Closed Bug 1271875 Opened 8 years ago Closed 8 years ago

Kaspersky AV strips `Content-Encoding: br` header from responses (resulting in "garbled" Facebook brotli encoded pages)

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Platform:
All
Other
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: tomlinj, Unassigned)

References

Details

Attachments

(1 file)

I can type facebook.com into bar and it enter and get https://www.facebook.com/, then if I sign in I get this in bar and the above on screen and cannot get into FB. https://www.facebook.com/login/
192.55 KB, image/png
Details 
What did you do?
================
1. updated Firefox


What happened?
==============
1. tried to log into Facebook
2. uninstalled and reinstalled Firefox twice
3. updated Firefox on husband's desk top with same result- 

What should have happened?
==========================
I should have been able to log into Facebook, as I was playing it when the update was done, and got booted out.

Is there anything else we should know?
======================================
I am using Windows 10 on 64 bit computer.

I do not like using Google Chrome, as it runs far too slow on my computer.
Thanks for reporting this. Which exact Firefox version is this about?
Component: Security → Untriaged
Product: Mozilla Developer Network → Firefox
Whiteboard: [specification][type:bug]
Does the problem still happen if you start Firefox in Safe Mode? (Safe Mode disables extensions and themes, hardware acceleration and some JavaScript stuff in order to exclude some possible reasons for problems. It does not disable plugins which are add-ons.) See http://support.mozilla.com/en-US/kb/Safe+Mode 

And does this also happen with a new and empty profile? See http://support.mozilla.com/en-US/kb/Basic%20Troubleshooting#w_8-make-a-new-profile and http://support.mozilla.org/kb/Managing%20profiles
Flags: needinfo?(tomlinj)
hi, we have seen a couple of reports on sumo about this as well - the similarity between all those reports seems to be the presence of kaspersky on the system. can you please try to disable the scanning of encrypted connections in kaspersky like described at https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER and reboot the system afterwards to see if this makes a difference?
multiple users on sumo confirmed that the problem was due to kaspersky's interception of secure connections.
Summary: latest update to Firefox will not longer let me load Facebook → Kaspersky's scanning of encrypted connections causes garbled Facebook page
They have to set the SSL filtering in the web protection settings of KIS:
https://support.kaspersky.com/6688
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
cc-ing a couple of people from Kaspersky to let them know.
Flags: needinfo?(kaspersky-antivirus)
Flags: needinfo?(alexey.drozdov)
Related thread on Kaspersky's forum:
https://forum.kaspersky.com/index.php?s=bbdfcf797a91bc90230472c52c4b103e&showtopic=351027
Kaspersky SSL glitch with Firefox and Facebook, merged
So, based on conversation with people at Facebook, it seems like Kaspersky is stripping or modifying the Content-Encoding header (FB just turned on Brotli compression in the last 24 hours).

Some people on Twitter have verified that turning off Kaspersky fixes the issue.

https://twitter.com/THemingford/status/730515985917198337
Status: RESOLVED → REOPENED
Ever confirmed: true
Resolution: WORKSFORME → ---
(evidence, changing about:config?filter=network.http.accept-encoding.secure to just "gzip, deflate" fixes the problem, according to a user: https://twitter.com/lildingus/status/730493386461982720)

Related discussion here: https://groups.google.com/a/chromium.org/forum/#!topic/net-dev/wB1ddij7sU8
Ben from Facebook here -- Just wanted to say thanks to everybody for their reports. It seems like Kaspersky is installing a root certificate and is sending the accept-encoding:br header but stripping content-encoding:br on the return side. We're letting Kaspersky know about this bug. In the meantime, it seems like turning off Kaspersky or at least following the steps mentioned here:

https://forum.kaspersky.com/index.php?s=bbdfcf797a91bc90230472c52c4b103e&showtopic=351027

will address this issue.
Summary: Kaspersky's scanning of encrypted connections causes garbled Facebook page → Kaspersky AV strips `Content-Encoding: br` header from responses (resulting in "garbled" Facebook brotli encoded pages)
Alexey from Kaspersky responded and says that his team is taking a look at the bug.
I just got an email from someone who helped me diagnose:

> it's working now after the Kaspersky update earlier.

Can anyone confirm?
Hi reporter,

I have tested your issue on latest FF release (46.0.1) and latest Nightly build and could not reproduce it. I have installed Kaspersky Endpoint Security 10 on my Windows 10 x64 machine and I was able to log into Facebook without any problems. Looking at the previous comments, looks like this was fixed.

Is this still reproducible on your end ? If yes, can you please retest this using latest FF release and latest Nightly build (https://nightly.mozilla.org/) and report back the results ? When doing this, please use a new clean Firefox profile, maybe even safe mode, to eliminate custom settings as a possible cause (https://goo.gl/PNe90E).

Thanks,
Paul.
Based on Comment 16 and Comment 15, let's close as FIXED. If OP can confirm that would be great!
Status: REOPENED → RESOLVED
Closed: 8 years ago8 years ago
Resolution: --- → FIXED
Flags: needinfo?(tomlinj)
Flags: needinfo?(kaspersky-antivirus)
Flags: needinfo?(alexey.drozdov)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: