Forum der Gemeinschaft Firefox

Why am I getting this from Kaspersky? The most recent version is 108.0.2. Detect date ? 01/17/2023 Severity ? High Description

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, spoof user interface.

Below is a complete list of vulnerabilities:

   Security vulnerability in SystemPrincipal can be exploited to bypass security restrictions.
   Security vulnerability in WebWorker can be exploited to bypass security restrictions.
   Code execution vulnerability in GTK drag and drop can be exploited remotely to execute arbitrary code.
   Code execution vulnerability in process allocation can be exploited remotely to execute arbitrary code.
   Code execution vulnerability in Devtools can be exploited remotely to execute arbitrary code.
   Memory safety vulnerability can be exploited to execute arbitrary code.
   Security vulnerability in Notification permissions can be exploited to bypass security restrictions.
   Security vulnerability in format directive can be exploited to bypass security restrictions.
   Security UI vulnerability in cross-origin iframe can be exploited to spoof user interface.

Affected products

Mozilla Firefox earlier than 109.0 Solution

Update to the latest version Download Firefox

I am having an issue with a work site where the content is not being displayed correctly. This site uses microsoft single sign-on with my corporate account and it seems that this is where it breaks, as I am finding errors that point in that direction: GET https://autologon.microsoftazuread-sso.com/softtek.com/winauth/sso?client-request-id=xxxx POST https://login.microsoftonline.com/common/instrumentation/dssostatus Result: NS_BINDING_ABORTED

When I open the same site using Edge (sorry:) it works correctly. The issue is that I do not have control over that website and I use it to enter some work information and I haven't found a way to work around it. I have disabled DNS over HTTPS, HTTPS only mode, Deceptive content protection, allowed single sign-on for microsoft, deleted cookies, etc and nothing seems to work. I hope this gets looked into as it is really an issue that might affect everyone not only at my workplace but others that may use similar functionality. Thank you.

Fully patched Windows 11 on ARM Windows Surface Pro X SQ2

What I see: Misrendering of UI elements and some elements of webpages. Rectangular areas of all white with white on white text e.g. tab labels, settings page, etc.

What I tried. Uninstalling FF Reinstall FF Refresh settings

None of these fixed the problem for me.

Uninstalled Firefox Reinstall of Firefox

Hello, everytime I want to open a website that I frequently use, Firefox fails to suggest it as first and rather suggests the "base" url. Example: I want to open https://www.arabdict.com/en/deutsch-arabisch but typing "ara" in the URL input field always suggests https://www.arabdict.com although the first link is both bookmarked and pinned on home. Can someone tell me how to fix this if it's even fixable yet? Chrome does this if you want to compare the user experience I'm missing since switching to Firefox. Thank you!

P.S: sorry for the first screenshot, I couldn't catch the suggestions menu with the built in screenshot tool.

Ever since about a week ago, my Firefox just started... bugging. Twitch doesn't work, now Netflix doesn't work, basically anything that plays videos (except for YouTube) doesn't seem to be working.

On Twitch, if a person is live and streaming, upon clicking their stream to view it, it's suddenly offline, even if the chat is going and the "this person is live" notification is there. Netflix gives me a f7351 error. Websites with online media (like free movies on putlocker) have multiple streaming services attached and neither of them works.

I've cleared all cookies, cache, data and history.

This is only concerning Firefox, other web browsers work perfectly.

Extensions on my Firefox are as follows: BetterTTV, Dark Mode, DocsAfterDark, Facebook Container, FrankerFaceZ, I don't care about cookies, Instagram Dark Theme, New XKit, TinEye, Tumblr Saviour. No adblocks, no nothing.

My operating system is Windows 10, 64bit, Firefox is updated to 119.0.1.

Any help would be appreciated as this has been the bane of my existence for a while.

After updating to Firefox 115.0-1, I noticed that the tab names for all inactive tabs automatically greys out whenever the main Firefox window loses focus (see attached gif image). Only the system theme is affected. I should also note that only Firefox 115 exhibits this behavior (downgrading to Firefox 114.0.2-1 fixes the issue).

I'm not sure if this is by design. I've gone through the change log for Firefox 115 and found no mentions of this.

Of course, the behavior isn't that big of a deal. However, since I'm using a window manager (i3wm), an annoying "flash" (see attached gif image) can be observed every time I press a keybinding to activate a binding mode.

If this is a new feature, I'd very much like to turn it off in about:config.

Does anyone know how?

I use a pop3 server on a local email client. When I accidentally click on a mailto: address, a chrome window pops up. I used to get a Firefox window but that has changed.

This is a problem because the Chrome window cannot be closed unless I go to the Task Manager and end the Chrome process.

What can I do to prevent Chrome from being called when I click an email address in Firefox?

In order, the attached images show:

1 What happens when I click on an email address 2 What happens when I click the X tab on the Chrome window 3 What the task manager looks like - 5 processes running! 4 The Chrome processes have been killed.

Please help!

I've been having an issue for a while now where the cloudflare challenges that ask you to click the check mark to "verify your connection is secure" would just endlessly ask me to click the button and never continue. Sometimes it would say to unblock access to challenges.cloudflare.com.

But if I a launch an incognito window I can visit website with the challenge and it won't even ask! I've added all my extensions to run in incognito mode and everything still works, I can visit the websites in incognito just fine. So the one changing variable is incognito vs non-incognito.

I can have two windows open, one incognito and one not, and browse to the same website and the non-incog window will fail but the incog will just go to the site.

I thought incognito was supposed to only affect the session storage? Does it silently change other things to the running environment of the browser (about:config options, slightly different extension configs)?

Anyone know why this small change would suddenly allow cloudflare challenges to work?

Firefox Setup 125.0.2.exe popped a flag on Jotti's malware scan: ClamAV: Win.Trojan.Spora-7724442-0 I know this is going to turn out a false positive because VirusTotal came up with no flags but can someone at Mozilla get this flag cleared at Jotti's/ClamAV ? thanks

https://virusscan.jotti.org/en-US/filescanjob/20cqpwvtma

I have a Logitech Streamcam that I have been having some problems with. I noticed that Firefox stopped working with my Webcam some time ago and I can't seem to figure out why.

My webcam works fine on Chrome and using the camera app on my desktop. I hooked the webcam up to my Macbook and was able to connect to it just fine, even using Firefox.

I tested my webcam using this website: https://webcamtests.com/check When I go there I get this error message: "Could not find a web camera, however there are other media devices (like speakers or microphones). Most likely, this means that your webcam is not working properly or your browser cannot access it."

When I try to have it forcibly start the camera it gives me this error message: "NotFoundError: The object can not be found here.; DOMException".

I tried clearing the cache, running Firefox in safe mode, clearing all privacy and security settings, and reinstalling Firefox but none of it help, I also tried clearing the cache and got the same result.

Windows security settings show Firefox last accessed my webcam on 2021-11-08 and there are no access requests from Firefox since then.

Any idea of whats going on or what troubleshooting I can do from here?

UbuntuStudio 22.04 uses the Firefox Snap package by default. The latest automatic update does not display pages correctly in normal mode, but does work correctly on Safe Mode. Snap.io lists only the latest version of Firefox so I was unable to ask snap to revert to the previous release (prior to 5 Mar 24) and by the time I had tried to investigate the previous version was no longer cached. I did not see a way to force a fresh download of firefox from the latest channel on snap.io.

I tried the snap beta channel for v124, but that exhibited the same problems.

I tried adding a symbolic link to colors.css after seeing firefox complaining that it could not be found when started from the command line. That removed the error/warning message but did not clear the problem with normal mode.

I use the en-GB locale extension only. The technical details about my PC are as follows:

• Operating System: Ubuntu Studio 22.04
• KDE Plasma Version: 5.24.7
• KDE Frameworks Version: 5.92.0
• Qt Version: 5.15.3
• Kernel Version: 6.5.0-25-lowlatency (64-bit)
• Graphics Platform: X11
• Processors: 12 × AMD Ryzen 5 7600 6-Core Processor
• Memory: 30.5 GiB of RAM
• Graphics Processor: RAPHAEL_MENDOCINO

I have now downloaded v123 and installed it in my local home directory, and that version is working well. I have removed the firefox channel via snap. It is likely to be a fault in the construction of the snap for v123 that was not present for v122 prior to 5 Mar 24.

Hey folks... I am running the latest ESR version for windows 7. I know, its limited support and stuff but I have this most annoying problem that just doesn't seem to want to go away.

Every day, several times a day, I am told there is an update available. I have gone in several times and downloaded and installed the latest release. The install goes fine, there are no issues. Yet, over and over again I am told there is an update... but I have the latest version installed.

In the past, I have used the "distribution" folder trick to stop updates and I have removed that a long time ago. I can't figure out why it keeps telling me there are updates, when there are none.

How can I stop this from doing updates where there are no updates to get? It's driving me nuts...

Gary :)

Firefox on windows 11 crashes between 0 and 15 times in a row as soon as I hit the keyboard. Same happens with chrome so that is not a firefox bug. Disabling all extensions does not help nor does a refresh. After a certain number of crashes, it starts working. Once it starts working, I can use the keyboard until next time I start it. No issue if I cut/paste text in fields, or if I use keyboard via vnc viewer. Only browser apps have this issue. I have also tried diabling all non windows services, and thought it was solved until it didn't. I would love a hint on what to look for.

I have the latest release (auto update)

Edition Windows 11 Home Version 22H2 Installed on ‎21/‎12/‎2022 OS build 22621.1992 Experience Windows Feature Experience Pack 1000.22644.1000.0

Device name Discovery Processor Intel(R) Core(TM) i7-8700K CPU @ 3.70GHz 3.70 GHz Installed RAM 32,0 GB Device ID 755A990D-673D-448E-A3D8-7A0C1E7E10BE Product ID 00326-00843-91971-AAOEM System type 64-bit operating system, x64-based processor Pen and touch No pen or touch input is available for this display

Hello,

I have tried to find solutions to this and have not found anything to be a permanent fix. I recently have found my FireFox browser closing my first attempt to open and upon opening my second attempt Firefox will open but give me a pink address bar with a robot stating "browser is under remote control (reason: Dev Tools)" and the only thing that seems to get rid of this temporarily is going to my control panel (I'm a windows user) and toggling the remote assistance checkbox (I keep it unchecked since this problem has occurred). Then after re-opening Firefox again, it appears to work normally - no pink address bar with robot. Is there a permanent fix for this? Is it an OS issue or a Firefox issue? Maybe both? Any insight would be greatly appreciated. I am fairly tech savvy, but not too familiar with browser interfaces and solutions involving the command line.

Thank you,

I am in the United States. My machine is on Windows 22H2 (OS Build) 19045.3208. My version of FFox is 116.0 (64-bit).

My firefox was getting very booged down after months of usage and I complete uninstalled and reinstalled, and now Recommend by Pocket does not show up either on my Home Page, or as an option to add it.

Googling around, the two most common fixes I have seen is to fix this are:

1) Click the Personalize button in the upper right corner of the new tab page and toggle Recommended by Pocket to on, but the option does not appear there. See attached screenshot. 2) Type about:config in address bar, then browser.newtabpage.activity-stream.feeds.section.topstories, and set to true. This was already in effect. See attached screenshot.

Anything else I can try to enable it? I really like it and I miss it.

How does Firefox determine where the Kerberos keytab is located?

The default location for Kerberos keytabs on a Linux box is within /tmp. /tmp is very temporary these days and is wiped on reboot and it looks like on the various power save/restore.

So, I decided to move the keytabs to a static location to allow them to work according to the usual schedules and timeouts, instead of being wiped out on a whim. I settled on /var/lib/krb5tabs/krb5cc_%u I configured that within /etc/krb5.conf

I use pam_winbind from Samba to do the Kerberos login and the keytab is filled in and the environment var KRB5CCNAME is set correctly.

Before the change of the location of the keytab from the defaults, everything works fine apart from after a resume and creds need re entering (which is the pain I am trying to avoid).

After the change, Evolution is still able to authenticate via Kerberos but Firefox is not. So, does FF just assume defaults or actually follow KRB5CCNAME - which seems to be the standard for Kerberos?

18 July 2023 My longstanding NYTimes account started having problems with Firefox the past few days: the NYT web page loads OK on my Windows 10 notebook, but after browsing to an article or 2, I'm challenged by the usual 'I am not a robot' Capcha. When I click on the proper images, then Submit, it repeats the challenge anew, time after time. A call to the NYT webpage help line got me a person who said 'Use another browser, we're having increasing problems with Firefox.' I noted that the NYT Wirecutter and Cooking options both work OK, but she asserted those will eventually fail too, using FF I asked her to suggest the best browser, she recommended Chrome. What can be done? I've been using FF for the past 20 years and support Mozilla w regular $$. I've tried clearing the cache, allowing pop-ups for their site, and I use no Extensions or Add-ons. Help! Windows 10, latest updates, FF 115.0.2

Hi,

I am developing a website of my own and in that website I want to implement a handler for Content-Security-Policy violation reports. I want to test if this handler works as I expect and therefore I have configured a webpage such that is will report CSP violations (I see them in the web developer console) and I want to have them sent to my application's CSP-violation handler.

In my test environment, the application is running on localhost. I have run my web application both on HTTP and HTTPS (with a self-signed certificate), but in neither case Firefox is sending any reports to my application.

My CSP headers look as follows: Content-Security-Policy: report-uri http://localhost:5281/csp-violation;base-uri 'none';default-src 'self';form-action 'none';frame-ancestors 'none';report-to csp-viol;script-src 'unsafe-eval' 'nonce-9FuQ3NuVoW66DT1ZU4w9EPSymnHE1/hg';style-src 'unsafe-eval' 'nonce-9FuQ3NuVoW66DT1ZU4w9EPSymnHE1/hg' Reporting-Endpoints: csp-viol=http://localhost:5281/csp-violation Report-To: {"group":"csp-viol","max_age":10886400,"endpoints":[{"url":"http://localhost:5281/csp-violation"}]}

When I run my application using HTTPS, all HTTP in the endpoints will also be HTTPS.

I have verified that when I post something by hand to http://localhost:5281/csp-violation, my handler is executed, so that is not the issue. I believe that Firefox is just not sending the reports. Is there a way to configure Firefox such that it will send the CSP violation reports to my application when run on HTTP(S) on localhost?

Sincerely, Marcel

Hello,

Recently, my Firefox has stopped opening and immediately closes upon start-up. The window asking if I would like to start in troubleshoot mode briefly flickers on the screen a few seconds later, and I am unable to start it in troubleshoot mode. I also have this problem with Google Chrome, but not with Microsoft Edge, which still works fine. I also downloaded Opera and I found that Opera works fine as well. I have tried various solutions I found online and none of them have worked yet. However, when I started Windows 11 in Safe Mode, Firefox still wouldn’t open initially but this time it did let me open troubleshoot mode, which I was able to succesfully start. In troubleshoot mode, I turned off hardware acceleration and all my extensions, and once I exited troubleshoot mode, Firefox was able to start normally in Safe Mode. However, I do not know if hardware acceleration or the extensions actually caused the issue because even if I turned them back on, Firefox continued to run normally in Safe Mode. Once I exited Windows Safe Mode, however, Firefox still continued not to open, and I still couldn’t access troubleshoot mode. Using the shift key trick to open Firefox in troubleshoot mode doesn’t work either. I would appreciate any help I can get with this issue.

I view a page, for example, news.yahoo.com. I usually scroll down a way, possibly to the bottom. I step away, and when I come back I want to refresh the page. Up until about two weeks ago, when I press F5 to refresh the page, it would automatically scroll back to the top of the page. Now it seems to go to (maybe) a percentage of the page based on where it was last scrolled. I then have to manually scroll back to the top to see the latest headlines. Was Firefox behavior changed? Is there a setting to control page refresh behavior?