Svi proizvodi Forum podrške

Hello,

I am unable to access x.com, and I think this is caused by hackers.

Below I try to explain the facts (or information) that leads me to this conclusion.

After I enter the x.com in Firefox's address, in the developer drawer Network tab I can see the content-security-policy as:

content-security-policy: connect-src 'self' blob: https://api.x.ai https://api.x.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com ws://localhost:8008/v2/ipc https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com https://localhost.twitter.com:3443 https://localhost.x.com:3443; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/ https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://static.ads-twitter.com 'nonce-ZDFkNGU5ZjQtYjdkZC00ZjhmLWFhMmMtZGIwMmY5ZGM2N2E4'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false

NOTICE THE script source policy: script-src 'self' 'unsafe-inline'

NONETHELESS, when I look at x.com source, I see:

<script nonce="NmM2ZWZkMWMtZTdmOC00YmE5LWI1Y2YtNTQ4NDIzMzFkZDUy">

window.__runPxScript = function() {

 delete window.__runPxScript;
 !function(e,t,n,s,u,a){e.twq||(s=e.twq=function(){s.exe?s.exe.apply(s,arguments):s.queue.push(arguments);
 },s.version='1.1',s.queue=[],u=t.createElement(n),u.async=!0,u.src='https://static.ads-twitter.com/uwt.js',
 a=t.getElementsByTagName(n)[0],a.parentNode.insertBefore(u,a))}(window,document,'script');
 twq('config','ogf5s');twq('config','o8zly');

} </script>

<script type="text/javascript" charset="utf-8" nonce="NmM2ZWZkMWMtZTdmOC00YmE5LWI1Y2YtNTQ4NDIzMzFkZDUy">location.assign("/account/access")</script>

Also, the developer drawer Console tab issues this error before being redirected to x.com/account/access:

Content-Security-Policy: Ignoring “'unsafe-inline'” within script-src: nonce-source or hash-source specified

I think the HTML that loads in Firefox is corrupted or tampered.

Could I get some feedback?

I noticed yesterday with version 115.4.2 32-bit (I just updated now) that an e-mail, part of a correspondence, would not load. Actually it did load but it seems to have permanently replaced the original message with a completely different e-mail from a different sender. But the From and the Subject lines pertained to the e-mail that was supposed to be there. The replacement message, if it matters, is an e-transfer notification, again, from a completely different sender.

I noticed then that a few other e-mails show only code data in the body. This is loading from a Gmail account which appears to be intact when I log in there directly.

I was also concerned when I first went to open Thunderbird from the taskbar, that a Win 10 pop-up appeared as I hovered over to click the icon, showing "recent" e-mails from all different dates, most of them well in the past and certainly not accessed recently. This has me concerned about a security breach.

PS: When I tried to remove the "recent" e-mails pop-up menu I accidentally deleted the taskbar shortcut and now can't get it back. Well, I can but the TBird icon won't reload and it just shows up as a blank icon.

Good afternoon,

If necessary, I am available to add more information about this case (145005), in English or Portuguese.

Best regards,

Ana Patrícia Paquete Visual Designer

Hi there,

I am tryign to access my firm's MetroBank account through Firefox and, after putting in my login details, I get a blank, white screen. I've tried with the same details through Chrome and it works. I've also disabbled pop up blocking and ad blockers.

Any other tips on what I could look for?

Rui

Discovered that until now I had been unable to store passwords on this browser, and discovered I would need to set a Primary Password before being able to set any. I followed the recommended instructions to set one, but no matter what I entered, it would be unable to set. (Password quality meter was not full (75-80%~), if that is significant.)

After this, I would receive continuous pop-up windows asking to set a Primary Password, but all attempts to set such a password would fail (Window named :"Alert", with text stating "Unable to Change Password.") These would persist until I shut down my computer, and I stopped receiving these popup windows, but ultimately, I am still unable to set a primary password., and thus, am unable to save passwords.

(Pop-up Windows were labelled "Change Password", and had text stating "Security Device: Software Security Device", along with having the password change form)

Hi, for about 14 days I get random certificate warnings - even on well known websites. They vary from SSL_ERROR_BAD_CERT_DOMAIN to SEC_ERROR_UNKNOWN_ISSUER... even on websites like x.com or LinkedIn. At the same time I got a new router from my ISP. But I am not sure, if this is connected somehow or if I got a Man-in-the-Middle or a virus. Malwarebytes & Co don´t find anything. I have resetted Firefox, too. But nothing helps. I get these errors in Chrome, too, sometimes. But not as often. Any ideas anybody? TIA!!!

Hello,

My password saved are deleted every time I close FF. It used to be manageable because Google and other sites didn't require me to fill my passwords (cookies did the trick I suppose) but now I also loose access to gmail and Youtube every time I close FF. It's annoying to have to use 2FA every damn time. And keeping the passwords available.

I've tried every answer I found by looking around :

- tried to start in safe mode - disable hardware acceleration - I have no extensions

FF saves the passwords correctly (at least they appear in the saved password tab) but they are erased every time I restart FF. The cookies aren't automatically deleted (FF remembers my browsing history) but I need to relog into Google.

I getting frustrated.

For months, now, whenever I try to post a comment on a Yahoo! News article, it reads: "Your comment has failed to published." This only happens in Firefox. My "Privacy & Security" settings are set to "Standard," my "History" set to "use custom settings for history" with settings "Remember browsing and download history" and "Clear history when Firefox closes." so cookies and cache get cleared then.

Sometimes this works when starting a new session. But I shouldn't have to start another session and lose all of my logins just to post a comment on a Yahoo News article.

Anyone else having this problem? Is there an easy and permanent fix? What are you settings set at?

Firefox does not allow website to access my location even though I keep allowing the website to access my location. I select the allow button and also did this both with and without the box checked to remember the decision. I also go into Settings - Privacy & Security - Location settings. I allow there. Nothing helps.

I would like to further secure my passwords but don't want to have to enter the primary password every time I start the browser. I would like it to only prompt me if a password is needed. I can go days without needing a password to be entered and open and close Firefox every time I use it. It gets tedious. Thanks!

I haven't logged in for quite a while. When I tried to login today, the password was automatically added via the "Saved Passwords", and i was able to log in, although I recognized it as an old password, and It was different that what I currently show in my third party password manager.

When i tried the password from third party password manager, it was rejected.

I tried to change it in my Firefox password database. The odd thing during the process was that when Firefox automatically added the Firefox database stored password to the current password to be changed field, it added the latest password, the same one that is stored in my third party password manager, not the old password that it filled in on the login page.

Some mails always end in spam folder no matter which settings I have tried for example collected adresses or check/uncheck spam settings. For a test I have two hotmail accounts. When I from thunderbird send mail from one to the other, it ends in spamfolder. But if I from the same mail account from outlook.live website send mail to the same account, it doesn't end in Thunderbird spam folder. Besides this many other safe and regocnized mailaccounts recently starts to end in spamfolder. Can any thing be done?