<Security Issue> Can Firefox versions be downgraded automatically?
The image below are the details of my google account activity taken out from Google. The ip addresses in red I have hidden as they are my real IP. The rest of the IP's are not mine, and with a quick iplookup it directs to Sverdlovskaya oblast' in Russia. Now I dont think I used a russian vpn but there is a possibility I made an error. But what really strikes me here is the Firefox versions. At both the points 1 and 2, marked in blue. there is a change in version, in fact a downgrade from 100.0 to 96.0. How is this possible? I cant seem to find an explanation. And then it jumps back up to 100.0. I also another timestamp where it downgraded to 96.0, and then came back to 100.0 . I'm really worried about the possibility of a hacker on my computer. If someone can find an answer to this it would mean a lot!
All Replies (8)
Hi
Do you have any add-ons installed in Firefox?
Seburo said
Hi Do you have any add-ons installed in Firefox?
Yes here are the extensions I'm using: uBlock Origin DuckDuckGo Privacy Essentials Bitwarden (A cloud service password manager, I installed very recently after this problem started) IDM Internet Download Manager
Note that there are System Details with a list of the installed extensions available via the "More system details" button. Firefox wouldn't normally downgrade (but can change the user agent), but you may have multiple versions installed (both 64 bit or a 32-bit and a 64-bit version).
Isn't Google including the location as that is normally the case when Google suspect abnormal traffic to an account ?
I assume you have scanned for malware (Troubleshoot Firefox issues caused by malware) and changed your Google login?
All the red ones are Firefox 100, but it's a little hard to read when the columns are so far apart. If I cut out the middle, it is clearer:
One thing that's puzzling is that you have privacy.resistFingerprinting enabled (in the browser you used to post this thread), so Google should be detecting your browser as Firefox 91, not 100 and not 96. I wonder whether Google is doing something tricky to tease out the real version number, or whether those accesses were made from another installation that isn't using privacy.resistFingerprinting. I'm not sure what is going on.
jscher2000 - Support Volunteer said
I assume you have scanned for malware (Troubleshoot Firefox issues caused by malware) and changed your Google login? All the red ones are Firefox 100, but it's a little hard to read when the columns are so far apart. If I cut out the middle, it is clearer:One thing that's puzzling is that you have privacy.resistFingerprinting enabled (in the browser you used to post this thread), so Google should be detecting your browser as Firefox 91, not 100 and not 96. I wonder whether Google is doing something tricky to tease out the real version number, or whether those accesses were made from another installation that isn't using privacy.resistFingerprinting. I'm not sure what is going on.
Actually, I became paranoid after this problem occured. So I turned off any possible privacy compromisers like fingerprinting and location access. So looking at my data, now I have Firefox 91.0 as you said, which I installed on 14 May, 2 days later. I have done a full antivirus scan(0 threats detected), deleted all browser passwords, and changed all my website login passwords completely. But I have no clue how did this Russian IP get here in the first place!
Okulungisiwe
cor-el said
Note that there are System Details with a list of the installed extensions available via the "More system details" button. Firefox wouldn't normally downgrade (but can change the user agent), but you may have multiple versions installed (both 64 bit or a 32-bit and a 64-bit version). Isn't Google including the location as that is normally the case when Google suspect abnormal traffic to an account ?
Not really, this is the entire account activity data that I extracted from my account, it does not necessary log only the abnormal traffic. What is the user agent, and how can it change?
You appear to have enabled "Resist Fingerprinting" (privacy.resistFingerprinting = true) and when this feature is enabled some changes are mode on how Firefox presents itself to internet servers. One of them is that the user agent is changed to current ESR release (91.0).
- User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
Other changes are the timezone that is set to UTC (GMT) and there are restrictions about the Firefox window sizes that get rounded.
How is this log created ? Is this provided by Google or is this a local log ? I normally get an email when I access a Gmail account via another Firefox version/profile that shows the location detected by Google (likely via a reverse DNS lookup of the the IP).
cor-el said
You appear to have enabled "Resist Fingerprinting" (privacy.resistFingerprinting = true) and when this feature is enabled some changes are mode on how Firefox presents itself to internet servers. One of them is that the user agent is changed to current ESR release (91.0).Other changes are the timezone that is set to UTC (GMT) and there are restrictions about the Firefox window sizes that get rounded.
- User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
How is this log created ? Is this provided by Google or is this a local log ? I normally get an email when I access a Gmail account via another Firefox version/profile that shows the location detected by Google (likely via a reverse DNS lookup of the the IP).
This log was created by Google themselves, which i downloaded through their Google Takeout feature. I dont think I ever got an email related to a new device which I did not recognize. I think i get the firefox version thing now, since I was making a lot of privacy setting changes within firefox when i observed some problems at the time. But the russian ip still goes unexplained :(