Mozilla stops rollout of its latest version of Firefox, version 65

Topic

New Reply

Lawrence Abrams on BleepingComputer says Mozilla has halted the automatic updates to Firefox 65 as users are unable to browse web sites due to certifi
[See the full post at: Mozilla stops rollout of its latest version of Firefox, version 65]

9 users thanked author for this post.

Demeter, Elly, CyGuy, rontpxz81, Microfix, wdburt1, Fred, abbodi86, PhotM

Reply | Quote

Replies

? says:

thank you for the timely heads up! i guess this affects Windows\Firefox users? i installed the Firefox 65 security update for ‘buntu on Wednesay, 1/30 from the security page:

https://usn.ubuntu.com/

haven’t had the difficulties since i’m not running any “antivirus software.”

 

Reply | Quote

I’ve not had any issues on two separate pc’s with FF65. From what I’ve read this seems to be an issue with Avast (also AVG a part of Avast).

Reply | Quote

I have been having unexplained system lockups while using Firefox 65. It usually happends when an embedded video trys to play. Only a hard reboot unfreezes it. It happened twice yesterday. At first I thought maybe it was possibly the MS monthly patches, but I updated on January 25th with no issues. FF was updated on Thursday.

I am running Malwarebytes. Interesingly the FF update disabled my HTTPS Everywhere extension, and it could not be restarted. Uninstalling the extension and reinstalling the extension fixed that issue.

Reply | Quote

I’ve been on 65 for a few days now and haven’t had any problem, but then I am using Norton Internet Security. I don’t watch many videos, but the few I have watched, I’ve had no problems with. My only beef with Mozilla is that 65 broke my chrome.css and I had to start all over again on my user interface tweaks. Too bad with all this constant updating on everything out there, they can’t get it right so that it doesn’t break things. Oh Well, only in your dreams.

Reply | Quote

I haven’t had any problems with FF 65, guess I’m one of the lucky ones. I have AVG.

Windows 11 Pro
Version 23H2
OS build 22631.5189

Reply | Quote

? says:

poked around and found this fix from mozilla:
https://support.mozilla.org/en-US/kb/fix-problems-connecting-websites-after-updating

2 users thanked author for this post.

rontpxz81, Fred

Reply | Quote

Some of these virus programs are intercepting https communications in a man-in-the-middle type configuration, where the virus scanner substitutes its own certificate for the actual site.  I think that is what Firefox is warning on.   I’ve always wondered, especially with the free programs whether there is tracking of the urls visited and a resulting profiling of the user.

I have no external program hooked into my browser.   If a file hits a drive, the virus scanner will see it.  Insofar as malicious sites are concerned, I use Quad 9 DNS to block known malware sites.

Reply | Quote

? says:

Wonder no more, Spynet is old hat but real and is baked into the Microsoft Security Essentials and previously Windows Live OneCare I have used for years. When disabled, it turned off Dynamic Signature updates and real time scanning so they have been collecting my data for as long as I have been using it. Probably has collected more data than all of the win7 spying put together, but hey it is “free.”

https://en.wikipedia.org/wiki/Microsoft_Active_Protection_Service
and
https://www.ghacks.net/2011/06/02/disabling-microsoft-spynet-in-windows7/

Reply | Quote

Not some. ALL of them that claim to inspect HTTPS are doing MITM, and all of them are doing it wrong.

https://www.zdnet.com/article/google-and-mozillas-message-to-av-and-security-firms-stop-trashing-https/

https://arstechnica.com/information-technology/2017/01/antivirus-is-bad/

 

Reply | Quote

Sad that FireFox chose to become Chrome…

The circle is complete.  (Heavy Sigh)

Reply | Quote

Can’t see any of that, luckily, but in my case FF 65.0 seems heavier, loads as twice as long as the previous few (not so light either) releases.

1 user thanked author for this post.

rontpxz81

Reply | Quote

no problems here, given AVG and Avast’s recent history, I’d suspect that a setting in either is causing the problem, AGAIN!

Reply | Quote

Just had a problem not being able to log-in via FF60.5 ESR after many tries.
Reverted back to FF60.4 ESR, and here I am 🙂
Strange, could log-in yesterday without issue on FF60.5 ESR..

Windows - commercial by definition and now function...

Reply | Quote

I’m using FF65 everywhere, TrendMicro AV, and had no problems. As MVP or Lounger, from Mac or Win8.1.

Reply | Quote

Just glad FF 64 didn’t update before FF 65 was pulled as Kaspersky Internet Security is on my Win7 Pro workstation. Mozilla removed the option to hold updates. Although mine is set to notify before updating…, in fact it doesn’t and installs updates regardless. KIS 2019 DOES screen every URL and uses a Kaspersky certificate for ALL sites. Sadly Mozilla appears to be taking lessons from other bad actors. Last thing I’d want to do would be using IE 11 for secure transactions, even with KIS 2019 secure browser. This is one black eye for Mozilla as the consequences would have been easy enough to test before roll-out. 🙁

1 user thanked author for this post.

Bill C.

Reply | Quote

You seriously should read the links in the comment above (https://www.askwoody.com/forums/topic/mozilla-stops-rollout-of-its-latest-version-of-firefox-version-65/#post-320224) regarding MITM/SSL interception before blaming browsers. Disable HTTPS scanning in Kaspersky (or any other AV you happen to be using), it’s just evil and dangerous.

Reply | Quote

By the time the “snafu” was mentioned by Woody, it had been “fixed” by Avast/AVG with signature updates. They were released during the late afternoon Eastern time Friday the 1st of February, per the article in Bleeping Computer.

Also, I’m running AVG Free, but I don’t have their Web scanning engine component installed, just the basics of file scanner and email scanner.  However, I do indeed have their (AVG’s) root certificate installed in Firefox 65’s store (just checked after reading the article a few minutes ago). Dunno how it got there, but it’s there. Have been using FF65 since earlier this week (Thursday) with no issues whatsoever. So, just maybe the problems were caused by an AVG setup that somehow just didn’t place its root cert in FF’s store on some folks’ machines.

BTW, I’ll freely admit that the presence of AVG’s root cert in FF’s store on my machine may very well be due to one of the updates/signature updates AVG has released in the last few days. I compared it against the one in Windows’ store, and they’re identical. To look at Windows’ store I simply used the “Certificates” button on the “Content” tab of the “Internet Options” part of Control Panel.

For those using AVG or Avast and who don’t currently have the root cert in FF’s store, perhaps there’s a way to import it from Windows’ store? After all, there’s an “Import” button that’s not grayed out at the bottom of FF’s Certificate Authorities tab of their cert manager, meaning that it’s available for use in importing a cert from a location of the user’s choosing. So, just exactly where is the cert store for Windows to go get AVG’s/Avasts’s root certificate from?

Yes, I know that another workaround is mentioned in the Bleeping Computer article, for just having FF use the entire Windows cert store, but it involves going into the configuration file for Firefox. However, a good number of folks would just prefer to never go there for fear of permanently messing something up and then not being able to find their way back to fix it, hence the question(s) posed above.

1 user thanked author for this post.

Charlie

Reply | Quote

For users of the Avast Anti Virus software. You can opt-out of https scanning. You can even ask yourself if you ever want an Anti Virus software to scan a https connection. As it then becomes a sort of man in the middle type connection.

Open Avast.

Then click the Menu option on the top right side.

Click the cogwheel for Settings.

Click the padlock Protection.

Click important shields. Scroll down and click the Webshield Tab.

Untick the https-scans box.

W10&11 x64 Pro&Home

Reply | Quote

On Avast Free, the settings are slightly different, eg, instead of Important Shields, it’s Core Shields.  But your instructions are enough to get us Free users to the right setting.  Thank you.  Since I am not experiencing any https problems on Firefox, I’m leaving this checked.  Perhaps  Avast had already fixed this problem at their end?

iPhone 13, 2019 iMac(SSD)

1 user thanked author for this post.

Sinclair

Reply | Quote

I also use Avast Free but with a Dutch Menu. I directly translated the options into English but Avast seems to use different names for different items in other languages. Because this could be an issue I also added the place or look of a menu item. Like top right, cogwheel, padlock etc. Nice to know that beranglijkste schilden is translated as core shields by Avast. Thank you.

I did not have issues with Avast, Firefox and https. Since when ever they added the https scan option to Avast I had turned it off and kept it off ever since. But this option sits rather deep in Avasts menus and is on by default. So I tried to point out where to look.

The main issue as pointed out by others as well. Is that the whole reason of having a secure https connection. Is that no other party sits or reads the encrypted data stream between you and the other party. The Anti Virus software has to sit here in between and decrypt and encrypt the data in order to scan the contends. If it did not do this then all the Anti Virus Program would read is the encrypted data which is unreadable including any malicious code that might hide in it.

This however also means that the full content of this data is read and known by the Anti Virus Software. I personally am not happy with the Anti Virus Company reading along on my medical, bank, ensures, tax, etc type of content. That tends to make heavy use of https connections. Some banks even have in there sixty page that no one reads terms of use on online banking. That no third party sits between or is used when using their online banking service. This includes Anti Virus Software. For added fun they often also demand that the user has an up to date computer and makes use of a proper Anti Virus Program. Which per their own terms of use may not read along on your connection between you and the bank.

W10&11 x64 Pro&Home

Reply | Quote

After reading the opening part of this thread this morning, I checked Firefox Help > About to see what version I was running, and was promptly forced-fed version 65 (updating from version 64).  Sheepishly I admit that that is the way my settings were set.  No problems so far.  I am running Bitdefender as well as FF add-ons uBlock Origin, HTTPS Everywhere, and Privacy Badger.

Reply | Quote

Sorry you got hoodwinked on that fella. Sadly Firefox has gone the way of forcing us to update, so to speak.

https://support.mozilla.org/en-US/kb/update-firefox-latest-version

To avoid this pitfall one can check their version elsewhere w/o running the risk of inadvertantly updating to a version they aren’t ready for yet.

Options/General Tab/scroll by Digital Rights Management (DRM) Content & notice it will say Firefox updates & display version history.

We used to be able to set it for never check.  Now the best we get is check but ask when to install, heavy sigh.

Win 8.1 (home & pro) Group B, W10/11 Avoider, Linux Dabbler

1 user thanked author for this post.

Charlie

Reply | Quote

I have my update preferences set to manual as you described.  I’m not as trusting as I used to be.  I only waited four days before doing the update, and in those four days I didn’t see or hear of any problems.  Should have waited longer, which I will do from now on.

I haven’t experienced any of the serious problems now surfacing.  I have AVG Free and I’m not hindered browsing in any way.  I think AVG must have fixed the problem.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

“Allow Firefox to check for updates but let me choose when to install them.” As with MS I never rush to update and actually forgot about the ver. 65 update after the notification this week. Win 7 Pro x64, SP1, i7Core, Haswell, Grp. A, Norton Security

Reply | Quote

Mozilla published an article a while back on controlling certain aspects of Firefox with updates in mind which helps avoid automatic connections to instantly updating the version and extensions. More info in the link below:

https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections

Warning: making these changes, however, means the end-user is responsible for checking for updates for the browser AND extensions independantly.

I have most of these settings in place and an (offline) backup prefs.js file to replace should it be needed at a later date for my own systems. the prefs.javascript holds all the tweaks, security settings, permissions etc.. for mozilla FF to read on startup. It comes in very useful for configuring multiple systems with the same settings 😉

Windows - commercial by definition and now function...

2 users thanked author for this post.

Lars220, rc primak

Reply | Quote

I would like to observe at this point the fact that many tech writers are recommending not using any third-party security programs or suites with Windows 10, since Version 1809, possibly version 1803. The reason given is that Windows Defender is now a respectable active antivirus program, and combined with improvements in Smart Screen Filtering and other Windows security improvements, WD now rivals its competitors in effectiveness.

The bonus in using only Windows Defender (and any second-opinion on-demand file scanners you may choose — I like Malwarebytes Free and adwcleaner.) is that you will not see the kinds of conflicts with web browser security features and other  software conflicts which we are seeing in this thread.

To obtain security protections and privacy precautions in my web browsers (IE, Edge, Firefox and Chrome/Chrome Beta) I use a variety of browser extensions and add-ons, not third party security program offerings. Mercifully, Microsoft offers at present few if any of these extensions from their own Store or Edge add-ons collections. But this will change when/if Edge gets the Chromium Engine late in 2019. Then users will be free to load up Edge with the same insane level of add-ons which plague and slow down some Chrome users today. A sad but timely lesson may be learned now from the Firefox 65 fiasco before Edge users start complaining about “memory leaks” and “slow browsing” in Edge later this year.

The Linux user who commented that Ubuntu has no conflicts must not be running the Gnome Shell Extensions and trying to update them using Firefox 65. I ran into an inability to connect to the Gnome Shell Extensions website when both Firefox and Ubuntu received updates on the same day. It took a couple of system and browser restarts and junk files cleanups (including but not limited to Firefox cache and history cleanups) to sort things out. I still have one buggy Gnome shell extension (Taskbar), but all extensions now update properly and the Gnome shell extensions site is accessible via Firefox 65. I am using Gnome with Wayland, which is the most unstable and bleeding edge combination available in Ubuntu 18.04 LTS. My main browser there is Chrome, but I am familiar with Firefox for Linux and its issues.

-- rc primak

Reply | Quote

That what I use for my W7.  MSE and adwcleaner.

1 user thanked author for this post.

rc primak

Reply | Quote

I also use Malwarebytes Free. A lot of what MBAM finds after a scan with MSE/WD is adware, trackers and other PUP. That stuff isn’t in the same threat category as viruses, but it can muck up and slow down a Windows PC pretty badly. AdwCleaner by itself may not remove all the PUP, though it does a great job of removing adware.

-- rc primak

Reply | Quote

Of course that’ll vary… and I’m not all that willing to trust that any single tool will maintain its edge consistently.

Modern security suites on Windows will still have features that Windows Defender doesn’t, or Microsoft’s tools on purpose make impractical to use in some environments. (Such as centralized security policy from a source that doesn’t coincide with user authentication, and encryption management in a similar context.)

Tradeoffs, plenty of them too.

Reply | Quote

Personally, i don’t use https scanning in my antivirus because it’s a potential man in the middle attack, i thought this was well known good security practice? I do think firefox is losing it’s way though, what with increased telemetry, bloat and removing extremely useful features like live bookmarks which now require an addon to use. You can’t even stop animated gifs without an addon whereas you used to.

This is the sort of risk you’re exposing yourself to when you trust your AV’s self-signed cert – https://www.pcworld.com/article/3154608/security/https-scanning-in-kaspersky-antivirus-exposed-users-to-mitm-attacks.html – there it was just incompetence rather than maliciousness but i still don’t trust it.

1 user thanked author for this post.

rc primak

Reply | Quote

I have held back on Firefox updates (since 64.02) mainly because at the abode, I have only v.92 access, and am unwilling to expend hours downloading “updates” just in case something like this occurs.

{This laptop computer, which I what I use to download all the significant Windows® 7 updates {if any}, is Windows® 8.1.} I typically download all the heavy files when out-&-about at venues in Chicago (typically bars | pubs). Because of the arctic blast we just suffered, I did not leave the house from 17 January to 3 February (tonight).

So I have not updated to Firefox v65. I’ll await someone telling me when it will be O.K. 😉

Important links you can use, without the monetization pitch = https://pqrs-ltd.xyz/bookmark4.html

Reply | Quote

anonymous wrote:

Just glad FF 64 didn’t update before FF 65 was pulled as Kaspersky Internet Security is on my Win7 Pro workstation. Mozilla removed the option to hold updates. Although mine is set to notify before updating…, in fact it doesn’t and installs updates regardless. KIS 2019 DOES screen every URL and uses a Kaspersky certificate for ALL sites. Sadly Mozilla appears to be taking lessons from other bad actors. Last thing I’d want to do would be using IE 11 for secure transactions, even with KIS 2019 secure browser. This is one black eye for Mozilla as the consequences would have been easy enough to test before roll-out. 🙂

Actually that is not the case. I still have a setting similar to WU that says, “Check for updates but let you choose to install them.” Mine has not updated automatically since I have been using FF. I may have chosen wrong, but it was not automatic.

Reply | Quote

Using the same settings, mine has updated in the past without permission. Lucky you. 😉

Firefox is rolling out 65 again. Called Kaspersky who verified KIS 19 was compatible with 65, so crossed my fingers and let it update. So far, so good. WHEW! No clue whether Mozilla did something or a Kaspersky update did…, but at least no certificate problems currently and Kaspersky is still signing all certificates…

Reply | Quote

this recently came out from ZDNet:

https://www.zdnet.com/article/windows-firefox-65-rollout-halted-by-mozilla-av-clash-stopped-users-browsing/

the fault is more on certain AV programs (like Avast and Kasperksy) rather than Firefox itself

1 user thanked author for this post.

rc primak

Reply | Quote

Techdows is reporting “Mozilla pushes Firefox 65 Update to Windows Users after fixing Antivirus issue” just recently.

https://techdows.com/2019/02/mozilla-pushes-firefox-65-update-to-windows-users-after-fixing-antivirus-issue.html

 

Amazing Truths Revealed: Link to Simply Magnificent AskWoody Knowledge Bases

1 user thanked author for this post.

Elly

Reply | Quote

Like Microsoft with Version 1809, I guess the idea is , “If at first you don’t succeed, try, try again”. Unfortunately, that attitude has turned end users into guinea pigs for inadequately tested fast-release software.

When it’s a web browser, you have alternatives. But when it’s the Operating System… Well, I do have Linux, and conversely, Windows for when Linux goes wonky… And an other Linux for when they both go awry… And ChromeOS on my Chromebook for when the whole world goes mad. I’ve never had ChromeOS totally fail after an update, but don’t let me jinx that by saying so!

-- rc primak

1 user thanked author for this post.

Charlie

Reply | Quote