The Firefox updater executable "updater.exe" and the Dropbox updater "dropbox-upgrade-*.exe" are denied for restricted users by Application Manager resulting in popup messages from Application Manager and corresponding event id 9000 events raised where configured.
The signing of these exectuables includes an Intermediate Certification Authority certificate and unless this is in the Computer Certificate Store on the end-point running the Application Manager agent then the Application Manager agent is unable to verify the authenticity of the full certification path and therefore denies the execution request.
The Intermediate Certification Authority certificate should be imported to the Intermediate Certification Authority container within the Computer certificate store on the end-point. This is currently "Thawte Code Signing CA - G2".
Alternatively, within the Trusted Vendors rule within the Application Manager configuration, right click on the certificate, select "Advanced Options" and tick the "Ignore end certificate revocation errors" and "Allow untrusted roots" options.