All Products Support Forum

I've checked a couple of the "similar topics" before posting here. I'm not sure if I am having the same problem or something else.

Back Story: I have a "few" windows and tabs open in FireFox. I would finish what I was doing, shut down and then the next time I booted up and loaded FireFox, all sessions would be restored and all log ins honoured (kept). That is: I was still logged in.

(Moving to now) Yesterday I powered up and ALL sites were logged out. About 20 log ins were needed. Hmmmmm... gmail, and the rest.

"Ok... something happened. No problems, things should be ok from now. I've logged in, so all is sweet."

Today I power up: All logs ins lost. Had to go through it all again.

Gmail is throwing security alerts at me hand over fist. Yeah, that is good in some ways. I get that part. But I've logged in.

Seems - my thoughts - that the cookies aren't being saved. But why? I haven't touched them or their settings.

Yes, I did do a clean out of older cookies. But left the gmail ones, and other sites I know I use. I have `adblocker ultimate` installed.

Now I am logged in, if I open the `cookies` and look I should see them there for the sites to which I am logged in - yes?

To be clear: When I am done, I do NOT `exit` FireFox. All windows, tabs, sessions are left. I just shut down the machine. Then next time I load FireFox and they are re-loaded and log ins are maintained.

Under EXCEPTIONS I had to ALLOW certain websites. Then I decided to experiment and see what ALLOWED for SESSION really does.

Neither the entries for websites I allowed for a session were deleted from the list of exceptions, nor the cookies saved by these websites were deleted even when I closed the browser.

I do not see the difference in terms of what happens between selecting Allow vs. Allow for session.

Could someone who knows please explain or point me to the place that explains the difference and how this works?

Thanks.

Yesterday, Thunderbird was automatically updated to 91.4.1 on my Windows 10 laptop. Now my gmail accounts fail to authorize. When I start Thunderbird, a splash screen appears "Secure connection failed". The title bar on the splash screen says "Enter credentials for xxxxx@gmail.com on imap.gmail.com" (xxxxx represents my username). There is nowhere to enter credentials as far as I can see. I know for sure that the password I used was correct as I just signed in to gmail using a browser. Please help!

I've been running TB38/linux for a long time and have many extensions and .css entries. In order to comply with gmail's upcoming OAuth2 requirement, I just installed TB91 and copied over the contents of my TB38 profile into the newly-created profile.

Imagine my disgust to find that none of my .css entries (mostly involving fonts not dealt with in the preferences) and most of my extensions and colors are inoperative. I've been tweaking TB since it was Netscape .9 and appearance and LEGIBILITY (Arial bold) is really important for something that I use for many hours per day. Quite frankly, I hate this new version. If I have to I will use it in order to avoid losing my SORTED email going back to 1995, but I'll do it resentfully.

It has been my experience that with each update I lose something of value to me -- hence my stop at V38. What is the oldest version of Thunderbird/linux that will satisfy gmail's OAuth2 requirement?

I'm sure I'm not the only one wondering...

Hello, I have 5 email addresses - four I use regularly: TalkTalk1 (Default) and 2, Free-online and Googlemail (haven't upgraded to gmail), and one I haven't for ages (YahooMail). I cannot send emails from any, except from my TalkTalk(TT) default one. I have updated the TalkTalk new Outgoing server settings to the best of my ability, for TalkTalk2 (TT2), Free-online (FOL) and Googlemail (GM) - I can send screenshots for each if necessary: - Server names: all smtp.domain name.net, except FOL: relay.free-online.net (verified on several google searches) - Outgoing port: all changed to 587 - Connection security: all STARTTTLS - Authentication method: all 'Normal password' (I am assuming these would be the same as the ones in the saved login passwords section of Privacy & Security, except for GM which has Incoming server authentication OAuth2 but a normal password in the saved login Passwords) - User name: my email addresses, except for FOL: my name Details: Email providers: TalkTalk, Free-online (Plusnet), Googlemail ISP: Talktalk.net Operating system: MacOS Catalina 10.15.7 Thunderbird version: 102.8.0 Many thanks for your help, it is now the 8th day I spend on this (I am a senior not very techy person).

This is my first post. But I have been reading and benefiting from all the expertise I have found here for many years! Thanks to all!

Trying to plan ahead for the Gmail OAUTH2 change, I upgraded to Tbird 91.9.0.

My Account Settings all transferred to the new version. I do have multi Gmail accounts, as well as other email accounts, but from other posts here, this should matter.

While I am a long term Tbird user, I am a newbie with OAUTH2. I can't seem to connect. So I am writing here for help!

My setup: - Dell notebook running W10 - internet connection strong - am using a Netgear Nighthawk Hotspot Router, which works great with

    everything else, so I really doubt that is an issue

- testing without a firewall; running McAfee - resetting Tbird account back to "Normal Password", then Gmail connects

Incoming Server set to IMAP: imap.gmail.com:993 w SSL/TLS and OAuth2 Outgoing: smtp.gmail.com:465 w SSL/TLS and OAuth2

I have been consistently testing with the same gmail account: - YES, I know my password; it works with both the Gmail web interface,

   or after going back to "Normal Password" instead of OAUTH2

- allow any Alert emails via Gmail Web Interface, repeatedly. - Ran Captcha ... many times! In case someone else reading here needs this, it is here: https://accounts.google.com/b/0/DisplayUnlockCaptcha and you must be logged into the Gmail Web Interface when running this. I have learned to take a pause after running this, for it do its thing.

If Toad-Hall is reading this, I found your list of steps here very helpful: https://support.mozilla.org/en-US/questions/1375558 Worth repeating for others who are struggling, like me.

As recommended here: https://support.mozilla.org/en-US/questions/1373706 Cookies: all cleared Remembered Passwords: all cleared

Also looked at this: https://support.mozilla.org/en-US/questions/1375702 Originally, my cookies WERE blocked. I did need to change my Web Content as recommended in this post:

   Selected: Remember web sites and links I've visited
   Selected: Accept cookies from sites
   Accept third-party cookies: Always
   Keep until : they expire
   Not selected: 'Send web sites 'Do not track'..... 

Also: In Privacy and Security -> Web content -> Exceptions, added: https://accounts.google.com set to 'Allow' and Saved Changes. Then exit Tbird, took a short pause, started Tbird again, per the advice to properly update the files.

Should I be doing BOTH of these? This post shows options: https://support.mozilla.org/en-US/kb/automatic-conversion-google-mail-accounts-oauth20 So if I Select to accept cookies, should I also set the Exception??? I have tested various combinations of these settings, but not seeing a cookie.

In Tbird, when testing to connect, I see:

"Sign in with your Google Account" Enter my account password (I see an error msg here when I typo the password, no error when entered correctly) Also, have checked "Stay Signed In" while trying to Authorize, as recommended. then click Allow on the second screen.

After a few seconds, keep seeing popup in lower right corner of screen: "Authentication failure while connecting to server imap.gmail.com" Sometimes, this msg does not popup, which seems odd to me, but it still fails: Cookies: still empty Password: still empty

I keep updating and reading and updating the setups and testing again, but no cookies for me!

I admit I have gotten off track, testing and reading posts:

Thought my problem might involve Certificates for a while, but now do not think OAUTH2 is using Certificates. Right?

Thought for a bit it might be Javascript disabled, but I am NOT seeing the popup window that shows this error, from this post: https://support.mozilla.org/en-US/questions/1373379 refers to: https://support.mozilla.org/en-US/questions/1286410 Did find my way to Config editor: https://support.mozilla.org/en-US/questions/1349136 Followed this advice: "Click the 3-bar menu icon, Preferences, and find Config. editor at the bottom of the General section. Or, type editor in the search box at the top of Preferences." Then searched for "Javascript" and found most of settings were true, like javascript.enabled is "true". Should everything that a search for javascript finds be set to true? Since I do not see the error msg, I believe this is not my problem.

Stans posted another helpful summary here: https://support.mozilla.org/en-US/questions/1375538 "After you've changed your accounts to OAuth2, delete all records of your Google Account passwords from Thunderbird's password vault (Saved Passwords). With OAuth2, your passwords are not stored by Tbird. Instead, an OAuth2 token (a long string of meaningless characters) is stored in the password field. That's what you should see after completing the OAuth2 process for each of your accounts. You have to do it twice, once for incoming and once for outgoing server. Also, you must allow cookies in Thunderbird's Preferences, otherwise it won't work."

If I am following this correctly, after testing to try and authenticate, I should see a Cookie and a Saved Password being created but they are not.

Think this is my problem!

In Gmail web interface, I am not sure of some settings:

In Manage Your Google Account -> Security:

1. Should Sign-in 2-step verification be on/off? (its off) 2. Third Party apps w access shows Tbird (think this is new, don't recall it before) 3. Allow Less Secure App: turn off (was On for normal pswd; either way fails w OAUTH2) (think I have tested all combinations of the above, with no success) I welcome suggestions on how I should set these to connect with OAUTH2.

I feel like I am getting close here, but I am stuck. Is there anything else, maybe something I have not heard about, like Captcha, that I should try?

Have I missed a setting somewhere? Suggestions???

Meadowlark13

You will tell me why Mozilla Firefox, a browser that claim to protect our privacy, is PERMANENTLY connected to Amazon servers.

Even If I try to block the connections with a Firewall, it's useless, because the next time I start it, it still connects to Amazon using diffferent IP address, even if the starting page is totally blank.

It is not about keeping firefox up-to-date, because when I manually start the search for an update, Firefox establish a new connection: Mozilla REALLY want my browser to SEND datas to Amazon, which is one of the worst company when we talk about collecting personnal informations, just like Google, which Firefox also use, but it's less dramatic since I can decide to not use that feature.

So, like I wrote, I try to block Amazon IP addresses: The result is that I can't access extensions store, but that's still not the use of these servers, since even If It's blocked, Amazon still appears in Established connections, and it's not about Search: Indeed, Amazon appears in a list of engines we can use ( if we want it ), but it's un-checked, and I use a different search engine, so what's left now, since there's apparently no reason at all for these connections to happen.

Here's my theory: Mozilla need money to survive, so it sell informations about its users to Amazon, and that's why it's so important to keep these connections alive.

The fact that we're forced to connect to Amazon servers shows that it's not necessary and that whatever the reason you ive me (update, protection...), it's probably (obviously) not the truth.

Waiting for a real answer !

I

When i click on the lock icon in the address bar, nothing happens (I would expect to see the encryption and certificate, but no widget opens). When I right-click into the page and select "View Page Info", "Security", "View Certificate", no certificate exists. Only generic info is shown (Servers+Authorities). Also an error is reported in the system log, confirming that no certificate exists: JavaScript error: chrome://browser/content/browser-siteIdentity.js, line 642: TypeError: issuerCert is undefined

Questions:

• Why does Firefox show the lock icon while no certificate exists?

• How does Firefox establish a secure connection without having a certificate? (From my understanding a certificate is needed for TLS to work.)

Version used: Firefox 78.12.0esr ('Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Firefox/78.0'), no add-ons or plugins.

I found some infos but I do not trust myself just deleting the files in question since they ared all over my system. The following I found per malwarebytes which found the pups every day up to now:

PUP.Optional.DefaultSearch is Malwarebytes’ detection name for a family of browser hijackers targeting Chrome, Firefox and Internet Explorer. Symptoms The browsers’ default search engine was changed to one that belonged to the threat-actors. I am german so probably I need your patience in helping me to clean my system resp. Mozilla.

Looking forward Ingrid

How can i hide my display/screen resolution from websites? I use Firefox in windowed mode not with my default screen size but websites know my default resolution. This can be used to identify my pc. I dont want that for privacy reasons like tracking and adverstising. How can i prevent this? I found many threads/posts about this in various forums/websites. They are talking about Tor Browser and that websites can identify you if using full-screen mode. But as i said, im using Firefox not Tor and while im using windowed-mode websites still know my default resoltion. I tested this on https://whoer.net/

Another question, how can i restore the default window size in Firefox?

A website MultiSafepay.com has saved my CVV number in Firefox.

How do I edit the autofill data?

I can't get to the same payment page, to be in a position to delete it.

Most links on this matter refer to:

 Options => Privacy & Security => Forms and Autofill

However in my Version: Firefox 98.0.1 (64 bit) running on an up to date Windows 10 this feature is missing or deprecated.

Can anyone say how I could edit/delete this specific entry, or point me in the direction of where this data is stored?

In the mean time I can't recommend using Firefox for entering critical security data, where websites can allow the storage of CVV numbers.

Is there a preference in about:config to fake or simply block websites from reading the font-list of my operatingsystem? I think it is pretty ridiculous anyways that websites can access this information since it has nothing todo with the webbrowser visiting the site but going beyond to spy on information that i consider private.

Same question goes for audio-readout, is there a pref to fake or block?

Hi everyone,

I set up my Firefox for Android to delete cookies and cache when I click on "Close".

I was happy with it but I realized several months ago than websites as leboncoin.fr, amazon.fr, decathlon.fr (yes i'm french), didn't keep me loged in but remember what I had looked for and where I was. This problem is permanent.

I don't have this problem with Firefox for Windows.

So it seems something is nor cleared from the app when I close it.

Thank you very much for your help !

Before this latest update i could go to the list of messages in my inbox, rigth click on a message and selecte print preview, i was using this feature to avoid opening emails that i was not sure if it was spam or something that i would be interested on. The option is no longer available with Thunderbird 91.1.1 (64-bit), what happen, why this feature was removed? Programming team running amok again? or QA team sleeping at the wheel? Please put back that option thanks

The permissions when I would initially open for set cookies was Allow now the default setting is allow for session. How could this setting be changed? I did not make the change. I only access the settings through page info.

Yesterday I went to my history to locate a prior site I had visited. There was only 1 site in history, which of course surprised me, and it was to CapitalOne.com/link accounts. This is my credit card company. I removed Firefox from my Macbook and then re-downloaded Firefox and installed. Nothing has changed. My settings are correct, meaning that I should be able to have sites visited in history, yet only the one site populates, and I've been to a lot of sites today....the credit card/link accounts site is the only site that is in history. You can imagine how nervous I am right now about doing anything on line. I sure hope that someone will help out here.

Hi. Starting somewhat recently, Firefox has been getting in the way of me downloading certain PDFs which I know to be fine but which it thinks are insecure or a security hazard. I'd like to disable this security "feature" permanently. How can I do this? Thanks!

Fire Fox has taken to auto filling my password on my brokerage account. This leaves the account available to anyone that can turn my computer on. I do not have a password saved for the brokerage account and have the company listed to be excluded. This just happened in the last few weeks.

Network Solutions upgraded their email, and I multiply-checked all my settings in Thunderbird (102.3.2) and can retrieve mail but the outgoing mail hangs and time out with an error. I just discovered it's not my settings, but there's no password listed for the default outgoing SMTP server (my own domain). (I have 2 email accounts, and listed in the "Saved Passwords" are 2 passwords for incoming IMAP plus one the other account outgoing SMTP, 3 total.)

Is there any way to add a password without deleting the default server and then adding it back in, or some other solution?

Thanks