Except where noted, everything here applies ONLY to Firefox 127 and NOT the Firefox 115.12 ESR.

Policies

• The DisableEncryptedClientHello policy has been added to control Encrypted Client Hello.
• The PostQuantumKeyAgreementEnabled policy has been added to control post-quantum key agreement for TLS.
• The HttpsOnlyMode policy has been added to control HTTPS-Only Mode.
• The HttpAllowlist policy has been added to add exceptions to HTTPS-Only Mode.
• The Preferences policy has been updated to allow setting the preferences security.mixed_content.block_display_content and security.mixed_content.upgrade_display_content.
• The UserMessaging policy has been updated to remove the WhatsNew option.
• The ExtensionSettings policy has been updated to add temporarily_allow_weak_signatures to allow installing extensions signed using deprecated signature algorithms.

Special Notes

Firefox ESR 128

Firefox 128 is the next ESR and will be released on July 9, 2024. Going forward, we will only be backporting security fixes to the Firefox 115 ESR.

If you use the ESR, we strongly recommend that you start testing with Firefox Nightly to see if there are any issues you have with the new ESR.

If you need to prevent upgrades for any reason, you can use the AppUpdatePin policy.