Closed Bug 1615712 Opened 6 years ago Closed 6 years ago

Installing XPIs sometimes doesn't work

Categories

(Toolkit :: Add-ons Manager, defect)

Product:
Toolkit
Component:
Add-ons Manager
Version:
72 Branch
Platform:
Desktop
Unspecified
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1403075

People

(Reporter: jkaye, Unassigned)

Details

Attachments

(4 files)

Browser Console Nightly.png
128.52 KB, image/png
Details
Certificate Nightly 1.png
104.79 KB, image/png
Details
Certificate Nightly 2.png
105.19 KB, image/png
Details
Certificate Nightly 3.png
103.91 KB, image/png
Details

This turning out to be hard to track down, but there are several documented cases of people getting " The add-on could not be downloaded because of a connection failure." errors when trying to download an XPI. It may be confined to Windows users, it's not clear.

One console log from this error:

addons.xpi WARN Download of https://va.allizom.org/releases/prod/firefox-voice.xpi failed: [Exception … “Certificate issuer is not build-in.” nsresult: “0.x80004004 (NS_ERROR_ABORT)” location: “JS frame :: resources://gre/modules/CertUtils.jsm :: checkCert :: line 183”. data: no] Stack trace: checkCert()@resource://gre/modules/CertUtils.jsm:183 onStopRequest()@resource://gre/modules/addons/XPIINstall.jsm:2427

Also see: https://github.com/mozilla/firefox-voice/issues/862

It looks like other people are seeing the same problem: this is 1Password's workaround: https://support.1password.com/firefox-connection-failure/

Here's BetterTTV with the same problem: https://www.reddit.com/r/firefox/comments/8l8hy1/the_addon_could_not_be_downloaded_because_of_a/

I see complaints in the comments of this blog entry: https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/

Another: https://www.thewindowsclub.com/add-on-could-not-be-downloaded-because-of-a-connection-failure

These people think it's some security software. But I didn't find any installed when looking for it. But that doesn't sound quite right for the certificate error above.
https://discussions.agilebits.com/discussion/87991/the-add-on-could-not-be-downloaded-because-of-a-connection-failure. That said, I tried installing Avast and Kaspersky add-ons, but I couldn't recreate it.

Are you in contact with anybody who can reproduce this?
If so, if they follow these instructions, it could help get to the bottom of this:

  1. Load https://va.allizom.org/ in a tab
  2. Open the Page Info (either from the Tools menu or with the ctrl/cmd-I keyboard shortcut)
  3. Click to the "Security" tab
  4. Click the "View Certificate" button
  5. Cut&Paste the details from that page (or take a screenshot of that page it ifs easier) and attach it to this bug
Component: Frontend → Add-ons Manager
Flags: needinfo?(jkaye)
Product: WebExtensions → Toolkit

This is almost always caused by a MitM proxy.

Reproduced on Windows 8.1 x64 with Firefox Release 73.0.1 and Nightly 75.0a1 (2020-02-26), only if Bitdefender Antivirus Free Edition has been installed.

So as Kris said, bitdefender is MITM-ing all TLS connections.
For now, there's a hidden pref (extensions.install.requireBuiltInCerts) that can be toggled to disable this...

Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Flags: needinfo?(jkaye)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: