Firefox Community Forum

Mozilla Corporation is sending me a box message from Nsv353A.tmp published by Mozilla Corporation teeling me to sign in to Amazon What is this?

And how do I fix this?

Hello Mozilla community

I’m troubleshooting a Kerberos/SPNEGO proxy auth issue and need help understanding whether this is a Firefox bug or a misconfiguration on our side.

Environment :

Client OS: Ubuntu 24.04 (GNOME session)

Firefox: 144.0

Other clients on same host: curl (works) and Chrome/Chromium (works)

Proxy (on-prem): swg.test.local:8080 (HTTP proxy performing Negotiate/Kerberos authentication)

AD / Kerberos realm: TEST.LOCAL (users), service SPN: HTTP/swg.test.local registered in AD

Domain trust: one-way trust exists between test.local and test.intra (contextual; but current test is within test.local)

Symptom :

curl --proxy http://swg.test.local:8080 --proxy-negotiate -u : http://example.com -> negotiates and sends Proxy-Authorization: Negotiate ... and request succeeds.

Chrome also performs Negotiate and the request succeeds.

Firefox never sends Proxy-Authorization: Negotiate and the proxy returns 407 Proxy Authentication Required. No prompt for credentials; negotiation does not start.

What I already validated

Kerberos TGT is present in user cache:

kinit user@test.local klist

TGT is visible and valid.

curl and Chrome negotiate successfully from the same host (so SPN, AD, keytab, realm mapping are working in general).

Firefox launched from terminal (so it inherits KRB5CCNAME) still does not negotiate.

I enabled KRB5_TRACE and launched Firefox; trace file stays empty (suggesting Firefox did not call into GSSAPI for this request).

Network capture shows proxy challenge Proxy-Authenticate: Negotiate and no corresponding Proxy-Authorization header from Firefox.

Firefox prefs checked / set (About:config values I validated/changed)

network.negotiate-auth.trusted-uris = swg.test.local,.test.local → Ensures Firefox will send Kerberos tokens to that host/domain.

network.negotiate-auth.delegation-uris = .test.local (optional)

network.auth.use-sspi = false (Linux)

network.negotiate-auth.allow-non-fqdn = false

network.automatic-ntlm-auth.trusted-uris left blank or set to .test.local

Despite network.negotiate-auth.trusted-uris containing the exact FQDN and domain, Firefox still does not attempt negotiation.

Diagnostics already captured

tcpdump pcap covering UDP/TCP 88 and proxy port 8080 (shows proxy 407 and absence of Proxy-Authorization from Firefox)

KRB5_TRACE=/tmp/krb5_trace.log for Firefox launch (no GSS calls logged)

Reproduced curl/Chrome flows that do include Proxy-Authorization: Negotiate ...

Hypothesis

Firefox is refusing to attempt Negotiate at all — likely due to either:

a preference that’s still missing or misinterpreted (trusted-uris format, wildcard/domain handling), or

a desktop-launch / environment isolation problem (GUI-launched Firefox not seeing Kerberos credentials or environment), or

a bug/regression in Firefox’s GSSAPI/SPNEGO integration on Linux (e.g., refusing to use a credentials cache inherited from the shell, or ignoring network.negotiate-auth.trusted-uris for proxy authorization specifically).

What I need from the community

Has anyone seen Firefox on Linux behave this way (curl/Chrome work, Firefox never starts Negotiate) with an on-prem proxy using Proxy-Authenticate: Negotiate?

Any additional about:config prefs or hidden flags that affect proxy SPNEGO (not site SPNEGO) that I should check? I already set network.negotiate-auth.trusted-uris.

Any differences in behavior between Firefox launched from GUI vs. launched from terminal that might cause the client not to use the Kerberos ticket cache — and reliable steps to reproduce/diagnose?

If you have a small reproducible test case or a recommended debug build/flags to capture verbose Firefox GSSAPI logs (beyond KRB5_TRACE) please share them.

If this is a known bug/regression, pointer to the bugtracker entry would be appreciated.

Thanks in advance

Bonjour, Depuis deux jours, je ne peux plus me connecter à ma banque, alors que tout fonctionnait très bien auparavant. Pouvez-vous m'en expliquer la raison et me dire ce que je dois faire. Cordialement

Bonjour en voulant aller sur un site connu et auxquels je vais j'ai eut ce message je n'ai rien modifié sur mon ordi d’où cela viens t-il et surtout comment y remédier. Merci "Pourquoi ce blocage ? Quelque chose dans le comportement du navigateur nous a intrigué.

Diverses possibilités:

   vous surfez et cliquez à une vitesse surhumaine
   quelque chose bloque le fonctionnement de javascript sur votre ordinateur
   un robot est sur le même réseau  que vous

Des difficultés pour accéder au site ?"

Greetings--

Every time I try to log in to a one of my websites I need, I get the below screen visual. "Callback" in the tab area, "mypti.com" with a lot of numbers behind it in the address bar, and a totally blank screen - nothing else. Also, when I try to log back into the website I am unable to do so at all unless I clear my data and cookies from my browser cache.

Can you help me figure out why? This does not happen on any other webpage/website other then this one. Any suggestions, advice, or recommendations?

I am using Windows 10 Home Pro, and as far as I can see, my Firewall does not appear to be blocking anything as far as I can tell......and I am set up to allow pop ups on visited websites.

I look forward to hearing from you.

Thank you.

Hi Folks, Recently I have been having an issue with accessing a particular website which is asus.com and the nature of the issue is as follows. Every time I attempt to login I receive the following error message.

The browser could not find the host server for the provided address.

   "Check the address for typing errors such as ww.example.com instead of www.example.com.
   If you are unable to load any pages, check your device’s data or Wi-Fi connection."

It should be noted that this is the only website that I am having this issue any and all assistance in resolving this extremely annoying issue will be greatly appreciated

I have pop up blockers set to allow pop up blockers, but ev en though they are turned on. Firefox will not allow pop up windows in the learning management software (D2L brightspace) used at my university.

https://www.anthropiccopyrightsettlement.com/

Here is the site I desperately need to click around on. I can't access more than the homepage via Firefox (laptop), Safari (my laptop and iPhone) or Microsoft Edge (my husband's laptop). For the links on the page, I get an error message every time. And I have disarmed as many cautionary protections as possible. Yet other people seem to be able to use the site like a roller rink.

Ideas?

Thanks.

I am now receiving this notice for more and more commonly accessed websites. I get the message if I have https only selected or not selected. Currently receiving for Lowes, Home Depot, American Airlines and more. I can go to a Firefox 135.0.1 browser on a separate desktop accessing the internet through the same router and do not have issues. I suspect I have been upgraded by Mozilla into a less functional browser version for whatever reason that Mozilla does this.

Sample Messages:

American Airlines Access Denied You don't have permission to access "http://www.aa.com/" on this server.

Reference #18.ea382f17.1754673395.2abc2b02

https://errors.edgesuite.net/18.ea382f17.1754673395.2abc2b02

Lowes Access Denied You don't have permission to access "http://www.lowes.com/search?" on this server.

Reference #18.89f8cd17.1754677280.265017bc

https://errors.edgesuite.net/18.89f8cd17.1754677280.265017bc

Using FF 143.0 on Win10 64 bit. I do not use any password manager. Before I logon to any site, as a matter of course, I clear all cookies and history. I logon just fine to many sites.

However, only at: amazon.com do I see this pop-up. There appears to be no way to actually verify it is really me. And there is no difference in action between "Cancel" or "X' closure.

Lastly, this pop is modal. It can not be bypassed. I have to kill it to continue to amazon.

amazon is the only place this appears, and I really don't know what is generating it.

Any clues anyone.

BartelsJuice

I have iMac desktop computer made in 2017, with macOS VENTURA 13.7.1. Using public library account in Toronto, Canada I watch digital materials (movies) on my computer. My default browser is FIREFOX 143.0.1 but with it I can't get access to hoopladigital.com; if I use SAFARI as a browser I can get access, login and watch movies. I would like just to know if there is anything in the settings of the FIREFOX browser that has to be changed so that I can use my preferable browser? Thank you.

There are many sites that refue to load correctly. Soundcloud does not load at all and assets from Canva's stock media library only load the alt text descriptions. Both show that the culprit is the cross origin requests being blocked. I have reset Firefox to factory settings, uninstalled plugins, disabled enhanced tracking prevention, etc and tested private browsing which sometimes works but seems to be inconsistent. Any guess on why Firefox would be blocking Cross-Origin Requests? These sites have worked with Firefox in the past and work on Safari on the same Mac.

Canva: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://media-public.canva.com/KH7y4/MAEGv3KH7y4/1/tl.png. (Reason: CORS request did not succeed). Status code: (null)

Soundcloud: Failed to load ‘https://a-v2.sndcdn.com/assets/2-517dcb44.js’. A ServiceWorker passed a promise to FetchEvent.respondWith() that resolved with non-Response value ‘undefined’. service-worker.js:1:2774

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://a-v2.sndcdn.com/assets/2-517dcb44.js. (Reason: CORS request did not succeed). Status code: (null).

<script> source URI is not allowed in this document: “https://a-v2.sndcdn.com/assets/2-517dcb44.js”.

I would like to start the E-Mail Outlook classic from Firefox. I changed it in the preference area with the path to outlook classic. When I press the E-mail button now outlook classic starts but then the new outlook overlays the classical one by saying "I loose the starting link". I don't want to use the new outlook. What can I do ? Thank you for helping me. Best regards Wener