I’ve received reports some Firefox users are not able to launch ICA sessions (both XenApp & XenDesktop) after the latest Firefox 30 update. Firefox 30.0 sets all Plugins to “Ask to Activate” as a security feature including Citrix Receiver (Citrix ICA Client 14.1.0.0 in this example):
The symptoms are when a user clicks a XenApp application or XenDesktop VM, you get the grey circle as if it’s about to launch and then nothing. I’ve tested on both Web Interface 5.4 and StoreFront 2.5 with the same result. It’s definitely a plugin permission issue.
If you look to the left of the address bar, there is a little grey block you can click on. Once you click on that, it will ask if it should allow running the “Citrix ICA Client”:
Just hit “Allow” or “Allow and Remember” and try launching again. The app or VM will launch now.
Though this is considered to be a security feature, Mozilla is tracking this as a bug here:
https://bugzilla.mozilla.org/show_bug.cgi?id=1025627
and there are a few posts on the Mozilla Support forums about this:
https://support.mozilla.org/en-US/questions/1005678
https://support.mozilla.org/en-US/questions/1005650
Mozilla’s official stance about disabling plugins by default: https://blog.mozilla.org/security/2014/02/28/update-on-plugin-activation/
It looks like Citrix and other organizations can have their plugins “whitelisted” here: https://wiki.mozilla.org/Plugins/Firefox_Whitelist
Here is the current list of plugins as of July 1st, 2014 (surprisingly not a whole lot):
Whitelist Request Plugin Name Vendor Start Release Application Expires
979849 Unity Player Unity 30 34
980133 Jabber SDK Cisco 30 34
980772 McAfee Security Scanner McAfee 30 34
981403 VGConnect for DirecTV Cisco 30 34
981905 Jabber Guest Cisco 30 34
982045 Estonian ID Card RIA 30 34
984441 coupons.com Plugin Printer coupons.com 30 34
987056 Nexus Personal BankID Finansiell ID-Teknik BID 30 34
988119 GradeCam GradeCam 30 34
988781 Smart Card Plugin Adrian Castillo 30 34
989096 WebEx Cisco 30 34
990067 Skype Microsoft 30 34
990068 Facebook Video Calling Microsoft 30 34
990069 MS Office Lync Microsoft 30 34
990286 VidyoWeb Vidyo 30 34
981503 McAfee Virtual Technician McAfee 30 34
989872 ViewRightWeb Verimatrix 30 34
987057 SiteAdvisor Enterprise McAfee 30 34
985640 F5 Networks SSLVPN/Firepass F5 Networks 30 34
I’ve reached out to a few of my contacts at Citrix about this so hopefully the plugin is in the process of being whitelisted. Otherwise there’s going to be a whole lot of Firefox users calling your help desk. I’ll update this post as soon as I hear something.
cathy
July 31, 2014 at 6:55 PM
Hi Jason
I was very excited by this post and went looking for the little grey block
I can’t find one
I am not very computer literate
Can you please help?
Thanks
Cathy
Larry
August 5, 2014 at 3:50 PM
Thx Jason for the timely workaround to this security ‘feature’! It worked perfectly for me and allows me to avoid using IE for my VPN sessions.
Cathy, you need to login to Citrix and attempt to connect to your work computer (i.e. as you normally would and then let it fail), only then will you see the little gray block appear. Click on it and you will see the Allow/Allow and Remember dialog shown in Jason’s picture.
Larry
Martin
September 24, 2014 at 2:03 AM
I rarely work from home, so this was the first time I encountered the problem after some Firefox upgrades and you saved me quite some time, thanks!!!
Daniel
October 13, 2014 at 5:58 AM
Enterprises need a way for enabling this alluded method automatically
thats the trick:
add the preference “plugin.state.npican” (value: 2) in a “mozilla.cfg”-file ( http://kb.mozillazine.org/Locking_preferences ).
furthermore edit the “plugins.click_to_play” preference to “false”
alternatively administrators can use the CCK2 wizard for adding these settings