Add the following policies
Categories
(Firefox :: Enterprise Policies, enhancement)
Tracking
()
People
(Reporter: johnzuh, Unassigned)
Details
Add preferences to Mozilla ADMX Template for the following Settings since they very relevant for Firefox Hardening (Mostly CIS - Security and Privacy Settings )
dom.payments.request.enabled
dom.payments.defaults.saveAddress
dom.payments.defaults.saveCreditCard
services.sync.prefs.sync.browser.formfill.enable
services.sync.prefs.sync.privacy.clearOnShutdown.formdata
services.sync.prefs.sync.signon.autofillForms
signon.autofillForms.http
signon.autofillForms
signon.autologin.proxy
signon.debug
signon.formlessCapture.enabled
signon.importedFromSqlite
signon.recipes.path
signon.rememberSignons.visibilityToggle
signon.rememberSignons
signon.schemeUpgrades
signon.SignonFileName2
signon.SignonFileName3
signon.SignonFileName
signon.storeWhenAutocompleteOff
extensions.formautofill.creditCards.available
extensions.formautofill.creditCards.enabled
extensions.formautofill.creditCards.hideui
extensions.formautofill.creditCards.used
extensions.formautofill.addresses.capture.enabled
extensions.formautofill.addresses.enabled
extensions.formautofill.available detect
extensions.translations.disabled
security.ssl.enable_ocsp_stapling
security.ssl.enable_ocsp_must_staple
security.insecure_field_warning.contextual.enabled
security.certerrors.permanentOverride security.ssl.errorReporting.enabled
layout.spellcheckDefault
browser.cache.disk.capacity
Feel free to append dependency preferences where required.
|
||
Updated•3 years ago
|
|
||
Comment 2•3 years ago
|
||
So all the preferences that start with dom., signon., extensions., layout., and browser. can be set via the Preferences policy.
The security.insecure_field_warning.contextual.enabled pref was removed in bug 1773047
I assume for security.certerrors.permanentOverride and security.ssl.errorReporting.enabled you want to set them to false?
These prefs:
services.sync.prefs.sync.browser.formfill.enable
services.sync.prefs.sync.privacy.clearOnShutdown.formdata
services.sync.prefs.sync.signon.autofillForms
Are used internally by sync to determine if something is synced or not so there should not be a reason to set them explicitly.
Yep my intentions are to set these > security.certerrors.permanentOverride and security.ssl.errorReporting.enabled to false
If these prefs will not sync any formdata e.g.. address, ccs etc.. when a user signs in by default then i guess we are good
services.sync.prefs.sync.browser.formfill.enable
services.sync.prefs.sync.privacy.clearOnShutdown.formdata
services.sync.prefs.sync.signon.autofillForms
|
|
||
Comment 4•3 years ago
|
||
Yeah, those prefs don't sync data, they just sync the value of the pref.
|
|
||
Comment 5•3 years ago
|
||
I realized we have a policy button that prevents the add/override button from being shown at all on the cert error dialog
https://github.com/mozilla/policy-templates/blob/master/README.md#disablesecuritybypass
Is that enough for the security.certerrors.permanentOverride preference?
|
|
||
Comment 6•3 years ago
|
||
Also security.ssl.errorReporting.enabled is already available via the Preferences policy as well.
|
|
||
Comment 7•3 years ago
|
||
So all of these are covered by policy. Please open a new bug if there are more focused things you want me to do.
Description
•