Deploy the latest Mozilla Firefox MSI to Windows endpoints with architecture detection, silent install, and verbose logging
This Automox Worklet™ deploys Mozilla Firefox to Windows endpoints by pulling the latest stable MSI directly from download.mozilla.org and installing it silently with msiexec. The Worklet detects whether the endpoint is running 32-bit or 64-bit Windows and selects the matching installer. The 64-bit path is the firefox-msi-latest-ssl package; the 32-bit path is firefox-latest-ssl. The default install root is C:\Program Files\Mozilla Firefox on 64-bit endpoints and C:\Program Files (x86)\Mozilla Firefox on 32-bit endpoints.
Detection happens against the Windows registry uninstall keys. The Worklet enumerates SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall under HKLM for the native bitness, then walks SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall to catch a 32-bit Firefox sitting on a 64-bit host. Any subkey whose DisplayName matches "Mozilla Firefox" marks the endpoint compliant and the Worklet exits 0 without touching anything.
On 64-bit Windows, the remediation script relaunches itself through %SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe so the install runs in the native 64-bit PowerShell context. This avoids the redirection that happens when the Automox agent invokes a 32-bit PowerShell on a 64-bit OS, which is the most common cause of MSI installs that report success but leave the application missing from the native registry view.
Browser standardization is part of patch readiness. A Windows fleet running several Firefox versions, with some laptops still on a 32-bit build from an older image, gives the next Mozilla advisory no consistent target. New hires wait for a browser their SaaS app requires, and help desk tickets accumulate from endpoints that never received the install. The Mozilla Firefox MSI itself is straightforward; the operational cost is the per-laptop labor to deploy it.
Bind this Worklet to the Windows workstation device group on a weekly cadence; the registry-driven evaluation catches every endpoint where Firefox is missing. If a user uninstalls Firefox or an image rebuild ships without it, the uninstall hive returns no Mozilla DisplayName on the next pass and the MSI runs again under the native bitness.
Evaluation phase: The script reads [System.Environment]::Is64BitOperatingSystem to determine endpoint architecture. On 64-bit Windows it opens HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall using the Registry64 view, then enumerates HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall for legacy 32-bit installs. On 32-bit Windows it walks HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall directly. Any DisplayName matching "Mozilla Firefox" returns Exit 0 (compliant). No match returns Exit 1 and remediation is queued.
Remediation phase: The script creates the staging directory C:\temp\Automox\FirefoxInstall, downloads the architecture-appropriate MSI via System.Net.WebClient (firefox-msi-latest-ssl for 64-bit, firefox-latest-ssl for 32-bit), and launches msiexec.exe with the arguments /i <msi>, /l*v C:\ProgramData\amagent\Firefox_install.log, /q, and /norestart. The script waits up to 300 seconds for the installer to exit, treats exit codes 0 and 3010 as success, and removes the staging directory regardless of outcome. On 64-bit hosts the entire remediation block is re-invoked under %SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe so the install runs natively.
Windows 10 or later (workstation or server) with the Automox agent installed
Outbound HTTPS to download.mozilla.org from the endpoint (no proxy interception of the redirect chain)
Write access to C:\temp\Automox\FirefoxInstall and C:\ProgramData\amagent (the agent context already has both)
Administrative privileges for msiexec /i (the Automox agent runs as SYSTEM, which satisfies this)
No policy variables to configure – the script picks 32-bit versus 64-bit at runtime from Is64BitOperatingSystem
FixNow compatible, so a help desk operator can push the install to a single endpoint on demand without scheduling a policy run
After a successful run, Mozilla Firefox is installed under C:\Program Files\Mozilla Firefox (or C:\Program Files (x86)\Mozilla Firefox on 32-bit hosts). A new uninstall key with DisplayName "Mozilla Firefox" exists under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, and msiexec exits 0 or 3010 (3010 indicates a successful install that requested a reboot, which the /norestart flag suppressed). The verbose install log is at C:\ProgramData\amagent\Firefox_install.log for the 64-bit path and C:\ProgramData\amagent\Firefox32_install.log for the 32-bit path.
Validate by running Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*' | Where-Object DisplayName -like '*Mozilla Firefox*' | Select-Object DisplayName, DisplayVersion and confirming a recent DisplayVersion. End users can launch firefox.exe from the Start menu immediately; no reboot is required for daily use. The staging directory C:\temp\Automox\FirefoxInstall is removed in both the success and failure paths, so a repeat evaluation finds either a clean install or a clean failure surface. Subsequent policy runs hit the registry check, see Firefox is present, and exit 0 without re-downloading the MSI.


Loading...
Consider Worklets your easy button
A Worklet is an automation script, written in Bash or PowerShell, designed for seamless execution on endpoints – at scale – within the Automox platform. Worklets deploy named-CVE mitigations within hours of disclosure, perform configuration, remediation, and install or remove applications and settings across Windows, macOS, and Linux.

AUTOMOX + WORKLETS™
Uncover new possibilities with simple, powerful automation.
By submitting this form you agree to our Master Services Agreement and Privacy Policy
By submitting this form you agree to our Master Services Agreement and Privacy Policy.
Already have an account? Log in