Kaspersky AV strips `Content-Encoding: br` header from responses (resulting in "garbled" Facebook brotli encoded pages)

RESOLVED FIXED

Status

()

RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: tomlinj, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

3 years ago
What did you do?
================
1. updated Firefox


What happened?
==============
1. tried to log into Facebook
2. uninstalled and reinstalled Firefox twice
3. updated Firefox on husband's desk top with same result- 

What should have happened?
==========================
I should have been able to log into Facebook, as I was playing it when the update was done, and got booted out.

Is there anything else we should know?
======================================
I am using Windows 10 on 64 bit computer.

I do not like using Google Chrome, as it runs far too slow on my computer.

Comment 2

3 years ago
Thanks for reporting this. Which exact Firefox version is this about?
Component: Security → Untriaged
Product: Mozilla Developer Network → Firefox
Whiteboard: [specification][type:bug]

Comment 3

3 years ago
Does the problem still happen if you start Firefox in Safe Mode? (Safe Mode disables extensions and themes, hardware acceleration and some JavaScript stuff in order to exclude some possible reasons for problems. It does not disable plugins which are add-ons.) See http://support.mozilla.com/en-US/kb/Safe+Mode 

And does this also happen with a new and empty profile? See http://support.mozilla.com/en-US/kb/Basic%20Troubleshooting#w_8-make-a-new-profile and http://support.mozilla.org/kb/Managing%20profiles
Flags: needinfo?(tomlinj)

Comment 4

3 years ago
hi, we have seen a couple of reports on sumo about this as well - the similarity between all those reports seems to be the presence of kaspersky on the system. can you please try to disable the scanning of encrypted connections in kaspersky like described at https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER and reboot the system afterwards to see if this makes a difference?

Comment 5

3 years ago
multiple users on sumo confirmed that the problem was due to kaspersky's interception of secure connections.
Summary: latest update to Firefox will not longer let me load Facebook → Kaspersky's scanning of encrypted connections causes garbled Facebook page

Comment 6

3 years ago
They have to set the SSL filtering in the web protection settings of KIS:
https://support.kaspersky.com/6688
Status: UNCONFIRMED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → WORKSFORME
cc-ing a couple of people from Kaspersky to let them know.
Flags: needinfo?(kaspersky-antivirus)
Flags: needinfo?(alexey.drozdov)

Comment 9

3 years ago
Related thread on Kaspersky's forum:
https://forum.kaspersky.com/index.php?s=bbdfcf797a91bc90230472c52c4b103e&showtopic=351027
Kaspersky SSL glitch with Firefox and Facebook, merged
So, based on conversation with people at Facebook, it seems like Kaspersky is stripping or modifying the Content-Encoding header (FB just turned on Brotli compression in the last 24 hours).

Some people on Twitter have verified that turning off Kaspersky fixes the issue.

https://twitter.com/THemingford/status/730515985917198337
Status: RESOLVED → REOPENED
Ever confirmed: true
Resolution: WORKSFORME → ---
(evidence, changing about:config?filter=network.http.accept-encoding.secure to just "gzip, deflate" fixes the problem, according to a user: https://twitter.com/lildingus/status/730493386461982720)

Related discussion here: https://groups.google.com/a/chromium.org/forum/#!topic/net-dev/wB1ddij7sU8

Comment 12

3 years ago
Ben from Facebook here -- Just wanted to say thanks to everybody for their reports. It seems like Kaspersky is installing a root certificate and is sending the accept-encoding:br header but stripping content-encoding:br on the return side. We're letting Kaspersky know about this bug. In the meantime, it seems like turning off Kaspersky or at least following the steps mentioned here:

https://forum.kaspersky.com/index.php?s=bbdfcf797a91bc90230472c52c4b103e&showtopic=351027

will address this issue.

Updated

3 years ago
Duplicate of this bug: 1272037
Summary: Kaspersky's scanning of encrypted connections causes garbled Facebook page → Kaspersky AV strips `Content-Encoding: br` header from responses (resulting in "garbled" Facebook brotli encoded pages)
Alexey from Kaspersky responded and says that his team is taking a look at the bug.
I just got an email from someone who helped me diagnose:

> it's working now after the Kaspersky update earlier.

Can anyone confirm?
Hi reporter,

I have tested your issue on latest FF release (46.0.1) and latest Nightly build and could not reproduce it. I have installed Kaspersky Endpoint Security 10 on my Windows 10 x64 machine and I was able to log into Facebook without any problems. Looking at the previous comments, looks like this was fixed.

Is this still reproducible on your end ? If yes, can you please retest this using latest FF release and latest Nightly build (https://nightly.mozilla.org/) and report back the results ? When doing this, please use a new clean Firefox profile, maybe even safe mode, to eliminate custom settings as a possible cause (https://goo.gl/PNe90E).

Thanks,
Paul.
Based on Comment 16 and Comment 15, let's close as FIXED. If OP can confirm that would be great!
Status: REOPENED → RESOLVED
Last Resolved: 3 years ago3 years ago
Resolution: --- → FIXED
Flags: needinfo?(tomlinj)
Flags: needinfo?(kaspersky-antivirus)
Flags: needinfo?(alexey.drozdov)
You need to log in before you can comment on or make changes to this bug.