Unable to update nightly: "unsecure update"

RESOLVED WORKSFORME

Status

()

--
minor
RESOLVED WORKSFORME
4 years ago
4 years ago

People

(Reporter: matthewrbowker.bugs, Unassigned)

Tracking

40 Branch
x86_64
macOS
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

4 years ago
Whenever my installation of Nightly attempts to check for updates, I receive a popup with text "Something is trying to trick Nightly into accepting an unsecure update"

Re-installation of the latest Nightly does not fix this problem.
(Reporter)

Comment 1

4 years ago
Whoops, forgot my build ID:

Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:40.0) Gecko/20100101 Firefox/40.0 ID:20150403030204 CSet: 70a113676b21
If you change the pref "app.update.log" to true in about:config, restart Firefox, and attempt to update, what errors do you see in the browser console?
(Reporter)

Comment 3

4 years ago
I will let you know, Nightly refuses to manually update (It's "already up to date" even though it's three days old) so I have to wait for the next automatic update check.
(Reporter)

Comment 4

4 years ago
Expected certificate attribute 'issuerName' value incorrect, expected: 'CN=DigiCert Secure Server CA,O=DigiCert Inc,C=US', got: 'CN=Avast trusted CA,OU=Software Development,O=AVAST,ST=Prague,C=CZ'. self-hosted:211:0
Expected certificate attribute 'issuerName' value incorrect, expected: 'CN=Thawte SSL CA,O="Thawte, Inc.",C=US', got: 'CN=Avast trusted CA,OU=Software Development,O=AVAST,ST=Prague,C=CZ'. self-hosted:211:0
Certificate checks failed. See previous errors for details. CertUtils.jsm:109:0
1428422669602	Toolkit.GMP	ERROR	GMPInstallManager.onLoadXML could not load xml: [Exception... "Certificate checks failed. See previous errors for details."  nsresult: "0x80070057 (NS_ERROR_ILLEGAL_VALUE)"  location: "JS frame :: resource://gre/modules/CertUtils.jsm :: validateCert :: line 110"  data: no] Log.jsm:749:0
1428422669602	Toolkit.GMP	ERROR	GMPInstallManager.simpleCheckAndInstall Could not check for addons: {"target":{},"status":200,"message":"[Exception... \"Certificate checks failed. See previous errors for details.\"  nsresult: \"0x80070057 (NS_ERROR_ILLEGAL_VALUE)\"  location: \"JS frame :: resource://gre/modules/CertUtils.jsm :: validateCert :: line 110\"  data: no]"} Log.jsm:749:0
UTM:SVC TimerManager:notify - notified timerID: browser-cleanup-thumbnails
AUS:UI gUpdates:onLoad - setting current page to startpage errorextra

Appears Avast is proxying my browser download through their web filter...
Flags: needinfo?(dkeeler)
(In reply to Matthew Bowker from comment #4)
> Appears Avast is proxying my browser download through their web filter...

Yep, looks like it. Here are a few options:

* configure avast to not proxy firefox (either temporarily so you can update, or permanently)
* add a pref named "app.update.certs.3.issuerName" (and maybe "media.gmp-manager.certs.3.issuerName") with the value "CN=Avast trusted CA,OU=Software Development,O=AVAST,ST=Prague,C=CZ" using about:config
Flags: needinfo?(dkeeler)
(Reporter)

Comment 6

4 years ago
OK, I've solved the problem.

For future information: I added "aus4.mozilla.org" with the protocol "https" to the avast exceptions list.  This allows my browser to update normally. Avast comes pre-shipped with "aus3.mozilla.org" as an exception, however; that appears to not be the server for Nightly updates.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.