<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
code
{mso-style-priority:99;
font-family:"Courier New";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">***Typo fix*** Not my day… :/<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Enterprise <enterprise-bounces@mozilla.org> <b>
On Behalf Of </b>Éric Périard<br>
<b>Sent:</b> Monday, September 9, 2019 7:45 AM<br>
<b>To:</b> Eddie Rowe <eddie.rowe@tdhca.state.tx.us>; enterprise@mozilla.org<br>
<b>Subject:</b> Re: [Mozilla Enterprise] Firefox Configuration Confusion - Need to Secure Firefox<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><span style="color:#00B050">Classification: Unclassified<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Agreed, for those of us who have been managing ESR in our environment it’s not too bad, but for someone just stepping into the fold, it could become a roadblock of red tape… Google’s approach is consistent and
the templates don’t change every 5 minutes.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">However, keep in mind Eddie, that Mozilla has been doing actual admx/adml templates for little over a year now, so we’re sort of the guineapig in all of this.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Back then, all you had were those ini’s and autoconfig files and other tools to configure FF.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">At the end of the day, Mozilla is a much smaller group than Google Inc and they’re doing the best they can to help out enterprise users.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Speaking of other tools, check with Mike Kaply, he’s got something you may be interested in ;)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span lang="FR-CA" style="font-size:10.0pt;color:#1F497D;mso-fareast-language:EN-CA">Éric Périard<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span lang="FR-CA" style="font-size:10.0pt;color:#1F497D;mso-fareast-language:EN-CA"><o:p> </o:p></span></b></p>
<p class="MsoNormal"><span lang="FR" style="font-size:9.0pt;color:#1F497D;mso-fareast-language:EN-CA">Mission Network System Administrator
<b>|</b> Administrateur de système du réseau de mission<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-CA" style="font-size:9.0pt;color:#1F497D;mso-fareast-language:EN-CA">Canadian Centre for Cyber Security | Centre canadien pour la cybersécurité<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-CA" style="font-size:9.0pt;color:#1F497D;mso-fareast-language:EN-CA">Email | Courriel:
</span><span style="color:#1F497D"><a href="mailto:Eric.Periard@cyber.gc.ca"><span lang="FR-CA" style="font-size:9.0pt;color:#1F497D;mso-fareast-language:EN-CA">Eric.Periard@cyber.gc.ca</span></a></span><span lang="FR-CA" style="font-size:9.0pt;color:#1F497D;mso-fareast-language:EN-CA"><br>
Website | Site Web: </span><span style="color:#1F497D"><a href="https://www.cyber.gc.ca/"><span lang="FR-CA" style="font-size:9.0pt;color:#1F497D;mso-fareast-language:EN-CA">https://www.cyber.gc.ca/</span></a></span><span lang="FR-CA" style="font-size:9.0pt;color:#1F497D;mso-fareast-language:EN-CA"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-CA" style="font-size:9.0pt;color:#1F497D;mso-fareast-language:EN-CA">Government of Canada
<b>|</b> Gouvernement du Canada<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-CA" style="font-size:9.0pt;color:#1F497D;mso-fareast-language:EN-CA"><br>
</span><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#1F497D"><img border="0" width="452" height="57" style="width:4.7083in;height:.5937in" id="Picture_x0020_1" src="cid:image001.png@01D566E2.F3AC8730" alt="cid:image002.png@01D4ADA3.F54E4950"></span><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#1F497D;mso-fareast-language:EN-CA"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#1F497D;mso-fareast-language:EN-CA"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Enterprise <<a href="mailto:enterprise-bounces@mozilla.org">enterprise-bounces@mozilla.org</a>>
<b>On Behalf Of </b>Eddie Rowe<br>
<b>Sent:</b> Sunday, September 8, 2019 4:28 PM<br>
<b>To:</b> <a href="mailto:enterprise@mozilla.org">enterprise@mozilla.org</a><br>
<b>Subject:</b> [Mozilla Enterprise] Firefox Configuration Confusion - Need to Secure Firefox<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Given Mozilla’s decision to turn on DNS over HTTPS we have to secure Firefox to disable this type of nonsense or remove it from every PC in the next two weeks. Chrome is configured through an easy to manage GPO which leverages other really
smart people who have created a security baseline along with preconfigured GPOs, while Firefox does not seem to have this level of support.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Assuming a person is new to Firefox, exactly what are we supposed to modify to setup things securely? I see references to things going into Mozilla.cfg, policies.json, GPO, autoconfig.js…I probably missed a file too. I see people helpfully
answering a question and telling the person to go to <a href="https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment">
https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment</a> for the answer to their question, but there are just more links there. I see people posting to not to bother with GPO because all the options are not there, but other say there are GPO settings
that are no elsewhere… I see references that one thing is set one place, another place overrides… I see one document say the autoconfig.js file goes into the folder where Firefox is installed, but the same document says it does into a subfolder… I see references
to setting preferences in the policies.json file, but I thought Mozilla.cfg was to be used for this? Finally I see mention that there are preferences that are set in the source code that are not exposed to about:config?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Surely there is a simple one page document that walks you through this so we can spend a LIMITED amount of time sorting this out???<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><a href="https://www.zdnet.com/article/mozilla-to-gradually-enable-dns-over-https-for-firefox-us-users-later-this-month/">https://www.zdnet.com/article/mozilla-to-gradually-enable-dns-over-https-for-firefox-us-users-later-this-month/</a>
- Ready or not, here comes DNS over HTTPS to bypass all security you have using DNS to block dangerous sites.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>