Firefox 102.3.0 ESR, installs extension without permission
Hello,
I am managing Firefox for a very large organization. We have several extension that we deploy using registry keys and we don't allow users to install additional addons. However, since version 102.3 I noticed some extensions that are present on the machine as .xpi files, but should not install unless a specific application is also present, are also being activated. They are enabled in the add-on manager, the information is present in the "extensions.json" and "extension-preferences.json" files. This should not happen. Is there any way to prevent the activation of these files?
Thank you!
선택된 해결법
Hello,
I have redone the entire set of keys for the extensions. The issue is solved and never reoccurred. My best guess is there were some residual keys left over on the affected machines. Anyway, thread can be closed. Much appreciate all your effort. Cheers!
문맥에 따라 이 답변을 읽어주세요 👍 0모든 댓글 (7)
I'm sorry, I'm having trouble understanding exactly what the issue is based on your post.
My suggestion would be that you take a look at the new ExtensionSettings policy:
https://github.com/mozilla/policy-templates/blob/master/README.md#extensionsettings
It gives you a lot more flexibility.
In particular, in your case, you could set Firefox to allow users to install dictionaries, but not explicitly install them all so the users don't have unnecessary dictionaries.
Hello Mike,
Thank you for the reply. I will try to explain in more detail. I also understand your suggestion, but all the extensions are required and the users should not interact with the configuration at all. I have the exact configuration that we used on version 91.3 ESR and everything works as intended. However, once i made the upgrade to version 102.3 ESR there is one extension in particular that installs without being instructed to do so. The "Zotero" extension to be precise. This one is targeted for a group of users only, and filtered to install only if a certain executable file exists on the machine(the .xpi file exists on all the machines, copied via GPO). But it installs for everyone. I found traces of this extension in the "extensions.json" file, under the users profiles, but no idea why and how this information goes there. I have opened this thread because in version 91.3 with the exact config, i have no issues at all. Any ideas would be welcome :) Cheers!
How is Zotero installed for the users that it is targeted to? Is the GPO modified for those users to include zotero?
Hello Mike,
Indeed, if the presence of the application executable is present on the machine, the GPO activates the extension by writing the reg key.
Cheers!
So I don't know any reason why this would be installed if it wasn't in the GPO. I don't know where else we would be getting the install instruction from.
My only though is that if this genuinely is a new behavior, you could use mozregression to figure out when it started.
https://mozilla.github.io/mozregression/
But I'm at a loss. If the extension isn't in policy, I don't know how it would be getting installed.
Were you able to figure anything out?
선택된 해결법
Hello,
I have redone the entire set of keys for the extensions. The issue is solved and never reoccurred. My best guess is there were some residual keys left over on the affected machines. Anyway, thread can be closed. Much appreciate all your effort. Cheers!