Why does my IT department block Firefox?

Assuming that you work in the bank industry, this is likely due to their inability to intercept Firefox's traffic.

TLDR: Due to Firefox's support of DoH and eSNI most banks and regulated industries are resorting to block Firefox because firewalls can't snoop encrypted traffic easily.

On the other hand, if you use chrome, IE or Edge, you can push changes through Active Directory without user's knowledge/consent. Actually most hardware firewall vendors with DPI have started to recommend enterprise customers to get rid of Firefox because their edge firewall isn't able to intercept FF's traffic anymore.

Note: One can enforce policies on Firefox enterprise, but most privacy conscious users will use FF portable to flout it, hence blocking is easier.

  1. https://live.paloaltonetworks.com/t5/blogs/protecting-organizations-in-a-world-of-doh-and-dot/bc-p/319542
  2. https://www.venafi.com/blog/fight-over-dns-over-https
  3. https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98025

TLDR - It might not be even about security. This could just be due to your company's preference.

A friend of mine faced a similar issue. Firefox is blocked on his office laptop. When asked they simply said it was for "security reasons". After filing request that he needs to test the websites on Firefox, he got a different answer. It stated that they had an extension installed on Google Chrome to monitor their web activity and determine "work time/productivity". The extension was made available on Google Chrome only and all other browsers are banned citing "security reasons", while in reality it is just a preference of the extension development team.


Most likely IT didn't want to be responsible for centralized updates.

Without concerted updates individual installations fall out of date and vulnerabilities, once found, may remain unpatched. So they banned it rather than taking on the extra work of making sure it got patched.