This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Firefox 102.3.0 ESR, installs extension without permission

more options

Hello,

I am managing Firefox for a very large organization. We have several extension that we deploy using registry keys and we don't allow users to install additional addons. However, since version 102.3 I noticed some extensions that are present on the machine as .xpi files, but should not install unless a specific application is also present, are also being activated. They are enabled in the add-on manager, the information is present in the "extensions.json" and "extension-preferences.json" files. This should not happen. Is there any way to prevent the activation of these files?

Thank you!

Hello, I am managing Firefox for a very large organization. We have several extension that we deploy using registry keys and we don't allow users to install additional addons. However, since version 102.3 I noticed some extensions that are present on the machine as .xpi files, but should not install unless a specific application is also present, are also being activated. They are enabled in the add-on manager, the information is present in the "extensions.json" and "extension-preferences.json" files. This should not happen. Is there any way to prevent the activation of these files? Thank you!
Attached screenshots

Chosen solution

Hello,

I have redone the entire set of keys for the extensions. The issue is solved and never reoccurred. My best guess is there were some residual keys left over on the affected machines. Anyway, thread can be closed. Much appreciate all your effort. Cheers!

Read this answer in context 👍 0

All Replies (7)

more options

I'm sorry, I'm having trouble understanding exactly what the issue is based on your post.

My suggestion would be that you take a look at the new ExtensionSettings policy:

https://github.com/mozilla/policy-templates/blob/master/README.md#extensionsettings

It gives you a lot more flexibility.

In particular, in your case, you could set Firefox to allow users to install dictionaries, but not explicitly install them all so the users don't have unnecessary dictionaries.

more options

Hello Mike,

Thank you for the reply. I will try to explain in more detail. I also understand your suggestion, but all the extensions are required and the users should not interact with the configuration at all. I have the exact configuration that we used on version 91.3 ESR and everything works as intended. However, once i made the upgrade to version 102.3 ESR there is one extension in particular that installs without being instructed to do so. The "Zotero" extension to be precise. This one is targeted for a group of users only, and filtered to install only if a certain executable file exists on the machine(the .xpi file exists on all the machines, copied via GPO). But it installs for everyone. I found traces of this extension in the "extensions.json" file, under the users profiles, but no idea why and how this information goes there. I have opened this thread because in version 91.3 with the exact config, i have no issues at all. Any ideas would be welcome :) Cheers!

more options

How is Zotero installed for the users that it is targeted to? Is the GPO modified for those users to include zotero?

more options

Hello Mike,

Indeed, if the presence of the application executable is present on the machine, the GPO activates the extension by writing the reg key.

Cheers!

more options

So I don't know any reason why this would be installed if it wasn't in the GPO. I don't know where else we would be getting the install instruction from.

My only though is that if this genuinely is a new behavior, you could use mozregression to figure out when it started.

https://mozilla.github.io/mozregression/

But I'm at a loss. If the extension isn't in policy, I don't know how it would be getting installed.

more options

Were you able to figure anything out?

more options

Chosen Solution

Hello,

I have redone the entire set of keys for the extensions. The issue is solved and never reoccurred. My best guess is there were some residual keys left over on the affected machines. Anyway, thread can be closed. Much appreciate all your effort. Cheers!