How the %$#! do I bypass an untrusted connection?

User Help for Mozilla Firefox
Rekrul
Posts: 214
Joined: May 4th, 2005, 2:56 pm

How the %$#! do I bypass an untrusted connection?

Post by Rekrul »

First of all, yes, this message will probably show that I'm using an old version of Firefox. I'd be using a newer version if the devs didn't keep taking features out of it and forcing ugly UI changes on people. Besides, the fact that it's an older version isn't what's preventing me from accessing a site.

I want to go here;

https://www.usenet-crawler.com/

Firefox tells me that it's an untrusted connection. What's the problem you ask? There's no "I understand the risks" option. My only choices are "Get me out of here" and "Technical details". So why don't I just go into the options and manually add a security exception? Gee, why didn't I think of that?

Manually adding a security exception doesn't do %$#!.

If I boot this version of Firefox into an empty profile, I get the Risks option and I can add an exception which works. I even tried exporting that security exception and importing it into my normal profile. Firefox just laughed at me and said "Nope, you're not getting out of nanny mode that easily!"

When I Google this problem I find a lot of messages from people who have had this same problem, but no solutions that work. Clear cookies. Done. Clear history. Done. Delete cert_override.txt & cert8.db. Done. Yeah, that made a big difference. ](*,)

Apparently people are STILL occasionally running into this problem.

So how do I get Firefox to bypass this stupid warning? The website isn't critical, I don't share any personal information with it, I just want to be able to access it. How do I get Firefox out of Nanny mode?
User avatar
mightyglydd
Posts: 9813
Joined: November 4th, 2006, 7:07 pm
Location: Hollywood Ca.

Re: How the %$#! do I bypass an untrusted connection?

Post by mightyglydd »

Rekrul wrote: Besides, the fact that it's an older version isn't what's preventing me from accessing a site.
Hmm...Fx52

Image
#KeepFightingMichael and Alex.
Rekrul
Posts: 214
Joined: May 4th, 2005, 2:56 pm

Re: How the %$#! do I bypass an untrusted connection?

Post by Rekrul »

mightyglydd wrote:
Rekrul wrote: Besides, the fact that it's an older version isn't what's preventing me from accessing a site.
Hmm...Fx52

Image
As I stated in my original message, if I run the Firefox profile manager and create a new, blank profile, this exact same version of Firefox works as it should. The error page shows me the option to add a security exception and it works.

My normal profile for Firefox does not show this option, nor does it obey a manually added security exception.

What could there be about my normal profile which would break a standard function of Firefox? I've gotten the option to add an exception in the past, so why not now? Actually, in the past it's always been a toss-up whether it will display the option to add the exception or not, and the times when it hasn't given me the option, I was unable to add one manually. Well, I COULD add it, but it wouldn't actually do anything.

And before you ask, yes I've tried disabling every extension and plugin, I just forgot to mention that in my original message.

So to recap;

FF13, Blank profile: Option to add security exception present and working.

FF13, normal profile, all extensions and plugins disabled, cookies, history and cache cleared, cert files deleted: Option to add security exception not present on error page, doesn't work when added manually.

So other than extensions, plugins, cache, cookies, history and the cert files, what could be breaking Firefox?
TheVisitor
Posts: 5469
Joined: May 13th, 2012, 10:43 am

Re: How the %$#! do I bypass an untrusted connection?

Post by TheVisitor »

What AV (Antivirus) are you using ?
User avatar
Reflective
Posts: 2283
Joined: February 15th, 2007, 11:13 am

Re: How the %$#! do I bypass an untrusted connection?

Post by Reflective »

Click on "Technical details" and then choose one of the alternative URLs you'll see there.
Brummelchen
Posts: 4480
Joined: March 19th, 2005, 10:51 am

Re: How the %$#! do I bypass an untrusted connection?

Post by Brummelchen »

shows me the option to add a security exception and it works.
thats regular way to deal with a stupid antivirus software which intermits and check ssl certs. uncheck ssl check in your used software.

but that is only cosmetics - firefox 13 is high vulnerable concerning ssl
https://blog.mozilla.org/security/2014/ ... f-ssl-3-0/

and NO - this is no common issue - not for mozilla or firefox - only for the used stupid antivirus software (since ages).
from me: uninstall this crap! and get a decent browser which is up to date -> v52!!!

but - you cant you are on xp - so end of the road for you, final 52 esr only. at least you have so much more problems to deal with, good luck,
Rekrul
Posts: 214
Joined: May 4th, 2005, 2:56 pm

Re: How the %$#! do I bypass an untrusted connection?

Post by Rekrul »

My antivirus is Avast. However...

Now I'm even more confused. In the past two days, three more sites have come up as untrusted connections. For two of those, I was given the option to create a security exception, but not for the third and not for Usenet-Crawler.

Wanting to take a screenshot showing that the option comes up if I use a blank profile, I created a new profile, went to Usenet-Crawler and the site came up with no problems. I then tried one of the other sites that gave me the untrusted message and it too came right up.

So why is my default profile suddenly claiming some sites are untrusted, but a blank profile works fine?

As for upgrading; The reason I stopped updating Firefox in the first place is that the last time I tried to update to a newer version, it messed up. I had two copies of the toolbar, some options didn't work right, I couldn't play Flash videos, etc. So I downgraded to FF13 and stayed with it.

I dislike the UI changes that the developers have made in the later versions, like removing the status bar, rounded tabs, etc. I was planning to switch to Palemoon, but when I use it for any length of time it causes a blue screen crash. People on the forum swear it's not Palemoon causing it and the crash dumps seem to suggest that it may have been my firewall (Kerio), but strangely, Palemoon is the only program that my system consistently crashes while I use it.

A while back, I needed a backup system to use while I sorted out a hardware problem with my main system. I installed the latest (at the time, it's probably 50+ versions behind now) Firefox and that also crashed the system if I used it too much. That was also XP (it's what I have) with most of the same programs installed on it. So even if I installed the latest Firefox I can use, it would probably crash my system just like Palemoon.

It's not like I've hacked Firefox. Nothing I've done to customize it should interfere with its ability to access web sites.
Brummelchen
Posts: 4480
Joined: March 19th, 2005, 10:51 am

Re: How the %$#! do I bypass an untrusted connection?

Post by Brummelchen »

all your problems with Firefox, probably Palemoon and at least flash are based on avast, kerio, outdated drivers and surprise - xp.

flash crashing means flash has a problem with your system, it is not caused by firefox. flash can not use the protected mode on xp, thats not implemented, only since vista. so if flash crashes its your system = xp, avast and kerio - i think more kerio than avast. kerio was take oven from sunbelt -> "Sunbelt Personal Firewall" - abandonned in 2008 (4.6.1861, 10. November 2008)
so at least also 8 years old and a bad joke like kerio - times where SP3 was release and had patches until april'2014 - 6 years no update for sunbelt.
i would bet all would be fine on xp sp3 without any tweaks, tuning and outdated security crap.

last days i reactivated my old single core with xp to backup some data and prepare it for win7 - loaded some updates, moaned about the end of support in 2014 - firefox latest running with flash - no antivirus but outpost firewall - all fine. so it seems that your system has got worse. its now your decision to change something. i guess you wont get much support for such old firefox, maybe xp.
Rekrul
Posts: 214
Joined: May 4th, 2005, 2:56 pm

Re: How the %$#! do I bypass an untrusted connection?

Post by Rekrul »

Brummelchen wrote:all your problems with Firefox, probably Palemoon and at least flash are based on avast, kerio, outdated drivers and surprise - xp.

flash crashing means flash has a problem with your system, it is not caused by firefox. flash can not use the protected mode on xp, thats not implemented, only since vista. so if flash crashes its your system = xp, avast and kerio - i think more kerio than avast.
Flash doesn't crash for me. The only problem I ever had with it was not being able to get it to play videos. Once that was due to some change the Mozilla developers made and there were a bunch of posts in the forum about people who were having problems with it. Eventually I got that straightened out. The other time was when I tried upgrading from FF13 to FF16 or FF19 (I forget which) and it got all screwed up.

I only mentioned crashes while using Palemoon on YouTube as an example of the kind of daily usage which might cause a crash. It's just as likely to crash while viewing pictures on a tumblr site, or open forum messages in tabs.

Too much use of FF13 = Firefox crashes/locks up.

Too much use of Palemoon (and recent versions of Firefox) = System crash.

Beyond that, my system is pretty stable. I might get an unexplained blue screen crash about once every 6 months or so, but it's usually after the system has been up and running for days on end. Using Palemoon too much will cause it to crash in less than an hour.
Brummelchen wrote:i would bet all would be fine on xp sp3 without any tweaks, tuning and outdated security crap.
Avast is still being updated. What XP compatible firewall do you recommend? I want something straightforward to use, which will block not only incoming, but unauthorized outgoing connections and it would be nice if it also checked to see if the EXE requesting access had been changed from the last time it was used. (Kerio does this)
Brummelchen wrote:so it seems that your system has got worse. its now your decision to change something. i guess you wont get much support for such old firefox, maybe xp.
Forget the crashing issue with Palemoon and newer versions of Firefox for a moment.

The thing that gets me is that the problem seems to be confined to my normal profile. If I use a blank profile, or Palemoon, everything works as it should. Either the security message doesn't come up, or if it does, it has the option to bypass it. This is on the exact same system with all of the same programs running in the background.

I know I should try re-installing Firefox from scratch, it's just a royal pain in the ass to do it. Is there a single file called Passwords that contains all your saved passwords? Nope. I can't even remember what files you have to backup to preserve them. Then there's all the various tweaks I've made (none of which should interfere with the security portion of how Firefox operates), like having all visited links colored the same, auto-clearing completed downloads, etc, re-installing Flash, all my extensions (which I'll remind you I tried disabling and it made no difference). It's not like I can just backup my entire profile, because then I'd probably just end up with the same problems.
Brummelchen
Posts: 4480
Joined: March 19th, 2005, 10:51 am

Re: How the %$#! do I bypass an untrusted connection?

Post by Brummelchen »

from my view it is absolutely pointless to run a full featured antivirus/av-suite on xp - at least those cant fill the massive amount of security flaws in xp. running here only outpost firewall - i remember version 4, not sure, i dont care these last days of xp here. i can not give you a recommendation. it also needs to investigate if plugincontainer is used, i think it is but no protected mode (technically not possible). in most cases flashes crash there is some issue concerning plugincontainer and that is 99.99% caused my some stupid security software. another reason may the outdated graphics driver. flash invented, drivers for xp got stuck. you can try disabling hardware acceleration for flash:
https://forums.adobe.com/thread/891337
Rekrul
Posts: 214
Joined: May 4th, 2005, 2:56 pm

Re: How the %$#! do I bypass an untrusted connection?

Post by Rekrul »

Brummelchen wrote:from my view it is absolutely pointless to run a full featured antivirus/av-suite on xp - at least those cant fill the massive amount of security flaws in xp.
The only installed options I have are the file scanning (in case I download a virus/malware) and the web shield. I tried turning them off, but there was no difference. And they were both on when I used a blank profile and everything worked like it was supposed to.
Brummelchen wrote:it also needs to investigate if plugincontainer is used, i think it is but no protected mode (technically not possible). in most cases flashes crash there is some issue concerning plugincontainer and that is 99.99% caused my some stupid security software. another reason may the outdated graphics driver. flash invented, drivers for xp got stuck. you can try disabling hardware acceleration for flash:
PLEASE, forget that I ever mentioned Flash. Flash doesn't crash. Flash doesn't cause Firefox to crash. I have no major problems with Flash at the moment. Flash isn't the issue.

The issue is why Firefox arbitrarily decides to tell me that some web sites are untrusted when using my normal profile, but not when using a blank profile. Also at issue is why Firefox arbitrarily decides which untrusted connections I'm allowed to bypass and which ones I can't. Why can I bypass other untrusted connections (which shouldn't even be marked as untrusted in the first place!) but it won't let me bypass the warning on Usenet-Crawler?

What is it about that site that Firefox absolutely refuses to allow me to access it when using my normal profile, but when I use a blank profile, it works fine? Is Firefox just screwing with me?
User avatar
dickvl
Posts: 54145
Joined: July 18th, 2005, 3:25 am

Re: How the %$#! do I bypass an untrusted connection?

Post by dickvl »

Are you using private browsing mode?
You should at least use a Firefox 27+ version to have support for TLS 1.2
You can test your browser.
https://www.ssllabs.com/ssltest/viewMyClient.html

Firefox 45 ESSR - Tools -> Page Info:
Website: www.usenet-crawler.com
Owner: This website does not supply ownership information.
Verified by: Let's Encrypt
Technical Details
Connection Encrypted (TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 128 bit keys, TLS 1.2)
User avatar
therube
Posts: 21703
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Re: How the %$#! do I bypass an untrusted connection?

Post by therube »

Compare the files in your working/non-working Profiles.
Compare the file contents in your working/non-working Profiles.

My first thought was SiteSecurityServiceState.txt, but that may be too new for FF 13, not sure?
Compare SSL related Prefs in prefs.js?


(FF 14, what a pleasure, to have a quick opening browser, that can have a Menu bar, & an Addons bar, & looks nice...)
Fire 750, bring back 250.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
Brummelchen
Posts: 4480
Joined: March 19th, 2005, 10:51 am

Re: How the %$#! do I bypass an untrusted connection?

Post by Brummelchen »

Xp ist limited to TLS 1.0 (Vista also)
https://blogs.msdn.microsoft.com/kausha ... n-windows/

to recover again - XP and old firefox are not worth to discuss that deep, take it and get along yourself or leave it.
try a fresh XP and test yourself what is possible or not, it makes no sense to use your previous OS with all those crap installed which dont help and make it more vulnerable is it is itself.
User avatar
dickvl
Posts: 54145
Joined: July 18th, 2005, 3:25 am

Re: How the %$#! do I bypass an untrusted connection?

Post by dickvl »

That is only true for MS browsers and possibly for Google Chrome (?).
Firefox has its own implementation and doesn't depend upon OS support for SSL like it does for MP4.
Only the browser version determines what TLS maximum is supported (security.tls.version.max) as you can read further down in the article.
Post Reply