Firefox Support Forum

Hi I'm having problems sending emails, with a constant message, as per the example posted here: SMTP error from remote server for RCPT TO command, host: devon-gov-uk.mail.protection.outlook.com (104.47.11.74) reason: 550 5.4.1 Recipient address rejected: Access denied. AS(201806281) [DB5EUR

I use Firefox in 4 different devices and only one shows the vulnerable passwords and all of them are synced and also all of them have the same settings.

Any idea as to what may be going on and how to solve it?

Thanks.

In our site we trigger popup window with form being submitted with POST method and target="_blank". This is done so it opens 3rd party web app in new window. However, when popup windows are blocked for our page it (correctly) blocks popup, asking user if it should allow popup window. No complaints here. However, when user allows page to show popups, or allows for a single popup, while it opens in new page - it tries to open the URL with GET method, and not with POST, as originally intended, breaking our app. Now of course user can just re-trigger the form and now with allowed popups it will work. But should user not want to allow all future popups to be shown, there's no way for them to open a single popup with firefox switching method (and possibly losing form data?)

Is it possible for Mozilla to add a setting to Firefox that blocks .zip and .mov links from ever opening even if clicked on since a big part of the .zip links are being used to infect computers with malware

os = ubuntu 22.04 - 5.19.0-42-generic Mozilla Firefox 103.0.1 I am attempting to connect to a proxy that does not require a username and password, yet moz-proxy is continually asking for one. If I put any input in the prompts, it goes away, but if the machine is rebooted, the prompts begin again. How do I permanently stop firefox from asking for the username and password?

Not secure website home accessible, but none of the pages under it. Unable to mark pages for not secure browsing. I marked the home site for not secure browsing OK. But no pages under it will open. There does not seem to be a way to tell the browser to ignore the security requirement for all pages in this website.

Is there a security setting that allows me to show all my passwords rather than having to toggle them on each time?

I am a recluse. There's never anyone looking over my shoulder. I just don't want to have to mess with it anymore.

If there isn't, could some kind developer please make an add-on?

I am using two computers: an iMac (late 2009) running 10.13.6 (High Sierra) and a Macbook Pro (13-inch, 2012) running 10.15.7 (Catalina).

Thank you!

K

Hi, Firstly, I'm fairly new to this - so apologies if I don't describe this very well, or leave out any obvious info....

We use PKI certs generated by a third party - and I'm in the process of installing the Vsphere v7 certificate. We've got a process which I've followed once before and been fine. But this time, after I install the certificate, Firefox gives me a "SEC_ERROR_CERT_NOT_IN_NAME_SPACE" error. The only other Browser we have on our system is IE. When I entered the url of the Vsphere server, in IE - it did give me the Vsphere login screen OK. When I clicked on the padlock in the address bar, the new certificate was there, complete with its chain (Root CA and intermediate) and the dates were as expected. So it look like the PKI cert install has worked. However, I need it to work in Firefox. I'm a bit out of ideas. I did find this post:

https://security.stackexchange.com/questions/188914/certifying-authority-for-this-certificate-is-not-permitted-to-issue-a-certificat

But when I checked the Permitted name constraints of our intermediate CA, the expected domain was in there, so I assumed that wasn't the issue (if I've understood this correctly). Any thoughts would be much appreciated. Thanks.

Dear Mozilla Data Protection Team,

I hope this email finds you well. I am writing to inform you of a critical security breach that has occurred in my Mozilla Firefox password manager and to request immediate action to improve your security protocols. I have been a loyal user of Mozilla Firefox for years and have trusted your organization with my sensitive data. However, I am extremely concerned about the recent incident and its potential implications for me and other users.

• • Incident Description:**

On the 2nd of june 2023 I noticed a series of unauthorized transactions on my various online accounts. Upon further investigation, I discovered that my password manager, which is integrated into my Mozilla Firefox browser, had been compromised. It appears that an unknown third party gained access to my stored passwords and subsequently used them to access my accounts.

• • Impact:**

This security breach has had a significant impact on my personal and financial information. I have had to spend considerable time and effort in contacting my banks, credit card companies, and other online service providers to report the unauthorized transactions and secure my accounts. Moreover, I am concerned about the long-term consequences of this breach, as my sensitive information may be misused, leading to identity theft or other malicious activities.

• • Request for Security Improvement:**

In light of this incident, I would like to request that the Mozilla Data Protection Team take immediate steps to improve the security protocols for the Firefox password manager. This may include:

1. Implementing multi-factor authentication (MFA) for accessing stored passwords, which would require users to verify their identity through an additional method, such as a one-time code sent via SMS or email. 2. Conducting regular security audits of the password manager infrastructure to identify and address potential vulnerabilities before they can be exploited by attackers. 3. Providing users with the option to enable password encryption, ensuring that even if the password manager is compromised, the stored passwords remain unreadable without the correct decryption key. 4. Enhancing user education and awareness about potential security risks and best practices for securing their password manager and other sensitive data.

• • Next Steps:**

Please acknowledge receipt of this email and provide an update on the actions that the Mozilla Data Protection Team plans to take in response to this incident. Additionally, I would appreciate any guidance on further steps I should take to protect myself and minimize the impact of this security breach.

I understand that no security system is foolproof, but I believe that it is essential for Mozilla to take this incident seriously and make every effort to ensure that its users can continue to trust the Firefox password manager with their sensitive data.

I have already filed a complaint with the Romanian police, and they launched an investigation.

Thank you for your prompt attention to this matter. I look forward to hearing from you soon.

Sincerely,

Baciu Darius-Alexandru Dariusbaciu166@gmail.com 0787403967

My gmail account keeps asking me to sign in every other 5 minutes. I didn't change a thing on my setting and up until yesterday evening the gmail still stayed signed in. I tried to add google.com, gmail ect. in Exception, but it didn't help. When I was trying to leave a comment on youtube, I had to sign in every single time.

Hi,

Firefox reports an incorrect timezone (UTC), despite `privacy.resistFingerprinting` being false. (None of the settings underneath `privacy` have been changed.

The clearest example is here: https://browserspy.dk/date.php (screenshot attached). Another browser (epiphany) reports the correct timezone on that page.

I have tested the following versions: - Mozilla Firefox 102.11.0esr - Mozilla Firefox 113.0 - Mozilla Firefox 113.0b9

It persists under `--safe-mode`, in Private Browsing mode and despite being signed into a firefox account or not.

uname -a: Linux s 6.3.4 #1-NixOS SMP PREEMPT_DYNAMIC Wed May 24 16:30:25 UTC 2023 x86_64 GNU/Linux

timedatectl, displays correct timezone

I'm at a loss at how to proceed and debug this, every search leads back to privacy.resistFingerprinting, but as mentioned this isn't the case here.