Closed Bug 1088471 Opened 10 years ago Closed 10 years ago

Firefox cannot find addon updates with Avast 2015 10.0.2206 when HTTPS scanning is enabled

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
blocker

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox33 - affected
firefox34 --- affected
firefox35 --- affected
firefox36 --- affected
firefox-esr31 --- affected

People

(Reporter: alice0775, Unassigned)

References

Details

(Whiteboard: [fixed by Avast!])

Attachments

(1 file)

Avast2015_HTPS_Scanning_bug.png
73.51 KB, image/png
Details
Reproducible: always Steps To Reproduce: 1. Avast free 2015 10.0.2206 installed (installed all shields , but no tools.) 2. Open Firefox with clean profile 3. Install old addon (ex. fontinfo version 0.1 https://addons.mozilla.org/en-US/firefox/addon/fontinfo/versions/0.1 )and restart 4. Open about:addons and Check for Updates from Gear Icon Actual Results: Not found any updates Expected results: a update should be found (Note: About shut down crashes see Bug 1087674)
Product: Core → Firefox
Alice: Could you load https://addons.mozilla.org and check the certificate fingerpints ? We have Key Pinning active for *.addons.mozilla.org (https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning) and this could be a stupid MITM
(In reply to Matthias Versen [:Matti] from comment #1) > Alice: Could you load https://addons.mozilla.org and check the certificate > fingerpints ? Page Info > Security tab > [View Certificate] > General tab SHA-256 Fingerprint E5:AE:EE:A1:67:C7:D4:D3:D9:4F:0B:82:47:1A:AC:14:5C:FA:53:1C:6D:73:5B:DE:BD:BF:04:63:34:8B:82:53 SHA1 Fingerprint 13:F0:33:F4:30:BA:4C:79:18:B4:72:F9:84:6A:0A:96:A8:35:08:DD
FYI Open https://pinningtest.appspot.com/ 404 returns when Avast2015 HTTPS Scanning Enabled. Expected result returns when Avast2015 HTTPS Scanning Disabled. See attached screenshot
This problem occurs all version of Firefox as well as esr31,Firefox33.0.1 , 34beta1, Aurora35.0a2 and Nightly36.0a1.
status-firefox33: --- → affected
status-firefox34: --- → affected
status-firefox35: --- → affected
status-firefox36: --- → affected
status-firefox-esr31: --- → affected
[Tracking Requested - why for this release]: This should be fixd. Because , Firefox (incl.ESR 31) never detect add-ons update if Avast 2015 10.0.2206 was installed.
Severity: normal → blocker
tracking-firefox33: --- → ?
tracking-firefox34: --- → ?
tracking-firefox35: --- → ?
tracking-firefox36: --- → ?
tracking-firefox-esr31: --- → ?
See Also: → 1087674
Not tracking for 33 since we won't chemspill for this but we should definitely look into this quickly for FF34
tracking-firefox33: ?-
tracking-firefox34: ?+
tracking-firefox35: ?+
tracking-firefox36: ?+
Adding in some folks from Avast to take a look.
Flags: needinfo?(zavesky)
Flags: needinfo?(wespel)
Flags: needinfo?(havelkam)
Flags: needinfo?(dobias)
Flags: needinfo?(avast-antivirus)
Flags: firefox-backlog+
When I click "Check for Updates" in the Gear Icon, following error massages are shown in browser console. Expected certificate attribute 'issuerName' value incorrect, expected: 'CN=DigiCert Secure Server CA,O=DigiCert Inc,C=US', got: 'CN=avast! Web/Mail Shield Root,O=avast! Web/Mail Shield,OU=generated by avast! antivirus for SSL/TLS scanning'. Expected certificate attribute 'issuerName' value incorrect, expected: 'CN=Thawte SSL CA,O="Thawte, Inc.",C=US', got: 'CN=avast! Web/Mail Shield Root,O=avast! Web/Mail Shield,OU=generated by avast! antivirus for SSL/TLS scanning'. Certificate checks failed. See previous errors for details. CertUtils.jsm:109 NS_ERROR_ILLEGAL_VALUE: Certificate checks failed. See previous errors for details. CertUtils.jsm:110
Thanks for the details. This appears to be connected with our new HTTPS traffic scanning engine, we are looking into it now.
Flags: needinfo?(dobias)
I cannot reproduce the problem anymore on the following builds. Seems Avast! or AMO has changed something. https://hg.mozilla.org/releases/mozilla-esr24/rev/63ce8133f1cc Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0 ID:20140923194127 https://hg.mozilla.org/releases/mozilla-esr31/rev/d14010cafcab Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0 ID:20141011074935 https://hg.mozilla.org/releases/mozilla-release/rev/7dc4a9d1b3e6 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 ID:20141027150301 https://hg.mozilla.org/releases/mozilla-beta/rev/6cb4888905c9 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 ID:20141027152126 https://hg.mozilla.org/releases/mozilla-aurora/rev/38ef8541c3fc Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 ID:20141027004000 https://hg.mozilla.org/mozilla-central/rev/80e18ff7c7b2 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0 ID:20141030030218
Status: NEW → RESOLVED
Closed: 10 years ago
tracking-firefox34: + → ---
tracking-firefox35: + → ---
tracking-firefox36: + → ---
tracking-firefox-esr31: 34+ → ---
Flags: needinfo?(zavesky)
Flags: needinfo?(wespel)
Flags: needinfo?(havelkam)
Flags: needinfo?(avast-antivirus)
Flags: firefox-backlog+
Resolution: --- → WORKSFORME
Whiteboard: [fixed by Avast!]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: