Remote Support - Internet Outage Detector - Articles - Billing - Github - Testing - Contact

Extension whitelisting for Firefox

 

Firefox add-ons have read/write access to the same files as the windows user account it runs in. This means it would be possible to create a ransomware add-on, which neither UAC nor SRP would stop. Thankfully, Firefox allows administrators to disable add-on installations. However, this does not automatically remove existing add-ons.

Unlike Chrome, Firefox unfortunately does not offer an official way to manage it thru group policy objects. This method requires the administrator to create 2 files. This can probably be scripted and wrapped in a GPO but I haven't tried that yet.

The first file you will need to create will be
C:\Program Files\Mozilla Firefox\defaults\pref\autoconfig.js

Or if you are running 64 bit windows, it will be
C:\Program Files (x86)\Mozilla Firefox\defaults\pref\autoconfig.js

and it's contents should be:
pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0);

and the second file you need to create will be
C:\Program Files\Mozilla Firefox\mozilla.cfg

Or if you are running 64 bit windows, it will be
C:\Program Files (x86)\Mozilla Firefox\mozilla.cfg

and it's contents should be:
//
lockPref("xpinstall.enabled", false);

Notice the double forward slashes. Don't leave them out, they are important.

If you have done everything right, you shouldn't be able to install any add-on. This is what should happen when you try:

enjoy!