How to prevent Firefox to disable addon that I trust? It's an old version, but I want to keep using it.
I use an old version of 1Password. I don't want to update it. Current version is far enough for my needs.
But last week, it started to show this: "Browser connection refused".
and its log file states this: "Refusing helper connection because of untrusted certificate".
So, I know that extension and I trust in it. I only want to keep using it, but Mozilla is denying.
How to avoid that certificate checking?
Digging the profile folder, I found some files that may bring the solution, but I don't know how: addons.json addonStartup.json.lz4 extensions.json
Older versions of Firefox had an option to uncheck certificate validation, as we see here: https://smallbusiness.chron.com/disable-firefox-rejecting-certificates-59249.html but I'm afraid that my current version (66.0.2) has not. I can't find it.
Tất cả các câu trả lời (19)
Hi Gabarito, where do you see the message:
But last week, it started to show this: "Browser connection refused".
and its log file states this: "Refusing helper connection because of untrusted certificate".
I think the helper connection may refer to the extension's connection to the locally installed 1Password program, which would be a different issue from Firefox's built-in validation of extension signatures or the kind of certificate revocation checking (OCSP) referenced in that article you found.
jscher2000 said
Hi Gabarito, where do you see the message: I think the helper connection may refer to the extension's connection to the locally installed 1Password program, which would be a different issue from Firefox's built-in validation of extension signatures or the kind of certificate revocation checking (OCSP) referenced in that article you found.
Thank you for your prompt response, jscher2000.
Attached, a picture of the Windows message. Local program works very well, but it's unabled to connect to its partner, browser extension. I'm looking for a solution, doesn't matter if it's a certificate issue or whatelse.
Any ideas?
Thx.
Here is a piece of the log file:
Type Time Thread Message I System Uptime: 0 day(s) 03:36 I 12.960.807ms 1 Locking app with windows locked (SessionUnlock). I 12.960.807ms 7 > sync account id: 1; type: L time: 6.841ms
I 12.961.002ms 43 network is available again I 12.961.002ms 7 refreshing network E 12.961.552ms 12 Refusing helper connection from "C:\Windows\explorer.exe", because of untrusted certificate. I 12.961.642ms 7 network configured in 629ms I 12.964.656ms 7 > sync account id: 1; type: L time: 2ms
I 12.965.498ms 7 Loaded 9.720 compromised sites in 00:00:00.0249240 I 12.965.919ms 7 Loaded 492 sites with 2FA. E 12.981.653ms 13 Refusing helper connection from "C:\Windows\explorer.exe", because of untrusted certificate. E 13.001.761ms 18 Refusing helper connection from "C:\Windows\explorer.exe", because of untrusted certificate. E 13.021.860ms 20 Refusing helper connection from "C:\Windows\explorer.exe", because of untrusted certificate. E 13.041.991ms 17 Refusing helper connection from "C:\Windows\explorer.exe", because of untrusted certificate.
More info: extension icon becomes grayed (unable) few seconds after Firefox starts. And I get that message (Browser refuses...) at Windows tray bar.
Hi Gabarito, thank you for the screenshot:
It's a message from 1Password, not an objection from Firefox.
When search for that error message, I find this comment from 1Password support folks:
The connection refused message means 1Password is unable to validate your browser's code signature. This is a security measure to make sure the browser you're filling in is what it claims to be and not a malicious process masquerading as your browser.
https://discussions.agilebits.com/discussion/comment/473343/#Comment_473343
You might try opening a support ticket with them to see whether they can track down the problem.
jscher2000 said
The connection refused message means 1Password is unable to validate your browser's code signature. This is a security measure to make sure the browser you're filling in is what it claims to be and not a malicious process masquerading as your browser.https://discussions.agilebits.com/discussion/comment/473343/#Comment_473343
You might try opening a support ticket with them to see whether they can track down the problem.
Yes, I already had saw comments like that at Agilebits forum. But the solution, they say, it's to update the program. I resist to do that. I don't want to pay updates for something I already have and was working very well, filling all my needs. And the new versions has something to push my Vault with passwords to their servers cloud. I prefer to keep my Vault locally, here with me, at my discs drives. Exactly as it is now, using old version.
I don't understand why it happens these days. Because of that, I thought it was some measure from Mozilla revocating extension certificate, similar to that occurred when Firefox refused all extensions globally, some months ago.
Because all of that, I'm asking for help to get a way to circumvent that browser refusal.
If someone knows how to make my old extension to work again, please, feel free to comment.
Thx.
As far as I can tell, it's not Firefox refusing the connection. The extension is reaching out to the locally installed 1Password program and the program is rejecting the connection. I don't think changing any Firefox settings will help.
What happened in early May was that the certificate Mozilla used to sign most extensions in recent years expired, so the extensions signed with that certificate could no longer be verified and became disabled. The workaround was to add a new certificate into Firefox as an alternate way to prove the extension signature was valid. Then the extensions could be enabled again. Very different issue.
Thank you very much, jscher2000.
Unfortunately, guided by your comments, I'm reaching into a point to look for another way to store my passwords ...
I can't understand why it suddenly happened.
Question is open.
If someone else had more ideas, lets listen them.
You can consider to install the Firefox Lockwise Password Manager.
This is currently an extension in Firefox, but will be builtin in future Firefox versions. This extension allow to add a new Login.
cor-el said
You can consider to install the Firefox Lockwise Password Manager. This is currently an extension in Firefox, but will be builtin in future Firefox versions. This extension allow to add a new Login.
Thank you for your suggestion.
I'll take a look at Lockwise later.
jscher2000 said
What happened in early May was that the certificate Mozilla used to sign most extensions in recent years expired, so the extensions signed with that certificate could no longer be verified and became disabled. The workaround was to add a new certificate into Firefox as an alternate way to prove the extension signature was valid. Then the extensions could be enabled again. Very different issue.
Thank you for explanations.
jscher2000 said
As far as I can tell, it's not Firefox refusing the connection. The extension is reaching out to the locally installed 1Password program and the program is rejecting the connection. I don't think changing any Firefox settings will help.
I had run some tests here. I killed the main application task and restarted Firefox. Extension remains unabled, grayed icon. I removed the extension and instaled it again with a xpi file I already have (it's not at Mozilla Store anymore because it's outdated). Restated Firefox but there is no way to enable it back, even if I disconnect computer from internet. So, maybe the refusal it's not caused by the main application. And, because the browser was disconnected from internet, I don't know why extension is still denied. I suspect about some files on profile folder is refusing the extension
Any ideas?
Gabarito said
I removed the extension and instaled it again with a xpi file I already have (it's not at Mozilla Store anymore because it's outdated). Restated Firefox but there is no way to enable it back, even if I disconnect computer from internet.
Does Firefox list the reason the extension is disabled on the Add-ons page? Usually it will be in red text.
jscher2000 said
Gabarito saidI removed the extension and instaled it again with a xpi file I already have (it's not at Mozilla Store anymore because it's outdated). Restated Firefox but there is no way to enable it back, even if I disconnect computer from internet.Does Firefox list the reason the extension is disabled on the Add-ons page? Usually it will be in red text.
Good question. Answer is "no". Simply, extension icon remains grayed, but it has normal look at Add-ons page. See captures below:
Được chỉnh sửa bởi Gab Arito vào
Okay, Firefox isn't disabling the extension. I think the icon is gray because the extension can't make a connection with the 1Password application. However, I'm just guessing because I don't use that extension.
Thank you for your support, jscher2000.
Gabarito, It is a VERY bad idea to use old versions of any software. This is especially the case with a piece of software that manages your passwords. New versions will have fixed security issues and bugs that could expose your passwords.
Please update your software.
Also, please update to Firefox 67.0.4, there are very serious security issues in older versions of Firefox that have been fixed.
Được chỉnh sửa bởi user633449 vào
Thank you, Tyler. I'll consider your advices and, maybe, change my minds.
Meanwhile, if someone else has new tips/ideas, I'm interested to hear them.