Closed Bug 454158 Opened 16 years ago Closed 8 years ago

Every Security certificate is flagged as invalid and untrusted (Even Mozilla ones)

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: info, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1

I recently upgraded to the Firefox 3,but everytime I go to a site with a certificate it prompts for an exception. I try to get certificate but when I do it says that the certificate is from untrusted source. this applies to ALL certificates even from Trusted Sources, i.e. Mozilla, GoDaddy, PayPal etc etc. all legitimate sites

Surely Firefox can trust Mozilla certificates.

Do I have a wrong setting somewhere or were my settings changed during the update to FireFox 3.0?



Reproducible: Always

Steps to Reproduce:
1.
2.
3.
This is extremely strange behaviour, but there are a couple of possibilities:

1) Your certificate database, which stores all the trusted CAs, has been damaged or altered somehow.  If this is the case, you should be able to verify it by starting Firefox with a new profile.  Does that make the problem go away?
http://support.mozilla.com/en-US/kb/Managing+profiles

2) You are being man-in-the-middle attacked.  This could be malicious or benign, perhaps the result of some corporate SSL proxy or something.  If someone on your network is attempting to proxy or intercept your SSL traffic, it could do it by serving its own, self-signed, untrusted, certificates made to look like the real equivalents. We can try to test that with bugzilla.

If you visit https://bugzilla.mozilla.org, do you have to add an exception?  If so, add it, and then click on the blue favicon button once the page loads.  From the "More Information" screen, click the View button to view the certificate.  Our certificate here is issued by Equifax, and has the following SHA1 fingerprint:

45:8A:8E:66:86:0D:6C:F9:EE:09:35:0B:DE:00:C0:70:C5:72:2B:FD

Does that match what you see?
Assignee: nobody → kaie
Component: Security → Security: PSM
Product: Firefox → Core
QA Contact: firefox → psm
This bug doesn't describe an active vulnerability with the product, just some strange security-related behaviour, so it doesn't have to be hidden.  Removing the security-sensitive flag.
Group: core-security
Another possibility could be that you have a network proxy set up that all these requests are going through  If this is a laptop is this behavior consistent for different locations (ie.  home vs office vs internet cafe)?

Its possible for example that your previous Firefox install was configured to not proxy SSL connections while the Firefox 3 install is.
Reporter:  In comment 0, you reported that you "upgraded" to FF3.
Please tell us how that upgrade was done, exactly.  

It seems very likely that something did not go according to plan in the 
upgrade.  

Please do try creating a new profile, as Johnathan suggested above.  
Let us know if that solves the problem.  If it does, it may be possible
to fix the original profile.  

If that does not cure the problem, then it is likely that your Firefox 3
installation (the program files) is incomplete or corrupt.  Perhaps 
reinstalling firefox 3 will help.  If you decide to go that route, please
be sure to download firefox from Mozilla.org directly and not from some
third party shareware site.
Following another automatic update it has started not recognising certificates. For instance when I go to Mozilla Site and I add exception I check the SHA1 print and this is not the as the one above.

The certificate SHA1 fingerprint I see is: 45:8A:8E:66:86:0D:6C:F9:EE:09:35:0B:DE:00:C0:70:C5:72:2B:FD
Hmm - okay, have you tried creating a new profile as I described here?  Does that make the problem go away?

> 1) Your certificate database, which stores all the trusted CAs, has been
> damaged or altered somehow.  If this is the case, you should be able to verify
> it by starting Firefox with a new profile.  Does that make the problem go away?
> http://support.mozilla.com/en-US/kb/Managing+profiles
The reporter also mailed screenshots to the security-reporting mail address showing the error and the correct certificate for https://addons.mozilla.org

A note about Johnathan's suggestion: creating a new profile is only a test. If it works we will have a better idea what the problem is. After that we will have to help you either repair the corrupted files or import your saved data (like bookmarks) into the new profile.
I have created a new profile (backed-up profile previous). I have visited the various sites and it seems to woring fine. Now how do I install all of those saved passwords from the previous profile? Bookmarks etc (i know Bookmarks is easy).

I will keep you posted if I have this error within the next week and then  comback in a week and mark it as resolved
Mass change owner of unconfirmed "Core:Security UI/PSM/SMime" bugs to nobody.
Search for kaie-20100607-unconfirmed-nobody
Assignee: kaie → nobody
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.