What did you do? ================ 1. updated Firefox What happened? ============== 1. tried to log into Facebook 2. uninstalled and reinstalled Firefox twice 3. updated Firefox on husband's desk top with same result- What should have happened? ========================== I should have been able to log into Facebook, as I was playing it when the update was done, and got booted out. Is there anything else we should know? ====================================== I am using Windows 10 on 64 bit computer. I do not like using Google Chrome, as it runs far too slow on my computer.
Thanks for reporting this. Which exact Firefox version is this about?
Component: Security → Untriaged
Product: Mozilla Developer Network → Firefox
hi, we have seen a couple of reports on sumo about this as well - the similarity between all those reports seems to be the presence of kaspersky on the system. can you please try to disable the scanning of encrypted connections in kaspersky like described at https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER and reboot the system afterwards to see if this makes a difference?
multiple users on sumo confirmed that the problem was due to kaspersky's interception of secure connections.
Summary: latest update to Firefox will not longer let me load Facebook → Kaspersky's scanning of encrypted connections causes garbled Facebook page
They have to set the SSL filtering in the web protection settings of KIS: https://support.kaspersky.com/6688
Status: UNCONFIRMED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → WORKSFORME
cc-ing a couple of people from Kaspersky to let them know.
some reports from affected users: https://support.mozilla.org/en-US/questions/firefox?tagged=bug1271875&show=all
Related thread on Kaspersky's forum: https://forum.kaspersky.com/index.php?s=bbdfcf797a91bc90230472c52c4b103e&showtopic=351027 Kaspersky SSL glitch with Firefox and Facebook, merged
So, based on conversation with people at Facebook, it seems like Kaspersky is stripping or modifying the Content-Encoding header (FB just turned on Brotli compression in the last 24 hours). Some people on Twitter have verified that turning off Kaspersky fixes the issue. https://twitter.com/THemingford/status/730515985917198337
Status: RESOLVED → REOPENED
Ever confirmed: true
Resolution: WORKSFORME → ---
(evidence, changing about:config?filter=network.http.accept-encoding.secure to just "gzip, deflate" fixes the problem, according to a user: https://twitter.com/lildingus/status/730493386461982720) Related discussion here: https://groups.google.com/a/chromium.org/forum/#!topic/net-dev/wB1ddij7sU8
Ben from Facebook here -- Just wanted to say thanks to everybody for their reports. It seems like Kaspersky is installing a root certificate and is sending the accept-encoding:br header but stripping content-encoding:br on the return side. We're letting Kaspersky know about this bug. In the meantime, it seems like turning off Kaspersky or at least following the steps mentioned here: https://forum.kaspersky.com/index.php?s=bbdfcf797a91bc90230472c52c4b103e&showtopic=351027 will address this issue.
Summary: Kaspersky's scanning of encrypted connections causes garbled Facebook page → Kaspersky AV strips `Content-Encoding: br` header from responses (resulting in "garbled" Facebook brotli encoded pages)
Alexey from Kaspersky responded and says that his team is taking a look at the bug.
I just got an email from someone who helped me diagnose: > it's working now after the Kaspersky update earlier. Can anyone confirm?
Hi reporter, I have tested your issue on latest FF release (46.0.1) and latest Nightly build and could not reproduce it. I have installed Kaspersky Endpoint Security 10 on my Windows 10 x64 machine and I was able to log into Facebook without any problems. Looking at the previous comments, looks like this was fixed. Is this still reproducible on your end ? If yes, can you please retest this using latest FF release and latest Nightly build (https://nightly.mozilla.org/) and report back the results ? When doing this, please use a new clean Firefox profile, maybe even safe mode, to eliminate custom settings as a possible cause (https://goo.gl/PNe90E). Thanks, Paul.
Based on Comment 16 and Comment 15, let's close as FIXED. If OP can confirm that would be great!
Status: REOPENED → RESOLVED
Last Resolved: 3 years ago → 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.