• Oplost
  • Argivearre

How to disable Quic protocol in Mac with Jamf

Hello I am looking for a way to disable the QUIC protocol in Firefox through Jamf Pro. tried by below value but its not working, anyone did the settings for Mac? <… (mear ynfo)

Hello

I am looking for a way to disable the QUIC protocol in Firefox through Jamf Pro. tried by below value but its not working, anyone did the settings for Mac?

<plist version="1.0"> <dict> <key>Preferences</key> <dict> <key>network.http.http3.enable</key> <dict> <key>Value</key> <false/> <key>Status</key> <string>user</string> </dict> <key>network.http.http3.enable_0rtt</key> <dict> <key>Value</key> <false/> <key>Status</key> <string>user</string> </dict> </dict> </dict> </plist>


Thanks

Frege troch Shri Sivakumaran, 11 moannen lyn

Beäntwurde troch Mike Kaply, 11 moannen lyn

  • Oplost
  • Argivearre

Firefox Intune OMA-URI error

Dear Everyone, Facing issue with deploying Configuration Profile for Extension Settings via Intune. Tried ADMX imported template with adding there "block all extensions"… (mear ynfo)

Dear Everyone, Facing issue with deploying Configuration Profile for Extension Settings via Intune. Tried ADMX imported template with adding there "block all extensions" and allow certain ones. Worked perfect in Jamf, for Intune failing all time. We are using Firefox v.121, policies are for v.120, but I am in doubt that this is the issue. Can someone review and let me know if there any issue or may be changes? Using latest instructions https://mozilla.github.io/policy-templates/#extensionsettings Also here is my OMA, very easy.

OMA used ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings

Value(string):

<enabled/> <data id="ExtensionSettings" value=' {

 "*": {
   "blocked_install_message": "Security Test",
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "{bf855ead-d7c3-4c7b-9f88-9a7e75c0efdf}": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/zoom-new-scheduler/latest.xpi"
 },
   "@react-devtools": {
   "installation_mode": "allowed"
 }

}'/>

Frege troch Valery Volos, 11 moannen lyn

Beäntwurde troch Mike Kaply, 11 moannen lyn

  • Oplost
  • Argivearre

Extension GPO help

Hello, I am trying to create a deny all & white list only gpo for Firefox extensions. I am using the gpo; Computer Configuration/Policies/Administrative Templates/M… (mear ynfo)

Hello, I am trying to create a deny all & white list only gpo for Firefox extensions.

I am using the gpo; Computer Configuration/Policies/Administrative Templates/Mozilla/Firefox/Extensions/Extension Management

I started out simple using a template which worked.

{ "*": { "blocked_install_message": "Your Company Blocked Message", "installation_mode": "blocked" }, "uBlock0@raymondhill.net": { "installation_mode": "allowed" } }

However, when I tried to add in more allowed extensions it now longer worked and was able to install any extension.

{ "*": { "blocked_install_message": "Your Company Blocked Message", "installation_mode": "blocked" }, "uBlock0@raymondhill.net": { "installation_mode": "allowed" }, "querymoid@kaply.com": { "installation_mode": "allowed" } }

Frege troch zick.rockco, 12 moannen lyn

Beäntwurde troch zick.rockco, 12 moannen lyn

  • Oplost
  • Argivearre

Fully disable Pocket to alleviate DNS requests

We are working on implementing Firefox for Enterprise and rolling it out through Intune/Company Portal, one challenge we are encountering is that we have disabled Pocket … (mear ynfo)

We are working on implementing Firefox for Enterprise and rolling it out through Intune/Company Portal, one challenge we are encountering is that we have disabled Pocket as thoroughly as we can (followed the guide from Mozilla https://support.mozilla.org/en-US/kb/disable-or-re-enable-pocket-for-firefox) and we are still seeing requests go out to "img-getpocket.cdn.mozilla.net" we do not want Pocket available at all, we do not want queries made to those domains, is it not possible to completely eradicate Pocket?

It wouldn't be a problem but our AV solution (MDE) has a popup every time the URL is queried and blocked.

Attached image of our configuration profile for Pocket.

Frege troch null_panda, 1 jier lyn

Beäntwurde troch cor-el, 1 jier lyn

  • Oplost
  • Argivearre

Certificate problem accessing an internal company website

I am trying to reach an internal company website (www.gqma.drw), with a certificate chain rooted in a company certificate authority. This works fine in Chrome, and worked… (mear ynfo)

I am trying to reach an internal company website (www.gqma.drw), with a certificate chain rooted in a company certificate authority. This works fine in Chrome, and worked in Firefox on my previous computer. But i recently got a new machine, and something somewhere is not quite right. I get an error message looking like this (between the ~~~s):

~~~ Someone could be trying to impersonate the site and you should not continue.

Web sites prove their identity via certificates. Firefox does not trust www.gqma.drw because its certificate issuer is unknown, the certificate is self-signed, or the server is not sending the correct intermediate certificates.

Error code: SEC_ERROR_UNKNOWN_ISSUER

View Certificate ~~~

If i click on the error code, i get these details:

~~~ https://www.gqma.drw/

Peer's Certificate issuer is not recognised.

HTTP Strict Transport Security: false HTTP Public Key Pinning: false

Certificate chain:


BEGIN CERTIFICATE-----

MIICczCCAhigAwIBAgIUcg0ZTKoxYO3E5288qtNnymZ/L6AwCgYIKoZIzj0EAwIw NzEMMAoGA1UEChMDRFJXMRQwEgYDVQQLDAtJU1NAZHJ3LmNvbTERMA8GA1UEAxMI U1NETlMgQ0EwHhcNMjIwMzA5MTQxOTAwWhcNMjQwMzA4MTQxOTAwWjA5MQwwCgYD VQQKEwNEUlcxFDASBgNVBAsMC0lTU0BkcncuY29tMRMwEQYDVQQDEwoqLmdxbWEu ZHJ3MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfXDxyLTebEuPHmneR4faNHoQ PouLPrBqOKnDOW/T+eexbAHcghiZqcQHoHW/Qo/kNQZYPhoHeMZK1ACdvnFTUaOB /zCB/DAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0T AQH/BAIwADAdBgNVHQ4EFgQUvuzqIs1O1ioHT3qF+olSZ3dDseEwHwYDVR0jBBgw FoAUjGD9eMez/VkLc5nlNkg/U6dBgmUwNQYIKwYBBQUHAQEEKTAnMCUGCCsGAQUF BzABhhlodHRwOi8vb2NzcC5pc3MuZHJ3L3NzZG5zMB8GA1UdEQQYMBaCCiouZ3Ft YS5kcneCCGdxbWEuZHJ3MC8GA1UdHwQoMCYwJKAioCCGHmh0dHA6Ly9jZXJ0cy5p c3MuZHJ3L3NzZG5zL2NybDAKBggqhkjOPQQDAgNJADBGAiEAtEj7K/C2IHMzh175 9TpPu74YktH/1WJM12zUNIioi30CIQDpLqn09bmTFDgQDkg+0YHu1YSBTlCArWYJ KUxQUa0KPQ==


END CERTIFICATE-----
BEGIN CERTIFICATE-----

MIIB3DCCAYKgAwIBAgIUeLNrkgHyp2GhO6Ee4fyvVbGaUg0wCgYIKoZIzj0EAwIw OjEMMAoGA1UEChMDRFJXMRQwEgYDVQQLDAtJU1NAZHJ3LmNvbTEUMBIGA1UEAxML SVNTIFJvb3QgQ0EwHhcNMTcwMzAxMjA0MzAwWhcNMjcwMjI3MjA0MzAwWjA6MQww CgYDVQQKEwNEUlcxFDASBgNVBAsMC0lTU0BkcncuY29tMRQwEgYDVQQDEwtJU1Mg Um9vdCBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAjg18NvaBfwKP0BC/9U Cppc1W2rfSqzsY4KCRIAubItoMyQ13zp25KjVg9IF7Uru7cWQcUMvwf4+2Gb/4m4 sFSjZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMB0GA1Ud DgQWBBSA3cairIJP/ooZLqrq+L9hSNwxczAfBgNVHSMEGDAWgBSA3cairIJP/ooZ Lqrq+L9hSNwxczAKBggqhkjOPQQDAgNIADBFAiAgvGnmTJgMosKFYuRJ7HZMuD/p ZTNapVJltFiGzKAtewIhAJMVQ72U+m7kLNRw6ej7icBQ9d+T4MuhGyJEeYeX5wR4


END CERTIFICATE-----
BEGIN CERTIFICATE-----

MIICYjCCAgigAwIBAgIUDZxs4OPknZA8SgUkWZ7EncHkYVIwCgYIKoZIzj0EAwIw OjEMMAoGA1UEChMDRFJXMRQwEgYDVQQLDAtJU1NAZHJ3LmNvbTEUMBIGA1UEAxML SVNTIFJvb3QgQ0EwHhcNMTcwMzAxMjA0NDAwWhcNMjcwMjI3MjA0NDAwWjA3MQww CgYDVQQKEwNEUlcxFDASBgNVBAsMC0lTU0BkcncuY29tMREwDwYDVQQDEwhTU0RO UyBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNsaSU2QU1Z5ktRf19DaXZk6 TrPko0TPZFTSYFH9bPxVJ4guUfGnN5nZ7vQajX2NJJLZEL9TZGYSsE8RD/ftcsij ge4wgeswDgYDVR0PAQH/BAQDAgGmMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF BQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSMYP14x7P9WQtzmeU2 SD9Tp0GCZTAfBgNVHSMEGDAWgBSA3cairIJP/ooZLqrq+L9hSNwxczA1BggrBgEF BQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLmlzcy5kcncvc3NkbnMw LwYDVR0fBCgwJjAkoCKgIIYeaHR0cDovL2NlcnRzLmlzcy5kcncvc3NkbnMvY3Js MAoGCCqGSM49BAMCA0gAMEUCIBU5FNCu7ZmE7H1Oautblig4iA5JIgOO+4D/do2c pQ8IAiEAkIdZb5Doptfk1C5uofcvww3E0ZrSG98ZJ2+TW9sz4VA=


END CERTIFICATE-----

~~~

If i click 'View Certificate', i get a chain of three certificates:

  1. Subject common name = *.gqma.drw, issuer common name = SSDNS CA, subject key ID = BE:EC:EA:22:CD:4E:D6:2A:07:4F:7A:85:FA:89:52:67:77:43:B1:E1
  2. Subject common name = SSDNS CA, issuer common name = ISS Root CA, subject key ID = 8C:60:FD:78:C7:B3:FD:59:0B:73:99:E5:36:48:3F:53:A7:41:82:65
  3. Subject common name = ISS Root CA, issuer common name = SS Root CA, subject key ID = 80:DD:C6:A2:AC:82:4F:FE:8A:19:2E:AA:EA:F8:BF:61:48:DC:31:73

If i go to Settings > Privacy & Security > View Certificates > Authorities, i can find both the SSDNS CA and ISS Root CA certificates. As far as i can tell, they are identical - i can open the certificate from 'View Certificate' and the corresponding one from the certificate manager and flip between tabs, and all the details are the same.

I am using Firefox 120.0, via a flatpak, on Ubuntu 22. I have given the flatpak access to /etc/ssl/certs, where my company's internal CA certificates are located.

To me, this seems like it should all work. The server has a certificate signed by an internal CA, which is signed by another internal CA, and both those internal CA certificates are in my certificate manager. So what is going wrong? Is there any way i can debug this?

Frege troch twic, 1 jier lyn

Beäntwurde troch Mike Kaply, 1 jier lyn

  • Oplost
  • Argivearre

Do we have GPO setting for this preference "network.captive-portal-service.enabled" ?

In my environment, we have Firefox version 117. Users get this pop up "You must log in to this network before you can access the Internet" (see snip 1) when they launch f… (mear ynfo)

In my environment, we have Firefox version 117. Users get this pop up "You must log in to this network before you can access the Internet" (see snip 1) when they launch firefox. In order to get rid of we can toggle this preference setting to TRUE ""network.captive-portal-service.enabled" in the user's browser, which works fine. But i want to control this setting from GPO. I'm unable to find the GPO for the same in the GPO hive for FF. See snip 2 for 'Preferences' related GPOs.

Frege troch pivashis, 1 jier lyn

Beäntwurde troch Mike Kaply, 1 jier lyn

  • Fêstsetten
  • Argivearre

Do we have GPO setting for this preference "network.captive-portal-service.enabled" ?

Locking this thread.Please continue here: [/questions/1430409] In my environment, we have Firefox version 117. Users get this pop up "You must log in to this network befo… (mear ynfo)

Locking this thread.
Please continue here: [/questions/1430409]
In my environment, we have Firefox version 117. Users get this pop up "You must log in to this network before you can access the Internet" (see snip 1) when they launch firefox. In order to get rid of we can toggle this preference setting to TRUE ""network.captive-portal-service.enabled" in the user's browser, which works fine. But i want to control this setting from GPO. I'm unable to find the GPO for the same in the GPO hive for FF. See snip 2 for 'Preferences' related GPOs.

Frege troch pivashis, 1 jier lyn

Lêst beäntwurde troch Mike Kaply, 1 jier lyn

  • Oplost
  • Argivearre

deploying firefox-add-ons via group policies doesn't work anymore after proxy-change

Hello, I used to deploy add-ons via group policies - this worked like a charm: Firefox esr (91.11.0esr x64), ADMX-templates in Sysvol\PolicyDefinitions, Group Policies: … (mear ynfo)

Hello,

I used to deploy add-ons via group policies - this worked like a charm: Firefox esr (91.11.0esr x64), ADMX-templates in Sysvol\PolicyDefinitions, Group Policies: User configuration, administrative templates, mozilla, firefox, add-ons --> install add-ons --> https://addons.mozilla.org/firefox/downloads/file/1234567/goodaddon-1.0.01.xpi

A few months ago, we had to change our network-configuration. We were using a proxy before, but our proxy had direct access to the internet. Now our proxy forwards everything to another proxy. Since about that time, add-on-deployment via gpo doesn't work anymore. It could be something else, but i suspect the proxy-change.

I tried to deploy unc-paths, internal websites and different syntaxes; none of this works:

  • http://192.168.100.10/goodaddon-1.0.01.xpi
  • http://internalwebsite/goodaddon-1.0.01.xpi
  • https://192.168.100.10/goodaddon-1.0.01.xpi
  • https://internalwebsite/goodaddon-1.0.01.xpi
  • \\192.168.100.20\netshare\goodaddon-1.0.01.xpi
  • \\internalfileserver\netshare\goodaddon-1.0.01.xpi
  • file://///192.168.100.20/netshare/goodaddon-1.0.01.xpi
  • file://///internalfileserver/netshare/goodaddon-1.0.01.xpi

As you can see I tried using internal sites, so that no proxy would be needed. And I also added these sites to the allowed add-on-installation-sites (computer configuration, same group policy). The sites are all accessible; if I enter these addresses as url, firefox can access the xpi-file.

I know how to pack add-ons into the firefox-setup-file; that still works. But first of all, firefox is already installed on most of my clients. Second, after a fresh installation of firefox with this self-created package, all add-ons are installed, but not activated. And I would like to restrict activation/deactivation of add-ons via gpo.

  1. 1 Are there other ways to deploy add-ons in a domain-network (e.g. script-based)?
  2. 2 Are there any logs where I could find out what exactly goes wrong?
  3. 3 Are there any other syntaxes I could try (group policy urls)?
  4. 4 Can anyone guess what the problem is (why it is not working anymore)?

Help would be very much appreciated.

Best regards.

Frege troch mozilla355, 2 jierren lyn

Beäntwurde troch mozilla355, 2 jierren lyn

  • Oplost
  • Argivearre

AutoConfig Alert

Good morning, I'm reaching out to see if I can get some assistance with Firefox on of our network. I'm System Admin at Goodfellow AFB. I've tried searching this issues … (mear ynfo)

Good morning,

I'm reaching out to see if I can get some assistance with Firefox on of our network. I'm System Admin at Goodfellow AFB. I've tried searching this issues on the web and found similar issues but solutions that were recommend online have not worked for us. Yes I have uninstalled Firefox completely and installed it from scratch. I know it has something to do with autoconfig file but not sure what exactly I'm looking for. Thanks.

Frege troch Chase Cathey, 2 jierren lyn

Beäntwurde troch jscher2000 - Support Volunteer, 2 jierren lyn

  • Oplost
  • Argivearre

Extensions policy allowed not working (Intune ADMX)

Hi! Using Intune, we are setting some settings in Firefox. One that is a bit troublesome is the ExtensionSettings Currently looks like this: { "*": { "blocked_ins… (mear ynfo)

Hi!

Using Intune, we are setting some settings in Firefox. One that is a bit troublesome is the ExtensionSettings

Currently looks like this:

{

 "*": {
   "blocked_install_message": "Blocked.",
   "installation_mode": "blocked"
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "allowed"
 },
 "addon@darkreader.org": {
   "installation_mode": "allowed"
 },
 "@react-devtools": {
   "installation_mode": "allowed"
 }

}

I get the Blocked message if I try any of the allowed extentions like uBlock, Dark Reader or React Dev Tools.

I can add that uBlock had "force_installed" (With URL since that is required for force) and that worked fine.

Frege troch janfredrik, 1 jier lyn

Beäntwurde troch janfredrik, 1 jier lyn

  • Oplost
  • Argivearre

What is the proper format for the ExtensionSettings policy registry key/value that is used to manage browser extension settings?

When looking at the ExtensionSettings page for Firefox or Chrome they both use an example that shows the registry key Software\Policies\Mozilla\Firefox\ExtensionSettings… (mear ynfo)

When looking at the ExtensionSettings page for Firefox or Chrome they both use an example that shows the registry key Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) being set to a long JSON string with every extension ID and the settings for that particular ID. For example...

{

 "*": {
   "blocked_install_message": "Custom error message.",
   "install_sources": ["https://yourwebsite.com/*"],
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
 },
 "https-everywhere@eff.org": {
   "installation_mode": "allowed"
 }

}

The problem with this method is that if I am installing an extension, and I overwrite what already exists in Software\Policies\Mozilla\Firefox\ExtensionSettings then all of those other settings get removed. So even if I am a non-malicious actor and just make a mistake with my installer I can easily delete every other extension's settings. Instead what I have to do is during install I have to read the current value of Software\Policies\Mozilla\Firefox\ExtensionSettings and then insert my extension's settings into the JSON blob.

So the examples that Firefox and Chrome provides do of course work, however they do not make very much sense to me. Why would it be formatted this way since all of those are additional key/value pairs and that is exactly what the registry excels at storing. So why put all of those into a single key/value instead of breaking them into multiple?

Additionally breaking them a part into multiple key/value pairs does work! So if instead of the example above I were to split them into multiple key value pairs it works just fine!

Software\Policies\Mozilla\Firefox\ExtensionSettings

   uBlock0@raymondhill.net
       "installation_mode": "force_installed",
       "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"

So knowing that this way with multiple key/value pairs works why am I bothering to ask this question at all instead of just doing it the way that makes sense to me? Well the issue is that by breaking it up into multiple key value pairs it actually overrides the other method and makes it so that all those registry settings are ignored. So it doesn't delete them but it still leaves me with nearly the exact same problem.

While I believe "my" way is superior because it uses the registry in a more common sense route, if that is not what the majority of extension developers do then it doesn't matter and I should be conforming to the other way.

As I am typing this question up I did realize just how hard/annoying it is to properly format and make it clear and digestible what the multi key/value format of the registry would look like instead of being a JSON string. So perhaps that is the reason why all the documentation puts it all as one JSON string?

Frege troch perihwk+firefox, 1 jier lyn

Beäntwurde troch Mike Kaply, 1 jier lyn

  • Oplost
  • Argivearre

Problem with ExtensionSettings

Hello I have installed german Firefox Version 117.0 (Build-ID 20230824132758) on Windows 10. The following ExtensionSettings policy works as expected. The addons ublock … (mear ynfo)

Hello I have installed german Firefox Version 117.0 (Build-ID 20230824132758) on Windows 10.

The following ExtensionSettings policy works as expected. The addons ublock and TreeTabs are both installed automatically.


{

 "*": {
   "blocked_install_message": "My Message",
   "install_sources": ["https://addons.mozilla.org/"],
   "installation_mode": "blocked",
   "allowed_types": ["locale", "extension"]
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi",
   "default_area": "navbar"
 },
 "TreeTabs@jagiello.it": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/tree-tabs/latest.xpi"
 }

}


But I don't want TreeTabs to be installed automatically on all workstations. So I want to change installation_mode to allowed.


{

 "*": {
   "blocked_install_message": "My Message",
   "install_sources": ["https://addons.mozilla.org/"],
   "installation_mode": "blocked",
   "allowed_types": ["locale", "extension"]
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi",
   "default_area": "navbar"
 },
 "TreeTabs@jagiello.it": {
   "installation_mode": "allowed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/tree-tabs/latest.xpi"
 }

}


But with this setting I'm unable to install it manually from https://addons.mozilla.org/de/firefox/addon/tree-tabs/ The message "An unexpected error occurred during installation." and a popup with the "blocked_install_message" "My Message" is displayed.

The same error occurs without the line (and the comma) "install_url": "https://addons.mozilla.org/firefox/downloads/latest/tree-tabs/latest.xpi"

I don't know why this does not work. Please help. Thank you.

Frege troch ewomy, 1 jier lyn

Beäntwurde troch Mike Kaply, 1 jier lyn

  • Oplost
  • Argivearre

Site not loading when using ESR due to CSP

One of our vendors websites does not load under Firefox ESR, with errors in the console pointing to CSP. Error is: Content Security Policy: The page's settings blocked th… (mear ynfo)

One of our vendors websites does not load under Firefox ESR, with errors in the console pointing to CSP. Error is: Content Security Policy: The page's settings blocked the loading of a resource at inline ("default-src")

However if I load the site under the normal Firefox release, it displays correctly. When looking at errors in console, it is showing 3 errors for CSP, however it does not stop the site from working correctly. Content-Security-Policy: The page's settings blocked the loading of a resources at https://..... ("connect-src") or ("img-src")

The site is https://app.approvalmax.com If you get the login screen then the site is working otherwise just getting a green background when it is not working.

I am unsure why ESR and RR versions are behaving differently in this case. Using the latest versions of each.

Frege troch chris.foster1, 1 jier lyn

Beäntwurde troch Mike Kaply, 1 jier lyn

  • Oplost
  • Argivearre

I can’t change the min and max TLS versions with either policies.json or mozilla.cfg

I need to set the max TLS version to 1.3 and the min version to 1.2 on my shstems. The max and min TLS versions are set to 4 and 3 by default in about:config. If I use lo… (mear ynfo)

I need to set the max TLS version to 1.3 and the min version to 1.2 on my shstems. The max and min TLS versions are set to 4 and 3 by default in about:config. If I use lockPref(“security.tls.version.max”,”3”), it is still 4 in about:config for some reason. If I set the min version to 2, it is still 3. This also doesn’t work if I use “SSLVersionMin”: “tls1.2” how can I fix this issue? Thank you in advance!

Frege troch Terwassolam21434, 1 jier lyn

Beäntwurde troch jscher2000 - Support Volunteer, 1 jier lyn

  • Oplost
  • Argivearre

Unable to set multiple ExtensionSettings through imported admx

I am using the intune preview feature which allows you to import admx/adml instead of using the custom injection method. Everything works far better then with the inject… (mear ynfo)

I am using the intune preview feature which allows you to import admx/adml instead of using the custom injection method. Everything works far better then with the injection method, except for one settings:

ExtensionSettings this setting is working when I have only one setting set (ex):

{"someplugin@test.com": { "installation_mode" : "allowed" }}

If I add a second line to the entry:

{"someotherplugin@test.com":{ "installation_mode" : "allowed"}}

I understand this is a new feature, but if I had the correct format that would work for HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\ExtensionSettings to allow two plugins to work I belive I shouldn't have any issue getting the admx feature to do this, I even tried manually editing the registry setting and it breaks whenever I add the second line to it.

Frege troch robert.deed, 1 jier lyn

Beäntwurde troch robert.deed, 1 jier lyn

  • Oplost
  • Argivearre

Firefox Install Location/Versions

Hello, I am working to convert my Org to Firefox ESR, but in order to this I need to uninstall the per user install of Firefox. We have many users that have the Firefox.… (mear ynfo)

Hello,

I am working to convert my Org to Firefox ESR, but in order to this I need to uninstall the per user install of Firefox. We have many users that have the Firefox.exe located in their Local Appdata folder. So I need to test the uninstall of the Appdata install and then the install of ESR. But the problem is I haven't been able to get Firefox to automatically install into the appdata folder. How am I able to do this? The users who have it installed in the appdata folder are not admins on their computers. When I'm testing I've also been using a normal user account. Please let me know how I can install the exe into the appdata folder automatically without me specifically placing it there or which exe version I need to do this.

Thanks!

Frege troch tmlloyd, 1 jier lyn

Beäntwurde troch tmlloyd, 1 jier lyn

  • Oplost
  • Argivearre

Firefox GPO: Add Custom Search Engine

We would like to install a custom search engine using Firefox policies. We have the latest version of Firefox installed. We have the latest admx files installed on our … (mear ynfo)

We would like to install a custom search engine using Firefox policies. We have the latest version of Firefox installed. We have the latest admx files installed on our Domain Controllers. In the Policy, I go into the User -> Administrative Templates -> Mozilla -> Search and setup a search engine using Search Engine One. I then go into Default Search Engine and configure our custom search to be default. What we find is that the custom search engine never installs, so the custom search engine is not set at the default. If I manually add the custom search engine using the Search Engine Helper Add-on, I can verify that the custom search settings do indeed work. With that said, does anyone have thoughts on how to troubleshoot this issue? First, need to figure out why the custom engine isn't installing at all. Thanks.

Frege troch peterc5, 1 jier lyn

Beäntwurde troch peterc5, 1 jier lyn

  • Oplost
  • Argivearre

Firefox ESR deployment with MDT Error: 1618

We use Microsoft MDT for computer deployment. We have been installing the Standard version of Firefox for a long time with no problem. Recently we started using AD GPO Te… (mear ynfo)

We use Microsoft MDT for computer deployment. We have been installing the Standard version of Firefox for a long time with no problem. Recently we started using AD GPO Templates to configure firefox. To be able to configure certain settings you need to be running the ESR version. I downloaded the more recent ESR version: 102.12.0esr.msi file.

When deploying machine MDT to install Mozilla firefox I keep getting this error: Application Mozilla Firefox ESR returned an unexpected return code: 1618

This is the only application having issues and this issue only came up since I change the installation file to the ESR version.

This is the install command being used in MDT: msiexec /i "Firefoxesr.msi" /qn /norestart

I am posting here and not with MDT support, as this only started happening when I changed the installation file to the ESR version. Has anybody else had a problem deploying ESR version through MDT? Any help on how to fix?

Frege troch Joshua_Calais, 1 jier lyn

Beäntwurde troch Joshua_Calais, 1 jier lyn

  • Oplost
  • Argivearre

Firefox Extension Management

Hi All, I have recently been enhaciing our security posture and have started sorting out our browser extensions, however I seem to be having errors allowing 2 extensions… (mear ynfo)

Hi All,

I have recently been enhaciing our security posture and have started sorting out our browser extensions, however I seem to be having errors allowing 2 extensions

  • 1Password; and
  • Firefox Multi Containers.

This is my json:

{ "*": { "blocked_install_message": "version 0.4 - Addon or Extension is not approved. Please submit a ticket to Help Desk if you need access to this extension.", "install_sources": ["https://addons.mozilla.org/"], "installation_mode": "blocked" }, "{bc8367b6-d946-484e-8da6-37691f23ee64}": { "installation_mode": "allowed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/1password-x-password-manager/latest.xpi" }, "{2a28e7e4-64c9-4e7f-81fb-0475af840c0f}": { "installation_mode": "allowed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/multi-account-containers/latest.xpi" } }

I have tried the obvious and removed the {} from both extensions, however still having troubles.

Is someone able to point me in the right direction?

Frege troch andrew219, 1 jier lyn

Beäntwurde troch andrew219, 1 jier lyn