Problems accessing secure sites using FireFox
FireFox has been my default browser for many years and it has been great, no problems. Within the past three months, however, I've been unable to access financial sites that I regularly use. The first was in October when one site upgraded its account access security. Initially, FireFox worked after the upgrade, but then I could no longer log into my account. I spoke to support staff for that website and they said they've been receiving complaints from other clients who use FireFox and suggested I use another browser, which I did and was able to access my account. Today another financial site suddenly blocked access using FireFox with a message that I needed to unblock cookies for the site, so I went into FireFox security settings and added the site's address to the exceptions list, but still could not enter the site. I am having no problems logging onto these sites with another browser, but FireFox is not working. Any suggestions? I would like to keep FireFox as my default browser, if that's possible. Thanks!
All Replies (7)
https://support.mozilla.org/en-US/kb/websites-say-cookies-are-blocked-unblock-them
Make sure you are not blocking content.
https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop also see https://blog.mozilla.org/security/2021/03/23/introducing-smartblock/
https://support.mozilla.org/en-US/kb/smartblock-enhanced-tracking-protection
Diagnose Firefox issues using Troubleshoot(Safe) Mode {web link}
A small dialog should appear. Click Start In Troubleshoot(Safe) Mode (not Refresh). Is the problem still there?
Many site issues can be caused by corrupt cookies or cache.
Warning ! ! This will log you out of sites you're logged in to. You may also lose any settings for that website.
- How to clear the Firefox cache {web link}
Firefox 96 has updated a few technical details of how "same site" vs. "third party" cookies are handled to increase security. (MDN) These changes were intended to be in line with Chrome and Edge but seem be causing problems on some sites, and various new bugs are on file with the developers for consideration.
Hopefully we'll have more suggestions about what to do about that in the coming days. For now, it makes sense to use a different browser for that site rather than tinker with the new settings, since we can't confidently give advice on them yet. Sorry for the inconvenience.
Here is a message received today from a site that wouldn't allow me in:
We're sorry for this error. In order to use this service, your internet browser must accept third-party cookies. Please refer to your browser's online help for enabling cookies in your system. Please try again after you enable the cookies.
https://support.mozilla.org/en-US/kb/update-firefox-latest-version?cache=no Did you update Firefox to the latest version?
Version 96.0, first offered to Release channel users on January 11, 2022 Version 96.0.1, first offered to Release channel users on January 14, 2022
https://support.mozilla.org/en-US/questions/1359657#answer-1463359
and updated to 95.0. . . . I finally found where the plugin "Widevine Content Decryption
Module provided by Google Inc." was not updating to the newest version of
December 1, 2021. Ver #4.10.2391.0
cor-el; Make sure you have the latest Widevine version. You can toggle DRM off/on to see if that makes Firefox (re)load DRM components.
- Settings -> General: Play DRM
- https://support.mozilla.org/en-US/kb/enable-drm
You can possibly check the XHR requests in the Browser Console if this doesn't work.
whitmanjohnson67 said
Here is a message received today from a site that wouldn't allow me in: We're sorry for this error. In order to use this service, your internet browser must accept third-party cookies. Please refer to your browser's online help for enabling cookies in your system. Please try again after you enable the cookies.
Firefox 96 made three changes related to cookies. I don't think you have provided enough information to know which change is affecting that site, so I'll provide information on all three changes.
(1) If the server does not specify the SameSite setting for its cookies, Firefox changed from treating it as SameSite=None (allow serving as a third party cookie) to SameSite=Lax (partially restricts serving as a third party cookie).
This seems to be the one that affects Canvas/Kaltura users. However, it turns out to be difficult to find the relevant host names so that you can set an exception for those sites.
It also seems to affect iCloud two-factor authentication. See: https://support.mozilla.org/questions/1364242
(2) If the cookie was set on an HTTPS page, it is not automatically passed to HTTP pages on the same server. In other words, SameSite consider the protocol (scheme) as well as the host name. This is a problem for older sites that use HTTP for most pages but do the login over HTTPS. Example: https://www.reddit.com/r/firefox/comments/s3iych/south_korea_cant_sign_in_to_some_websites_after/
(3) If the server specifies that third party cookies are okay by setting SameSite=None, this is only honored for HTTPS pages, not HTTP pages. I don't know whether this is causing problems on any sites.
There is a change in Firefox 96 related to cookies and insecure sites.
See also:
- /questions/1363998 blocked 3rd party cookies
As a workaround for now you can modify this pref on the about:config page to revert this change.
- about:config => network.cookie.sameSite.laxByDefault = false
You can open the about:config page via the location/address bar. You can accept the warning and click "I accept the risk!" to continue.
This earlier suggestion seems to be the most practical: "For now, it makes sense to use a different browser for that site rather than tinker with the new settings, since we can't confidently give advice on them yet. Sorry for the inconvenience." I'm using Edge to access the sites that are blocked by Firefox. I hope Mozilla can eventually resolve the problem.