Closed Bug 1522823 Opened 5 years ago Closed 4 years ago

Missing Group Policy Option to blacklist ALL extension except whitelisted/allowed


(Firefox :: Enterprise Policies, defect, P1)

64 Branch



Firefox 68
Tracking Status
firefox68 --- verified
firefox69 --- verified


(Reporter: chamilton, Assigned: mkaply)



(Keywords: dev-doc-complete)


(1 file)

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36

Steps to reproduce:

  • Install the Firefox ADMX templated
  • Browse to the extensions options for Firefox
  • Configured "Extensions to uninstall" with a * for the value

Actual results:

Nothing (kind of expected)

Expected results:

  • We use this currently with Google Chrome's GPO settings.
  • We need to block/blacklist all extensions except for what we want to allow and/or force install.
  • Using a * is a easy way to do this if it works, but it does not work, nor is the naming or GPO options really geared towards that.
  • There is no "whitelist" settings for permitted extensions
Component: Untriaged → Enterprise Policies
Ever confirmed: true
Priority: -- → P1
Assignee: nobody → mozilla

This is a first pass. It needs more tests and I'm investigating emulating Chrome's URL blocking as well.

Keywords: dev-doc-needed
Pushed by
Policy for whitelist/blacklist addons by ID. r=aswan,flod
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 68
Regressions: 1551867
QA Whiteboard: qe
Flags: qe-verify+

Tested the implementation of the policy on windows 10 x64, ubuntu 18.04 and macOS 10.13 using Fx69.0b7, Fx68.0.1.
Testing was done using by applying the policy via .json file. Also note that, as mentioned in c#0, setting the * via GPO on windows, does nothing.
Tested using the parameters mentioned in the policies-schema.json file.

I have also tried installing an addon from a third party site while the installation mode was set to blocked, but received a notification that Firefox the site from installing addons. The prompt can be seen at this link.

Flags: qe-verify+
Regressions: 1571120

There doesn't seem to be any existing documentation framework for this issue on MDN. This is the existing page:

Enterprise Deployment

The links on that page lead to, like this: How is Firefox Enterprise different from normal Firefox?

Let me know how you would like to document this.

Flags: needinfo?(mozilla)

This will be documented on our enterprise policy page here:

I had to remove the documentation for now because of a bad bug.

It will be updated for Firefox 69.

Flags: needinfo?(mozilla)

(In reply to Mike Kaply [:mkaply] from comment #11)

This will be documented on our enterprise policy page here:

I had to remove the documentation for now because of a bad bug.

It will be updated for Firefox 69.

Thanks for the update! I've pushed the documentation issue to the next sprint and added it to our Firefox 69 Epic.

Note added to the FX69 rel notes:

I don't think this requires any other documentation change, but let me know if the wording needs improving. Thanks!

LGTM. Thanks!

See Also: → 1735806
You need to log in before you can comment on or make changes to this bug.