Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Disabling Firefox automatic requests

  • 9 uphendule
  • 1 inale nkinga
  • 15 views
  • Igcine ukuphendulwa ngu cor-el

more options

The last version of Firefox is making some connections I don't know how to stop. I've modified some of the parameter in "about:config", but there are still HTTP request to the following URLs that I didn't manage to stop:

https://firefox-settings-attachments.cdn.mozilla.net/security-state-staging/intermediates/* https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/records

Also, does anyone know if there is a configuration file where I can modify directly all of the parameters I changed in "about:config"?

Thanks!

All Replies (9)

more options

capitan.shinchan said

The last version of Firefox is making some connections I don't know how to stop. I've modified some of the parameter in "about:config", but there are still HTTP request to the following URLs that I didn't manage to stop: https://firefox-settings-attachments.cdn.mozilla.net/security-state-staging/intermediates/* https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/records

I'm just guessing here:

Do you use Firefox Sync? There was an infrastructure update to make storage for the uploaded data more resilient and reliable. These URLs sound like they might be related to that, but I haven't researched them.

Also, does anyone know if there is a configuration file where I can modify directly all of the parameters I changed in "about:config"?

Changes you make in about:config are nearly all written to the prefs.js file in your currently active profile folder. If you plan to edit that file directly, please do it while Firefox is not running, otherwise your changes probably will be overwitten before an hour has passed.

More info on the profile folder:

Profiles - Where Firefox stores your bookmarks, passwords and other user data

Helpful?

more options

Actually, Firefox connects to the second URL and retrieves a JSON that contains a series of IDs that correspond to some certificates (in pem format), which are retrieved by the first URL:

https://firefox-settings-attachments.cdn.mozilla.net/security-state-staging/intermediates/b77966b0-d8a8-461b-82c0-0b542d6d45b8.pem


b77966b0-d8a8-461b-82c0-0b542d6d45b8 is one of the UUIDs returned in the JSON when Firefox calls: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/records?_since=%221603483070597%22

Helpful?

more options

Hi Capitan Shinchan,

Try doing the steps below.

Step 1 : Click the menu button and select Options. Preferences. Step 2 : Select the Privacy & Security panel. Step 3 : Under Content Blocking, Choose the custom setting. Step 4 : Uncheck Trackers.

Hope it helps, Sathish

Helpful?

more options

Great research! Intermediates refers to intermediate certificates. Downloading these in bulk is a new thing.

The intermediate certificates are the ones between the trusted root certificate included with Firefox and an individual website's own certificate. For example, on this site:

  • Root: Amazon Root CA 1
  • Intermediate: Amazon / Server CA 1B
  • Site: support.mozilla.org

For years (decades!), Mozilla insisted that websites were responsible for serving all the certificates needed for verification. That is, not only the certificate they bought, but the ones in a bundle file provider by the issuer that link the site certificate to one of the trusted root certificates included with Firefox. No other browser makers required this; they used other approaches to fill the gap so users didn't get a secure connection error. Finally, Mozilla has decided to follow the others and pre-cache known/trusted intermediate certificates so that users are not punished for the errors of websites.

It appears that the list is downloaded in parts, perhaps about 1MB per day for 4-5 days. However, I haven't studied it in too much detail. https://www.reddit.com/r/firefox/comments/j4zf5t/are_the_past_intermediate_ca_caching_problems/

In your second link, the data file appears to be linking to two new intermediate certificates. It also mentions certificate revocations and normandy recipes. Revocations are for certificates that the issuer has canceled, which could occur if they are stolen and could be used for fraudulent purposes. Normandy is a system for updating Firefox in small, quick ways, such as disabling features that cause problems or running studies (About Studies).

Okulungisiwe ngu jscher2000

Helpful?

more options

@Sathish I already had that option disabled. This is not related to tracking, is related to the update of the intermediate certificates.

@jscher2000 Yet, I already knew that, what I was looking for is to prevent Firefox to do that automatically. I don't think it's a privacy issue (not much at least), but I really want to avoid any automatic request done by Firefox, so I was hoping to find a parameter in about:config to disable this.

Helpful?

more options

capitan.shinchan said

Yet, I already knew that, what I was looking for is to prevent Firefox to do that automatically.

I think this is the preference related to bulk downloading of intermediate certificates, but I haven't researched in depth: security.remote_settings.intermediates.enabled

Helpful?

more options

jscher2000 said

capitan.shinchan said

Yet, I already knew that, what I was looking for is to prevent Firefox to do that automatically.

I think this is the preference related to bulk downloading of intermediate certificates, but I haven't researched in depth: security.remote_settings.intermediates.enabled

Firefox is still making a bunch of connections :\

Helpful?

more options

I wonder whether the ones with monitor in the URL are related to Firefox Monitor ??

A CRL is used to check for certificate revocations. I don't know what is being checked there.

Helpful?

more options

There is lots of data (86 buckets) in the JSON file send via the records link, so even if you disable the intermediate certificate then still other data can be requested..

Helpful?

Buza umbuzo

Kufanele ulogele ukungena ku-akhawunti yakho ukuze uphendule amaphosti. Uyacelwauqale umbuzo omusha, uma ungekabi nayo i-akhawunti namanje.