Yonke imikhiqizo Community Forum

When I opened my computer this morning, it said Firefox crashed. Yesterday, I was scammed by a scammer claiming to be from Microsoft who had me do many things on my computer to remove a virus that wasn't there. Instead, I suspect he may have access to my information now. So this morning after it said that Firefox had crashed, I asked to open a new Firefox session and things seemed to be normal. Please double check to make sure there is nothing wrong with my Firefox account and let me know. Thank You!

I am logged on to my Credit Union and attempt to download my statements. When using Firefox I get the message: {"Errors":["Authorization has been denied for this request."]}

When I contacted my CU, they said to add an URL to the Manage Exceptions. This worked, but I want to know why Firefox needs this but Chrome doesn't.

سلام خسته نباشید خوب من کم سرمایه ندارم گوگل میاد ایمیل خودش رو تو کانکت شدن هر نرم افزار تحمیل میکنه سیستم های اطلاعاتی داخل کشور گوگل رو به عنوان بزرگترین باگ اطلاعاتی برای شهروندان ایرانی شناسایی کرده تا به الان هم با کانکت بودیم مشغول تحقیقات بودیم چه باید کرد برای استفاده از گوشی به طور کلی سرویس گوگل رو کنار گذاشته و از ایمیل ملی اگر قابل قبول هست و يا حتي ایمیل هات میل و اوت لوک استفاده کنیم من از کشور ایرانم

The application Thunderbird was added to my microsoft account without my consent, and immediately a bunch of e-mail rules were set up to pass on e-mails and delete them. This led to me loosing acces to a bunch of stuff, among which are vinted, discord and humble bundle. Discord has been recovered now though. However, microsoft support was very elusive on how this happened, how specifically thunderbird recieved permission to acces my microsoft account. Could you please explain how hackers were able to abuse your application to make life hard on people?

Any help would be appreciated,

i was about to add another account to TB and checked for cves first and saw this:  CVE-2025-11715

Ubunut is affected by it but there is no way to update my installed version to a stable release in the ubuntu software centre. I dont have the technical ability to know how to install directly from the website. Is it possible to know if people unable to update have been affected by the CVE and what to do if upgrades are not possible?

Thanks

Hello,

I have a question regarding automatic updates for Firefox.

I sometimes use a Linux live system (with pre-installed Firefox 140), and Firefox updates flawlessly through the „Help --> About Firefox“-setting.

Is the connection with the Mozilla-server encrypted (https:) during this update?

Are the updated files also checked for integrity?

thank you in advance

Newbie72

I understand that Firefox VPN will be out for test. However, it is not clear which countries it will be available from the article:

https://support.mozilla.org/en-US/kb/use-ip-concealment-in-firefox

How is it planned?

Im new to thunderbird. Even though I have created a main password I find that I suddenly I can open the application and view accounts and even security info, without putting it in anyway. I press cancel and the application opens and I can see accounts.

I havent saved the password anywhere so its not automatically being filled in. Is this just for offline access? How can I tell if my accounts are secured and what my  offline/ online status is when using thunderbird?

Hello,

I have saved message templates that I use. Each one also has a footer (which I save as an .html file).

When I use this template to send a message, the image in the footer doesn't load and I get the message: Thunderbird has blocked the file from loading in this message.

When I click UNBLOCK, nothing happens. The image still doesn't get added. It's a very small image from my footer/signature. 'When I compose a new message, I don't have this problem' – the image in the footer loads and is sent to the recipient. This problem occurs when I try to send a message saved in the templates. There's no way to "unblock the image" and send it.

Hallo,

(new information at the end)

in an effort to understand why one s/mime signed message I received could not be verified by Thunderbird (140.3.0esr (64-bit) on Ubuntu 24.04.3 LTS) (error 1041, "unknown problems with this digital signature"), but by all other clients I and others could check (including cli tools openssl, cmsutil), I did a few tests using my own certificate (using rsaEncryption, SHA256).

Inital observation: Messages signed with "openssl smime -sign -in msg.txt -to <email> -from <my-email> -subject test -signer mycert.pem -inkey mykey.pem -out signed.eml" and opened in Thunderbird showed error 1041. Any modifiers like -crlfeol, -text, -binary, ... did not make a difference.

Omitting signed attributes (-noattr) however helped. The signature was verified.

Further investigations now showed that the reason for that is a mismatch of the signing time in the signed attributes block with the RFC 5322 date in the header (or a missing date, which is the reason, the openssl smime output is rejected). If there is no match, Thunderbird shows a 1041 error (unknown problems with the signature).

However, I'm wondering whether such a test a reasonable. The standards don’t instruct MUAs to compare signingTime to the RFC 5322 Date. Flagging a mismatch is not required by spec and in my opinion adds little to no security value. The RFC date header can be easily modified and the signing time is openly readable.

Does anyone knows why it has been decided to test that?

I am trying to sign an email with my dsc token. Token contains Digital Signature, Non-Repudiation and E-mail Protection, Document Signing, 1.2.840.113583.1.1.5, Smartcard Login, Client Authentication key usages. Encryption is not required. Only want to sign. Able to see the the certificate in both account setting and thunderbird settings. But still when I select sign and try to send a mail, not prompting for PIN and failing with " Sending of the message failed. You specified that this message should be digitally signed, but the application either failed to find the signing certificate specified in your Mail & Newsgroup Account Settings, or the certificate has expired." error message

I am working on a stig for Mozilla Firefox and I'm trying to do a scap compliance scan but or some reason I am getting a score of zero on all systems. We do patch regularly and at some point one of the version upgrades caused our compliance scans stopped working. I need a fix and cannot find anything when searching for this issue.

I would like to know how the Firefox CVEs are affected on its version which are mentioned in NVD.

Let take mfsa2025-59, for example CVE-2025-8040, as per the NVD its says Firefox ESR < 140.1 is affected so does that mean it affect all the version which are lower than 140.1 which included the ESR 128 and ESR 115 versions or just the ESR 140 version series? then it raise on more question check this cve-2025-8029 in NVD it has specifically mentioned it only affect "Firefox ESR < 128.13, Firefox ESR < 140.1" and not the ESR 115 versions. Could anyone confirm it does not affect the ESR 115 versions or it affect all the versions? Now check this one cve-2025-8027, NVD clearly mentioned "Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1" are affected so what I understand is that if the Firefox ESR 115 is vulnerable to any CVE it would be mentioned in the NVD specifically.

My point is that if any Firefox CVEs are listed in NVD and it specify only one version like “Firefox ESR < 140.1” what does that mean? Does it affect all the versions which include ESR 128 and ESR 115 or just the ESR 140 series version only affected? If any CVEs are affected on the ESR 115 and ESR 128 does Mozilla specifically mentioned those versions are affected right? Just like its mentioned in the cve-2025-8027

Any help would be appreciated to clarify this.

So I keep getting this pop-up message from Norton, "Not seeing new emails in your email app?" Everything seems to work appropriately in Thunderbird. I'm getting new emails as I always have. The problem is as long as Thunderbird is open Norton keeps popping this stupid thing up every 10 or so minutes. Has anyone had this? Have you found a way to get Norton to realize everything is fine and stop popping up? It's like playing a game of wack a mole all day.

Hi, I'm installing Thunderbird, and it displays "Mozilla Thunderbird Email wants to access your Google Account", and then "This will allow Mozilla Thunderbird Email to:" and "... permanently delete all your email from Gmail" and "See, edit, share and permanently delete all the calendars that you can access using Google Calendar", DOES THIS MEAN that Thunderbird WILL "DELETE ALL my email from Gmail" as soon as I click ALLOW ??? Silly question, I'm sure, but I don't like the wording, and the possible implication. Thanks, AK