"Something is trying to trick Firefox into accepting an insecure update. Please contract your network provider and seek help."
the above message appeared while I was viewing a website
Additional System Details
This started when...
I was watching ABC.com on the internet
- NPRuntime Script Plug-in Library for Java(TM) Deploy
- Adobe PDF Plug-In For Firefox and Netscape 10.0.1
- Default Plug-in
- Shockwave Flash 10.2 r152
- CANON iMAGE GATEWAY Album Plugin Utility Module
- Windows Presentation Foundation (WPF) plug-in for Mozilla browsers
- User Agent: Mozilla/5.0 (Windows NT 6.1; rv:2.0) Gecko/20100101 Firefox/4.0
teoli2003 2011-05-17 14:26:05 PDT
I have a new element. Two users suffering from this problem (one on the Geckozone, the other on Mozillazine) do reports the following value in app.update.url :
(Note the aus2 instead of aus3).
Modified by cor-el
Thanks for that cor-el,
I had not checked my e-mails.
So that is another thing to look out for if anyone has this problem, and then if that is the case checking for any firefox.js but hopefully the posters on the mozillazine forum will quickly succeed in doing that.
Could the people experiencing the problem reports here and tell us if: 1) the app.update.url is wrong (aus2 instead of aus3). 2) if they have a firefox.js in the installation directory's defaults\prefs directory? (and if so, its content).
Maybe it also helps to post which security software is used as that is a likely candidate if the updater wasn't able to remove a firefox.alll file successfully.
Modified by cor-el
Looks like the problem is identified and fixed. (Bug 658066)
Could you fill us in with what the solution to this problem is?
Slightly premature in saying it is fixed, but the problem is identified and there are workarounds
- one helps users with the problem;
- another is a server side preventative measure, which is yet to take effect;
- and the final step is trying to fix the none firefox software, apparently the problem is with virtualised firefox editions. (I am not sure how the end user of firefox identifies this - other than by running into this problem )
I will try to clarify these and either post back again with detailed info, or links to where that info is being displayed.
Note currently votes 386 with 68 this week.
If you have files in the defaults\pref folder in the Firefox installation folder (C:\Program Files\Mozilla Firefox\defaults\pref) folder other than the file channel-prefs.js then the updater didn't remove those files or wasn't able to do that because other software (possibly visualization software) had prevented that. That causes Firefox to override correct prefs with older prefs from firefox.all. If the bug that redirect the aus2 link to aus3 then you should no longer see that error.
I am experiencing the same problem with the popup that "someone is trying to trick ...." I checked the firefox.js in the \default\pref directory and found: pref("app.update.url", "https://aus2.mozilla.org/update/3/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml"); // app.update.url.manual is in branding section
Tried to change the .url to "aus3mozilla.org" and see what happens, but OS denied me access, despite the fact that i have administrator privileges. What to do?
Do a clean (re-)install:
Download a fresh Firefox copy and save the file to the desktop.
- Firefox 4.0.x: http://www.mozilla.com/en-US/firefox/all.html
- Uninstall your current Firefox version and remove the Firefox program folder before installing that copy of the Firefox installer.
- Do not remove personal data if you uninstall the current version.
- It is important to delete the Firefox program folder to remove all the files and make sure that there are no problems with files that were leftover after uninstalling.
Your bookmarks and other profile data are stored elsewhere in the Firefox Profile Folder and won't be affected by a reinstall, but make sure that you do not select to remove personal data if you uninstall Firefox.
I was getting the popup with message "something is trying to trick firefox into accepting an insecure update" on a fairly recently upgraded-to-version-4 of Firefox. It was easily fixed by deleting all files in "C:\Program Files\Mozilla Firefox\defaults\pref" folder EXCEPT the file "channel-prefs.js". (BTW, I didn't really delete them, I just moved them to a different folder.)
The day after doing this, Firefox announced it had successfully installed some updates, so I now assume it is Firefox periodically running some sort of auto-self-updater thing that was causing the popup error message. It's been a week now since cleaning out the "pref" folder, and I have not seen the popup since.
Lots of software these days have these auto-self-updaters. I suppose overall , they are a good thing, but from time to time they are bound to introduce the odd problem.
The problem is caused by other software affecting Firefox. Removing unwanted .js files will solve the problem, but it is usually considered easier to explain how to do a clean re-install. As you say renaming or moving problem files is effective and lot safer than truly deleting them.
The error message occurs after five background attempts at an update have failed. The updates attempts fail because other software is creating .js files & changing prefs thereby directing the update requests to an old location.
As a workaround I understand Mozilla are making redirects so that the old address redirects correctly. (Bug 658066).
John99, Are you saying we should sit back and wait and Mozilla will fix the problem?
I am saying that firefox were trying to use a workaround (I have not checked if the have succeeded with this) but the cause of the problem is other third-party software affecting firefox files.
Are you using virtualization software to run Firefox?
Such software can cause some files not to get updated and you may have been left with a mixture of old and new files.
In this case an older file that stores the default value of the pref that defines the update URL is causing the problem and Firefox tries to update via an URL that isn't working for the current Firefox version.
Easiest is to download the full version and uninstall the current version and install the new version to remove those older files and get a fresh installation.
This might help. Last week I updated Firefox to 4.0.1. Today I am having trouble with Adobe Acrobat 9 Standard (version 9.4.5). I went to Repair Acrobat Installation. In the middle of that update I got the "Something is trying to trick..." message again. Could Adobe Acrobat 9 Standard be the offending third party app?
Adobe acrobat is afaik not thought to be directly involved.
The main problem as discussed in this thread is apparently with certain virtualisation installs of Firefox. The same message will appear in other circumstances where the updates are repeatedly failing, I do not know but presumably if you are trying to run many simultaneous updates in the background possibly the error is likely to show up then.
What do you mean by, 'trying to run many simultaneous updates in the background?' The error pops up randomly except for that one time when Adobe Acrobat was updating.
In my company the "Microsoft Forefront Threat Management Gateway" with HTTPS inspection is used. This HTTPS inspection is done by installing a local (company-controlled) Certification Authority in the browser on the users computer and then performing a de/encryption of the SSL-stream on the proxy server.
But as Firefox not only verifies the certificate of the update server, but also the Issuer of the certificate, the update is rejected because of a possible Man-In-The-Middle-attack. In case of the "Microsoft Forefront TMG" this is an intended MITM-attack ...
Is there any possibility to change the expected certificate chain of the update server in Mozilla Firefox?
Modified by mogra
This is a relativly old thread. I am guessing the initial problems were resolved (iirc some of them involved firefox server side adjustments). Well done for finding the thread but in this case I thnk starting your own question is a better idea.