All Products Support Forum

I've checked a couple of the "similar topics" before posting here. I'm not sure if I am having the same problem or something else.

Back Story: I have a "few" windows and tabs open in FireFox. I would finish what I was doing, shut down and then the next time I booted up and loaded FireFox, all sessions would be restored and all log ins honoured (kept). That is: I was still logged in.

(Moving to now) Yesterday I powered up and ALL sites were logged out. About 20 log ins were needed. Hmmmmm... gmail, and the rest.

"Ok... something happened. No problems, things should be ok from now. I've logged in, so all is sweet."

Today I power up: All logs ins lost. Had to go through it all again.

Gmail is throwing security alerts at me hand over fist. Yeah, that is good in some ways. I get that part. But I've logged in.

Seems - my thoughts - that the cookies aren't being saved. But why? I haven't touched them or their settings.

Yes, I did do a clean out of older cookies. But left the gmail ones, and other sites I know I use. I have `adblocker ultimate` installed.

Now I am logged in, if I open the `cookies` and look I should see them there for the sites to which I am logged in - yes?

To be clear: When I am done, I do NOT `exit` FireFox. All windows, tabs, sessions are left. I just shut down the machine. Then next time I load FireFox and they are re-loaded and log ins are maintained.

Under EXCEPTIONS I had to ALLOW certain websites. Then I decided to experiment and see what ALLOWED for SESSION really does.

Neither the entries for websites I allowed for a session were deleted from the list of exceptions, nor the cookies saved by these websites were deleted even when I closed the browser.

I do not see the difference in terms of what happens between selecting Allow vs. Allow for session.

Could someone who knows please explain or point me to the place that explains the difference and how this works?

Thanks.

I've been running TB38/linux for a long time and have many extensions and .css entries. In order to comply with gmail's upcoming OAuth2 requirement, I just installed TB91 and copied over the contents of my TB38 profile into the newly-created profile.

Imagine my disgust to find that none of my .css entries (mostly involving fonts not dealt with in the preferences) and most of my extensions and colors are inoperative. I've been tweaking TB since it was Netscape .9 and appearance and LEGIBILITY (Arial bold) is really important for something that I use for many hours per day. Quite frankly, I hate this new version. If I have to I will use it in order to avoid losing my SORTED email going back to 1995, but I'll do it resentfully.

It has been my experience that with each update I lose something of value to me -- hence my stop at V38. What is the oldest version of Thunderbird/linux that will satisfy gmail's OAuth2 requirement?

I'm sure I'm not the only one wondering...

This is my first post. But I have been reading and benefiting from all the expertise I have found here for many years! Thanks to all!

Trying to plan ahead for the Gmail OAUTH2 change, I upgraded to Tbird 91.9.0.

My Account Settings all transferred to the new version. I do have multi Gmail accounts, as well as other email accounts, but from other posts here, this should matter.

While I am a long term Tbird user, I am a newbie with OAUTH2. I can't seem to connect. So I am writing here for help!

My setup: - Dell notebook running W10 - internet connection strong - am using a Netgear Nighthawk Hotspot Router, which works great with

    everything else, so I really doubt that is an issue

- testing without a firewall; running McAfee - resetting Tbird account back to "Normal Password", then Gmail connects

Incoming Server set to IMAP: imap.gmail.com:993 w SSL/TLS and OAuth2 Outgoing: smtp.gmail.com:465 w SSL/TLS and OAuth2

I have been consistently testing with the same gmail account: - YES, I know my password; it works with both the Gmail web interface,

   or after going back to "Normal Password" instead of OAUTH2

- allow any Alert emails via Gmail Web Interface, repeatedly. - Ran Captcha ... many times! In case someone else reading here needs this, it is here: https://accounts.google.com/b/0/DisplayUnlockCaptcha and you must be logged into the Gmail Web Interface when running this. I have learned to take a pause after running this, for it do its thing.

If Toad-Hall is reading this, I found your list of steps here very helpful: https://support.mozilla.org/en-US/questions/1375558 Worth repeating for others who are struggling, like me.

As recommended here: https://support.mozilla.org/en-US/questions/1373706 Cookies: all cleared Remembered Passwords: all cleared

Also looked at this: https://support.mozilla.org/en-US/questions/1375702 Originally, my cookies WERE blocked. I did need to change my Web Content as recommended in this post:

   Selected: Remember web sites and links I've visited
   Selected: Accept cookies from sites
   Accept third-party cookies: Always
   Keep until : they expire
   Not selected: 'Send web sites 'Do not track'..... 

Also: In Privacy and Security -> Web content -> Exceptions, added: https://accounts.google.com set to 'Allow' and Saved Changes. Then exit Tbird, took a short pause, started Tbird again, per the advice to properly update the files.

Should I be doing BOTH of these? This post shows options: https://support.mozilla.org/en-US/kb/automatic-conversion-google-mail-accounts-oauth20 So if I Select to accept cookies, should I also set the Exception??? I have tested various combinations of these settings, but not seeing a cookie.

In Tbird, when testing to connect, I see:

"Sign in with your Google Account" Enter my account password (I see an error msg here when I typo the password, no error when entered correctly) Also, have checked "Stay Signed In" while trying to Authorize, as recommended. then click Allow on the second screen.

After a few seconds, keep seeing popup in lower right corner of screen: "Authentication failure while connecting to server imap.gmail.com" Sometimes, this msg does not popup, which seems odd to me, but it still fails: Cookies: still empty Password: still empty

I keep updating and reading and updating the setups and testing again, but no cookies for me!

I admit I have gotten off track, testing and reading posts:

Thought my problem might involve Certificates for a while, but now do not think OAUTH2 is using Certificates. Right?

Thought for a bit it might be Javascript disabled, but I am NOT seeing the popup window that shows this error, from this post: https://support.mozilla.org/en-US/questions/1373379 refers to: https://support.mozilla.org/en-US/questions/1286410 Did find my way to Config editor: https://support.mozilla.org/en-US/questions/1349136 Followed this advice: "Click the 3-bar menu icon, Preferences, and find Config. editor at the bottom of the General section. Or, type editor in the search box at the top of Preferences." Then searched for "Javascript" and found most of settings were true, like javascript.enabled is "true". Should everything that a search for javascript finds be set to true? Since I do not see the error msg, I believe this is not my problem.

Stans posted another helpful summary here: https://support.mozilla.org/en-US/questions/1375538 "After you've changed your accounts to OAuth2, delete all records of your Google Account passwords from Thunderbird's password vault (Saved Passwords). With OAuth2, your passwords are not stored by Tbird. Instead, an OAuth2 token (a long string of meaningless characters) is stored in the password field. That's what you should see after completing the OAuth2 process for each of your accounts. You have to do it twice, once for incoming and once for outgoing server. Also, you must allow cookies in Thunderbird's Preferences, otherwise it won't work."

If I am following this correctly, after testing to try and authenticate, I should see a Cookie and a Saved Password being created but they are not.

Think this is my problem!

In Gmail web interface, I am not sure of some settings:

In Manage Your Google Account -> Security:

1. Should Sign-in 2-step verification be on/off? (its off) 2. Third Party apps w access shows Tbird (think this is new, don't recall it before) 3. Allow Less Secure App: turn off (was On for normal pswd; either way fails w OAUTH2) (think I have tested all combinations of the above, with no success) I welcome suggestions on how I should set these to connect with OAUTH2.

I feel like I am getting close here, but I am stuck. Is there anything else, maybe something I have not heard about, like Captcha, that I should try?

Have I missed a setting somewhere? Suggestions???

Meadowlark13

You will tell me why Mozilla Firefox, a browser that claim to protect our privacy, is PERMANENTLY connected to Amazon servers.

Even If I try to block the connections with a Firewall, it's useless, because the next time I start it, it still connects to Amazon using diffferent IP address, even if the starting page is totally blank.

It is not about keeping firefox up-to-date, because when I manually start the search for an update, Firefox establish a new connection: Mozilla REALLY want my browser to SEND datas to Amazon, which is one of the worst company when we talk about collecting personnal informations, just like Google, which Firefox also use, but it's less dramatic since I can decide to not use that feature.

So, like I wrote, I try to block Amazon IP addresses: The result is that I can't access extensions store, but that's still not the use of these servers, since even If It's blocked, Amazon still appears in Established connections, and it's not about Search: Indeed, Amazon appears in a list of engines we can use ( if we want it ), but it's un-checked, and I use a different search engine, so what's left now, since there's apparently no reason at all for these connections to happen.

Here's my theory: Mozilla need money to survive, so it sell informations about its users to Amazon, and that's why it's so important to keep these connections alive.

The fact that we're forced to connect to Amazon servers shows that it's not necessary and that whatever the reason you ive me (update, protection...), it's probably (obviously) not the truth.

Waiting for a real answer !

I

When i click on the lock icon in the address bar, nothing happens (I would expect to see the encryption and certificate, but no widget opens). When I right-click into the page and select "View Page Info", "Security", "View Certificate", no certificate exists. Only generic info is shown (Servers+Authorities). Also an error is reported in the system log, confirming that no certificate exists: JavaScript error: chrome://browser/content/browser-siteIdentity.js, line 642: TypeError: issuerCert is undefined

Questions:

• Why does Firefox show the lock icon while no certificate exists?

• How does Firefox establish a secure connection without having a certificate? (From my understanding a certificate is needed for TLS to work.)

Version used: Firefox 78.12.0esr ('Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Firefox/78.0'), no add-ons or plugins.

I found some infos but I do not trust myself just deleting the files in question since they ared all over my system. The following I found per malwarebytes which found the pups every day up to now:

PUP.Optional.DefaultSearch is Malwarebytes’ detection name for a family of browser hijackers targeting Chrome, Firefox and Internet Explorer. Symptoms The browsers’ default search engine was changed to one that belonged to the threat-actors. I am german so probably I need your patience in helping me to clean my system resp. Mozilla.

Looking forward Ingrid

How can i hide my display/screen resolution from websites? I use Firefox in windowed mode not with my default screen size but websites know my default resolution. This can be used to identify my pc. I dont want that for privacy reasons like tracking and adverstising. How can i prevent this? I found many threads/posts about this in various forums/websites. They are talking about Tor Browser and that websites can identify you if using full-screen mode. But as i said, im using Firefox not Tor and while im using windowed-mode websites still know my default resoltion. I tested this on https://whoer.net/

Another question, how can i restore the default window size in Firefox?

A website MultiSafepay.com has saved my CVV number in Firefox.

How do I edit the autofill data?

I can't get to the same payment page, to be in a position to delete it.

Most links on this matter refer to:

 Options => Privacy & Security => Forms and Autofill

However in my Version: Firefox 98.0.1 (64 bit) running on an up to date Windows 10 this feature is missing or deprecated.

Can anyone say how I could edit/delete this specific entry, or point me in the direction of where this data is stored?

In the mean time I can't recommend using Firefox for entering critical security data, where websites can allow the storage of CVV numbers.

Is there a preference in about:config to fake or simply block websites from reading the font-list of my operatingsystem? I think it is pretty ridiculous anyways that websites can access this information since it has nothing todo with the webbrowser visiting the site but going beyond to spy on information that i consider private.

Same question goes for audio-readout, is there a pref to fake or block?

Yesterday I went to my history to locate a prior site I had visited. There was only 1 site in history, which of course surprised me, and it was to CapitalOne.com/link accounts. This is my credit card company. I removed Firefox from my Macbook and then re-downloaded Firefox and installed. Nothing has changed. My settings are correct, meaning that I should be able to have sites visited in history, yet only the one site populates, and I've been to a lot of sites today....the credit card/link accounts site is the only site that is in history. You can imagine how nervous I am right now about doing anything on line. I sure hope that someone will help out here.

Hi. Starting somewhat recently, Firefox has been getting in the way of me downloading certain PDFs which I know to be fine but which it thinks are insecure or a security hazard. I'd like to disable this security "feature" permanently. How can I do this? Thanks!

Network Solutions upgraded their email, and I multiply-checked all my settings in Thunderbird (102.3.2) and can retrieve mail but the outgoing mail hangs and time out with an error. I just discovered it's not my settings, but there's no password listed for the default outgoing SMTP server (my own domain). (I have 2 email accounts, and listed in the "Saved Passwords" are 2 passwords for incoming IMAP plus one the other account outgoing SMTP, 3 total.)

Is there any way to add a password without deleting the default server and then adding it back in, or some other solution?

Thanks

I dont want to only disable those addons/plugins, i want to completly delete them. When i klick manage, i can only enable, disabled, and change update settings. What reason is there those addons can't be deleted by default? Not everyone wants google...

-see attached screenshot

2 days ago i could send messages. now I cant. I removed the smtp address like the help section told me to after getting the "Login to account "Google Mail" " dialog box and subsequent retrying of a good password had failed... I havent changed my password and am able to login directly to gmail no problem. thunderbird has the correct /same password but still the dialog box shows. I see the 0auth password ( also attached) but its too long to copy and paste so must be gernerated by google. I tried this after I got the send message error ( also attached) and tried what it said...

Also attached are the current saved logins etc minus the smtp I deleted.... The authentication method is set to 0Auth2.

what am I missing? thanks

TB 102.5.0 (64-bit) on Win10 I'm getting repeated notices that my e-mail accounts with Network Solutions don't have a proper "certificate" when I try to send an email. I get a popup window stating so, and asking me to "permanently" choose the exception. It doesn't matter how many times I tell the fool thing to accept the exception "permanently". I still keep getting the notice every few times. Since the glitch is not consistent, I don't have an image of one to put here. Not only that, I have to send the email twice after doing so. TB refuses to send the email the first time after choosing the exception, but allows it the second. I don't know anything about "certificates" and am sick of getting popup notices about them. I doubt that the problem is with Network Solutions email accounts. This reminds me of years ago, when I tried to upgrade to WinXP. It kept interrupting my work to give me popup security notices that I didn't understand and couldn't do anything about. If I remember correctly, I took it back to Sam's Club and replaced it with Win2000. Problem solved. Never mind that XP was supposed to be better. If it ain't broke, don't fix it.

I cannot use OpenPGP encryption on one of my email addresses, because its private key does not appear in the End-to-End encryption of the account setting. Exactly, I can have added the private key through the wizard of the account setting, but there is no private key in the End-to-End encryption of the account setting instead of the private key appearing in the OpenPGP key manager.

The other email accounts are OK, i.e. I can use OpenPGP encryption on the accounts. The differences from the troubled email account are followings: - The troubled email account uses Ed255 not ECDSA algorithm. - Name of the troubled email account includes UTF-8 Japanese characters. - The troubled email account also registers S/MIME private.

Please give me advice on this problem. Thanks.

hello there i have the following problem the company i work for has unistalled remotely firefox from my laptop, and i do not have any way to re-install it back i have managed in some way to obtain a copy of portable firefox on the same laptop since i was not informed about this process, i have not saved my password externally and unfortunately, i was not using a firefox profile

in few words: i do not have my passwords anymore

i have seen that in such folder: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox

there are still saved three subfolders (one of them has the last modified date as 13th Sep, meaning today), therefore i think that my profile (and all relevant passwords) are still there somewhere

i would like to understand if and how i can import the passwords from the unistalled firefox in the portable firefox: i have already tried to copy those directories in: C:\Users\XXX\Desktop\FirefoxPortable\Data\profile

but no success, passwords are not importyed. please, i need help

thanks.

I cannot see saved credit cards in Privacy & Security Firefox 99.01.

I moved from a mac to Windows, and sync'd everything. I have no option to see saved credit cards in Firefox Privacy & Security.

Please help?