Forum zhromadźenstwa Firefox za Enterprise

CVE-2024-7528 is not closing on Rapid7/Nexpose re-scans for Windows 2012 R2 Servers. When the latest ESR package for Windows 2012 R2 is applied the vulnerability remains open even when using ESR version 115.17.0.

When I check the NVD it looks like the only vulnerable versions are <115.7.0. https://nvd.nist.gov/vuln/detail/CVE-2024-7528#range-13199073

Is this vulnerability resolved in any released version of ESR? In browsing the release notes for the past few ESR releases I'm not seeing it mentioned so curious if it's

I'm setting up a cloud-init to make it easier to deploy Linux workstations. I want to display the various links to my sites on my Firefox browser. Bookmark my services. Do you think this is possible? I've already applied a rule to retrieve certificates, but it seems complicated for bookmarks.

Here's an extract  :

{

 "policies": {
   "Bookmarks": [
     {
       "Title": "Main",
       "URL": "https://service.net",
       "Folder": "Bookmarks Toolbar"
     },
     {
       "Title": "Service 1",
       "URL": "https://service1.net",
       "Folder": "Bookmarks Toolbar"
     },
     {
       "Title": "Service 2",
       "URL": "https://service2.net",
       "Folder": "Bookmarks Toolbar"
     },
     {
       "Title": "Documentation",
       "URL": "https://docs.net",
       "Folder": "Bookmarks Toolbar"
     }
   ]
 }

}

Best Regards,

Dylan

Le 05 novembre 2024 Bonjour, Je ne parviens pas à faire la mise à jour FireFox. J'utilise un MAC OS X version 10.9.5 Processeur 2,7GHz Intel Core 15 Mémoire 8 Go 1600 MH DDR3 MERCI de bien vouloir me répondre en Français. Bonne journée. Cordialement.

No matter which option I choose, I keep getting a message that tells me Firefox cannot be updated. The Oesr version wont update either. It tells me to update to 115.17 Oesr and when I click on update I keep getting this error.

With Firefox 115.14.0esr, 115.2esr and 128.xesr we can`t log in into a company website with a certificate. After the certificate login we end up on the WebSeal again. Http status 302 for pkmslogin.form and pkmscertpromptstagen is called ~12x repeatedly with 302 error each time and then jump back to the login screen.

Hi,

Looking to upgrade our org to ESR 128.2.0 due to compatibility issues - most notably, embedded PDFs not loading due to Promise.withResolvers() not being implemented on versions prior to 121.

Curious to know if there are any issues or concerns with upgrading manually/pushing this version out - would like to ensure we don't cause further issues in attempting to resolve one.

Firefox version

   128.2.0esr (64-bit)

Operating system

   Windows 10/Windows11 23H2 Septembre patch

Hello everyone,

maybe you can tell me/explain what the problem could be.

In our company we had Firefox version 115.14.0esr (64-bit) and then we updated to 128.2.0esr (64-bit).

Since version 128.2 ESR we have experienced problems in Firefox when trying to access DNN+ pages (with login). https://www.dnn.de/sport/regional/dresdner-sc-denkt-ueber-uebernahme-der-margon-arena-nach-C3IC74MZ6FE43AKGCZJSKUXA3I.html

In Firefox the content is cut off, in Edge it is displayed normally.

With Edge and Firefox 115.14.0esr the page is displayed normally. No AdBlock installed.

In developer mode I see the errors in the versions, so it shouldn't be that.

Cross-source (cross-origin) request blocked: The same-source rule prohibits reading the external resource on https://gum.criteo.com/sid/json?origi...AAAAAAAA&gdpr=1. (Reason: CORS request failed). Status code: (null).

Cross-source (cross-origin) request blocked: The same-source rule prohibits reading the external resource on https://id5-sync.com/api/config/prebid. (Reason: CORS request failed). Status code: (null).

Any ideas? Thank you very much! :)

Hello,

I installed Firefox 128.2.0esr. I set the next parameters in GPO for settings DNSOverHTTPS: "DNSOverHTTPS": {

                      "Enabled":  true,

"ProviderURL": "https://safe.dot.dns.yandex.net/dns-query", "Locked": true, "Fallback": true }. But when checking via https://www.cloudflare.com/ru-ru/ssl/encrypted-sni/#results I get (screenshot in attachment). As you can see from the screenshot, DNS and SNI did not receive the coveted check marks. Secure DNS We weren’t able to detect whether you were using a DNS resolver over secure transport. Contact your DNS provider or try using 1.1.1.1 for fast & secure DNS. DNSSEC Attackers cannot trick you into visiting a fake website by manipulating DNS responses for domains that are outside their control. TLS 1.3 Nobody snooping on the wire can see the certificate of the website you made a TLS connection to. Secure SNI Anybody listening on the wire can see the exact website you made a TLS connection to.

In my browser / about:config: network.trr.mode = 2 network.trr.uri = https://safe.dot.dns.yandex.net/dns-query

In 128.2.0esr there is no protection against ESNI interceptions and ECH is enabled by default? Or is the problem that the DNS provider does not support the technology from Mozilla? Or what other settings we need use (via GPO)?

Thank you.

We've been noticing for some time now that we haven't been able to load the Microsoft Bookings Page using the Microsoft Store version of the Firefox web browser.

Here's what we have tried and what we know: -We cleared cache and cookies using the "Everything" drop down option to no avail. -Confirmed that we are running the latest version and no extensions are running. -Tested running it in "New Private Window" to no avail. -Tested Diagnostic Mode to no avail. -Tested Refresh Firefox to no avail. -We confirmed that we are able to login and load the Microsoft booking page using different browsers (Edge, Chrome and even Firefox directly from their own page) with no issues. - We confirmed that different users can replicate the issue and can be replicated on a different computer as well. -We confirmed that we are able to access other Office 365 web apps with out an issue on the Microsoft Store version of the Firefox web browser.

Microsoft Support stated that they are able to replicate the issue on their end, but advised to reach out to Firefox support to investigate this further.

Feel free to let me know if any other information would be helpful such as .HAR log file(s) etc.

Thanks!

Firefox (129.0.2) displays "401 - Unauthorized: Access is denied due to invalid credentials" (see attached image)

I have tried various combinations of setting and not setting the following in Firefox:

• network.negotiate-auth.trusted-uris
• network.negotiate-auth.delegation-uris
• network.auth.use-sspi

For the URI settings I have tried both .domainname.domainextension and https://servicename.domainname.domainextension

In Windows 10 Control Panel -> Internet Options, the site is in "Trusted sites" using a domain wildcard, and also "Local intranet" and both "Automatic logon" and "Enable Integrated Windows Authentication" are enabled. I suspect those setting aren't relevant since other browsers are authenticating without error or prompt, but calling this out to show that I've covered that base.

The web service is served by IIS 10.0 on Windows Server 2022 and the authentication provider list only includes Negotiate, but I don't believe this issue has anything to do with IIS or its configuration as, again, other browsers are authenticating without error or prompt.

Anything else to check?

Thank you for any guidance you can offer.

Hello,

I am reaching out to gain information on ADMX GPO policies. We are retiring Policy Pak which used to add all the policies and secure Firefox for Enterprise. What we noticed is that Policy Pak used the app set to apply these policies and we are noticing that native GPO's for the most part to match the Policy Pak policies is not as accurate for GPO's My ask here is there any Most Viable Product suggestions to apply Native GPO's for securing Firefox.

I am working on deploying Firefox with a GPO and I noticed that a saved password can be easily viewed just by going into the password manager. I found a way to disable the password manager all together, but then you can't save passwords. I am look for a way just to Require device sign in to fill and manage passwords as it says so its not just clicking the eyeball to see the password. I saw this article ( https://support.mozilla.org/en-US/kb/firefox-password-authentification-prompt ) which is how I got the description for this and that seems to be exactly what I want, But I cannot find this setting anywhere in the GPO. Anyone know where it is OR perhaps maybe you could add it?

Hi All,

I'm using Firefox on 24 PC's in a primary school computer Lab, I have had reports of students installing extensions and plugins that i wish to stop, also i've had issues with students not signing out of their email and other students gaining access.

Im looking for solutions for the following and was hoping someone could point me in the right direction -

1. Disabling the installations of extensions and plugins. 2. Clearing browsing history/logging out of any accounts. 3. Locking settings so students can't change settings.

Any help would be greatly appreciated. Adam

I'm a newbie using Debian and Deb 12 ships with Firefox ESR and I've decided to stick with it instead of the regular release, 'cause it breaks some extensions I have. However, I want to upgrade to the latest ESR version, how do I do it? I tried going to (https://www.mozilla.org/en-US/firefox/all/#product-desktop-esr), but the file for linux 64 bit is a .tar.bz2 file, which I have no idea how to compile.

We use ESR due to its stability and long term security updates, and we use Duo as our SSO/IDP.

We have Duo set to deny login when the browser is more than 6 mo out of date, but due to the way FF reports only the main version number via the user agent Duo is unable to determine that FF ESR is actually up to date and thinks that it's too old and my users are being denied login or getting an erroneous message about needing to update their browser.

Is there a way to set FF to report it's whole version to Duo? We would prefer not to have to "outlaw" FF in our prod environment if at all possible.