Whoops, the image didn't get added

That is an expired certificate.

    Data:
        Version: 1 (0x0)
        Serial Number: 17706515877439069108 (0xf5ba2e609c91dbb4)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd
        Validity
            Not Before: Oct 13 12:46:03 2014 GMT
            Not After : Nov 12 12:46:03 2014 GMT
        Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd

You can check the connection settings.

• Options/Preferences -> Advanced -> Network : Connection -> Settings
• https://support.mozilla.org/en-US/kb/Options+window+-+Advanced+panel

If you do not need to use a proxy to connect to internet then try to select "No Proxy" if "Use the system proxy settings" or one of the others do not work properly.

See "Firefox connection settings":

• https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can

See also:

• https://support.mozilla.org/en-US/kb/troubleshoot-extensions-themes-to-fix-problems

Thanks for the fast reply!

I switched to "No Proxy" but that didn't solve the problem.

I'd go straight to my ISP forums if this didn't start hapenning right after the browser update.

How about other browsers on your system? If you visit one of those problem sites in the other browser and check the certificate information, does it show the certificate as that expired one, or is the problem limited to Firefox?

At least one site suggests that issuer's certificates have been used to sign unwanted software: https://www.reasoncoresecurity.com/signer-internet-widgits-pty-ltd-009dd8bc177abb2f73.aspx

Could you test in Firefox's Safe Mode? In Safe Mode, Firefox temporarily deactivates extensions, hardware acceleration, and some other advanced features to help you assess whether these are causing the problem.

If Firefox is not running: Hold down the Shift key when starting Firefox.

If Firefox is running: You can restart Firefox in Safe Mode using either:

• "3-bar" menu button > "?" button > Restart with Add-ons Disabled
• Help menu > Restart with Add-ons Disabled

and OK the restart.

Both scenarios: A small dialog should appear. Click "Start in Safe Mode" (not Refresh).

Any improvement? (More info: Diagnose Firefox issues using Troubleshoot Mode)

Thanks for your reply!

Internet Explorer shows the correct certificate for github.com, signed by DigiCert.

Restarted in Safe Mode - the dialog appeared, I'm in Safe Mode now. But the problem persists.

Forgot to mention, I've performed a scan with Kaspersky Virus Removal Tool (their free service), targetting boot locations and memory. Nothing showed up.

Google Chrome and the main-channel Firefox also show the correct certificate from DigiCert.

Hmm, I don't normally use Nightly, but I updated it just now and don't notice any new issues with Github or Amazon.

Do you have any exceptions saved for these sites in the Certificate Manager?

"3-bar" menu button (or Tools menu) > Options

In the left column, click Advanced. Then on the right side, click the Certificates mini-tab along the top. Then click the "View Certificates" button.

This should open the Certificate Manager. Click the "Servers" tab. Ignore the ones for "*" and check for any servers matching problem sites.

Well, I'm pretty confident that I've never added exceptions to amazon.com as I only started using their site this June.

Okay, I've made my way to the Certificate Manager window, though a bit differently.

Anyways, here's the only non-wildcard certificate there:

Perhaps try some other malware cleaning tools. The support article lists several that are either free or have a free trial.

Troubleshoot Firefox issues caused by malware

Tried Microsoft Safety Scanner and "SUPERAntiSpyware Portable Scanner Personal Edition" with no luck. Well, the latter has found 462 "threats" - tracking cookies.

I've googled that base64 string of the certificate:

• https://gist.github.com/blacklion/49dbb5c16653e3c3877db6012893e593 and https://juick.com/blacklion/2840429
• https://gist.github.com/sigsergv/5f1aeb063b2600516997

Already tried to contact blacklion to get more info on that certificate, but judjing from their discussion at juick.com, blacklion got that certificate for smarkets.com, which (as reported by other users in that thread) was affected by our Internet censorship a the time.

Couldn't find sigsergv's contact info, but he lives in Novosibirsk.

It has to do something with Russian Internet regulation ^W censorship law, but... Why only Nightly? And only after the update? ><

I don't know what to think now.

Oh, and blacklion mentioned that he runs "FreeBSD with read-only filesystem", so... I guess I might stop searching for malware on my machine now?

Thank you for your support guys

See also: https://www.google.com/search?q=%22Internet+Widgits+Pty+Ltd%22

Do a malware check with several malware scanning programs on the Windows computer.

• https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware

Please scan with all programs because each program detects different malware. All these programs have free versions.

Make sure you update each program to get the latest version of their databases before doing a scan.

• Malwarebytes' Anti-Malware:
  http://www.malwarebytes.org/mbam.php
• AdwCleaner:
  http://www.bleepingcomputer.com/download/adwcleaner/
  http://www.softpedia.com/get/Antivirus/Removal-Tools/AdwCleaner.shtml
• SuperAntispyware:
  http://www.superantispyware.com/
• Microsoft Safety Scanner:
  http://www.microsoft.com/security/scanner/en-us/default.aspx
• Windows Defender:
  http://windows.microsoft.com/en-us/windows/using-defender
• Spybot Search & Destroy:
  http://www.safer-networking.org/en/index.html
• Kasperky Free Security Scan:
  http://www.kaspersky.com/security-scan

You can also do a check for a rootkit infection with TDSSKiller.

• Anti-rootkit utility TDSSKiller:
  http://support.kaspersky.com/5350?el=88446

See also:

• "Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked

Note that in current Nightly releases with the new about:preferences design you can find the certificates under the Privacy & Security tab at the bottom of this list (Security -> Certificates).

• Malwarebytes Premium Trial has only detected CheatEngine as a PUP;
• Malwarebytes AdwCleaner hasn't detected anything;
• SuperAntispyware scan results were described in my previous post;
• Microsoft Safety Scanner scan results were described in my previous post;
• Windows Defender hasn't detected anything;
• Spybot Search & Destroy has only detected tracking cookies and 7-Zip context menu entries;
• Kasperky Free Security Scan has only detected 8 "other problems" like "non-standard IE start page" or "turning IE reports on may leak personal information"';
• Kaspersky TDSSKiller hasn't detected anything;

I've just installed the latest Nightly on another machine in my local network, and github.com now reports invalid certificate there, too.

As with my main desktop, other browsers (including Firefox) load these sites without problems.

I've tried a different ISP (LTE), and these sites started loading in Nightly just fine. I guess it's just some magic incompatibility between one of the latest Nightly updates and my ISP then.

Could you change your user agent on Nightly to the release UA to see whether that bypasses the problem? Here's how:

(0) Select and copy this new preference name:

general.useragent.override

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste usera and pause while the list is filtered

Assuming you do not see that preference:

(3) Right-click a blank area of the page, New > String, then paste the preference name and click OK, then enter any text temporarily and click okay

Once the preference exists:

(4) Select and copy this value:

64-bit Firefox on 64-bit Windows 10:
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0

32-bit Firefox on 64-bit Windows 10:
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0

(5) Double-click the general.useragent.override preference and paste the new value, then click OK

You can test that the new value is sent using https://www.jeffersonscher.com/res/jstest.php (red text)

To clear the override later, right-click the preference and choose Reset.

I did what you proposed.

Unfortunately, faking Firefox 54 didn't solve the problem.

I also tried setting my User-Agent to the one from Edge. Didn't work either.

I've looked through the commit history on Mozilla's GitHub mirror, and got interested by this commit: https://github.com/mozilla/gecko-dev/commit/02da186004ba9d352f746304efea0c022ba78f69

network.tcp.tcp_fastopen_enable's default value in my current Nightly is true. If I switch it to false, the problem dissapears.

However, when I switch it back to true, the problem is still not present. I need to restart Nightly (with that pref set to true) for it to come back again.

Actually the correct commit is probably this: https://github.com/mozilla/gecko-dev/commit/3d59bf74c826d8c75d427104508397aa172055ed It's part of Bug 1363372

A little update on this. I've contacted one of the Firefox developers - the one who was working on the TCP Fast Open feature - told them about the issue, they're now aware of it. What's more, in current Nightly builds the problem is not present (even with TFO turned on).

I guess I can mark this as solved, at least now I have an idea of what was going on.

Thanks to cor-el and jscher2000 for support.