Firefox for Enterprise Support Forum

Multiple banks are removing Firefox due to vulnerabilities. They have found as I have told them multiple times that there is no centralized method to ensuring firefox remains up to date. The admx files from github do set the appautoupdate and backgroundappupdate to a value of 1 to indicate updates but all PCs are at different levels from 90.0 to 95.0 and I've found that even with the auto update switch on that many pcs do not auto update due to users leaving firefox up and ignoring the restart. The autoupdate task runs only if the user is logged on and that allows users to browse with an insecure version of Firefox that can lead to data breaches. CVEs lead to threats to exploit the CVE and that leads to risk that leads to data breaches. These CVEs are tracked by the NVD and this puts security in the hands of users instead of the business and the business has decided to remove firefox from their environments due to this fact.

I know mozilla is NFP but to maintain firefox in an enterprise environment, it need a better update process such as Google Chrome and Edge Chromium.

CVE-2021-38503 CVE-2021-38504 CVE-2021-38505 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-38510

The above are current CVEs of High risk in one environment that has decided firefox will no longer be used.

My purpose is deploy specific Certification Authority, which is available in network share, to Firefox by Active Directory group policy (Windows 2012 R2) or alternately to set 'security. enterprise_roots' to 'enabled' so that Firefox can use Windows Certificate Store. Clients are using Firefox on Windows XP, 7, 10 and consequentially different Firefox version. Can I apply my task ? Suggestions ?

Hello everyone,

I got around 50 windows clients to deal with and I wonder how to create a customized version to distribute via Kaspersky Security Center.

What I intend is to create an .msi, a folder or something to install. It should include some extensions like ublock or https-everywhere and such. I also like to have a customized theme included.

There are some ressources like AutoConfig or GPO GPO or repackaging installer. But I don't know if the procedures still work since the documents are three years old and, to be honest, I didn't manage to get anything work that way.

Isn't there a simple way to roll out Firefox in a company with some customization?

Thanks.

Dear Madam or Sir,

there seem to be new performance settings to be available since Firefox 91: https://support.mozilla.org/en-US/kb/performance-settings

While I have been able to "Use hardware acceleration when available" by using ...

{

 "policies": {
   "HardwareAcceleration": false
 }

}

... I could not find any setting to disable "Use recommended performance settings". Is there any possible way to disable this feature in dsitribution/policies.json ?

Thank you very much in advance!

Best regards

Victor

Since Firefox allows users to install to individual profiles, how do admins go about uninstalling it for all users silently and remotely? If all 1000 PCs have 50 users, all with Firefox installed to individual profiles, I can't imagine IT admins would have to find the appdata for each and every user and modify a script for each machine and every user. There must be a simpler way, right? An "Uninstall All" for Firefox?

Good Morning,

In my organization some years ago I pushed to have Firefox as our default browser and finally was accepted. It has been very good as we have over 10K employees using it. However this last week there has been a new release that forces you to create a new profile, one that is achieved all of you original settings and data are gone. We are a health care organization and cannot have this. I sent the fix (about:profiles) to our triage support department. However once the old profile is chosen and made the default. It will revert back to the new one each time you restart or the next day. I need a permanent fix, is there a way to update the old profile to the new version of Firefox? Shouldnt it stay the default once you make it so? I am getting inundated with calls over this, please send the fix asap.