subject:"\[Mozilla Enterprise\] Firefox Configuration Confusion \- Need to Secure Firefox"

Re: [Mozilla Enterprise] Firefox Configuration Confusion - Need to Secure Firefox

2019-09-10 Thread Eddie Rowe

Yes, I inherited the non-ESR install.  We will be 100% ESR by end of the year 
when the last Win7 system is retired.

From: Enterprise  On Behalf Of Romain Testard
Sent: Monday, September 09, 2019 2:59 AM
To: Philipp Madersbacher 
Cc: enterprise@mozilla.org
Subject: Re: [Mozilla Enterprise] Firefox Configuration Confusion - Need to 
Secure Firefox

Indeed, the policy can be used to disable DoH and please keep in mind that DoH 
is not being deployed on ESR.

More details on the DoH roll-out:
- SUMO page 
https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https<https://urldefense.proofpoint.com/v2/url?u=https-3A__support.mozilla.org_en-2DUS_kb_configuring-2Dnetworks-2Ddisable-2Ddns-2Dover-2Dhttps=DwMFaQ=2WwxlqHD_9GeHFEUsOHZXg=a0pF-r4VjZCyzB4zxbRDcONPyw-KRRoDiBPd4lDRky8=ycdwMde4z0laTvLZ2h9PsSiTkY2fym34xto4YlAONG8=jJkcRdubtS-NmTjLG4SCd86mr3TVB14xtpIfMXMcVrk=>
- ESR will NOT be impacted
- We're targeting rapid release users on 69 with IP addresses located in the 
US. We're NOT enabling DoH if any enterprise policy is detected, and if the 
enterprise roots pref is enabled. However, the proper way is to set the DoH 
enterprise policy to disable it. Administrators can also add exceptions, if 
they like DoH but it can break specific sites (e.g. because of split-horizon)

On Mon, Sep 9, 2019 at 9:10 AM Philipp Madersbacher 
mailto:philipp.madersbac...@gmail.com>> wrote:
Hello, If your main intent is to centrally manage/disable DoH in Firefox, you 
can easily do so through a GPO - the relevant links for this are:
https://support.mozilla.org/en-US/kb/customizing-firefox-using-group-policy-windows<https://urldefense.proofpoint.com/v2/url?u=https-3A__support.mozilla.org_en-2DUS_kb_customizing-2Dfirefox-2Dusing-2Dgroup-2Dpolicy-2Dwindows=DwMFaQ=2WwxlqHD_9GeHFEUsOHZXg=a0pF-r4VjZCyzB4zxbRDcONPyw-KRRoDiBPd4lDRky8=ycdwMde4z0laTvLZ2h9PsSiTkY2fym34xto4YlAONG8=GYm0WRcAisCw2B3UMB80qfDZ3QSZMhYR8mSFtaqBRYc=>
https://github.com/mozilla/policy-templates/blob/master/README.md#dnsoverhttps<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_mozilla_policy-2Dtemplates_blob_master_README.md-23dnsoverhttps=DwMFaQ=2WwxlqHD_9GeHFEUsOHZXg=a0pF-r4VjZCyzB4zxbRDcONPyw-KRRoDiBPd4lDRky8=ycdwMde4z0laTvLZ2h9PsSiTkY2fym34xto4YlAONG8=8zEZh42swHEBzGej69WGl5Wi59_HwDS7yvAlyO4NJ18=>

No need to make the matter more complicated than it is ;-)

Best regards

Am So., 8. Sept. 2019 um 22:28 Uhr schrieb Eddie Rowe 
mailto:eddie.r...@tdhca.state.tx.us>>:
Given Mozilla’s decision to turn on DNS over HTTPS we have to secure Firefox to 
disable this type of nonsense or remove it from every PC in the next two weeks. 
 Chrome is configured through an easy to manage GPO which leverages other 
really smart people who have created a security baseline along with 
preconfigured GPOs, while Firefox does not seem to have this level of support.

Assuming a  person is new to Firefox, exactly what are we supposed to modify to 
setup things securely?  I see references to things going into Mozilla.cfg, 
policies.json, GPO, autoconfig.js…I probably missed a file too.  I see people 
helpfully answering a question and telling the person to go to 
https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment<https://urldefense.proofpoint.com/v2/url?u=https-3A__developer.mozilla.org_en-2DUS_Firefox_Enterprise-5Fdeployment=DwMFaQ=2WwxlqHD_9GeHFEUsOHZXg=a0pF-r4VjZCyzB4zxbRDcONPyw-KRRoDiBPd4lDRky8=ycdwMde4z0laTvLZ2h9PsSiTkY2fym34xto4YlAONG8=-CXso3zEljza1fpH9Y3C9Jba5Xk9TwUu0A-gkjezUqs=>
 for the answer to their question, but there are just more links there.  I see 
people posting to not to bother with GPO because all the options are not there, 
but other say there are GPO settings that are no elsewhere… I see references 
that one thing is set one place, another place overrides…  I see one document 
say the autoconfig.js file goes into the folder where Firefox is installed, but 
the same document says it does into a subfolder…  I see references to setting 
preferences in the policies.json file, but I thought Mozilla.cfg was to be used 
for this?  Finally I see mention that there are preferences that are set in the 
source code that are not exposed to about:config?

Surely there is a simple one page document that walks you through this so we 
can spend a LIMITED amount of time sorting this out???

https://www.zdnet.com/article/mozilla-to-gradually-enable-dns-over-https-for-firefox-us-users-later-this-month/<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.zdnet.com_article_mozilla-2Dto-2Dgradually-2Denable-2Ddns-2Dover-2Dhttps-2Dfor-2Dfirefox-2Dus-2Dusers-2Dlater-2Dthis-2Dmonth_=DwMFaQ=2WwxlqHD_9GeHFEUsOHZXg=a0pF-r4VjZCyzB4zxbRDcONPyw-KRRoDiBPd4lDRky8=ycdwMde4z0laTvLZ2h9PsSiTkY2fym34xto4YlAONG8=mom8bD-tCg72z88i5Ys2zv21z-foQmo9Vou88AEWEyI=>
 - Ready or not, here comes DNS over HTTPS to bypass all security you have 
using DNS to block dangerous sites.

Re: [Mozilla Enterprise] Firefox Configuration Confusion - Need to Secure Firefox

2019-09-10 Thread Eddie Rowe

The DNS over HTTPS issue just highlights the need to secure Firefox and not 
accept some of Mozilla’s decisions that were made as defaults and to prevent 
employees from changing some settings.  We planned on hardening Firefox in the 
Fall, but now we have to stop and try to sort things out because of business 
decisions being made by Mozilla that contradict previous statements made when 
the UK government was up in arms about the feature.  The biggest issue I am 
having is that Firefox seems to not have much of a mindshare among security 
professionals so guidelines are very old and prior to updates being made.

From: Enterprise  On Behalf Of Philipp 
Madersbacher
Sent: Monday, September 09, 2019 2:10 AM
To: enterprise@mozilla.org
Subject: Re: [Mozilla Enterprise] Firefox Configuration Confusion - Need to 
Secure Firefox

Hello, If your main intent is to centrally manage/disable DoH in Firefox, you 
can easily do so through a GPO - the relevant links for this are:
https://support.mozilla.org/en-US/kb/customizing-firefox-using-group-policy-windows<https://urldefense.proofpoint.com/v2/url?u=https-3A__support.mozilla.org_en-2DUS_kb_customizing-2Dfirefox-2Dusing-2Dgroup-2Dpolicy-2Dwindows=DwMFaQ=2WwxlqHD_9GeHFEUsOHZXg=a0pF-r4VjZCyzB4zxbRDcONPyw-KRRoDiBPd4lDRky8=YSYE8bKjUsrwFn2wb7ubiI8ztOenwjCu-N3yiFsGnbQ=TETBRIYboX4y5SL2wusf2SfRlSB0ZtrWP2eYeVLNyK0=>
https://github.com/mozilla/policy-templates/blob/master/README.md#dnsoverhttps<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_mozilla_policy-2Dtemplates_blob_master_README.md-23dnsoverhttps=DwMFaQ=2WwxlqHD_9GeHFEUsOHZXg=a0pF-r4VjZCyzB4zxbRDcONPyw-KRRoDiBPd4lDRky8=YSYE8bKjUsrwFn2wb7ubiI8ztOenwjCu-N3yiFsGnbQ=lXj7NF7fx9iOFesiOKH0L3xVGOOeKJVkJyvhoRA6wQQ=>

No need to make the matter more complicated than it is ;-)

Best regards

Am So., 8. Sept. 2019 um 22:28 Uhr schrieb Eddie Rowe 
mailto:eddie.r...@tdhca.state.tx.us>>:
Given Mozilla’s decision to turn on DNS over HTTPS we have to secure Firefox to 
disable this type of nonsense or remove it from every PC in the next two weeks. 
 Chrome is configured through an easy to manage GPO which leverages other 
really smart people who have created a security baseline along with 
preconfigured GPOs, while Firefox does not seem to have this level of support.

Assuming a  person is new to Firefox, exactly what are we supposed to modify to 
setup things securely?  I see references to things going into Mozilla.cfg, 
policies.json, GPO, autoconfig.js…I probably missed a file too.  I see people 
helpfully answering a question and telling the person to go to 
https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment<https://urldefense.proofpoint.com/v2/url?u=https-3A__developer.mozilla.org_en-2DUS_Firefox_Enterprise-5Fdeployment=DwMFaQ=2WwxlqHD_9GeHFEUsOHZXg=a0pF-r4VjZCyzB4zxbRDcONPyw-KRRoDiBPd4lDRky8=YSYE8bKjUsrwFn2wb7ubiI8ztOenwjCu-N3yiFsGnbQ=WRDFs4M7YKZFcSinJ03hmE5WtWHlSyqD1TBZyQi13GA=>
 for the answer to their question, but there are just more links there.  I see 
people posting to not to bother with GPO because all the options are not there, 
but other say there are GPO settings that are no elsewhere… I see references 
that one thing is set one place, another place overrides…  I see one document 
say the autoconfig.js file goes into the folder where Firefox is installed, but 
the same document says it does into a subfolder…  I see references to setting 
preferences in the policies.json file, but I thought Mozilla.cfg was to be used 
for this?  Finally I see mention that there are preferences that are set in the 
source code that are not exposed to about:config?

Surely there is a simple one page document that walks you through this so we 
can spend a LIMITED amount of time sorting this out???

https://www.zdnet.com/article/mozilla-to-gradually-enable-dns-over-https-for-firefox-us-users-later-this-month/<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.zdnet.com_article_mozilla-2Dto-2Dgradually-2Denable-2Ddns-2Dover-2Dhttps-2Dfor-2Dfirefox-2Dus-2Dusers-2Dlater-2Dthis-2Dmonth_=DwMFaQ=2WwxlqHD_9GeHFEUsOHZXg=a0pF-r4VjZCyzB4zxbRDcONPyw-KRRoDiBPd4lDRky8=YSYE8bKjUsrwFn2wb7ubiI8ztOenwjCu-N3yiFsGnbQ=7i5QWN9atfx6PeSqpjIEafCA9_XfYm4-BfDYkqpQMCY=>
 - Ready or not, here comes DNS over HTTPS to bypass all security you have 
using DNS to block dangerous sites.


___
Enterprise mailing list
Enterprise@mozilla.org<mailto:Enterprise@mozilla.org>
https://mail.mozilla.org/listinfo/enterprise<https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.mozilla.org_listinfo_enterprise=DwMFaQ=2WwxlqHD_9GeHFEUsOHZXg=a0pF-r4VjZCyzB4zxbRDcONPyw-KRRoDiBPd4lDRky8=YSYE8bKjUsrwFn2wb7ubiI8ztOenwjCu-N3yiFsGnbQ=tMC8gEZTwcn_xiV8uLROx7I0j8atw5AadKGwv8TOAOg=>

To unsubscribe from this list, please visit 
https://mail.mozilla.org/listinfo/enterprise<https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.mozilla.org_listinfo_

Re: [Mozilla Enterprise] Firefox Configuration Confusion - Need to Secure Firefox

2019-09-09 Thread Éric Périard

***Typo fix*** Not my day... :/

From: Enterprise  On Behalf Of Éric Périard
Sent: Monday, September 9, 2019 7:45 AM
To: Eddie Rowe ; enterprise@mozilla.org
Subject: Re: [Mozilla Enterprise] Firefox Configuration Confusion - Need to 
Secure Firefox

Classification: Unclassified

Agreed, for those of us who have been managing ESR in our environment it's not 
too bad, but for someone just stepping into the fold, it could become a 
roadblock of red tape... Google's approach is consistent and the templates 
don't change every 5 minutes.

However, keep in mind Eddie, that Mozilla has been doing actual admx/adml 
templates for little over a year now, so we're sort of the guineapig in all of 
this.

Back then, all you had were those ini's and autoconfig files and other tools to 
configure FF.

At the end of the day, Mozilla is a much smaller group than Google Inc and 
they're doing the best they can to help out enterprise users.

Speaking of other tools, check with Mike Kaply, he's got something you may be 
interested in ;)

Éric Périard

Mission Network System Administrator | Administrateur de système du réseau de 
mission
Canadian Centre for Cyber Security | Centre canadien pour la cybersécurité
Email | Courriel: eric.peri...@cyber.gc.ca<mailto:eric.peri...@cyber.gc.ca>
Website | Site Web: https://www.cyber.gc.ca/
Government of Canada | Gouvernement du Canada

[cid:image002.png@01D4ADA3.F54E4950]

From: Enterprise 
mailto:enterprise-boun...@mozilla.org>> On 
Behalf Of Eddie Rowe
Sent: Sunday, September 8, 2019 4:28 PM
To: enterprise@mozilla.org<mailto:enterprise@mozilla.org>
Subject: [Mozilla Enterprise] Firefox Configuration Confusion - Need to Secure 
Firefox

Given Mozilla's decision to turn on DNS over HTTPS we have to secure Firefox to 
disable this type of nonsense or remove it from every PC in the next two weeks. 
 Chrome is configured through an easy to manage GPO which leverages other 
really smart people who have created a security baseline along with 
preconfigured GPOs, while Firefox does not seem to have this level of support.

Assuming a  person is new to Firefox, exactly what are we supposed to modify to 
setup things securely?  I see references to things going into Mozilla.cfg, 
policies.json, GPO, autoconfig.js...I probably missed a file too.  I see people 
helpfully answering a question and telling the person to go to 
https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment for the 
answer to their question, but there are just more links there.  I see people 
posting to not to bother with GPO because all the options are not there, but 
other say there are GPO settings that are no elsewhere... I see references that 
one thing is set one place, another place overrides...  I see one document say 
the autoconfig.js file goes into the folder where Firefox is installed, but the 
same document says it does into a subfolder...  I see references to setting 
preferences in the policies.json file, but I thought Mozilla.cfg was to be used 
for this?  Finally I see mention that there are preferences that are set in the 
source code that are not exposed to about:config?

Surely there is a simple one page document that walks you through this so we 
can spend a LIMITED amount of time sorting this out???

https://www.zdnet.com/article/mozilla-to-gradually-enable-dns-over-https-for-firefox-us-users-later-this-month/
 - Ready or not, here comes DNS over HTTPS to bypass all security you have 
using DNS to block dangerous sites.

___
Enterprise mailing list
Enterprise@mozilla.org
https://mail.mozilla.org/listinfo/enterprise

To unsubscribe from this list, please visit 
https://mail.mozilla.org/listinfo/enterprise or send an email to 
enterprise-requ...@mozilla.org with a subject of "unsubscribe"

Re: [Mozilla Enterprise] Firefox Configuration Confusion - Need to Secure Firefox

2019-09-09 Thread Éric Périard

Classification: Unclassified

Agreed, for those of us who have been managing ESR in our environment it's not 
too bad, but just stepping into the folder could become a roadblock of redtape 
for many... Google's approach is consistent and the templates don't change 
every 5 minutes.

Keep in mind Eddie, that Mozilla has been doing actually admx/adml templates 
for little over a year, so we're sort of the guineapig in all of this.

Back then, all you had were those ini's and autoconfig files and other tools to 
configure FF.

At the end of the day, Mozilla is a much smaller group than Google Inc and 
they're doing the best they can to help out enterprise users.

Éric Périard

Mission Network System Administrator | Administrateur de système du réseau de 
mission
Canadian Centre for Cyber Security | Centre canadien pour la cybersécurité
Email | Courriel: eric.peri...@cyber.gc.ca<mailto:eric.peri...@cyber.gc.ca>
Website | Site Web: https://www.cyber.gc.ca/
Government of Canada | Gouvernement du Canada

[cid:image002.png@01D4ADA3.F54E4950]




From: Enterprise  On Behalf Of Eddie Rowe
Sent: Sunday, September 8, 2019 4:28 PM
To: enterprise@mozilla.org
Subject: [Mozilla Enterprise] Firefox Configuration Confusion - Need to Secure 
Firefox

Given Mozilla's decision to turn on DNS over HTTPS we have to secure Firefox to 
disable this type of nonsense or remove it from every PC in the next two weeks. 
 Chrome is configured through an easy to manage GPO which leverages other 
really smart people who have created a security baseline along with 
preconfigured GPOs, while Firefox does not seem to have this level of support.

Assuming a  person is new to Firefox, exactly what are we supposed to modify to 
setup things securely?  I see references to things going into Mozilla.cfg, 
policies.json, GPO, autoconfig.js...I probably missed a file too.  I see people 
helpfully answering a question and telling the person to go to 
https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment for the 
answer to their question, but there are just more links there.  I see people 
posting to not to bother with GPO because all the options are not there, but 
other say there are GPO settings that are no elsewhere... I see references that 
one thing is set one place, another place overrides...  I see one document say 
the autoconfig.js file goes into the folder where Firefox is installed, but the 
same document says it does into a subfolder...  I see references to setting 
preferences in the policies.json file, but I thought Mozilla.cfg was to be used 
for this?  Finally I see mention that there are preferences that are set in the 
source code that are not exposed to about:config?

Surely there is a simple one page document that walks you through this so we 
can spend a LIMITED amount of time sorting this out???

https://www.zdnet.com/article/mozilla-to-gradually-enable-dns-over-https-for-firefox-us-users-later-this-month/
 - Ready or not, here comes DNS over HTTPS to bypass all security you have 
using DNS to block dangerous sites.


___
Enterprise mailing list
Enterprise@mozilla.org
https://mail.mozilla.org/listinfo/enterprise

To unsubscribe from this list, please visit 
https://mail.mozilla.org/listinfo/enterprise or send an email to 
enterprise-requ...@mozilla.org with a subject of "unsubscribe"

Re: [Mozilla Enterprise] Firefox Configuration Confusion - Need to Secure Firefox

2019-09-09 Thread Romain Testard

Indeed, the policy can be used to disable DoH and please keep in mind that
DoH is not being deployed on ESR.

More details on the DoH roll-out:
- SUMO page
https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https
- ESR will NOT be impacted
- We're targeting rapid release users on 69 with IP addresses located in
the US. We're NOT enabling DoH if any enterprise policy is detected, and if
the enterprise roots pref is enabled. However, the proper way is to set the
DoH enterprise policy to disable it. Administrators can also add
exceptions, if they like DoH but it can break specific sites (e.g. because
of split-horizon)

On Mon, Sep 9, 2019 at 9:10 AM Philipp Madersbacher <
philipp.madersbac...@gmail.com> wrote:

> Hello, If your main intent is to centrally manage/disable DoH in Firefox,
> you can easily do so through a GPO - the relevant links for this are:
>
> https://support.mozilla.org/en-US/kb/customizing-firefox-using-group-policy-windows
>
> https://github.com/mozilla/policy-templates/blob/master/README.md#dnsoverhttps
>
> No need to make the matter more complicated than it is ;-)
>
> Best regards
>
> Am So., 8. Sept. 2019 um 22:28 Uhr schrieb Eddie Rowe <
> eddie.r...@tdhca.state.tx.us>:
>
>> Given Mozilla’s decision to turn on DNS over HTTPS we have to secure
>> Firefox to disable this type of nonsense or remove it from every PC in the
>> next two weeks.  Chrome is configured through an easy to manage GPO which
>> leverages other really smart people who have created a security baseline
>> along with preconfigured GPOs, while Firefox does not seem to have this
>> level of support.
>>
>>
>>
>> Assuming a  person is new to Firefox, exactly what are we supposed to
>> modify to setup things securely?  I see references to things going into
>> Mozilla.cfg, policies.json, GPO, autoconfig.js…I probably missed a file
>> too.  I see people helpfully answering a question and telling the person to
>> go to https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment
>> for the answer to their question, but there are just more links there.  I
>> see people posting to not to bother with GPO because all the options are
>> not there, but other say there are GPO settings that are no elsewhere… I
>> see references that one thing is set one place, another place overrides…  I
>> see one document say the autoconfig.js file goes into the folder where
>> Firefox is installed, but the same document says it does into a subfolder…
>> I see references to setting preferences in the policies.json file, but I
>> thought Mozilla.cfg was to be used for this?  Finally I see mention that
>> there are preferences that are set in the source code that are not exposed
>> to about:config?
>>
>>
>>
>> Surely there is a simple one page document that walks you through this so
>> we can spend a LIMITED amount of time sorting this out???
>>
>>
>>
>>
>> https://www.zdnet.com/article/mozilla-to-gradually-enable-dns-over-https-for-firefox-us-users-later-this-month/
>> - Ready or not, here comes DNS over HTTPS to bypass all security you have
>> using DNS to block dangerous sites.
>>
>>
>>
>>
>> ___
>> Enterprise mailing list
>> Enterprise@mozilla.org
>> https://mail.mozilla.org/listinfo/enterprise
>>
>> To unsubscribe from this list, please visit
>> https://mail.mozilla.org/listinfo/enterprise or send an email to
>> enterprise-requ...@mozilla.org with a subject of "unsubscribe"
>>
> ___
> Enterprise mailing list
> Enterprise@mozilla.org
> https://mail.mozilla.org/listinfo/enterprise
>
> To unsubscribe from this list, please visit
> https://mail.mozilla.org/listinfo/enterprise or send an email to
> enterprise-requ...@mozilla.org with a subject of "unsubscribe"
>
___
Enterprise mailing list
Enterprise@mozilla.org
https://mail.mozilla.org/listinfo/enterprise

To unsubscribe from this list, please visit 
https://mail.mozilla.org/listinfo/enterprise or send an email to 
enterprise-requ...@mozilla.org with a subject of "unsubscribe"

Re: [Mozilla Enterprise] Firefox Configuration Confusion - Need to Secure Firefox

2019-09-09 Thread Philipp Madersbacher

Hello, If your main intent is to centrally manage/disable DoH in Firefox,
you can easily do so through a GPO - the relevant links for this are:
https://support.mozilla.org/en-US/kb/customizing-firefox-using-group-policy-windows
https://github.com/mozilla/policy-templates/blob/master/README.md#dnsoverhttps

No need to make the matter more complicated than it is ;-)

Best regards

Am So., 8. Sept. 2019 um 22:28 Uhr schrieb Eddie Rowe <
eddie.r...@tdhca.state.tx.us>:

> Given Mozilla’s decision to turn on DNS over HTTPS we have to secure
> Firefox to disable this type of nonsense or remove it from every PC in the
> next two weeks.  Chrome is configured through an easy to manage GPO which
> leverages other really smart people who have created a security baseline
> along with preconfigured GPOs, while Firefox does not seem to have this
> level of support.
>
>
>
> Assuming a  person is new to Firefox, exactly what are we supposed to
> modify to setup things securely?  I see references to things going into
> Mozilla.cfg, policies.json, GPO, autoconfig.js…I probably missed a file
> too.  I see people helpfully answering a question and telling the person to
> go to https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment
> for the answer to their question, but there are just more links there.  I
> see people posting to not to bother with GPO because all the options are
> not there, but other say there are GPO settings that are no elsewhere… I
> see references that one thing is set one place, another place overrides…  I
> see one document say the autoconfig.js file goes into the folder where
> Firefox is installed, but the same document says it does into a subfolder…
> I see references to setting preferences in the policies.json file, but I
> thought Mozilla.cfg was to be used for this?  Finally I see mention that
> there are preferences that are set in the source code that are not exposed
> to about:config?
>
>
>
> Surely there is a simple one page document that walks you through this so
> we can spend a LIMITED amount of time sorting this out???
>
>
>
>
> https://www.zdnet.com/article/mozilla-to-gradually-enable-dns-over-https-for-firefox-us-users-later-this-month/
> - Ready or not, here comes DNS over HTTPS to bypass all security you have
> using DNS to block dangerous sites.
>
>
>
>
> ___
> Enterprise mailing list
> Enterprise@mozilla.org
> https://mail.mozilla.org/listinfo/enterprise
>
> To unsubscribe from this list, please visit
> https://mail.mozilla.org/listinfo/enterprise or send an email to
> enterprise-requ...@mozilla.org with a subject of "unsubscribe"
>
___
Enterprise mailing list
Enterprise@mozilla.org
https://mail.mozilla.org/listinfo/enterprise

To unsubscribe from this list, please visit 
https://mail.mozilla.org/listinfo/enterprise or send an email to 
enterprise-requ...@mozilla.org with a subject of "unsubscribe"

[Mozilla Enterprise] Firefox Configuration Confusion - Need to Secure Firefox

2019-09-08 Thread Eddie Rowe

Given Mozilla's decision to turn on DNS over HTTPS we have to secure Firefox to 
disable this type of nonsense or remove it from every PC in the next two weeks. 
 Chrome is configured through an easy to manage GPO which leverages other 
really smart people who have created a security baseline along with 
preconfigured GPOs, while Firefox does not seem to have this level of support.

Assuming a  person is new to Firefox, exactly what are we supposed to modify to 
setup things securely?  I see references to things going into Mozilla.cfg, 
policies.json, GPO, autoconfig.js...I probably missed a file too.  I see people 
helpfully answering a question and telling the person to go to 
https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment for the 
answer to their question, but there are just more links there.  I see people 
posting to not to bother with GPO because all the options are not there, but 
other say there are GPO settings that are no elsewhere... I see references that 
one thing is set one place, another place overrides...  I see one document say 
the autoconfig.js file goes into the folder where Firefox is installed, but the 
same document says it does into a subfolder...  I see references to setting 
preferences in the policies.json file, but I thought Mozilla.cfg was to be used 
for this?  Finally I see mention that there are preferences that are set in the 
source code that are not exposed to about:config?

Surely there is a simple one page document that walks you through this so we 
can spend a LIMITED amount of time sorting this out???

https://www.zdnet.com/article/mozilla-to-gradually-enable-dns-over-https-for-firefox-us-users-later-this-month/
 - Ready or not, here comes DNS over HTTPS to bypass all security you have 
using DNS to block dangerous sites.


___
Enterprise mailing list
Enterprise@mozilla.org
https://mail.mozilla.org/listinfo/enterprise

To unsubscribe from this list, please visit 
https://mail.mozilla.org/listinfo/enterprise or send an email to 
enterprise-requ...@mozilla.org with a subject of "unsubscribe"

Re: [Mozilla Enterprise] Firefox Configuration Confusion - Need to Secure Firefox

Re: [Mozilla Enterprise] Firefox Configuration Confusion - Need to Secure Firefox

Re: [Mozilla Enterprise] Firefox Configuration Confusion - Need to Secure Firefox

Re: [Mozilla Enterprise] Firefox Configuration Confusion - Need to Secure Firefox

Re: [Mozilla Enterprise] Firefox Configuration Confusion - Need to Secure Firefox

Re: [Mozilla Enterprise] Firefox Configuration Confusion - Need to Secure Firefox

[Mozilla Enterprise] Firefox Configuration Confusion - Need to Secure Firefox

7 matches

Site Navigation

Mail list logo

Footer information