Closed Bug 1919173 Opened 5 months ago Closed 2 months ago

Firefox blocked by macOS firewall after upgrading to macOS 15 Sequoia with firewall enabled

Categories

(External Software Affecting Firefox :: Other, defect)

Product:
External Software Affecting Firefox
Component:
Other
Version:
Firefox 130
Platform:
Desktop
macOS
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: u759320, Unassigned, NeedInfo)

References

(Blocks 1 open bug)

Details

User Story

Some users are reporting that after upgrading to macOS 15 Sequoia, Firefox is unable to access websites. The problem appears to be limited to a subset of users that had the macOS firewall enabled prior to upgrading. We have reported the problem to Apple. Reports online indicate many applications are affected by this problem including security applications and other web browsers.

Update: Apple has released a Sequoia update, version 15.0.1, with a release note “improves compatibility with third-party security software”. We expect the 15.0.1 update to address the firewall compatibility problems with Firefox.

Attachments

(2 files)

pre-upgrade-case-that-could-not-reproduce.jpg
188.10 KB, image/jpeg
Details
post-upgrade-case-that-could-not-reproduce.jpg.jpg
197.88 KB, image/jpeg
Details
Component: Untriaged → Networking
OS: Unspecified → macOS
Product: Firefox → Core
Hardware: Unspecified → Desktop
Summary: No connection after latest macOS update → Firefox blocked by macOS firewall after system update

I encountered the same problem, and the workaround suggested by this comment worked for me: /usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/Firefox.app

My hypothesis is that this is related to the socketfilterfw change, and some older Firewall rules can no longer be changed via the Settings app.

Also see:

I've updated my Mac mini to Sequoia and Firefox connected to the Internet without any intervention. It's worth noting that the firewall is disabled by default on macOS.

I've filed FB15152031 with Apple Feedback Assistant and have let our Apple contact know about the problem. The FB is essentially "after upgrading to Sequoia, some users report Firefox not being able to load any websites due to unexpected firewall rules that block Firefox and can't be removed."

(In reply to fzczx123 from comment #1)

I encountered the same problem, and the workaround suggested by this comment worked for me: /usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/Firefox.app

@fzczx123, thanks for the report. Could you confirm a few details? Prior to upgrading to Sequoia, you had the firewall enabled? Had you made any configuration changes to the firewall or manually added any rules for Firefox? And when the problem was occurring and you opened up the firewall settings, Firefox was listed as "block incoming connections" and it was not editable?

Flags: needinfo?(fzczx123)

Prior to upgrading to Sequoia, you had the firewall enabled?

Yes

Had you made any configuration changes to the firewall or manually added any rules for Firefox?

I can't remember.

And when the problem was occurring and you opened up the firewall settings, Firefox was listed as "block incoming connections" and it was not editable?

Yes. And after running /usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/Firefox.app, Firefox was then allowed, but still not editable.

Flags: needinfo?(fzczx123)

BTW, I had the same problem with Thunderbird, and the same workaround applied. Not sure whether a separate bug needs to be opened, as this seems to be more a macOS issue.

Moving this out of networking as this more related to OS integration.

Component: Networking → General
Product: Core → Firefox
Duplicate of this bug: 1919702

More reports about macOS Sequoia firewall problems (not related to Firefox) here:

https://mjtsai.com/blog/2024/09/18/macos-firewall-regressions-in-sequoia/

Blocks: 1882116
User Story: (updated)
User Story: (updated)
Summary: Firefox blocked by macOS firewall after system update → Firefox blocked by macOS firewall after upgrading to macOS 15 Sequoia

(In reply to fzczx123 from comment #5)

Prior to upgrading to Sequoia, you had the firewall enabled?

Yes

Had you made any configuration changes to the firewall or manually added any rules for Firefox?

I can't remember.

And when the problem was occurring and you opened up the firewall settings, Firefox was listed as "block incoming connections" and it was not editable?

Yes. And after running /usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/Firefox.app, Firefox was then allowed, but still not editable.

Thanks, fzczx123! That is very helpful. If you could check one more thing, do you have this setting enabled in the firewall settings?

Automatically allow downloaded signed software to receive incoming connections

Flags: needinfo?(fzczx123)

This is likely to be a macOS issue and reporting the issue to Apple may help. For anyone encountering this problem, the macOS Feedback Assistant app can be used to report problems like this to Apple. By default the report will include diagnostic information (Sysdiagnose and System Report files) that may help Apple root cause the bug. Once the report is filed, it will have an FB number such as FB15152031. If you post that number here, we can reference it with Apple.

Summary: Firefox blocked by macOS firewall after upgrading to macOS 15 Sequoia → Firefox blocked by macOS firewall after upgrading to macOS 15 Sequoia with firewall enabled
User Story: (updated)
User Story: (updated)

I tried to reproduce this on a mac mini and was unable to. There are a number of knobs in the Firewall settings so sharing what I did in case others care to try different setups.

STR:

  • Pre upgrade: Turn on firewall
  • update Firefox
  • add Firefox as “Allow incoming connections” (took system diagnostics via activity monitor)
  • restart (took system diagnostics via activity monitor)
  • do OS upgrade to 15.0
  • After the upgrade, Firefox is allowed and works fine. Note that it is still unable to be changed, similar to some of the other reports

Other variations that might be interesting to test pre-upgrade: "block all", not having Firefox as explicitly listed, having Firefox as explicitly listed and blocked, and "automatically allow downloaded signed..."

Screenshot immediately after upgrade (see Firefox as allowed but not configurable)

(In reply to Haik Aftandilian [:haik] from comment #10)

(In reply to fzczx123 from comment #5)

Prior to upgrading to Sequoia, you had the firewall enabled?

Yes

Had you made any configuration changes to the firewall or manually added any rules for Firefox?

I can't remember.

And when the problem was occurring and you opened up the firewall settings, Firefox was listed as "block incoming connections" and it was not editable?

Yes. And after running /usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/Firefox.app, Firefox was then allowed, but still not editable.

Thanks, fzczx123! That is very helpful. If you could check one more thing, do you have this setting enabled in the firewall settings?

Automatically allow downloaded signed software to receive incoming connections
Hello,
This also solved the problem for me, thank you very much!
I still can't edit the setting in the FW configurations, but at least Firefox now works correctly.
Many thanks,
Vincent.

Severity: -- → S2
Component: General → Other
Product: Firefox → External Software Affecting Firefox
Status: UNCONFIRMED → NEW
Ever confirmed: true

(In reply to Vincent Lagrange from comment #14)

Automatically allow downloaded signed software to receive incoming connections
Hello,
This also solved the problem for me, thank you very much!
I still can't edit the setting in the FW configurations, but at least Firefox now works correctly.
Many thanks,
Vincent.

Thanks, that's helpful to know. Automatically allow downloaded signed software to receive incoming connections should not normally be required for Firefox to work with the firewall enabled, but it may workaround the problem.

See Also: → 1920105
Duplicate of this bug: 1920105

If anyone is able to reproduce this problem and wouldn't mind testing a Beta release of macOS, please consider installing the macOS Sequoia Developer Beta - 15.1 Beta 5. We would like to check if the problem has been fixed in that release.

This is aimed at advanced users who feel comfortable testing macOS Beta software. Only attempt this if you feel comfortable testing Beta builds of macOS and understand the risks. See https://beta.apple.com/faq for more information.

I have the problem, too. Firefox cannot access the internet. My Mac sits behind a router connected to my ISP and a router connected to that router (double NAT) - but I can connect to the webinterfaces of the ISP-router as well as to a pihole connected to the ISP router.
"Automatically allow downloaded signed software to receive incoming connections" cured the problem. Changing the DNS server to 1.1.1.1 or 8.8.8.8 in MacOS Network settings helped me as well. Changing the DNS settings in the routers did not help.

Same problem, but our IT Service Desk recommended these steps that set my Macbook to use public DNS, and the steps don't conflict with my laptop's secured corporate profile:

Setting the MacBook to use public DNS? Some have advised this workaround will resolve it for the time being:

To set the DNS on a Mac to 8.8.8.8, you can do the following:
Click the Apple logo in the top left corner of the screen
Select System Preferences
Click Network
Select the network connection you are using
Click Advanced
Select the DNS tab
Click the + button in the DNS Servers section
Enter 8.8.8.8 in the box
Click the + button again and enter 8.8.4.4
Click OK, then Apply
Restart your Mac for the changes to take effect
8.8.8.8 and 8.8.4.4 are the IP addresses for Google's public DNS.

Yeah, this is happening to me, too. Now what?

(In reply to cbickers from comment #20)

Yeah, this is happening to me, too. Now what?

Until we have a fix for this, here are some different options to try that have worked for others.

  • Temporarily disable the macOS firewall in macOS System Settings. You should be aware of the security implications of disabling the firewall.

  • Run this command to explicitly allow Firefox traffic through the firewall /usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/Firefox.app

  • Download Firefox manually from https://www.mozilla.org/en-US/firefox/new/ and reinstall it by replacing the existing install. Typically this is done by dragging the downloaded Firefox out of the downloaded DMG to the Applications folder.

For advanced users comfortable experimenting with a beta version of macOS who are still affected by this problem, see comment 17 for details.

Hi there... Thank you for the reply. I tried the third option: move current Firefox app to trash then download new version per the link you provided. You didn't specify but I had firewallOFF when I did this. Interesting different behavior I will try to describe here. The problem seems DNS-ish at the subdomain level from this behavior to me.

I had already been using turn-off macOS firewall, so I could use Firefox (my preferred and default browser). Ack possible security impacts.

I had downloaded and "started" the new download with firewallOFF Went to a test site SFBA.social [firewallOFF]. Turned firewallON then went to SFBA.social again and it worked. Yay. Went to substack.com [firewallON] and it didn't work. Boo. Turned firewallOFF. Went to substack.com and it worked. Turned firewallON. Went to substack.com and it worked. Yay? Hit the link in the email to go to https://bugzilla.mozilla.org/show_bug.cgi?id=1919173 with firewallON and it didn't work. What?!?! Turned firewallOFF, went to the bugzilla link, it worked. Turned firewallON, tried mozilla.org, nope. Basically, once, with firewallOFF, subdomain.SLD.TLD is accessed, it can be accessed again firewallON. As long as I stay on that subdomain.SLD.TLD, I can access anywhere else within that subdomain.SLD.TLD but not any other SLD.TLD, even the same SLD.TLD.

Tried a bunch of toggling firewallOFF, go some subdomain.SLD.TLD/whatever, delete tab, firewallON, successfully go to subdomain.SLD.TLD/wahtever but not to any other subdomain for that SLD.TLD. For example, after "fixing" bugzilla.mozilla.org/... I couldn't go to mozilla.org or monitor.mozilla.org unless I firewallOFF.

I saw somewhere somebody suggest setting DNS to 8.8.8.8. Did that. Seems to solve the problem. With the firewallON, I can go to various subdomain.SLD.TLD without a problem (so far, with the various URLs I usually go). No idea if this is going to be a problem with my Internet provider (attlocal.net).

So, I'm going with some mismatch between macOS Sequoia and Firefox in the subdomain portion of the URL. I think I've provided enough detail that you could reproduce this result if you have a system doing this.

Thank you again for the reply. I'll be curious to see what this ends up being as the base mismatch. Best to you.

Since the upgrade to Sequoia on a Apple M1 Pro I can no longer access any website in my local network with Firefox, neither via HTTP nor via HTTPS, no matter whether with hostname or IPv4 address. I have the same problem with Chrome. Command line tools like wget or curl work with the same URLs, and so does Chrome when I start it from the command line (for Firefox this trick does not work).

I did not notice any problem with non-local websites.

The firewall was not active before or after the upgrade.

(In reply to Stefan Weil from comment #23)

Since the upgrade to Sequoia on a Apple M1 Pro I can no longer access any website in my local network with Firefox, neither via HTTP nor via HTTPS, no matter whether with hostname or IPv4 address. I have the same problem with Chrome. Command line tools like wget or curl work with the same URLs, and so does Chrome when I start it from the command line (for Firefox this trick does not work).

I did not notice any problem with non-local websites.

The firewall was not active before or after the upgrade.

Thanks for the report, @Stefan. We have bug 1919889 where we are looking into reports of this. Is Firefox listed in System Preferences -> Privacy & Security -> Local Network and if so, is it enabled? It will need to be enabled there. Please follow up on bug 1919889.

Flags: needinfo?(mozilla)

Many thanks for this helpful hint. Firefox was listed there, it was disabled, and after enabling it I can now access local websites again.

Flags: needinfo?(mozilla)
See Also: → 1919889

Just upgraded to iOS 15 and Firefox no longer works on the internet. Not site specific. This issue is not exclusive to Firefox. Currently Outlook is not sending or receiving mail. Even internal Apple features have issues such as lookup. I have to iOS platforms and only one is affected.

Just updated to Sequoia 15.0.1 and can now use firefox again. Hope the same is true for everyone else.

I'm seeing issues too since updating to Sequioa.

I didn't have the MacOS Firewall enabled prior to update.

Firefox works for browsing public sites, but I'm unable to access any devices on my local network eg https://192.168.1.1 (both http & https)

Running macOS 15.0.1 & Firefox 131.0

Apologies, just seen the comment about 1919889 and that resolved the local network for me

(In reply to John Renner from comment #27)

Just updated to Sequoia 15.0.1 and can now use firefox again. Hope the same is true for everyone else.

Also had problem with Firefox and 15.0, and updating to 15.0.1 cured it.

Apple has released a Sequoia update, version 15.0.1, with a release note “improves compatibility with third-party security software”. We expect the 15.0.1 update to address the firewall compatibility problems with Firefox.

User Story: (updated)
See Also: → 1936452

Closing this bug now that Apple has released macOS updates that appear to have resolved the firewall problem.

Status: NEW → RESOLVED
Closed: 2 months ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: