Sykje yn Support

Mij stipescams. Wy sille jo nea freegje in telefoannûmer te beljen, der in sms nei ta te stjoeren of persoanlike gegevens te dielen. Meld fertochte aktiviteit mei de opsje ‘Misbrûk melde’.

Mear ynfo

Dizze konversaasje is argivearre. Stel in nije fraach as jo help nedich hawwe.

Firefox 102.3.0 ESR, installs extension without permission

more options

Hello,

I am managing Firefox for a very large organization. We have several extension that we deploy using registry keys and we don't allow users to install additional addons. However, since version 102.3 I noticed some extensions that are present on the machine as .xpi files, but should not install unless a specific application is also present, are also being activated. They are enabled in the add-on manager, the information is present in the "extensions.json" and "extension-preferences.json" files. This should not happen. Is there any way to prevent the activation of these files?

Thank you!

Hello, I am managing Firefox for a very large organization. We have several extension that we deploy using registry keys and we don't allow users to install additional addons. However, since version 102.3 I noticed some extensions that are present on the machine as .xpi files, but should not install unless a specific application is also present, are also being activated. They are enabled in the add-on manager, the information is present in the "extensions.json" and "extension-preferences.json" files. This should not happen. Is there any way to prevent the activation of these files? Thank you!
Keppele skermôfbyldingen

Keazen oplossing

Hello,

I have redone the entire set of keys for the extensions. The issue is solved and never reoccurred. My best guess is there were some residual keys left over on the affected machines. Anyway, thread can be closed. Much appreciate all your effort. Cheers!

Dit antwurd yn kontekst lêze 👍 0

Alle antwurden (7)

more options

I'm sorry, I'm having trouble understanding exactly what the issue is based on your post.

My suggestion would be that you take a look at the new ExtensionSettings policy:

https://github.com/mozilla/policy-templates/blob/master/README.md#extensionsettings

It gives you a lot more flexibility.

In particular, in your case, you could set Firefox to allow users to install dictionaries, but not explicitly install them all so the users don't have unnecessary dictionaries.

more options

Hello Mike,

Thank you for the reply. I will try to explain in more detail. I also understand your suggestion, but all the extensions are required and the users should not interact with the configuration at all. I have the exact configuration that we used on version 91.3 ESR and everything works as intended. However, once i made the upgrade to version 102.3 ESR there is one extension in particular that installs without being instructed to do so. The "Zotero" extension to be precise. This one is targeted for a group of users only, and filtered to install only if a certain executable file exists on the machine(the .xpi file exists on all the machines, copied via GPO). But it installs for everyone. I found traces of this extension in the "extensions.json" file, under the users profiles, but no idea why and how this information goes there. I have opened this thread because in version 91.3 with the exact config, i have no issues at all. Any ideas would be welcome :) Cheers!

more options

How is Zotero installed for the users that it is targeted to? Is the GPO modified for those users to include zotero?

more options

Hello Mike,

Indeed, if the presence of the application executable is present on the machine, the GPO activates the extension by writing the reg key.

Cheers!

more options

So I don't know any reason why this would be installed if it wasn't in the GPO. I don't know where else we would be getting the install instruction from.

My only though is that if this genuinely is a new behavior, you could use mozregression to figure out when it started.

https://mozilla.github.io/mozregression/

But I'm at a loss. If the extension isn't in policy, I don't know how it would be getting installed.

more options

Were you able to figure anything out?

more options

Keazen oplossing

Hello,

I have redone the entire set of keys for the extensions. The issue is solved and never reoccurred. My best guess is there were some residual keys left over on the affected machines. Anyway, thread can be closed. Much appreciate all your effort. Cheers!