Closed Bug 1894735 Opened 9 months ago Closed 9 months ago

reCAPTCHA is broken for [some|most|all] Windows users

Categories

(Web Compatibility :: Site Reports, defect, P1)

Product:
Web Compatibility
Component:
Site Reports
Version:
Firefox 125
Platform:
Desktop
Windows
Type:
defect

Tracking

(firefox-esr115 fixed, firefox125 fixed, firefox126 fixed, firefox127 fixed)

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox-esr115 --- fixed
firefox125 --- fixed
firefox126 --- fixed
firefox127 --- fixed

People

(Reporter: Marc_Ragusa, Unassigned)

References

Details

(Keywords: site-compat)

Attachments

(2 files)

error in cosole
11.44 KB, text/plain
Details
Error in console
11.50 KB, text/plain
Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0

Steps to reproduce:

Go to: https://phishing.eset.com/en-us/report
and click on the reCaptcha

Actual results:

reCaptcha spins indefinitely and does not work.

Expected results:

reCaptcha should work.

OS: Unspecified → Windows
Hardware: Unspecified → Desktop
Attached file error in cosole
Attached file Error in console

UA spoofing general.useragent.override = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" seems workaround.

Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: site-compat
Blocks: 1826738

We reached out to Google about this, this doesn't seem to be something we did.

No longer blocks: 1826738
Component: Untriaged → Site Reports
Keywords: webcompat:site-wait
Product: Firefox → Web Compatibility
Summary: reCaptcha BROKEN in FireFox 125.0.3 → reCAPTCHA shows a high failure rate and occasionaly endless blocks
Duplicate of this bug: 1894590
Duplicate of this bug: 1894747
Duplicate of this bug: 1686956

Workaround Solution until this is Fixed:

  1. In the Firefox address bar, type: about:config
  2. Search for: general.useragent.override
  3. Select "String" and then the + button
  4. Copy and Paste this into the field:
    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
  5. Click the Checkmark Blue button to save. You're done.
  6. Now Bookmark this setting so you can delete it when this issue is fixed! Don't forget.

(In reply to Intrepid from comment #11)

When will a new release fix be released for this serious bug???
Firefox will not work on ANY site that has a reCAPTCHA.
Is that not an critical emergency?

As you may know from following the threads and conducting your own testing, this problem is specific to the way Firefox/Windows identifies itself to websites:

  • Firefox/Windows: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0

The reCAPTCHA script runs correctly if you have Firefox transmit these other "user agent" strings (either by creating a preference or by using an add-on):

  • Firefox/Mac: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:125.0) Gecko/20100101 Firefox/125.0
  • Firefox/Linux: Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0
  • Frankensteined: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) AppleWebKit Gecko/20100101 Firefox/125.0

The best case scenario is that Google fixes its script ASAP, but I agree with you that the product managers also need to consider the damage done to user confidence by this problem which, based on forum posts, many users blame on the Firefox 125.0.3 update.

Usually site-specific user agent overrides are handled by the "Web Compatibility Interventions" system add-on. I don't know whether that can be updated out-of-cycle from Firefox itself or how much testing is required. Maybe Normandy can help? I don't think anyone wants to see rushing cause more or other problems.

The best case scenario is that Google fixes its script ASAP, but I agree with you that the product managers also need to consider the damage done to user confidence by this problem which, based on forum posts, many users blame on the Firefox 125.0.3 update.

Agreed. Here is the correction to my Workaround Solution above:

  1. Copy and Paste this into the field:
    Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) AppleWebKit Gecko/20100101 Firefox/125.0

The culprit is a dark-mode detection logic for Firefox Windows:

($N && jT
  ? ((b = QP(p)),
    (b.style.backgroundColor = "rgb(255, 255, 255)"),
    oB(b),
    (c = z[44](26, b, "backgroundColor")),
    xx(b),
    (Q = "rgb(255, 255, 255)" !== c))
  : (Q = D)),

which reads:

(isFirefox && isWindows
  ? ((b = document.createElement("div")),
    (b.style.backgroundColor = "rgb(255, 255, 255)"),
    document.body.appendChild(b),
    (c =window.getComputedStyle(b).getPropertyValue("backgroundColor")),
    document.body.removeChild(b),
    (Q = "rgb(255, 255, 255)" !== c))
  : (Q = D)),

However, since the script is in the head, document.body is not available. I cannot think of easy way of shimming this on the Firefox side.

Duplicate of this bug: 1894837

We're treating this as an incident internally, reflecting this bug to match that. Here are a couple of key points:

  • This is not a regression in Firefox - reCAPTCHA is also broken in old Firefox releases like v120. So this is also not something we can simply fix with a revert and a dot-release.
  • Comment 15 is correct, this appears to be a broken implementation of something that's only affecting Firefox on Windows. Thanks for the diagnosis, Young Min Kim!
  • If you spoof as Chrome (or Firefox for Linux) in Firefox on Windows, it works because that codepath is avoided.
  • If you spoof as Firefox for Windows in Chrome, it breaks exactly the same way, so there is no interop issue here.

For everyone else, please let's not post "I'm also affected by this"-style comments, so we can keep the information density in this bug high. We know that this is affecting lots of people, and we're working on resolving it.

Severity: -- → S1
tracking-firefox126: --- → ?
tracking-firefox127: --- → ?
Priority: -- → P1
Summary: reCAPTCHA shows a high failure rate and occasionaly endless blocks → reCAPTCHA is broken for [some|most|all] Windows users
Duplicate of this bug: 1894879

Yes, Google is rolling out a fix. It seems to work in several of our internal tests on multiple continents, but we'll keep this bug open until we're sure it's fixed for everyone.

Google confirmed that this was mitigated, so I'll go ahead and close this bug as fixed.

If someone is still seeing issues, please give it another hour or two, clear your caches, and test again. If this persists, please open a new bug and we'll investigate.

Status: NEW → RESOLVED
Closed: 9 months ago
Keywords: webcompat:site-wait
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: