Avatar for Username

Sök i support

Akta dig för supportbedrägerier: Vi kommer aldrig att be dig att ringa eller skicka ett sms till ett telefonnummer eller dela personlig information. Rapportera misstänkt aktivitet med alternativet "Rapportera missbruk".

Learn More

Denna tråd har arkiverats. Ställ en ny fråga om du behöver hjälp.

Can't open Paypal because of potential security risk.

  • 1 svar
  • 1 har detta problem
  • 33 visningar
  • Senaste svar av philipp

CRUGG
CRUGG
more options

Hey! When I want to go to paypal.com I get an error message with the title "Warning: Potential Security Risk Ahead". Below the title it says: "Nightly detected a potential security threat and did not continue to www.paypal.com. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.

www.paypal.com has a security policy called HTTP Strict Transport Security (HSTS), which means that Nightly can only connect to it securely. You can’t add an exception to visit this site."

I don't think PayPal is in-secure.

I tried many answers I found here, like going to about:config and changing security.tls.version.max from the default of 4 to 3 etc.

Hey! When I want to go to paypal.com I get an error message with the title "Warning: Potential Security Risk Ahead". Below the title it says: "Nightly detected a potential security threat and did not continue to www.paypal.com. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details. www.paypal.com has a security policy called HTTP Strict Transport Security (HSTS), which means that Nightly can only connect to it securely. You can’t add an exception to visit this site." I don't think PayPal is in-secure. I tried many answers I found here, like going to about:config and changing security.tls.version.max from the default of 4 to 3 etc.

Alla svar (1)

philipp
philipp
  • Moderator
more options

hi, paypal is using an insecure symantec certificate - firefox is gradually revoking trust in those and as you are using a nightly build you're one of the first users noticing: https://blog.nightly.mozilla.org/2018/08/14/symantec-distrust-in-firefox-nightly-63/

a temporary workaround would be setting security.pki.distrust_ca_policy to 1 (but don't forget to reset that preference to the default later on once most common websites have adapted)