diff --git a/modules/programs/firefox.nix b/modules/programs/firefox.nix
index 6a3ab656c..314fc3993 100644
--- a/modules/programs/firefox.nix
+++ b/modules/programs/firefox.nix
@@ -169,7 +169,10 @@ let
     else if isDarwin then
       package
     else if versionAtLeast config.home.stateVersion "19.09" then
-      package.override (old: { cfg = old.cfg or { } // fcfg; })
+      package.override (old: {
+        cfg = old.cfg or { } // fcfg;
+        extraPolicies = cfg.policies;
+      })
     else
       (pkgs.wrapFirefox.override { config = bcfg; }) package { };
 
@@ -230,6 +233,17 @@ in {
         description = "Resulting Firefox package.";
       };
 
+      policies = mkOption {
+        type = types.attrsOf jsonFormat.type;
+        default = { };
+        description =
+          "[See list of policies](https://mozilla.github.io/policy-templates/).";
+        example = {
+          DefaultDownloadDirectory = "\${home}/Downloads";
+          BlockAboutConfig = true;
+        };
+      };
+
       profiles = mkOption {
         type = types.attrsOf (types.submodule ({ config, name, ... }: {
           options = {
diff --git a/tests/modules/programs/firefox/default.nix b/tests/modules/programs/firefox/default.nix
index 5492e383c..b0c4fadb6 100644
--- a/tests/modules/programs/firefox/default.nix
+++ b/tests/modules/programs/firefox/default.nix
@@ -4,4 +4,5 @@
   firefox-deprecated-native-messenger = ./deprecated-native-messenger.nix;
   firefox-duplicate-profile-ids = ./duplicate-profile-ids.nix;
   firefox-duplicate-container-ids = ./duplicate-container-ids.nix;
+  firefox-policies = ./policies.nix;
 }
diff --git a/tests/modules/programs/firefox/policies.nix b/tests/modules/programs/firefox/policies.nix
new file mode 100644
index 000000000..b855ee870
--- /dev/null
+++ b/tests/modules/programs/firefox/policies.nix
@@ -0,0 +1,26 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [ ./setup-firefox-mock-overlay.nix ];
+
+  config = lib.mkIf config.test.enableBig {
+    home.stateVersion = "23.05";
+
+    programs.firefox = {
+      enable = true;
+      policies = { BlockAboutConfig = true; };
+    };
+
+    nmt.script = ''
+      jq=${lib.getExe pkgs.jq}
+      config_file="${config.programs.firefox.finalPackage}/lib/firefox/distribution/policies.json"
+
+      assertFileExists "$config_file"
+      blockAboutConfig_actual_value="$($jq ".policies.BlockAboutConfig" $config_file)"
+
+      if [[ $blockAboutConfig_actual_value != "true" ]]; then
+        fail "Expected '$config_file' to set 'policies.BlockAboutConfig' to true"
+      fi
+    '';
+  };
+}