Firefox for Enterprise Support Forum

I am pushing out bookmarks company-wide through Intune on users Laptops. I spoke with Microsoft support and the configuration policy is created correctly and I followed Firefox's support page in creating them. It seems that the new JSON script that tells Firefox what bookmarks is unable to parse.

Anyone know if Firefox had an update that prevents intune from sending the JSON file?

Error message given through firefox.

"Unable to parse JSON for ManagedBookmarks"

I work in an enterprise environment. We have certain requirements that we must maintain for our system to maintain accreditation. One of these requirements is to prevent the installation of add-ons using the policies.json file.

We are also trying to develop an extension that adds banners to each page the user interacts with. I understand this can be loaded using the process [https://support.mozilla.org/en-US/kb/deploying-firefox-with-extensions|he...] and does not have to be signed following this [https://support.mozilla.org/en-US/kb/install-system-add-ons-firefox-enter...] .

My question is, before embarking on the journey to create this web extension, can it still be installed following the enterprise process, despite being denied by default by the policies.json? Or is there a way to allow for the extension to be installed by changing the policy?

Been managing bookmarks for users through Intune, but for some reason on my HP Elitebook 840 I keep getting an error "Unable to parse JSON for ManagedBookmarks" I haven't changed anything to the bookmarks before swapping to the HP laptop from a Dell 5410. I have double-checked GitHub for the proper string for bookmarks and everything looks to be correct as well as submitting a support case with Microsoft who checked it and say it is something on Firefox's side that needs fixing.

I am also constantly getting this unknown extension setting. Not sure why I have this or where I can remove it.

ExtensionSettings {"firefoxhpsureclicksecurebrowsing@bromium.com":{"installation_mode":"blocked"},"firefoxhpwolfsecurityextension@bromium.com":{"installation_mode":"blocked"}}

We have Firefox-ESR in use and we are using Applocker.

When we enable applocker dll Rule policys and start https://shaka-player-demo.appspot.com page clearkey addon crashes.

We have allowed widevinedrm.dll in applocker rule policys, and we have used Process Monitor to track which dll file / files are being "locked" but we cant seem to pinpoint it.

Where does Firefox-ESR run DRM content and which dll files are needed to run ?

What we know that it is caused by applocker DLL rule policys, when disabling it clearkey addon does not crash and drm content can be played.

Also Applocker eventlogs does not show anything related to this.

br Ben

Hello. I have trying to test a GPO this week that will lock down the use of extensions. In summary we are shifting to a complete "deny all/allow by exception format".

As a reference I have been using the below article as my source on how to set this up. https://github.com/mozilla/policy-templates#extensionsettings

After reading through the article the base example they have works flawlessly. I have put this base example below.

{

 "*": {
   "blocked_install_message": "Custom error message.",
   "install_sources": ["https://yourwebsite.com/*"],
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
 },
 "https-everywhere@eff.org": {
   "installation_mode": "allowed"
 }

}

The minute I try to change it though the whole thing breaks. For context, I have tried adding 1 password as a forced installed add in, and also try placing it below under allowed. See my example below of the one where I am putting it is allowed. Any idea of what I am doing wrong?

{

 "*": {
   "blocked_install_message": "Custom error message.",
   "install_sources": ["https://yourwebsite.com/*"],
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
 },
 "*": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/1password-x-password-manager/latest.xpi"
 }

}

This might be a simple question. Does Firefox ESR still supports NTLM v1 ? Can we still add the value "network.negotiate-auth.delegation-uris" in preference. Does that enabled NTLM v1. Is there any document or release notes that states Firefox is disabling this setting from Firefox 78 and later. Some how I am not able to find it in release notes.

I have one extension to be installed on the enterprise network machines. There are host permissions required to access All websites data. How can I, as an Admin, enable this host permissions for the installation ?

Hi there,

we trying to restrict internet access that used Mozilla Firefox on client computers through Microsoft Intune.

We have already configured policy by uploading ADMX template & Custom OMA-URI as described in https://github.com/mozilla/policy-templates/blob/master/README.md 

We are trying to add custom allowed web sites to "WebsiteFilter" OMA-URI ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Exceptions. added web sites are not allowed. my question is what is the best way to enter URLs (I mean format) to allow list & how I can used wild card to allow all the web sites of one specific domain. eg:- microsoft

Hello,

I have a problem with a pac file in our org. We download it from a server. The basic functionality is applied and it does redirect the desired traffic to the proxy. The problem occurs when the proxy goes down, it then should automaticaly start making direct connections, but the connections fail. We want to proxy only http and https and event that with some exceptions.

It was done according to https://developer.mozilla.org/en-US/docs/Web/HTTP/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_PAC_file#example_6

Is there any problem with PAC file or does the browser have issues with the config?

Thanks for any help.

function FindProxyForURL(url, host) {

   /* Our proxy list */
   OURPROXY = "PROXY 172.22.59.X:3128; DIRECT"
   INOUR = "ourgroup.internal"

   /* Normalize the URL and HOST for pattern matching */
   url = url.toLowerCase();
   host = host.toLowerCase();

   /* Our Network Entry */
   if (isResolvable(INOUR)) {
       /* Don't proxy local services */
       if (isInNet(host, "10.0.0.0", "255.0.0.0")
       ) {
           return "DIRECT";
       }

       /* Proxy only http & https */
       if (url.substring(0, 5) == "http:" || url.substring(0, 6) == "https:") {
           /* Don't proxy local hostnames (without dots) */
           if (isPlainHostName(host)) {
               return "DIRECT";
           }
           /* END: Don't proxy local hostnames */
           /* START: Internal systems */
           if (shExpMatch(host, "*.example.com") ||
               shExpMatch(host, "example.com") ||
               /* END: Internal systems */
               /* START: Split VPN tunnel */
               shExpMatch(host, "*.example2.com") ||
               shExpMatch(host, "example2.com") ||
               /* END: Split VPN tunnel */
           ) {
               return "DIRECT";
           }
           /* END: Don't proxy to internal systems */
           return OURPROXY;
       } else {
         return "DIRECT";
       }
       /* END: Proxy only http & https */
   } else {
     return "DIRECT";
   }
   /* END: Our Network Entry */
   return "DIRECT";

}

Hi,

We are currently looking for a configuration profile to disable the sync option to the users, we allow the users to sign in but not to sync the bookmarks, history, etc.

We need to deploy this profile to all the users in our environment.

Regards, Jesus

I'm setting up addon installation through `policy.json`. Below is an example. I am wondering howto configure addons thus installed using the same file. Is it possible? If yes: where to find addon-specific keys/options? As an example: when providing below `policy.json`, starting any fresh firefox profile/installation produces the dialog "Startpage.com - Private Search Engine would like to change your default search engine from Google to Startpage.com - English. Is that OK?", followed by yes/no buttons. I would like to be able to just make the addon do so forgoing the dialog.

Thanks for any pointers.

{

 "policies": {
   "ExtensionSettings": {
     "*": {
       "blocked_install_message": "Installation of extensions only allowed from 'policy.json'.",
       "installation_mode": "blocked"
     },
     "{20fc2e06-e3e4-4b2b-812b-ab431220cada}": {
       "installation_mode": "force_installed",
       "install_url": "https://addons.mozilla.org/firefox/downloads/latest/startpage-private-search/latest.xpi"
     }
   },
   "ExtensionUpdate": true
 }

}

Hi Dear support mozila Firefox IT team,

I need to find out if there is an option on the user's computer in the local network, how to connect to the bypass list of the Firefox browser with a hidden version. Which aims to adjust, add and modify without bothering the user to quickly organize the work. If there is an option, please send me a guide.

I work for the local County and we recently got a new content provider that allows for SSL Inspection (Barracuda 410) but it requires a certificate to be installed on every device to work. I am aware of Edge having a way to create a custom installer that would allow us to preinstall the proper certificate, but was wondering if Firefox had the same thing. I am also needing to know that if we push out the version of Firefox with the certificate preinstalled, would it auto import our user's data from their current install of standard Firefox?

In our organization, we enforce through group policy to clear cookies and site data each time the browser is closed. I see there's an exception list to define certain sites that it will not clear cookies or site data. Where in group policy can this exception be set.

This option can be seen (allow) from the article here under Block cookies and site data for more than one website > Step 3 https://support.mozilla.org/en-US/kb/block-websites-storing-cookies-site-data-firefox

Thanks,

on GitHub the commands are all based on Java https://github.com/mozilla/policy-templates#preferences

Is there a list of all available registry settings? Or where do these Java options come from, where can I read them out?

We have a requirement to limit Firefox to just one internal website. Other browsers should have unlimited access, so we do not want to block websites on operating system level. I do not find any solutions in ADMX or add-ons. Please advise if anybody has a trick under the sleeves ? Thank you.

Hello,

We have a vulnerability scanner in our environment that tells us when Firefox needs to be updated. We found that in order to update it, we need to go the settings tab and then to the updates portion of the menu to initiate the update. After this we are asked to restart. Any way to avoid this entire process?

Hello,

We have set up a GPO in our Active Directory environment for the install of Firefox which works great, however since at least version 90, we have had an issue where Firefox won't uninstall automatically when removing the computer object from the security group associated with the GPO. The box is ticked to "uninstall this application when it falls out of scope of management", which works for every other GPO we have created. The computer removes the assignment of the application, but does not then remove the application as it should.

Are you aware of this issue?

Thanks.

Hi all,

I need to be able to disable the option to save Credit Card/Debit cards through group policy, has anyone got a few steps to help me through this?

Thank You

Hi,

I'm blocked because for my company i have to make a GPO that will setup the default handler for pdf files. I picked up different codes on internet but it went the same way for all of them, it didn't work. Im pretty sure that's not a GPO application issue because actually all the others setings are working perfectly.

The json code was paste on the Handlers settings as u can see in the attachement.

Hopefully that i will find help there.

Cordially.