Ñembohavái opyahuvéva Bitdefender: suspicious connection blocked involving Firefox - signature-2.cdn.mozilla.net-pehttps://support.mozilla.org/gn/questions/13501462021-10-31T15:54:38-07:00swamper said
jscher2000 saidswamper saidI WANT to direct the browser to use system proxy settings...2021-10-31T15:54:38-07:00jscher2000https://support.mozilla.org/gn/questions/1350146#answer-1455592<em><p>swamper <a href="#answer-1455589" rel="nofollow">said</a></p></em>
<blockquote><em><p>jscher2000 <a href="#answer-1455582" rel="nofollow">said</a></p></em><blockquote><em><p>swamper <a href="#answer-1455573" rel="nofollow">said</a></p></em><blockquote>I WANT to direct the browser to use system proxy settings... Don't I?</blockquote>
Not unless you are intentionally using a proxy server in your system settings.</blockquote>
Isn't that the way security suites and VPNs work?</blockquote>
<p>I don't know how Bitdefender and your VPN hook your browser traffic. I think you'll need to investigate the effect on your computer. For example, you can check your IP address in Firefox to make sure it reflects the expected one, and you can view a certificate for a site intercepted by Bitdefender to see whether Bitdefender has inserted itself as a man in the middle.
</p>jscher2000 said
swamper said
I WANT to direct the browser to use system proxy settings... Don't I?
2021-10-31T15:31:37-07:00swamperhttps://support.mozilla.org/gn/questions/1350146#answer-1455589<em><p>jscher2000 <a href="#answer-1455582" rel="nofollow">said</a></p></em>
<blockquote><em><p>swamper <a href="#answer-1455573" rel="nofollow">said</a></p></em>
<blockquote>I WANT to direct the browser to use system proxy settings... Don't I?
</blockquote>
<p>Not unless you are intentionally using a proxy server in your system settings.
</p>
</blockquote>
<p>Isn't that the way security suites and VPNs work?
</p>swamper said
I WANT to direct the browser to use system proxy settings... Don't I?
Not unless you 2021-10-31T15:14:51-07:00jscher2000https://support.mozilla.org/gn/questions/1350146#answer-1455582<em><p>swamper <a href="#answer-1455573" rel="nofollow">said</a></p></em>
<blockquote>I WANT to direct the browser to use system proxy settings... Don't I?
</blockquote>
<p>Not unless you are intentionally using a proxy server in your system settings.
</p>Well, a minute became three days due to unexpected life and family issues. Sorry about that!
No Bit2021-10-31T13:42:14-07:00swamperhttps://support.mozilla.org/gn/questions/1350146#answer-1455573<p>Well, a minute became three days due to unexpected life and family issues. Sorry about that!
</p><p>No Bitdefender popups since I reset Application Menu/General/Network Settings/ to No proxy. For whatever reason, it was set to "Use system proxy settings."
</p><p>The strange thing is the Waterfox is also set to "Use system proxy settings," yet I've never seen the Bitdefender popups while using Waterfox. Just Firefox. This makes me think Mozilla's developers of Firefox are missing something, hence the Bitdefender popups proclaiming as described in the OP.
</p><p>Both Waterfox and Firefox are still set to Enable DNS over HTTPS with Cloudflare as the provider. I had Cloudflare's WARP installed last year, but uninstalled it when I upgraded to a real VPN.
</p><p>Again, even after a full uninstall, fresh download and reinstallation, I was getting the Bitdefender popups out of Firefox. Switching the Network Settings from their default, "Use system proxy settings" to "No proxy" appears to have solved the problem.
</p><p>Why would this be required in Firefox and not in Waterfox?
</p><p>I WANT to direct the browser to use system proxy settings... Don't I?
</p>jscher2000 said
swamper said
4. Viewing the Certificate via the lock icon to the left of the URL re2021-10-28T06:56:29-07:00swamperhttps://support.mozilla.org/gn/questions/1350146#answer-1454600<em><p>jscher2000 <a href="#answer-1454547" rel="nofollow">said</a></p></em>
<blockquote><em><p>swamper <a href="#answer-1454528" rel="nofollow">said</a></p></em>
<blockquote>4. Viewing the Certificate via the lock icon to the left of the URL reveals two certificates, one from *.safezone.mcafee.com (which I've never installed on my computer) and one from Bitdefender Personal <a href="http://CA.Net" rel="nofollow">CA.Net</a>-Defender, neither of which look like anything at all like your "2021-09-15-13-43-52-79c2c4.png" image...
</blockquote>
<p>We know why Bitdefender is in the mix, since you have the program set to intercept your web access through Firefox. The appearance of the McAfee cert is the real mystery .
</p>
I assume you don't have any McAfee security software on your computer. How about in your router? (But then why would only one browser be affected??)</blockquote>
<p>No McAfee software on my PC. The router is a late model by CenturyLink. Nothing in the admin menu screams, "McAffee," but that doesn't mean they're not using it.
</p>
<blockquote>Does it make any difference to set Firefox to "No Proxy" here:
<ul><li> Windows: "3-bar" menu button (or Tools menu) &gt; Settings (previously "Options")
</li><li> Mac: "3-bar" menu button (or Firefox menu) &gt; Preferences
</li><li> Linux: "3-bar" menu button (or Edit menu) &gt; Preferences
</li><li> Any system: type or paste <strong>about:preferences</strong> into the address bar and press Enter/Return to load it</li></ul></blockquote>
I'll get back to you in a minute on this, as I uninstalled Firefox and the auto-updater completely. I'll after to reinstall it after I post.
swamper said
4. Viewing the Certificate via the lock icon to the left of the URL reveals two certif2021-10-28T04:29:42-07:00jscher2000https://support.mozilla.org/gn/questions/1350146#answer-1454547<em><p>swamper <a href="#answer-1454528" rel="nofollow">said</a></p></em>
<blockquote>4. Viewing the Certificate via the lock icon to the left of the URL reveals two certificates, one from *.safezone.mcafee.com (which I've never installed on my computer) and one from Bitdefender Personal <a href="http://CA.Net" rel="nofollow">CA.Net</a>-Defender, neither of which look like anything at all like your "2021-09-15-13-43-52-79c2c4.png" image...
</blockquote>
<p>We know why Bitdefender is in the mix, since you have the program set to intercept your web access through Firefox. The appearance of the McAfee cert is the real mystery .
</p><p>I assume you don't have any McAfee security software on your computer. How about in your router? (But then why would only one browser be affected??)
</p><p>Does it make any difference to set Firefox to "No Proxy" here:
</p>
<ul><li> Windows: "3-bar" menu button (or Tools menu) &gt; Settings (previously "Options")
</li><li> Mac: "3-bar" menu button (or Firefox menu) &gt; Preferences
</li><li> Linux: "3-bar" menu button (or Edit menu) &gt; Preferences
</li><li> Any system: type or paste <strong>about:preferences</strong> into the address bar and press Enter/Return to load it
</li></ul>
<p>In the search box at the top of the page, type <em>proxy</em> and Firefox should filter to the "Settings" button, which you can click. In the Network Settings overlay, change to "No proxy" and there should be a Save button all the way at the bottom of the panel (sometimes scrolling may be needed).
</p>jscher2000 said
I definitely do not recommend making any kind of exception to allow a possibly hijac2021-10-28T03:51:27-07:00swamperhttps://support.mozilla.org/gn/questions/1350146#answer-1454528<em><p>jscher2000 <a href="#answer-1454497" rel="nofollow">said</a></p></em>
<blockquote>I definitely do not recommend making any kind of exception to allow a possibly hijacked connection to that server.
Did you test what happens if you try to download this file directly, either in Firefox or another browser:
<a href="https://content-signature-2.cdn.mozilla.net/chains/normandy.content-signature.mozilla.org-2020-05-05-15-04-19.chain" rel="nofollow">https://content-signature-2.cdn.mozilla.net/chains/normandy.content-signature.mozilla.org-2020-05-05-15-04-19.chain</a>
If you open it in a text editor, it contains 87 lines of certificate code starting with:
-----BEGIN CERTIFICATE-----
MIIC9TCCAnugAwIBAgIIFfzRFY3VsmIwCgYIKoZIzj0EAwMwgaMxCzAJBgNVBAYT
AlVTMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3pp
bGxhIEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTFFMEMGA1UEAww8Q29u
dGVudCBTaWduaW5nIEludGVybWVkaWF0ZS9lbWFpbEFkZHJlc3M9Zm94c2VjQG1v
<br>Do you get that, or another error message? If you get a secure connection error page, click the Advanced button, then View Certificate, and you can compare with the details I posted earlier in this image:
<a href="https://user-media-prod-cdn.itsre-sumo.mozilla.net/uploads/images/2021-09-15-13-43-52-79c2c4.png" rel="nofollow">https://user-media-prod-cdn.itsre-sumo.mozilla.net/uploads/images/2021-09-15-13-43-52-79c2c4.png</a>
</blockquote>
<p>Using Waterfox:
</p><p>1. The file downloads without error.
2. Opening it with Notepad++ reveals the same first four lines you have listed in Begin Certificate.
3. There was no secure connection error page.
</p><p>Using Firefox:
</p><p>1. Bitdefender reports, "Suspicious page blocked for your protection." See attached.
2. I don't have an "advanced button" in Firefox. Online help states, "To access the advanced settings, type: about:config into the address bar and press Enter." Doing that brings up a different page, none of which looks anything at all like your "2021-09-15-13-43-52-79c2c4.png" image.
3. However, manually bypassing the security downloads the same file downloaded by Waterfox, also matching the first four lines you have in Begin Certificate.
4. Viewing the Certificate via the lock icon to the left of the URL reveals two certificates, one from *.safezone.mcafee.com (which I've never installed on my computer) and one from Bitdefender Personal <a href="http://CA.Net" rel="nofollow">CA.Net</a>-Defender, neither of which look like anything at all like your "2021-09-15-13-43-52-79c2c4.png" image...
5. ...except for one line under *.safezone.mcafee.com, which reads: Subject Alt Names DNS Name <a href="http://content-signature-2.cdn.mozilla.net" rel="nofollow">content-signature-2.cdn.mozilla.net</a>
</p><p>I tried uploading the images, but it's stuck on "Uploading..." We'll see if it actually uploaded after I post reply. My ISP boasts consistent speeds &gt; 100/25 Down/Up in Mbps.
</p>I definitely do not recommend making any kind of exception to allow a possibly hijacked connection t2021-10-28T01:08:47-07:00jscher2000https://support.mozilla.org/gn/questions/1350146#answer-1454497<p>I definitely do not recommend making any kind of exception to allow a possibly hijacked connection to that server.
</p><p>Did you test what happens if you try to download this file directly, either in Firefox or another browser:
</p><p><a href="https://content-signature-2.cdn.mozilla.net/chains/normandy.content-signature.mozilla.org-2020-05-05-15-04-19.chain" rel="nofollow">https://content-signature-2.cdn.mozilla.net/chains/normandy.content-signature.mozilla.org-2020-05-05-15-04-19.chain</a>
</p><p>If you open it in a text editor, it contains 87 lines of certificate code starting with:
</p><pre>-----BEGIN CERTIFICATE-----
MIIC9TCCAnugAwIBAgIIFfzRFY3VsmIwCgYIKoZIzj0EAwMwgaMxCzAJBgNVBAYT
AlVTMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3pp
bGxhIEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTFFMEMGA1UEAww8Q29u
dGVudCBTaWduaW5nIEludGVybWVkaWF0ZS9lbWFpbEFkZHJlc3M9Zm94c2VjQG1v
</pre>
<p><br>Do you get that, or another error message? If you get a secure connection error page, click the Advanced button, then View Certificate, and you can compare with the details I posted earlier in this image:
</p><p><a href="https://user-media-prod-cdn.itsre-sumo.mozilla.net/uploads/images/2021-09-15-13-43-52-79c2c4.png" rel="nofollow">https://user-media-prod-cdn.itsre-sumo.mozilla.net/uploads/images/2021-09-15-13-43-52-79c2c4.png</a>
</p>I feel like the answers veered way off into the weeds. I'm not looking for coders or developers to 2021-10-27T13:12:10-07:00swamperhttps://support.mozilla.org/gn/questions/1350146#answer-1454413<p>I feel like the answers veered way off into the weeds. I'm not looking for coders or developers to guide me through the binary jungle.
</p><p>Simple Question: Which of the following two courses of action is the correct one:
</p><p>1. Add to exceptions (see attached graphic): If the correct answer is, "Add to exceptions," please tell me HOW/WHY this won't create a security breach.
</p><p>2. Ignore: If the correct answer is to ignore it, this is proving very difficult, as I'm getting 20+ such Suspicious connection blocked pop-ups, all citing "<a href="http://content-signature-2-cdn-mozilla.net" rel="nofollow">content-signature-2-cdn-mozilla.net</a>" every time I open Mozilla Firefox. As you can see from the attached graphic, that's 44 times during the two times I opened Firefox to check to see if there were any new updates which might have fixed the problem. Every time it pops up, it changes the focus of my typing so I cannot accomplish any work until it finishes.
</p><p>I do not get this error message from Bitdefender when using Google Chrome or any of several other Chromium-based browsers, including Brave, Epic, Vivalidi, Opera and Edge.
</p><p>I do not get this error message from Bidefender when using Waterfox or Tor, both of which are modified versions of Firefox.
</p><p>I am ONLY getting this error message from Bitdefender when using the standard, 64-bit version of Mozilla Firefox available for download for installation on Windows 10.
</p><p>In fact, I've tried 11 different browsers. No issues except with Mozilla Firefox. That in and of itself should be a significant clue. I had HOPED someone on the development team would focus on the "<a href="http://content-signature-2-cdn-mozilla.net" rel="nofollow">content-signature-2-cdn-mozilla.net</a>" message and fix the problem at the source so I could continue using Mozilla Firefox.
</p><p>Firefox USED to have a "Report Bug" (or something like that) which allowed the user to submit a basic description, attach a screen shot, and check a box to capture and report system information. The few times I used it bugs disappeared in the very next revision.
</p><p>It was a great system!
</p><p>Now, all attempts to use that take me to "ideas@moz://a" or here which hasn't been able to fix anything in more than a year.
</p><p>Well, I'm sure you're all familiar with the old adage about customer service: If the problem isn't fixed by the third time you've beat the horse, "it's DEAD, Jim." Time to get off and find another horse.
</p><p>I'll check back a couple of more times over the next few days to see if anyone can actually answer my Simple Question as given above. If you can, without risking a security breach of my system, then three cheers! If not, then it's time to cut my losses and get on with life using one of Firefox's several outstanding competitors.
</p>Right, never mind on the Browser Console, that was the only way I could capture the cert information2021-09-17T08:19:07-07:00jscher2000https://support.mozilla.org/gn/questions/1350146#answer-1444193<p>Right, never mind on the Browser Console, that was the only way I could capture the cert information because a successful download doesn't show anything in a tab. What does the first certificate look like in your case? The Common Name is different?
</p>jscher2000 said
That server seems to be used for content signatures to validate information that Fir2021-09-17T07:40:06-07:00swamperhttps://support.mozilla.org/gn/questions/1350146#answer-1444174<em><p>jscher2000 <a href="#answer-1443671" rel="nofollow">said</a></p></em>
<blockquote>That server seems to be used for content signatures to validate information that Firefox requests from Mozilla servers in the background: <a href="https://github.com/mozilla-services/autograph/blob/main/signer/contentsignaturepki/README.md" rel="nofollow">https://github.com/mozilla-services/autograph/blob/main/signer/contentsignaturepki/README.md</a>
Do you get a secure connection error if you try to open this file:
<a href="https://content-signature-2.cdn.mozilla.net/chains/normandy.content-signature.mozilla.org-2020-05-05-15-04-19.chain" rel="nofollow">https://content-signature-2.cdn.mozilla.net/chains/normandy.content-signature.mozilla.org-2020-05-05-15-04-19.chain</a>
Expected result: download dialog
If I open the Browser Console before making the request, and enable listing requests by clicking "Requests" at the right end of the filter bar, I see the following certificate information:
<img src="https://user-media-prod-cdn.itsre-sumo.mozilla.net/uploads/images/2021-09-15-13-43-52-79c2c4.png">
If you got an error page, you can compare by clicking the Advanced button to view more details, and then clicking View Certificate.
</blockquote>
<p>Excellent page resource explaining content signatures, jscher2000. Thank you.
</p><p>As for your results through the Browser Console, I am unable to duplicate your screen. Specifically, the browser opens the page displaying the three certificates, but the Browser Console displays:
</p><p>Unchecked lastError value: Error: Could not establish connection. Receiving end does not exist.
</p><p>When I click on the link (view-source:moz-extension://570c9611-b493-4a51-86e9-968b31b498db/background.js) in Browser Console to amplify, it brings up the following:
</p>cor-el said
Do you use a bookmark or are you starting with the main (home) page of this website?
If2021-09-17T07:20:25-07:00swamperhttps://support.mozilla.org/gn/questions/1350146#answer-1444169<em><p>cor-el <a href="#answer-1443230" rel="nofollow">said</a></p></em>
<blockquote>Do you use a bookmark or are you starting with the main (home) page of this website?
If you use a bookmark to access a specific page then instead navigate to this page starting with the main page or with the sign in page in case there is a problem with this bookmark.
</blockquote>
<p>Only about 60% of the time. The rest of the time I'm opening Firefox direction from the link I pinned to the taskbar, and the issue remains the same, even after clean, cold boots. Ergo, it's associated with Firefox directly, not a bookmark.
</p>That server seems to be used for content signatures to validate information that Firefox requests fr2021-09-15T06:45:31-07:00jscher2000https://support.mozilla.org/gn/questions/1350146#answer-1443671<p>That server seems to be used for content signatures to validate information that Firefox requests from Mozilla servers in the background: <a href="https://github.com/mozilla-services/autograph/blob/main/signer/contentsignaturepki/README.md" rel="nofollow">https://github.com/mozilla-services/autograph/blob/main/signer/contentsignaturepki/README.md</a>
</p><p>Do you get a secure connection error if you try to open this file:
</p><p><a href="https://content-signature-2.cdn.mozilla.net/chains/normandy.content-signature.mozilla.org-2020-05-05-15-04-19.chain" rel="nofollow">https://content-signature-2.cdn.mozilla.net/chains/normandy.content-signature.mozilla.org-2020-05-05-15-04-19.chain</a>
</p><p>Expected result: download dialog
</p><p>If I open the Browser Console before making the request, and enable listing requests by clicking "Requests" at the right end of the filter bar, I see the following certificate information:
</p><p><img src="https://user-media-prod-cdn.itsre-sumo.mozilla.net/uploads/images/2021-09-15-13-43-52-79c2c4.png">
</p><p>If you got an error page, you can compare by clicking the Advanced button to view more details, and then clicking View Certificate.
</p>Thank you both for your replies. If either of you have anything more to add, by all means, please d2021-09-15T04:57:29-07:00swamperhttps://support.mozilla.org/gn/questions/1350146#answer-1443652<p>Thank you both for your replies. If either of you have anything more to add, by all means, please do so!
</p><p>In the meantime, anyone else out there with insight on this issue? Please review the attachment at the OP. Thank you.
</p>jscher2000 said
I don't think it's necessary for Bitdefender to terminate connections where the cert2021-09-15T04:56:21-07:00swamperhttps://support.mozilla.org/gn/questions/1350146#answer-1443650<em><p>jscher2000 <a href="#answer-1443223" rel="nofollow">said</a></p></em>
<blockquote>I don't think it's necessary for Bitdefender to terminate connections where the certificate doesn't match. Firefox does that all on its own, as you may have seen from time to time on the built-in secure connection error pages.
Anyway, since this connection can't work for anyone, I suggest ignoring it unless you discover that something important has stopped working in Firefox.
</blockquote>
<p>Bitdefender claims its product is doing its job. Indeed, out of hundreds of other programs on my computer, not once has any other program attempted to access sites with mis-matched certificates.
</p><p>If "Firefox does that all on its own," then perhaps it should stop doing something which one of the leading antivirus/security programs clearly sees as a threat.
</p><p>"Ignoring it" is not an acceptable solution. This is a potentially harmful security issue. I'd like to see it resolved, not ignored.
</p>cor-el said
Do you use a bookmark or are you starting with the main (home) page of this website?
If2021-09-15T04:52:08-07:00swamperhttps://support.mozilla.org/gn/questions/1350146#answer-1443649<em><p>cor-el <a href="#answer-1443230" rel="nofollow">said</a></p></em>
<blockquote>Do you use a bookmark or are you starting with the main (home) page of this website?
If you use a bookmark to access a specific page then instead navigate to this page starting with the main page or with the sign in page in case there is a problem with this bookmark.
</blockquote>
<p>Neither. I get roughly 23 identical error message pop-ups after booting my computer and opening Firefox. If I close down Firefox, the reopen it, I the 23 error messages begin again, so it's clearly tied to opening Firefox.
</p><p>It does not matter which website I go to (news, weather, facebook, etc.). It always begins within a few seconds after opening Firefox.
</p>Do you use a bookmark or are you starting with the main (home) page of this website?
If you use a bo2021-09-13T12:47:23-07:00cor-elhttps://support.mozilla.org/gn/questions/1350146#answer-1443230<p>Do you use a bookmark or are you starting with the main (home) page of this website?
</p><p>If you use a bookmark to access a specific page then instead navigate to this page starting with the main page or with the sign in page in case there is a problem with this bookmark.
</p>I don't think it's necessary for Bitdefender to terminate connections where the certificate doesn't 2021-09-13T12:27:23-07:00jscher2000https://support.mozilla.org/gn/questions/1350146#answer-1443223<p>I don't think it's necessary for Bitdefender to terminate connections where the certificate doesn't match. Firefox does that all on its own, as you may have seen from time to time on the built-in secure connection error pages.
</p><p>Anyway, since this connection can't work for anyone, I suggest ignoring it unless you discover that something important has stopped working in Firefox.
</p>Anyone? Hello...
2021-09-13T04:55:11-07:00swamperhttps://support.mozilla.org/gn/questions/1350146#answer-1443122<p>Anyone? Hello...
</p>