Metamask Wallet version 12.12.0 causes multiple websites to break
Categories
(WebExtensions :: Developer Outreach, defect)
Tracking
(firefox136 affected, firefox137 affected, firefox138 affected)
People
(Reporter: a_nut_in, Unassigned)
References
Details
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0
Steps to reproduce:
FF upgraded to 136.0.2 with Metamask preinstalled version 12.12.0
Actual results:
- Duckduckgo breaks - does not show results
- Google Workspace/GMail does not load
- Page rendering across random sites slow/sluggish
Note: Issues go away in Private mode/TS mode. Refreshing FF has no effect. Disabling addons one at a time - and everything works fine as soon as Metamask is disabled from the Extensions menu
Expected results:
- Metamask - given it's just a Ethereum wallet - should not be causing page loads to be sluggish, Duckduckgo to break and Google Workspace to stop loading
|
||
Comment 2•1 month ago
|
||
The Bugbug bot thinks this bug should belong to the 'WebExtensions::Untriaged' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
|
||
Comment 3•1 month ago
|
||
I reproduced the issue on the latest Firefox Release (136.0.2/20250317120031), Beta (137.0b8/20250319094417) and Nightly (138.0a1/20250319204742) under Windows 11 and Ubuntu 24.04 LTS.
I tried accessing Gmail while the extension is enabled, and the page would not load. The loading bar gets stuck close to the end and does not proceed further.
Disabling the extension and reloading Gmail loads the page fast and without issues.
|
||
Comment 4•1 month ago
|
||
It looks like it may likely be a regression introduced by the last version of the MetaMask extension (version 12.12.0, released Feb 27, 2025), it may be due to the CSP-related errors that the content scripts injected by the MetaMask extensions are hitting, e.g. the following one was emitted in the console on a duckduckgo search with the last version of this extension available on AMO installed on a brand new profile (and the extension just installed, no wallet created or imported):
Content-Security-Policy: The page’s settings blocked an inline script (script-src-elem) from being executed because it violates the following directive: “script-src blob: https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com 'unsafe-inline' 'unsafe-eval' 'nonce-bW96LWV4dGVuc2lvbjovL2ZkNjZkOTY2LThmYjMtNGRhNC04MGQwLWMzN2M3NTE5MjkzOS8='”
The previous version available on AMO (Version 12.6.2, Released Nov 21, 2024) doesn't seem to be hitting the same issue, with that version installed the duckduckgo search page does fully load instead of stay stuck as shown in the screencast linked in comment 1.
There is also a github issue tracking this same issue (and the same CSP error is also mentioned in this github issues comment): https://github.com/MetaMask/metamask-extension/issues/31094
It looks like there may be also a workaround possible while using the last version of this extension, by flipping off from the CSP overriding (which seems to be only available on Firefox builds of this extension) through "Settings > Advanced > Override Content-Security-Policy header", mentioned in this comment of the github issue linked above: https://github.com/MetaMask/metamask-extension/issues/31094#issuecomment-2735942334
I'll close this bugzilla issue as invalid along with moving it into the "Developer Outreach" bugzilla component, based on this comment on github https://github.com/MetaMask/metamask-extension/issues/3133#issuecomment-2738098892 the extension developers are already aware of this regression due to the previous CSP fix and they are in the process of releasing a new version of the extension.
Description
•