Forum der Gemeinschaft Firefox

Subject: OCSP Must-Staple Behavior Observations in Firefox (Including iOS Platform)

Dear Firefox Team,

We have been conducting tests involving certificates with the OCSP Must-Staple extension and would like to share several observations regarding Firefox’s behavior across different platforms:

General Compliance with Must-Staple: On most platforms, Firefox correctly enforces the Must-Staple extension. That is, if a certificate includes the Must-Staple flag and the web server fails to provide a stapled OCSP response, the connection is appropriately terminated.

Unexpected Behavior on iOS: However, we have observed that Firefox on iOS does not appear to enforce this requirement consistently. Even when the server does not provide a stapled OCSP response, the browser still establishes the TLS connection. We are unsure whether this is due to platform limitations or an implementation inconsistency.

Redundant OCSP Requests Despite Stapling: Additionally, we found that Firefox still initiates an OCSP request even when a valid stapled response has already been provided by the server. This behavior not only degrades performance but may also introduce privacy concerns, it contrary to the original privacy and efficiency goals of OCSP Stapling.

At home we have a shared computer with Ubuntu and Firefox as main browser. Each family member has its own Linux user.

We use the functionality of Firefox saving passwords, however we've noticed that these passwords are visible between the Linux users. So, for instance if two of us use the same website, somehow our user/pass get are visible to each other. Is this behavior expected? How can we set FF to make the user/pass visible only to the Linux user who is using it?

Cheers

For first time received email from breach-alerts@mozilla.com. Title is: Your monthly Mozilla Monitor report. Is this a scam? Other people have asked this question and Mozilla Firefox company has not made any attempt to answer these serious questions. If I do not hear back from Mozilla Firefox within a week I might remove Mozilla Firefox and use another company.

I WAS ON A SITE AND IT BROUGHT UP THE COOKIE PAGE FOR FIREFOX TO PROTECT ME FROM PEOPLE OR COMPANIES FROM TRACKING MY BROWSING AND I COULD NOT GET BACK TO MY PURCHASE PAGE APP ACOOUNT I WAS ON. SO WHAT HAPPEN & WHY DID THIS COME UP?

Hi there , mozilla . I am finding it difficult to stay logged in in my AI chatbots provided in the sidebar by firefox with the strict mode enabled . Please help me

hey i cant seem to figure out why the tab for the ai chat bot on the left hand side of the screen can not access my microphone.. i like to use google gemini and my microphone registers fine if i go directly to geminis website in my fire fox browser. but when i use the integrated tab on firefox it will not register my mic

Kính gửi đội ngũ hỗ trợ Firefox,

Tôi hiện đang sử dụng iPhone 15 và đã cài đặt phiên bản mới nhất của Firefox. Tôi cũng sử dụng VPN qua ứng dụng Secure Access, được công ty cấp chứng chỉ trên thiết bị di động.

Trước đây, khi sử dụng phiên bản Firefox cũ hơn, tôi có thể bật VPN và truy cập trang web nội bộ của công ty mà không gặp vấn đề gì. Tuy nhiên, kể từ khi cập nhật lên phiên bản Firefox mới nhất, tôi không thể truy cập trang web đó nữa. Thỉnh thoảng, Firefox hiển thị lỗi "This Connection is Untrusted", có biểu tượng "Visit site anyway", và khi tôi nhấp vào, tôi có thể vào được.

Do trang web nội bộ của công ty đang sử dụng phiên bản SSL cũ và không thể thay đổi, tôi cần tìm một giải pháp để tiếp tục sử dụng VPN và truy cập trang web nội bộ như trước đây.

Mong đội ngũ hỗ trợ Firefox giúp tôi tìm cách khắc phục vấn đề này. Trân thành cám ơn

I keep getting notifications, supposedly from Mozilla and/or Microsoft on lower right of my screen, telling me the system is infected. How do i determine if these messages are valid, or a scam ? Turned computer off and back on--messages keep popping up.

Free youtube downloader wants my age from Firefox to download popular music videos. I am logged in to FireFox and Free YouTube downloader identifies FireFox as my default browser.

This is really an error for Free YouTube Downloader to correct, but many FireFox users must have solved this already. Any advice?

Thank you!

Hello, When I try to use Mozilla firefox, using this rather than Google chrome I get the following warning from Malwarebyte: Exploit.PayloadProcess.Block, making me feel uneasy. Best wishes, Torbjørn Borgen Lindhardt, Denmark

Kaiser has installed a 3rd Party cookie. "We may also place a persistent third-party cookie (provided by Google) on your hard drive if you sign on to kp.org."

The way to opt out is to go on the following website and opt out. However, only 3 out of the 51 companies could opt out on Firefox. It claims that the browser setting is prevent it from opting out. https://optout.networkadvertising.org/?c=1

I would be grateful for some information on container behavior, i.e. I created "permanent" (as opposed to temporary) containers for sites where I want that site's cookies & site data preserved in a container, so I can click "Clear Cookies/History" (or "Clear... when Firefox closes) and the items stored in PERMANENT containers are left alone, while all else is deleted. "Clear ...." doesn't appear to be respecting the permanent containers I have set up precisely to preserve these sites' cookies & data.

I'm not sure what the point of Permanent Containers is, if not to preserve those sites' data, for the sites' later use when you set Firefox to Clear Cookies and Site Data whenever Firefox Closes (or Clear Cookies & Site Data with one click). I expected it to respect data in Permanent containers, as exceptions. Else why not just use separate Temporary Containers for everything? Why bother with Permanent Containers if everything is going to be deleted when Firefox closes, whether it's marked "Permanent" or not? Is there a solution for this? Thanks, -AnneF