Brand new FF 17.0.1 install. Apparently over the best FF: 3.5.
Steps to reproduce:
This page works in FF3.5, and all versions of IE and Chrome attempted. Has the same non-working behaviour in FF14. Both FF's are on Win7.
[Profanity removed by moderator. Please read Forum rules and guidelines, thanks.]
Can you link to an example page using Recaptcha? It's not so easy to search for one...
When I visit https://www.google.com/recaptcha I do not see any problem with the certificate. If you switched from 3.5 directly to 17, I wonder whether the root certificate file was behind on updates? Might not be possible to re-create the problem at this point.
Try to rename the cert8.db file in the Firefox profile folder to cert8.db.old or delete the cert8.db file to remove intermediate certificates that Firefox has stored.
If that helped to solve the problem then you can remove the renamed cert8.db.old file.
Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previous intermediate certificates.
Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.
If that didn't help then remove or rename secmod.db (secmod.db.old) as well.
You can use this button to go to the Firefox profile folder:
Start Firefox in Safe Mode to check if one of the extensions (Firefox/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance).
For privacy's sake I'm not going to post a https Google Recaptcha link - I just don't know of independent ones - or haven't run across them since switching FF in the last day.
This problem appears for me for (all?) https after changing to FF17 - including this support page: the favicon.ico doesn't load because I haven't forcibly loaded that file into a separate tab and given it permission. Pages and websites I've used for a DECADE I've had to find their CSS/CDN server and give that permission so I see the CSS, images and get the JS files downloaded.
I don't know the history of FF by the person using FF14/Win7 who originally reported the problem. Completely separate user, same problem.
I suppose this is the place to say: in FF3.5 one reason I kept that version was because any FF upgrades I tried kept reinstating all the CAs and made it stupid-hard to remove them - and I trust no one, especially trackers, google, etc. And since FF doesn't have a setting to ask me if I want to make connections to every server a web page uses (and keeping a block list for me)...Ugh. After installing FF17 I went in and deleted every CA. Of course the next time I opened the exact same Options tab every CA was listed once again, so I really can't trust FF as far as I can throw it on a jumpdrive.
Off to try your suggestion. BTW It looks like my cert_override.txt file is pretty tiny, and the file you mentioned only appears in the Roaming profile (I've never made a new profile).
Renaming cert8.db now allows this website's favicon to appear. The newly generated cert8.db is less than 1/10th the size of the original.
While this is a local possible solution (helpful: yes, solution: not yet), there are many questions which need answering:
1. what does this do to my FF? What is being let in now that wasn't before? What security holes have I just opened?
2. why was/is this a problem in newFFs but not back in FF3.5?
3. what could have affected cert8.db in this way? Primarily I need to know who is going to have this same problem for the same - and different - reasons than I did.
Basically, why did this help with embedded https and what do I lose by going with this solution?
Thanks! There *is* hope!
It is possible that you had outdated or otherwise corrupted intermediate certificates stored in the cert8.db file and that this prevented Firefox from establishing a secure connection.
Such problems can also be caused by saving a permanent exception when you had a problem in the past and forgot about those.
It is usually better not to save a permanent exception, but try to find the cause and either see if you can install a missing intermediate certificate or ask for help on a forum or contact the website.
And since FF doesn't have a setting to ask me if I want to make connections to every server a web page uses (and keeping a block list for me)...
A future version of Firefox will at least not load http content on an https page. With respect to individual site loading/non-loading, the NoScript extension is useful for managing scripts. I think there are Flash blockers that also let you approve sites. No idea whether a similar tool exists for other kinds of content.