Closed
Bug 454158
Opened 16 years ago
Closed 8 years ago
Every Security certificate is flagged as invalid and untrusted (Even Mozilla ones)
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: info, Unassigned)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 I recently upgraded to the Firefox 3,but everytime I go to a site with a certificate it prompts for an exception. I try to get certificate but when I do it says that the certificate is from untrusted source. this applies to ALL certificates even from Trusted Sources, i.e. Mozilla, GoDaddy, PayPal etc etc. all legitimate sites Surely Firefox can trust Mozilla certificates. Do I have a wrong setting somewhere or were my settings changed during the update to FireFox 3.0? Reproducible: Always Steps to Reproduce: 1. 2. 3.
Comment 1•16 years ago
|
||
This is extremely strange behaviour, but there are a couple of possibilities: 1) Your certificate database, which stores all the trusted CAs, has been damaged or altered somehow. If this is the case, you should be able to verify it by starting Firefox with a new profile. Does that make the problem go away? http://support.mozilla.com/en-US/kb/Managing+profiles 2) You are being man-in-the-middle attacked. This could be malicious or benign, perhaps the result of some corporate SSL proxy or something. If someone on your network is attempting to proxy or intercept your SSL traffic, it could do it by serving its own, self-signed, untrusted, certificates made to look like the real equivalents. We can try to test that with bugzilla. If you visit https://bugzilla.mozilla.org, do you have to add an exception? If so, add it, and then click on the blue favicon button once the page loads. From the "More Information" screen, click the View button to view the certificate. Our certificate here is issued by Equifax, and has the following SHA1 fingerprint: 45:8A:8E:66:86:0D:6C:F9:EE:09:35:0B:DE:00:C0:70:C5:72:2B:FD Does that match what you see?
Assignee: nobody → kaie
Component: Security → Security: PSM
Product: Firefox → Core
QA Contact: firefox → psm
Comment 2•16 years ago
|
||
This bug doesn't describe an active vulnerability with the product, just some strange security-related behaviour, so it doesn't have to be hidden. Removing the security-sensitive flag.
Group: core-security
Comment 3•16 years ago
|
||
Another possibility could be that you have a network proxy set up that all these requests are going through If this is a laptop is this behavior consistent for different locations (ie. home vs office vs internet cafe)? Its possible for example that your previous Firefox install was configured to not proxy SSL connections while the Firefox 3 install is.
Comment 4•16 years ago
|
||
Reporter: In comment 0, you reported that you "upgraded" to FF3. Please tell us how that upgrade was done, exactly. It seems very likely that something did not go according to plan in the upgrade. Please do try creating a new profile, as Johnathan suggested above. Let us know if that solves the problem. If it does, it may be possible to fix the original profile. If that does not cure the problem, then it is likely that your Firefox 3 installation (the program files) is incomplete or corrupt. Perhaps reinstalling firefox 3 will help. If you decide to go that route, please be sure to download firefox from Mozilla.org directly and not from some third party shareware site.
Following another automatic update it has started not recognising certificates. For instance when I go to Mozilla Site and I add exception I check the SHA1 print and this is not the as the one above. The certificate SHA1 fingerprint I see is: 45:8A:8E:66:86:0D:6C:F9:EE:09:35:0B:DE:00:C0:70:C5:72:2B:FD
Comment 6•16 years ago
|
||
Hmm - okay, have you tried creating a new profile as I described here? Does that make the problem go away?
> 1) Your certificate database, which stores all the trusted CAs, has been
> damaged or altered somehow. If this is the case, you should be able to verify
> it by starting Firefox with a new profile. Does that make the problem go away?
> http://support.mozilla.com/en-US/kb/Managing+profiles
Comment 7•16 years ago
|
||
The reporter also mailed screenshots to the security-reporting mail address showing the error and the correct certificate for https://addons.mozilla.org A note about Johnathan's suggestion: creating a new profile is only a test. If it works we will have a better idea what the problem is. After that we will have to help you either repair the corrupted files or import your saved data (like bookmarks) into the new profile.
I have created a new profile (backed-up profile previous). I have visited the various sites and it seems to woring fine. Now how do I install all of those saved passwords from the previous profile? Bookmarks etc (i know Bookmarks is easy). I will keep you posted if I have this error within the next week and then comback in a week and mark it as resolved
Comment 9•14 years ago
|
||
Mass change owner of unconfirmed "Core:Security UI/PSM/SMime" bugs to nobody. Search for kaie-20100607-unconfirmed-nobody
Assignee: kaie → nobody
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•