[Mozilla Enterprise] Error with using system proxy settings (when changing from using "automatic proxy configuration URL" by default via policies.json)

[Periard, Eric]

Classification: UNCLASSIFIED

Excellent, thanks for the assist.

Have a great day and keep on keeping!

Eric

From: Mike Kaply <mkaply at mozilla.com>
Sent: July 2, 2020 9:53 AM
To: Periard, Eric <Eric.Periard at cyber.gc.ca>
Cc: enterprise at mozilla.org
Subject: Re: [Mozilla Enterprise] Error with using system proxy settings (when changing from using "automatic proxy configuration URL" by default via policies.json)


EXTERNAL EMAIL – USE CAUTION / COURRIEL EXTERNE – FAITES PREUVE DE PRUDENCE
No policy for the downgrade protection. We weren't seeing a lot of folks running into this so I didn't add policy.

Note that starting with 77, we did tweak the downgrade protection so it wouldn't happen with major versions:

https://bugzilla.mozilla.org/show_bug.cgi?id=1588113<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.mozilla.org%2Fshow_bug.cgi%3Fid%3D1588113&data=02%7C01%7CEric.Periard%40cyber.gc.ca%7Cc44d8579960548c7e36108d81e8f31a2%7Cda9cbe40ec1e4997afb317d87574571a%7C0%7C0%7C637292947650523765&sdata=oMX1YvMUNcR9OVJvHDr6245wwZOvjCHY1uzjScj8lfY%3D&reserved=0>

So most folks using the ESR won't see this anymore.

Mike

On Thu, Jul 2, 2020 at 8:49 AM Periard, Eric <Eric.Periard at cyber.gc.ca<mailto:Eric.Periard at cyber.gc.ca>> wrote:
Classification: UNCLASSIFIED

Is there also a Group Policy for that or I absolutely need to go oldskool on this one?

Eric

From: Mike Kaply <mkaply at mozilla.com<mailto:mkaply at mozilla.com>>
Sent: July 2, 2020 9:47 AM
To: Periard, Eric <Eric.Periard at cyber.gc.ca<mailto:Eric.Periard at cyber.gc.ca>>
Cc: enterprise at mozilla.org<mailto:enterprise at mozilla.org>
Subject: Re: [Mozilla Enterprise] Error with using system proxy settings (when changing from using "automatic proxy configuration URL" by default via policies.json)


EXTERNAL EMAIL – USE CAUTION / COURRIEL EXTERNE – FAITES PREUVE DE PRUDENCE
Yeah, MOZ_ALLOW_DOWNGRADE is definitely what you want.

Mike

On Thu, Jul 2, 2020 at 8:05 AM Periard, Eric <Eric.Periard at cyber.gc.ca<mailto:Eric.Periard at cyber.gc.ca>> wrote:
Classification: UNCLASSIFIED

I will try this out, thanks!

I have since upgraded to the latest ESR, but just in case….

Eric

From: Mike Kaply <mkaply at mozilla.com<mailto:mkaply at mozilla.com>>
Sent: July 1, 2020 2:47 PM
To: Periard, Eric <Eric.Periard at cyber.gc.ca<mailto:Eric.Periard at cyber.gc.ca>>
Cc: enterprise at mozilla.org<mailto:enterprise at mozilla.org>
Subject: Re: [Mozilla Enterprise] Error with using system proxy settings (when changing from using "automatic proxy configuration URL" by default via policies.json)


EXTERNAL EMAIL – USE CAUTION / COURRIEL EXTERNE – FAITES PREUVE DE PRUDENCE
You can read more about this here:

https://support.mozilla.org/en-US/kb/understanding-depth-profile-installation<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.mozilla.org%2Fen-US%2Fkb%2Funderstanding-depth-profile-installation&data=02%7C01%7CEric.Periard%40cyber.gc.ca%7Cc44d8579960548c7e36108d81e8f31a2%7Cda9cbe40ec1e4997afb317d87574571a%7C0%7C0%7C637292947650523765&sdata=4kGKPThjkmN02qmthxOcusfgRgG7ZS4x6NP5i%2BHbILw%3D&reserved=0>

But specifically at the end:

" The downgrade blocking can be bypassed by setting the environment variable MOZ_ALLOW_DOWNGRADE or by passing the --allow-downgrade command line argument when running Firefox."

Hopefully this should accomplish what you need.

Alternatively if it is a problem with the new Firefox being installed in a different directory, you can use the MOZ_LEGACY_PROFILES environment variable or the LegacyProfiles policy - https://github.com/mozilla/policy-templates/blob/master/README.md#legacyprofiles<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fmozilla%2Fpolicy-templates%2Fblob%2Fmaster%2FREADME.md%23legacyprofiles&data=02%7C01%7CEric.Periard%40cyber.gc.ca%7Cc44d8579960548c7e36108d81e8f31a2%7Cda9cbe40ec1e4997afb317d87574571a%7C0%7C0%7C637292947650533763&sdata=u7EbMT70SSHMsmFeiM68%2FaYkMoOTzwhRH547D5Tostc%3D&reserved=0>

Mike

On Wed, Jul 1, 2020 at 12:04 PM Periard, Eric <Eric.Periard at cyber.gc.ca<mailto:Eric.Periard at cyber.gc.ca>> wrote:
Classification: UNCLASSIFIED

Hello,

Here’s an interesting situation: We’ve recently created a USMT Windows User Profile Backup and Restore package via SCCM and that works fine, however there’s a catch 22 with firefox….

Usually I keep a baseline version of the package via the Software Center and the users can update the browser via the ABOUT menu.

However if a windows profile is restored to a new system (with AppData) and then firefox is installed from the Software Center, of course it’s old and it sees the newer profile as incompatible.

so far the only solution I got is to go ahead and update the baseline version of my Firefox package.

So here’s my questions:

1. Is it possible somehow to load a new profile onto an old Firefox?
2. Is it possible to force Firefox to look for updates as soon as someone tries to open it?
3. If 2. is possible, would it fetch the update before prompting the user to create a new profile?

Please advise, this seems to be a none-issue with Chrome post-user mig.

Thanks

Eric
_______________________________________________
Enterprise mailing list
Enterprise at mozilla.org<mailto:Enterprise at mozilla.org>
https://mail.mozilla.org/listinfo/enterprise<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.mozilla.org%2Flistinfo%2Fenterprise&data=02%7C01%7CEric.Periard%40cyber.gc.ca%7Cc44d8579960548c7e36108d81e8f31a2%7Cda9cbe40ec1e4997afb317d87574571a%7C0%7C0%7C637292947650533763&sdata=95Lggd4BeGAb%2BGDEm%2B4DGXVYZIIRcV%2Fi4UgnOsb0rVI%3D&reserved=0>

To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.mozilla.org%2Flistinfo%2Fenterprise&data=02%7C01%7CEric.Periard%40cyber.gc.ca%7Cc44d8579960548c7e36108d81e8f31a2%7Cda9cbe40ec1e4997afb317d87574571a%7C0%7C0%7C637292947650543754&sdata=wCGWr4sCJRbekoaQ0lARhPrrHzSoeTdrx2%2FduUXDs5U%3D&reserved=0> or send an email to enterprise-request at mozilla.org<mailto:enterprise-request at mozilla.org> with a subject of "unsubscribe"
_______________________________________________
Enterprise mailing list
Enterprise at mozilla.org<mailto:Enterprise at mozilla.org>
https://mail.mozilla.org/listinfo/enterprise<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.mozilla.org%2Flistinfo%2Fenterprise&data=02%7C01%7CEric.Periard%40cyber.gc.ca%7Cc44d8579960548c7e36108d81e8f31a2%7Cda9cbe40ec1e4997afb317d87574571a%7C0%7C0%7C637292947650543754&sdata=wCGWr4sCJRbekoaQ0lARhPrrHzSoeTdrx2%2FduUXDs5U%3D&reserved=0>

To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.mozilla.org%2Flistinfo%2Fenterprise&data=02%7C01%7CEric.Periard%40cyber.gc.ca%7Cc44d8579960548c7e36108d81e8f31a2%7Cda9cbe40ec1e4997afb317d87574571a%7C0%7C0%7C637292947650553752&sdata=sYW3ZwltPKBfD%2FVbT3eqMvhRY4xntPnlqEiIBXXxFSk%3D&reserved=0> or send an email to enterprise-request at mozilla.org<mailto:enterprise-request at mozilla.org> with a subject of "unsubscribe"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/enterprise/attachments/20200702/7a407ad7/attachment.html>