All Products Community Forum

One of my email friend's email has been hacked into. I had a request by him to send some money through Amazon, I fell for it. I found out that his identity had been clone from a Facebook friend.

Happily, I got a refund from Amazon, but has my email been compromised or hacked into also?

Hi, I'm installing Thunderbird, and it displays "Mozilla Thunderbird Email wants to access your Google Account", and then "This will allow Mozilla Thunderbird Email to:" and "... permanently delete all your email from Gmail" and "See, edit, share and permanently delete all the calendars that you can access using Google Calendar", DOES THIS MEAN that Thunderbird WILL "DELETE ALL my email from Gmail" as soon as I click ALLOW ??? Silly question, I'm sure, but I don't like the wording, and the possible implication. Thanks, AK

Hallo,

(new information at the end)

in an effort to understand why one s/mime signed message I received could not be verified by Thunderbird (140.3.0esr (64-bit) on Ubuntu 24.04.3 LTS) (error 1041, "unknown problems with this digital signature"), but by all other clients I and others could check (including cli tools openssl, cmsutil), I did a few tests using my own certificate (using rsaEncryption, SHA256).

Inital observation: Messages signed with "openssl smime -sign -in msg.txt -to <email> -from <my-email> -subject test -signer mycert.pem -inkey mykey.pem -out signed.eml" and opened in Thunderbird showed error 1041. Any modifiers like -crlfeol, -text, -binary, ... did not make a difference.

Omitting signed attributes (-noattr) however helped. The signature was verified.

Further investigations now showed that the reason for that is a mismatch of the signing time in the signed attributes block with the RFC 5322 date in the header (or a missing date, which is the reason, the openssl smime output is rejected). If there is no match, Thunderbird shows a 1041 error (unknown problems with the signature).

However, I'm wondering whether such a test a reasonable. The standards don’t instruct MUAs to compare signingTime to the RFC 5322 Date. Flagging a mismatch is not required by spec and in my opinion adds little to no security value. The RFC date header can be easily modified and the signing time is openly readable.

Does anyone knows why it has been decided to test that?

When I opened my computer this morning, it said Firefox crashed. Yesterday, I was scammed by a scammer claiming to be from Microsoft who had me do many things on my computer to remove a virus that wasn't there. Instead, I suspect he may have access to my information now. So this morning after it said that Firefox had crashed, I asked to open a new Firefox session and things seemed to be normal. Please double check to make sure there is nothing wrong with my Firefox account and let me know. Thank You!

Mozilla Thunderbird Email wants to access your Google Account

This will allow Mozilla Thunderbird Email to:

Read, compose, send, and permanently delete all your email from Gmail

See, edit, download, and permanently delete your contacts

See, edit, share, and permanently delete all the calendars you can access using Google Calendar

Mzila Fire Fox that has me perplexed. There is a line that reads, In part….. https://accounts.google.com/signin/oauth/legacy/consent? uthuser=0&part=AJi8hAO27SA1jp0smbnYjSww31z06r6NnelkFAEXAX1pRgQq_2fkoC2lI-Rs0mf3jYCnMSdoG2Gr9V6XDkmWlQydzTYpDy4U-OREnYRGiXK0wIrp32BEL1sC1QyzBm-ZzUFPi6sQw3DCq7hh-HL7ZEAw9QDzw22rmwU7DPjP1nMpdWenxE6fE4LwyjUnAobeE3RPLIWik4O3f5U4lSI1Hwj0AiWBCsLD-

I am logged on to my Credit Union and attempt to download my statements. When using Firefox I get the message: {"Errors":["Authorization has been denied for this request."]}

When I contacted my CU, they said to add an URL to the Manage Exceptions. This worked, but I want to know why Firefox needs this but Chrome doesn't.

GNU nano 8.6 /etc/firefox/policies.json {

 "policies": {
   "DisableFirefoxStudies": true,
   "DisableTelemetry": true,
   "DisableSystemAddonUpdate": true

   "Preferences": {
     "app.normandy.enabled": false,
     "app.shield.optoutstudies.enabled": false,
     "extensions.autoDisableScopes": 15
    }
  }
} Hidden modifications to settings and extensions is absolutely not OK!!!!!!

This is a security environment.

I am working on a stig for Mozilla Firefox and I'm trying to do a scap compliance scan but or some reason I am getting a score of zero on all systems. We do patch regularly and at some point one of the version upgrades caused our compliance scans stopped working. I need a fix and cannot find anything when searching for this issue.

I would like to know how the Firefox CVEs are affected on its version which are mentioned in NVD.

Let take mfsa2025-59, for example CVE-2025-8040, as per the NVD its says Firefox ESR < 140.1 is affected so does that mean it affect all the version which are lower than 140.1 which included the ESR 128 and ESR 115 versions or just the ESR 140 version series? then it raise on more question check this cve-2025-8029 in NVD it has specifically mentioned it only affect "Firefox ESR < 128.13, Firefox ESR < 140.1" and not the ESR 115 versions. Could anyone confirm it does not affect the ESR 115 versions or it affect all the versions? Now check this one cve-2025-8027, NVD clearly mentioned "Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1" are affected so what I understand is that if the Firefox ESR 115 is vulnerable to any CVE it would be mentioned in the NVD specifically.

My point is that if any Firefox CVEs are listed in NVD and it specify only one version like “Firefox ESR < 140.1” what does that mean? Does it affect all the versions which include ESR 128 and ESR 115 or just the ESR 140 series version only affected? If any CVEs are affected on the ESR 115 and ESR 128 does Mozilla specifically mentioned those versions are affected right? Just like its mentioned in the cve-2025-8027

Any help would be appreciated to clarify this.

Payment declined for Thunderbird: Free Your Inbox subscription

Google Play Your subscription will be cancelled UPDATE PAYMENT Hi k,

Your payment from Visa-xxxx was declined.

If you don't update your payment method, you'll lose all of the benefits provided by Valued Monthly Contribution (Thunderbird: Free Your Inbox). These benefits include the following:

   A monthly, voluntary contribution
   Enable us to build new features
   Help us take meaningful steps forward
   Contributions are not tax-deductible

To keep these benefits, you'll need to keep your subscription active. Update your payment method or use a different one.

SUMMARY Amount Due $10.73 Fix by Dec 26, 2025 UPDATE PAYMENT

Learn more

Thanks, The Google Play team See your Google Play Order History. View the Google Play Refund Policy and the Terms of Service.

Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA, 94043, United States

I have a problem with thunderbird. I can't fetch the certificate in my account settings, it seems it's not security approved. Normally when I type "fetch certificate" a window pops up asking me to confirm a security exception, but this function no longer works on thunderbird. Is there another way I can confirm the security exception?

My account is hacked this is supposed to be a secure site that's why I downloaded it. They got extensions linked in here . They have a family account I'm not a parent I'm not a kid I'm a grown woman with a hacked phone they I can't get any help with insane . They make things to easy for hackers nothing is protect damn shame .

Hello, I have the following problem: Bitdefender keeps sending me notifications about Thunderbird emails. I have already contacted their support team and they advised me to tell you that Bitdefender correctly detects and removes infected attachments in the temporary folder; However, some emails do not seem to be deleted or synchronized correctly with Gmail, causing repeated notifications. Can you please help me?