constantly tells end users how to check the boxes and no group policy can enforce them as we don't see the registry updated even though we even put a registry patch in, firefox is still in the control of the end user and not SAFe. If you don't know what I mean by SAFe, check this out.

https://www.scaledagileframework.com/devops/

Hi all,

we are using Mozilla Firefox ESR in our enterprise environment.

Is there a documentation which URL's Firefox uses when (Mozilla Maintenance Service) when it tries to update his version ?

We have tried with following URL's on our Firewall:

aus.mozilla.org aus2.mozilla.org aus3.mozilla.org aus4.mozilla.org aus5.mozilla.org download.cdn.mozilla.net archive.mozilla.org ftp.mozilla.org

It is finding the new version, but when trying to download the update it fails.

Thank you for any help on this case.

FF 102.3.0esr (64-bit) says 'You are currently on the update channel' but doesn't update. I see 102.5.0 is available. Originally said policies managed by organization. Enterprises Policies. I Deleted [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox]. Enterprises Policies now gone, but message hasn't changed nor can I update.

Need way to overwrite prefs.js with corporate standard for kiosk like environment. Either need way to have firefox install in standard path within each user profile or have firefox insert file from source. Advice ? thanks.

Nessus, Qualys, IBM Big Fix security scans constantly pick up firefox vulnerabilities. What we find is that either users have deleted the Firefox background update task or on servers, it never gets put onto the task scheduler. All other browsers have a channel update in the GPO files that ensure they are kept up to date and never show up in our scans. When will firefox put out similar channel GPOs and quit relying on the differently named task that we can't put into a group policy task scheduler, but constantly find firefox vulnerabilities from users that have deleted it so that group policy does not take effect.

I am deploying Mozilla Firefox using Intune. The application is deployed no problem but there is always the error in Intune portal. I was told that Mozilla Firefox has custom return codes to indicate post-installation behavior. That is why though the application itself is installed and works properly on the device, Intune portal does not know the status of the installation and gives the error. This error causes a lot of issues to the further application management. Dose any one knows what those codes are? Or maybe can point into the correct direction on how to get them. Thank you.

I have been tasked to have our Firefox auto update without user interaction. We have a small enterprise of about 2000 or so PCs but only maybe 300 use Firefox consistently. According to the GPOs it claims that it will update even when the browser is not open. I have this working fine on Chrome and Edge. You can see my attached screenshots that my GPOs are dropping down correctly to my VM. When I open Firefox and leave it open I can see that an "updated" folder is created in the Program Files>Mozilla Firefox. If I close Firefox the updated folder disappears and and installs the latest update. Once I reopen Firefox I can see that it updated. I need this to happen without the browser being launched, closed and reopened. I went into Settings>General and noticed that my update section is missing some of the update options that I see when researching. Automatically Install Updates and When Firefox is not Running options (see screen shots) are missing from my install. I am pretty sure this is why it will not truly silently auto update. Does anyone know where those two options are controlled from and how do I get those to show on my installs?

Hi

  Anyone experiencing an issue with Firefox 91 ESR on Win10 with blocking downloads?  We have the desktop blocked with controlled folder access and a plugin loaded which stops downloads of most file types, but when clicked on, the box appears to save the file after regardless.  The user cannot select a file location, but if they just click save it saves to the desktop anyway.  Cannot seem to stop firefox doing this. Anyone know a fix ?

Thanks,

      Jon Dickens

Multiple banks are removing Firefox due to vulnerabilities. They have found as I have told them multiple times that there is no centralized method to ensuring firefox remains up to date. The admx files from github do set the appautoupdate and backgroundappupdate to a value of 1 to indicate updates but all PCs are at different levels from 90.0 to 95.0 and I've found that even with the auto update switch on that many pcs do not auto update due to users leaving firefox up and ignoring the restart. The autoupdate task runs only if the user is logged on and that allows users to browse with an insecure version of Firefox that can lead to data breaches. CVEs lead to threats to exploit the CVE and that leads to risk that leads to data breaches. These CVEs are tracked by the NVD and this puts security in the hands of users instead of the business and the business has decided to remove firefox from their environments due to this fact.

I know mozilla is NFP but to maintain firefox in an enterprise environment, it need a better update process such as Google Chrome and Edge Chromium.

CVE-2021-38503 CVE-2021-38504 CVE-2021-38505 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-38510

The above are current CVEs of High risk in one environment that has decided firefox will no longer be used.

Hey! We want to use Firefox in our school. The school computers are running Windows 10 in a domain. The normal users don´t have rights to install software / updates. That's why we want to use the Mozilla Maintenance Service but it doesn´t work as expected.

After installing a clean Firefox (no old profiles, data, or anything else) it shows that there is a new version. When you click on that message you have to get through Windows UAC. With the admin it is just a "yes"-click but everyone else needs a password.

Any ideas what i can check or try to get the Mozilla Maintenance Service updating Firefox?

Thanks a lot! Nils

Thanks Mike for the description here: https://support.mozilla.org/en-US/kb/firefox-enterprise-87-release-notes by Mike Kaply

Does the following section meant that policies.json would win a conflict with a setting that is also set in GPO: The policies.json file is no longer ignored if policies are specified via GPO (Windows) or configuration profiles (macOS). The policies are combined with GPO or configuration profile taking precedence over policies.json where there are conflicts.

We have around 1000 Firefox installations on our government organization, all installed via the Firefox MSI installer. Unfortunately, we came late to realize that the Firefox ESR would be a much more suitable product, compared to the normal Firefox branch.

Now, some years ago we would simply mass uninstall the normal Firefox and mass install the (latest) ESR version and all would be well. Problem is that we have to keep existing profiles (including passwords/bookmarks etc), something that is not supported in the latest Firefox builds.

Can anyone offer some advice/"hacks" to accomplish this? Note that whatever we'll do, we'll have to do it automatically, we lack the man-power to do this manually on a system by system basis...

Thanks in advance for any information provided.

Hello everyone,

I got around 50 windows clients to deal with and I wonder how to create a customized version to distribute via Kaspersky Security Center.

What I intend is to create an .msi, a folder or something to install. It should include some extensions like ublock or https-everywhere and such. I also like to have a customized theme included.

There are some ressources like AutoConfig or GPO GPO or repackaging installer. But I don't know if the procedures still work since the documents are three years old and, to be honest, I didn't manage to get anything work that way.

Isn't there a simple way to roll out Firefox in a company with some customization?

Thanks.