Closed Bug 1272909 Opened 4 years ago Closed 4 years ago
Script Security Suite causes "Invalid Certificate" Error Message for Sea Monkey download
User Agent: Mozilla/5.0 (X11; Linux i686; rv:43.0) Gecko/20100101 Firefox/43.0 SeaMonkey/2.40 Build ID: 20160118183504 Steps to reproduce: (Probably the same issue as 1258223 for Thunderbird) go to http://www.seamonkey-project.org/ press one of the green "Download Now" links (this opens the URL https://download.cdn.mozilla.net/pub/seamonkey/releases/2.40/linux-i686/en-US/seamonkey-2.40.tar.bz2) Actual results: produces a warning page "This Connection is Untrusted" (see attached screenshot) Expected results: no warning, download should just start
(In reply to Norbert from comment #0) ... > > (Probably the same issue as 1258223 for Thunderbird) > wrong bug #?
(In reply to Justin Wood (:Callek) from comment #1) > (In reply to Norbert from comment #0) > ... > > > > (Probably the same issue as 1258223 for Thunderbird) > > > > wrong bug #? Sorry, typo, # should be 1258123
Effect is REPRODUCIBLE with English SeaMonkey 2.45a1 (Windows NT 6.1; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0 Build 20160308001946 (Default Classic Theme) on German WIN7 64bit if I click the URL link here in the URL field. a) Also reproducible with IE11, CLIQZ, FF 49.0a1 (2016-05-09), so may be a WEB page problem, I doubt that that's a SeaMonkey problem. b) NOT reproducible with " click 'Download Now' on <http://www.seamonkey-project.org/', works fine. No rightclick or other operation causes the problem for me. c) in (b) I see a download link <http://download.cdn.mozilla.net/pub/seamonkey/releases/2.40/win32/de/SeaMonkey%20Setup%202.40.exe>, but no "https" as stated by reporter. d) NOT reproducible REPRODUCIBLE with English SeaMonkey 2.44a1 (X11; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0 Build 20160208023510 (Default Theme) on VirtualBox Ubuntu 14.04 LTS; download works fine. @reporter: e) Also reproducible in safe mode with disabled add-ons? f) Also reproducible with newly created profile?
See Also: → 1258123
Summary: Certificate error on https://download.cdn.mozilla.net/ → Invalid Certificate Error Message
This ? [WONTFIX] Bug 1258123 - Certificate error on https://download.cdn.mozilla.net/ So the link should point to: > https://download-installer.cdn.mozilla.net/pub/seamonkey/releases/2.40/linux-i686/en-US/seamonkey-2.40.tar.bz2 instead of: > https://download.cdn.mozilla.net/pub/seamonkey/releases/2.40/linux-i686/en-US/seamonkey-2.40.tar.bz2 or use non-https: > http://download.cdn.mozilla.net/pub/seamonkey/releases/2.40/linux-i686/en-US/seamonkey-2.40.tar.bz2
(In reply to therube from comment #4) Yes, those are the possible solutions. But I still wonder why I do not get <https://download.cdn.mozilla.net/pub/seamonkey/releases/2.40/linux-i686/en-US/seamonkey-2.40.tar.bz2> as reported, but <http://download.cdn.mozilla.net/pub/seamonkey/releases/2.40/linux-i686/en-US/seamonkey-2.40.tar.bz2> (via <https://download.mozilla.org/?product=seamonkey-2.40&os=linux&lang=en-US>
When I reported the bug last weekend, I could also reproduce it on my Mac. Today, Mac and Windows work fine, https://download.mozilla.org/?product=seamonkey-2.40&os=linux&lang=en-US is mapped to http://... Only on my Linux box I still got the http_s_ mapping and the "Untrusted Connection" error. I then started to narrow down the cause by using a fresh profile and disabling add-ons one by one as proposed by Rainer. Turned out that NoScript was the cause, after disabling that I also get the http download address on my Mozilla/5.0 (X11; Linux i686; rv:43.0) Gecko/20100101 Firefox/43.0 SeaMonkey/2.40 Lightning/4.5b1
(In reply to Norbert from comment #6) Thank you for additional information, I asked for help at <email@example.com>. @Norbert Which NoScript version did you use? Latest 188.8.131.52?
OS: Unspecified → All
Summary: Invalid Certificate Error Message → NoScript Security Suite causes "Invalid Certificate" Error Message for eaMonkey download
Website or NoScript problem? REPRODUCIBLE with NoScript Security Suite 184.108.40.206 and English SeaMonkey 2.45a1 (Windows NT 6.1; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0 Build 20160308001946 (Default Classic Theme) on German WIN7 64bit
(In reply to Rainer Bielefeld from comment #9) g) after Installation of NoScript Security Suite 220.127.116.11 (and SM-relaunch) NoScript will show a yellow warning message bar (above Status Bar) concerning 2 scripts for seamonkey-project.org But the problem is NOT related to that script blocking (what, for example, disables OS sniffing). Even a global allowance for all scripts on all sites will not heal the problem. h) indeed, using http://download-installer.cdn.mozilla.net/.... instead of http://download.cdn.mozilla.net/.... heals the problem. h1) But I still think that it would be useful to know what is happening With NoScript installed.
User Story: (updated)
(In reply to Rainer Bielefeld from comment #10) h1): It seems that NoScript redirects to a https-channel for the SM download (see Info field in screenshot). Adding "download.cdn.mozilla.net" to menu 'Tools → Add-on-manager → NoScript - Options → HTTPS - Behavior-TAB - "Never force ..." heals the problem for download h2) I am not familiar with NoScript, may be this redirecting is the intended behavior?
Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1257214
I submitted "Bug 1274632 - For SeaMonkey download use https://download-installer.cdn.mozilla.net/" for updating download links on www.seamonkey-project.org https should be used wherever it is possible. I think there are no more SeaMonkey-General or NoScript mysteries, so we should close this one? @kohei: Please never mark SeaMonkey Bugs as DUP of other ones without short explication concerning the reasons why you think that it's a DUP. Currently i) I can't reproduce the problem due to Bug 1257214 comment#0 with NoScript active, and k) I doubt that a fix for "Bug 1257214 - Thunderbird Bouncer links ..." will also lead to a fix for this one. If you disagree please tell some reasoning here!
Status: RESOLVED → REOPENED
Ever confirmed: true
Resolution: DUPLICATE → ---
Summary: NoScript Security Suite causes "Invalid Certificate" Error Message for eaMonkey download → NoScript Security Suite causes "Invalid Certificate" Error Message for SeaMonkey download
(In reply to Rainer Bielefeld from comment #13) > I think there are no more SeaMonkey-General or NoScript mysteries No Objections, so I close this one
Status: REOPENED → RESOLVED
Closed: 4 years ago → 4 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.