Firefox mba’apohaguasúpe g̃uarã Tekoha Aty

We are currently considering using Firefox ESR as our default browser but experiencing a few issues and one of them is with our configured SailPoint IdentityIQ Single Sign-On Experience, which uses Basic Authentication.

Issue Description First, the login button needs to be clicked multiple times before access to the site is granted. Once signed in, the Firefox inbuilt authentication dialogue appears, prompting the user to log in again (see the attached screenshot). The landing page is only presented after clicking the login button several times. This creates a poor user experience, sometimes causing pages to load improperly. Interestingly, the same process works seamlessly in Edge Chromium.

Troubleshooting Steps Taken I have already attempted the following: 1. Temporarily disabled all custom and security settings in mozilla.cfg and config.json. 2. Temporarily disabled Firefox Tracking Protection. 3. Allowed third-party cookies for the specific URL. 4. Upgraded Firefox Version to 128.7.0 5. Since our Firefox browser is significantly hardened, I have also enabled and reconfigured the following settings in mozilla.cfg to ensure Basic Authentication is allowed, functions properly, and suppresses Firefox’s authentication prompt, but without success:

network.http.phishy-userpass-length = 255 network.http.use-basic-auth network.automatic-ntlm-auth.allow-non-fqdn network.automatic-ntlm-auth.trusted-uris security.enterprise_roots.enabled security.enterprise_roots.enabled

Observations from SailPoint Team Our colleagues from SailPoint have tested the setup in their environment, and according to them, it works as expected. However, their browser is not hardened, and they have leveraged the SailPoint UI for authentication instead of the built-in Firefox authentication prompt.

Further Investigation • Is there a specific configuration required in the user profile settings? • Network trace analysis shows 404 errors on GET requests and the following error codes on POST requests: • 302 Redirect: Mozilla Documentation • 408 Request Timeout: Mozilla Documentation

Next Steps Is there a specific security setting that needs to be enabled or disabled? Are there any particular Firefox enterprise policies we should modify? I have also attached screenshots for reference. Let me know if you need specific logs or network traces for further troubleshooting.

Using group policy there is various settings required for our users. We have been using the preferences policy located at: Administrative Templates > Mozilla > Firefox > Preferences

This policy requires the use of JSON, we have been using the following which has been working ok:

{ "media.navigator.permission.disabled": { "Value": true, "Status": "user" }, "browser.warnOnQuit": { "Value": true, "Status": "user" }, "keyword.enabled": { "Value": false, "Status": "user" }, "browser.tabs.unloadOnLowMemory": { "Value": false, "Status": "user" }, }

Within the old "Preferences (Deprecated)" there is a setting called "intl.accept_languages" which we are wanting to use but I can't seem to find a way to include this within the JSON. We are wanting to set it to "en-GB".

If I enable this within the old deprecated preferences section it causes the Preferences with the JSON to stop working.

I have tried various combinations of including it within the JSON but neither are working:

"intl.accept_languages": { "Value": en-GB, "Status": "user" }

"intl.accept.languages": { "Value": en-GB, "Status": "user" }

I've checked the Mozilla website here: https://mozilla.github.io/policy-templates/ There doesn't seem to be any reference for the intl.accept_languages setting to be used within the JSON

Please can someone advise?

Dear Mozilla Firefox Team,

I hope this message finds you well.

We manage a network of workstations that frequently utilize the Mozilla Firefox browser. Recently, we have encountered a situation where many of our systems are showing vulnerabilities due to pending browser updates. The updates are being installed successfully; however, users often neglect to restart the browser, which is crucial for completing the update process and ensuring security.

To address this, we would like to inquire if there is an existing Group Policy that can be configured to automatically notify users when they need to restart their Firefox browser to apply the latest updates. Such a feature would greatly assist us in maintaining the security integrity of our workstations and ensuring that users are made aware of the importance of restarting their browsers when prompted.

If this functionality is not currently available, we would appreciate any insights on potential workarounds or future plans to incorporate such a feature.

Thank you for your attention to this matter. We look forward to your response.

Hi All, I want to block traffic on firefox externally for managed devices via Intune, following the import of the ADMX/ADML files into intune.

Having read https://support.mozilla.org/en-US/kb/managing-firefox-intune I have set '\Mozilla\Firefox\Exceptions to blocked websites' to the following; //*.mydomain.com/*

Which works, however, I also want to add hosts that are only resolving on IPs and not DNS. I can add specific IPs if known, but is there a way I can allow IP ranges? Ie

//10.10.*/* (this doesn't currently work) Of the included screenshot, only the wildcard for mydomain.com and the specific IP currently work

I've looked over the link that is recommened in the policy (indirectly) and can't see an option for allowing an IP range. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Match_patterns

If there is a better way to do this via intune for firefox only, please let me know.

Thanks

Form History Control (II) FoxyProxy Standard

These 2 extensions just installed themselves in Firefox ESR and disabled ALL my current extensions!!? I can't seem to remove them either.. please help!

I'm running Parrot OS (Linux) and had just signed myself in @hackthebox.com , which is a friendly place where people can learn to develop their cybersecurity skills. security on this site should be great, i don't know if this could be the issue...

Thanks in regards!

I need assistance with updating an old version of Firefox installed in the local AppData folder on our users' machines. We currently use Intune for application management, but I'm unsure how to remove the user-based installation and revert to a system installation without losing bookmarks.

Could you please provide guidance on how to:

1. Numbered list item Force update Firefox to the latest version while keeping user data intact.

2. Remove the user-installed version of Firefox using Intune.

3. Ensure that bookmarks are preserved during the update process.

Thank you for your help!

Hello community,

i would like to ask about how to deploy security.pki.certificate_transparency.disable_for_hosts globally for users? With version 135 a lot of production webapps stopped working and as of now , we have to do manual modification in about:config. Our company has over 300k users , so the possible disruption might arise very quickly and there will be significant loses in production enviroment.

Is there a way how to deploy this specific setting via GPO/SCCM ?

Thank you

Trying to block www.share365.net but it's not working

{

 "policies": {
     "WebsiteFilter": {
         "Block": [
           "*:share365.net",
           "*:www.share365.net",
           "*://share365.net/*"
         ]
     }
 }

}

My original intent was to customize firefox with userChrome.js scripts. However /defaults/pref directory is nowhere to be found.

Tested on both apple silicone and intel macs running macos sequoia 15.3, firefox 135.

Custom userChrome.css files are in use but I don't think it matters.

I did use browser console to find and recheck file directories. Going through every folder in both firefox.app/contents and /Users/(myname)/Library/Application Support/Firefox/ showed nothing.

Show hidden files are turned on, and the following commands via terminal showed no valid responses.

sudo open /Applications/Firefox.app/Contents/Resources/defaults/pref

open /Applications/Firefox.app/Contents/Resources/defaults/pref

cd /Applications/Firefox.app/Contents/Resources ls -la cd defaults ls -la cd pref ls -la

find /Applications/Firefox.app -name "pref" 2>/dev/null

Hi. On an Active Directory, we deploy Firefox (normal or ESR). It's OK. When we deactivate the link of the GPO, it's supposed to uninstall. But it doesn't (even if we delete the GPO, specifying to uninstall at once).

The gpresult command on each computer doesn't show the GPO anymore, but Firefox is still installed.

( FYI, we used to do that with FrontMotion Community Edition, and it was always working (instal and uninstal). We even just tried the "last" (but old) ESR edition present on the FrontMotion site (CEESR-102), and it works. But FM CE version has stopped being developped. )

So, any idea about why the official Mozilla Firefox version (normal or ESR) doesn't uninstall?

Thanks by advance.

Hello,

New subscriber here. I have been given the task to test the install and uninstall of the Purview Firefox browser extension using Intune. I created 2 groups in EntraID, one for each (install and uninstall).

I have no issues with the installation. Initially, I left the test device in the install group and then added it to the uninstall group to remove it. (this usually works with other apps, it worked this way with the Purview Chrome browsing extension as well other apps) but when I do this, nothing happens.

Next, I removed the device from the install group and added it to the uninstall group only. Once the configuration profile applies to the test device, it allows the user to remove it manually (before it did not) but the extension remains installed.

I have created a policy using the administrative template extension uninstall option as well as with the OMA-URI settings but the same happens. When i check the device configuration for the device in Intune, it says it succeeded but that is not the case. The OMA-URI setting I was not too sure about, but gave it a shot. I used the UUID value for the Purview Firefox extension

I am attaching some pictures and hope someone can tell me what I am doing wrong. I can add additional information, if needed. I have opened a ticket with Microsoft last week but have not called me yet. I ran into this forum today.

Thanks in advance

I am having the same issue as this other user here: https://www.reddit.com/r/sysadmin/comments/17wvuwh/help_pinning_extension_in_firefox_with_gpo/

Preliminaries -- Initially (before trying to force-pin), I had these GPOs enabled:

Extensions to Install -> https://addons.mozilla.org/firefox/downloads/file/4410896/bitwarden_password_manager-2024.12.4.xpi

Prevent extensions from being disabled or removed ->

• {446900e4-71c2-419f-a6a7-df9c091e268b}
• {3f6129fb-6c55-4452-ab6f-7c109b2301df}
• https://addons.mozilla.org/firefox/downloads/file/4410896/bitwarden_password_manager-2024.12.4.xpi

(Those GPOs above all work.)

What I'm trying to do: Force-pin Bitwarden.

I believe I've followed the documentation correctly (except for not including a "*" case): https://mozilla.github.io/policy-templates/#extensionsettings

I've enabled this GPO with this value:

Extension Management ->

{

 "{446900e4-71c2-419f-a6a7-df9c091e268b}": {
   "default_area": "navbar"
 }

}

After running various "GPUpdate"s and whatnot, the option to uncheck "Pin to toolbar" is still available to click.

I've verified in "about:policies#active" that the JSON item appears next to "ExtensionSettings" and that there are no errors listed in the "Errors" tab.

I've also verified that it appears in the correct location in the Registry.

Since another user had the same issue (Reddit link above), I figured it'd be a good idea to check in with y'all to see if we are missing something.

Thanks for your help!

Firefox is used on Windows 11 Enterprise. There is a firefox.cfg in the installation directory (and an autoconfig.js in the ./defaults/pref sub-directory). The firefox.cfg targets an autoconfigfile.js. This setup is recommended here: [firefox using autoconfig"]

1. In the support article´s example, the firefox.cfg uses a pref(); expression. Is it possible to use a lockPref(); expression instead?
2. What is the result of either using pref(); expressions or user_pref(); expressions in the remoted autoconfigfile.js? Are both of them possible, especially while the firefox.cfg uses lockPref(); expressions instead of pref();?

I hope that somesone can help with one of these questions. Thanks a lot!

Hey everyone. I am automating end-to-end testing with playwright for python, using the official Docker image from the microsoft artifact repository (using `playwright/python:v1.49.1`).

As I have signed certificates for my local domains with my own certificate authority, I am trying to have Firefox automatically install the certificates via a policies file. However, Firefox seems to ignore the policies file no matter what.

To ensure that the file itself is used, I simplified it to a single boolean value, and ensured that it's copied correctly inside the container via the `cat` command. Here are the current contents:

{

 "policies": {
   "DisableTelemetry": true

}

I know that the CA certificate is installed correctly, as it works out of the box using the WebKit browser and Curl command. I have gotten it to work in Chromium by installing it to nssdb using `certutil`.

I have converted the file from ASCII to the `utf-8` charset.

The file has the expected content, and I have copied it to both `/etc/firefox/policies/policies.json` and `/ms-playwright/firefox-1466/firefox/distribution/policies.json` (the path to the binary is `/ms-playwright/firefox-1466/firefox/firefox`).

Opening `about:policies` shows the text "The Enterprise Policies service is inactive.", which is sadly not very informative. It would be nice to have a list of locations it looks in, and any problems it encountered.

The container uses Firefox Nightly 132.

Are these locations incorrect? Is there any way to debug this? Does anyone have any other suggestions? If you need any more info (Dockerfile, etc.), please let me know.

Thanks in advance.

Firefox is used on Windows 11 Enterprise. There is a firefox.cfg in the installation directory (and an autoconfig.js in the ./defaults/pref sub-directory). Everything works fine when a pref(...); entry is written to the firefox.cfg. However, we want the firefox.cfg to call the pref(...); entries from a global_config.js which is saved on the machines public directory.

Therefore, the firefox.cfg says:

// free line lockPref("autoadmin.global_config_url","file:///C:/Users/Public/.../global_config.js");

But firefox does not load whatever prefs are written to the global_config.js. There probably is problems with the formatting of the file path (file:///C:/Users/Public/.../global_config.js). What would the correct formatting look like? Unfortunately, Mozilla´s support guide only includes an example code for a firefox.cfg which calls a global_config.js via http:, but not via file:.

We have an application running on Firefox and noticed that with new Firefox ESR, Ajax call (XMLHttpRequest ) from js script running on Firefox browser on thin clients seems to be blocked frequently (same call succeed most of the time, but blocked from time to time). Issue was raised starting with Firefox 128.2.0esr), but in general persist with newer Firefox ESR. We tried replacing XMLHttpRequest with fetch which seems making no much difference so far.