All Products Community Forum

Firefox releases email addresses and our data to third parties!

I installed the Arc browser and Arc offered to load my bookmarks from mozilla. Out of curiosity, I let it, and it loaded my bookmarks and folders smoothly. Arc didn't navigate Firefox to the login page, so Firefox released my information without asking me.

What probably happened in the background was that the Arc browser told Firefox which email address it was requesting data from, and Firefox handed over the data to it "on notice". Firefox was not even convinced that the real owner of the email address asked the Arc browser to synchronize the folders.

Is it the famous Firefox reliability?

I went to Ugsound.com accidently while using Firefox on my Imac. The Firefox warning came up immediately and I left the site. Did Firefox protect me from malicious virus or was it too late? I was on the site for maybe 7-8 seconds.

I already occasionally run into sites that don't behave well with Firefox, forcing me to use another browser in some cases.

Will enabling these settings tend to contribute to exacerbating the problems?

I'm using Firefox 129.01 (64-bit), trying to log in to my Tufts Health Plan account, and get a security warning (screen shot attached). Customer Service at Tufts Health Plan tells me that I should use Chrome.

Should I ignore the Warning and proceed?

We use ESR due to its stability and long term security updates, and we use Duo as our SSO/IDP.

We have Duo set to deny login when the browser is more than 6 mo out of date, but due to the way FF reports only the main version number via the user agent Duo is unable to determine that FF ESR is actually up to date and thinks that it's too old and my users are being denied login or getting an erroneous message about needing to update their browser.

Is there a way to set FF to report it's whole version to Duo? We would prefer not to have to "outlaw" FF in our prod environment if at all possible.

Hi!

First of all, mods, if I chose the wrong category and this had to go in "customize settings and preferences" feel free to move it :)

So, for several reasons I decided to completely disable SSL and the old TLS 1.0 and 1.1. I still didn't decide if TLS 1.2 is still important or it's enough with 1.3 so for now I am leaving them both. I did this system wide, with PowerShell, following the instructions in THIS THIS article.

But then there's Firefox. I don't know if Firefox can establish SSL (or old TLS) connections despite the system "ban". But I came across THIS THIS article about how to enable TLS 1.3 in Firefox and when I went in about:config and I typed "security" I saw that there are a lot of voices with SSL and a lot more about TLS than just the security.tls.version.max mentioned in that article, so I am here to ask you what to do to be 1000% sure that all SSL and older TLS are completely disabled in Firefox, and that only TLS 1.3 is enabled.

If you have reasons to believe that disabling TLS 1.2 is not a good idea, let me know, but in THIS THIS article I've read that 1.3 is much better and it's anyway backwards compatible with 1.2 in case some server only supports 1.2, so I decided to leave only 1.3.

Thanks!

Ok, so first everyone needs to know I love Firefox, I have never donated a cent to Firefox. I think I have burned by FIREFOX MOZILLA HOW? I am not sure, because I am not an expert as all of you, but: I uninstalled Firefox because my iPad kept freezing and does not move on my iPad and all my four phones. While reinstalling Firefox, I see that one of their products called Monitor said my accounts have been compromised about 700+ instances. Then I proceed to find out how my accounts and private data was compromised? Well when I saw the list, you can imagine how long IT IS??? well, I was given a choice do it by paying $8+ a month/yearly and or manual; so what is the question how my addresses got compromised if I only use Firefox, Isn’t Firefox the self appointed SUPER GREAT BROWSER AND ADVOCATE FOR SECURITY AND INTERNET USER RIGHTS AND SO ON? Well again I am not an expert, but what I’m am so FXXXXXG burning stupidity it is that when I attempted to use the service, the FUNDAMENTAL QUESTIONS OF SECURITY your FUL NAME, YOUR DATE OF BIRTH, YOUR CITY AND STATE. Well, I am sorry today I lost flight on this browser, back to Safari, I guess. LIKE AN STUPID IDIOT I GAVE MY FULL NAME, MY DATE OF BIRTH, MY CITY, MY STATE TO FIREFOX/MOZILLA. NOW FIREFOX MOZILLA HAS ME BY MY BAXXS AND I FELT FOR IT. DO YOU WHY I HAVE NEVER GIVE A CENT TO FIREFOX, WITH ALL THE RESPECT ALL OF YOU DESERVE HIGH TECH, YES INCLUDING FIREFOX MOZILLA IS LIKE A POLITICIAN THAT BEGS FOR MONY AND SCREW YOU LATER. I AM MAD AS HELLLLLLLL!!!!!!!!!!

I am able to set up message filters to delete incoming messages from specific email addresses, names, subjects, etc., but I need to set one up to delete everything coming from a particular 'reply to' address. This spammer uses different 'From' names and addresses, so that's no help, but the 'reply to' address remains constant in all messages, and that is what I want to target. But 'Reply to' is not an option when setting up 'Match all of the following' etc. How can I do this? Many thanks!

Nord keeps telling me that Mozilla Thunderbird Version 128.0.1 Severity level : High. Exploiting this vulnerability is relatively straight forward for attackers. They may gain unauthorized access to your data or cause system disruptions. Risk mitigation is needed. This message was also for the latest 115 version. Then I updated to 128 and it has the same problem

I would like to remove my email account. There are explanations here about finding a 'remove account' option in settings but it appears that the option has recently disappeared. How do I remove an account?

I'm needing to transfer a fair amount of company email from POP accounts to Gmail for Business.

I understand the typical response is to add the gmail IMAP account to TB and copy the messages.

I've tested this feature and it works great. However I'm unsure of the exact mechanism used. Mainly, is this transportation between servers encrypted?

The gmail IMAP account is setup to use SSL/TLS, port 993 and authentication method is normal password.

Can someone confirm these emails will be protected in transit? Thank you in advance.

So, it happened again today. Saw their commercial on TV today and went to legacybox.com (NEVER BEEN THERE BEFORE; they transfer VHS tapes, and other stuff, to digital) and got an email from them after closing the browser tab and leaving their website. While I didn't open the email, their email Subject/title was "Thanks for stopping by...".

All I did was look around their website for a few minutes AND DID NOT GIVE THEM MY EMAIL ADDRESS!

This is EXTREMELY DISTURBING!

PLEASE, If anyone here has the Video DownloadHelper extension installed in Firefox AND their Companion App (it costs ~$28, I think.. so don't bother if you don't have it). And make sure you've updated to a recent version, WHERE THEY HAVE YOUR EMAIL/Licens# IN THE SETTINGS (L click on the VDH icon, click on the gear icon, and at the bottom of the menu, click on "More settings....". If your email is there, PLEASE GO TO Legacybox.com AND SEE IF THIS SITE SENDS YOU AN EMAIL as this may help to confirm if Firefox is leaking emails thru that app. Thanks!

I keep getting: Save Login for http://blabla.xyz?!!

if i say 'never' it just keeps asking.

now your saying. aah. thats cause it cannot differentiate a ipv4 and a hostname.

The gethostbyname() function returns a structure of type hostent for the given host name. Here name is either a hostname or an IPv4 address

i wonder then what this browser does. not remembering by name. here thus the word never is better replaced by -> ask me again next time.

Hi, I'm running into the issue where I have a public certificate issued to security@companyname.tld as they don't issue a separate one for most employees, but Thunderbird won't let me use it for sending (I think it's used when replying?) it to firstnamelastname@companyname.tld

Is there a way around this?

16.7.2024

I read this German article:

Firefox 128 liefert per Default Daten für Werbetreibende

Mozilla lässt eine neue Technologie für "datenschutzfreundliche digitale Werbung" in den Firefox einziehen. Die Aktivierung erfolgt ohne Einwilligung der Nutzer.

Which means Firefox 128 Delivers per-default Data for Advert agencies. Mozilla allows a new technology for "Date protection friendly digit Advertising" on Firefox. The activation is without permission from the user.

This is not good at all. I am now thinking of rejecting Fierfoy and moving to Opera or similar. Why did Morzilla take this fatal step?

Hi Just a quick one, I am using a VPN but everytime I open my browser I get bombarded with this dam acatcha and it takes ages to clear it, please there is bound to be away I can turn this off.......

Thanks

Hi E-mail message which i sent via Thunderbird contains in headers my internal and external IP in "Received from" record. Is it possible to hide it without use proxy or VPN? Recipient can see it.

I recently got seriously worried when I became aware about the new AI firewalls these days, which monitors or inspect SSL encrypted packets, before the packets reach to the main website. These new AI firewall systems are installed in some countries by their governments to suppress free speech, or just spy on its people. These firewalls, as you may already know, uses DPI-SSL system, which decrypts packets traveling from user to the main website. To decrypt the HTTPS packets, these firewalls uses its own self signed CA certificates. So I am asking the firefox developers, that why you guys allow this privacy issue? Does the packets sent from a firefoxe browser to other websites are also decrypted, by these firewalls? If yes, then why you guys allow this? Firefox must ONLY allow a specific CA certificate made for firefox browser only. Firefox browser must never let other third party softwares, or any software, to decrypt its encrypted packets. This is a serious privacy issue. With these firewalls, they can see what users write in chats, or posts, they can see witch content we are watching on a website, they can see who we follow on social media platforms, they can see which content or posts we like and etc. Even passwords are not safe anymore, which e use for any website of platform. When passwords are not safe, so does our accounts of various websites. This is a serious privacy breach.

These firewalls is a weapon for those countries which want to suppress free speech or suppress opposition sides in a government or spy on its own people.

Please let me know if I am mistaken or my concerns are genuine.