NoScript Security Suite causes "Invalid Certificate" Error Message for SeaMonkey download

RESOLVED INVALID

Status

SeaMonkey
General
RESOLVED INVALID
2 years ago
2 years ago

People

(Reporter: Norbert, Unassigned)

Tracking

SeaMonkey 2.40 Branch
Unspecified
All

Firefox Tracking Flags

(Not tracked)

Details

(URL)

User Story

h): Solution on SM-Website would be to use 
    http://download-installer.cdn.mozilla.net/....             instead of
    http://download.cdn.mozilla.net/....

Attachments

(2 attachments)

(Reporter)

Description

2 years ago
Created attachment 8752520 [details]
Selection_004.png

User Agent: Mozilla/5.0 (X11; Linux i686; rv:43.0) Gecko/20100101 Firefox/43.0 SeaMonkey/2.40
Build ID: 20160118183504

Steps to reproduce:

(Probably the same issue as 1258223 for Thunderbird)

go to http://www.seamonkey-project.org/
press one of the green "Download Now" links

(this opens the URL https://download.cdn.mozilla.net/pub/seamonkey/releases/2.40/linux-i686/en-US/seamonkey-2.40.tar.bz2)


Actual results:

produces a warning page "This Connection is Untrusted" (see attached screenshot)


Expected results:

no warning, download should just start
(Reporter)

Updated

2 years ago
(In reply to Norbert from comment #0)
...
> 
> (Probably the same issue as 1258223 for Thunderbird)
> 

wrong bug #?
(Reporter)

Comment 2

2 years ago
(In reply to Justin Wood (:Callek) from comment #1)
> (In reply to Norbert from comment #0)
> ...
> > 
> > (Probably the same issue as 1258223 for Thunderbird)
> > 
> 
> wrong bug #?

Sorry, typo, # should be 1258123

Comment 3

2 years ago
Effect is REPRODUCIBLE with  English SeaMonkey 2.45a1  (Windows NT 6.1; WOW64; rv:48.0)  Gecko/20100101 Firefox/48.0 Build 20160308001946  (Default Classic Theme)  on German WIN7 64bit if I click the URL link here in the URL field. 

a) Also reproducible with IE11, CLIQZ, FF 49.0a1 (2016-05-09),
   so may be a WEB page problem, I doubt that that's a SeaMonkey problem.
b) NOT reproducible with " click 'Download Now' on 
   <http://www.seamonkey-project.org/', works fine. No rightclick or other 
   operation causes the problem for me.
c) in (b) I see a download link <http://download.cdn.mozilla.net/pub/seamonkey/releases/2.40/win32/de/SeaMonkey%20Setup%202.40.exe>, but no "https" as 
   stated by reporter.
d) NOT reproducible REPRODUCIBLE with  English SeaMonkey 2.44a1  (X11; Linux 
   x86_64; rv:47.0)  Gecko/20100101 Firefox/47.0 Build 20160208023510  
  (Default Theme) on VirtualBox Ubuntu 14.04 LTS; download works fine.

@reporter:
e) Also reproducible in safe mode with disabled add-ons?
f) Also reproducible with newly created profile?
Flags: needinfo?(norbert.s)
See Also: → bug 1258123
Summary: Certificate error on https://download.cdn.mozilla.net/ → Invalid Certificate Error Message
(Reporter)

Comment 6

2 years ago
When I reported the bug last weekend, I could also reproduce it on my Mac. Today, Mac and Windows work fine, https://download.mozilla.org/?product=seamonkey-2.40&os=linux&lang=en-US is mapped to http://...
Only on my Linux box I still got the http_s_ mapping and the "Untrusted Connection" error.

I then started to narrow down the cause by using a fresh profile and disabling add-ons one by one as proposed by Rainer. Turned out that NoScript was the cause, after disabling that I also get the http download address on my Mozilla/5.0 (X11; Linux i686; rv:43.0) Gecko/20100101 Firefox/43.0 SeaMonkey/2.40 Lightning/4.5b1
Flags: needinfo?(norbert.s)

Comment 7

2 years ago
(In reply to Norbert from comment #6)
Thank you for additional information, I asked for help at <noscript@informaction.com>.

@Norbert 
Which NoScript version did you use? Latest 2.9.0.11?
OS: Unspecified → All
Summary: Invalid Certificate Error Message → NoScript Security Suite causes "Invalid Certificate" Error Message for eaMonkey download
(Reporter)

Comment 8

2 years ago
yep, 2.9.0.11

Comment 9

2 years ago
Website or NoScript problem? 

REPRODUCIBLE with  NoScript Security Suite 2.9.0.11 and English SeaMonkey 2.45a1  (Windows NT 6.1; WOW64; rv:48.0)  Gecko/20100101 Firefox/48.0 Build 20160308001946  (Default Classic Theme)  on German WIN7 64bit

Comment 10

2 years ago
(In reply to Rainer Bielefeld from comment #9)
g) after Installation of NoScript Security Suite 2.9.0.11 (and SM-relaunch) 
   NoScript will show a yellow warning message bar (above Status Bar)  
   concerning 2 scripts for seamonkey-project.org
   But the problem is NOT related to that script blocking (what, for example,
   disables OS sniffing). Even a global allowance for all scripts on all sites
   will not heal the problem.
h) indeed, using http://download-installer.cdn.mozilla.net/.... instead of
   http://download.cdn.mozilla.net/.... heals the problem.
h1) But I still think that it would be useful to know what is happening With
    NoScript installed.
User Story: (updated)

Comment 11

2 years ago
Created attachment 8754872 [details]
Error Console With NoScript All Scripts Allowed

(In reply to Rainer Bielefeld from comment #10)
h1): It seems that NoScript redirects to a https-channel for the SM download
     (see Info field in screenshot).
     Adding "download.cdn.mozilla.net" to menu 'Tools → 
     Add-on-manager → NoScript - Options → HTTPS - Behavior-TAB - 
     "Never force ..." heals the problem for download
h2) I am not familiar with NoScript, may be this redirecting is the intended
    behavior?

Updated

2 years ago
Status: UNCONFIRMED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1257214

Comment 13

2 years ago
I submitted "Bug 1274632 - For SeaMonkey download use https://download-installer.cdn.mozilla.net/" for updating download links on www.seamonkey-project.org
https should be used wherever it is possible.

I think there are no more SeaMonkey-General or NoScript mysteries, so we should close this one?

@kohei:
Please never mark SeaMonkey Bugs as DUP of other ones without short explication concerning the reasons why you think that it's a DUP.
Currently 
i) I can't reproduce the problem due to Bug 1257214 comment#0 with NoScript
   active, and 
k) I doubt that a fix for "Bug 1257214 - Thunderbird Bouncer links ..." 
   will also lead to a fix for this one. 
   If you disagree please tell some reasoning here!
Status: RESOLVED → REOPENED
Ever confirmed: true
Resolution: DUPLICATE → ---
(Reporter)

Updated

2 years ago
Summary: NoScript Security Suite causes "Invalid Certificate" Error Message for eaMonkey download → NoScript Security Suite causes "Invalid Certificate" Error Message for SeaMonkey download

Comment 14

2 years ago
(In reply to Rainer Bielefeld from comment #13)
> I think there are no more SeaMonkey-General or NoScript mysteries

No Objections, so I close this one
Status: REOPENED → RESOLVED
Last Resolved: 2 years ago2 years ago
Resolution: --- → INVALID

Updated

2 years ago
See Also: → bug 1276848
You need to log in before you can comment on or make changes to this bug.