Firefox security certificate exceptions

I sometimes get the invalid certificate message from FF for visiting
sites that I wouldn't expect it from.  This often happens when I use
the laptop from behind a (pretty tight) corporate firewall.  A proxy
is used to access the internet in that case.  For example, www.google.ca
would generate that message.  I sometimes accept them because I figure
they are due to the use of a proxy (though I'm entirely sure).  Then I
get second thoughts, because I'm not always behind the corporate
firewall using a proxy, perhaps I really shouldn't have such an
exception.  So I go on the lookout to nuke them.

I access tools->options->Advanced->Servers.  I see a list of items,
some indented, some not.  My vague understanding of how certificates
work (correct me if I'm wrong) is that trusted authorities give them.
I am assuming that the unindented list items are authorities that I
have somehow chosen to trust e.g. DigiNotar, DigiNotar B.V., my own
organization shows up on the list, Entrust.net, Equifax Secure Inc.,
GTE Corporation, The USERTRUST Network, etc.  If I nuke them all,
perhaps I would be nuking entries that are suppose to be universal.
Would I be obliterating any ability to access the internet at all?
Would I have to install FF from scratch?  I would have to access the
internet just to get at the current version of FF.

What should I do?  There are several specific questions that I mean by
this.

* What should I do with regards to nuking the certificates under some
servers, considering that I expect to use the laptop both within and
outside of the corporate firewall / proxy arrangement?  That is, what
is best practice, and what is the trade-off in such a recommended
practice?

* How do I identify which certificates (which I assume mean the same
thing as exception, at least in this context, right?) and/or servers
should be nuked?

Thanks!
0
AndyHancock
5/19/2012 9:26:55 PM
mozilla.support.firefox 24319 articles. 10 followers. Post Follow

8 Replies
1058 Views

Similar Articles

[PageSpeed] 0
Get it on Google Play
Get it on Apple App Store

AndyHancock wrote:
> I access tools->options->Advanced->Servers.  I see a list of items,
> some indented, some not.  My vague understanding of how certificates
> work (correct me if I'm wrong) is that trusted authorities give them.
> I am assuming that the unindented list items are authorities that I
> have somehow chosen to trust e.g. DigiNotar, DigiNotar B.V., my own
> organization shows up on the list, Entrust.net, Equifax Secure Inc.,
> GTE Corporation, The USERTRUST Network, etc.  If I nuke them all,
> perhaps I would be nuking entries that are suppose to be universal.
> Would I be obliterating any ability to access the internet at all?
> Would I have to install FF from scratch?  I would have to access the
> internet just to get at the current version of FF.
> 
> What should I do?  There are several specific questions that I mean by
> this.

I think you can delete them without problems. The next time you visit
one of those servers it will be added again if you have the CA installed
or you add an exception when asked by FF.
0
Thomas
5/20/2012 10:46:05 AM
Thomas Boehm on 5/20/2012 6:46 AM, keyboarded a reply:
> AndyHancock wrote:
>> I access tools->options->Advanced->Servers.  I see a list of items,
>> some indented, some not.  My vague understanding of how certificates
>> work (correct me if I'm wrong) is that trusted authorities give them.
>> I am assuming that the unindented list items are authorities that I
>> have somehow chosen to trust e.g. DigiNotar, DigiNotar B.V., my own
>> organization shows up on the list, Entrust.net, Equifax Secure Inc.,
>> GTE Corporation, The USERTRUST Network, etc.  If I nuke them all,
>> perhaps I would be nuking entries that are suppose to be universal.
>> Would I be obliterating any ability to access the internet at all?
>> Would I have to install FF from scratch?  I would have to access the
>> internet just to get at the current version of FF.
>>
>> What should I do?  There are several specific questions that I mean by
>> this.
>
> I think you can delete them without problems. The next time you visit
> one of those servers it will be added again if you have the CA installed
> or you add an exception when asked by FF.

Seems to be confusion in this thread. To Andy, the names you have cited 
are those of certificate authorities which have submitted there Root 
Certificates to Mozilla for inclusion in the browser. These Roots certs 
are the foundation of chains of trust. The Trees seen in the Cert 
manager indicate different classes of trust chains each cert authority 
issues to there clients. Not all certs are for webpages. Some classes 
are for e-mail digital signing security. There are also classes for 
software authentication.

Nuking those root certs will not close you out from the internet, but 
will mess you up with using any site served by SSL.

-- 
Ron K.
Who is General Failure, and why is he searching my HDD?
Kernel Restore reported Major Error used BSOD to msg the enemy!
0
Ron
5/20/2012 3:36:54 PM
On May 20, 11:36 am, RK wrote:
> Seems to be confusion in this thread. To Andy, the names you have
> cited are those of certificate authorities which have submitted
> there Root Certificates to Mozilla for inclusion in the browser.
> These Roots certs are the foundation of chains of trust. The Trees
> seen in the Cert manager indicate different classes of trust chains
> each cert authority issues to there clients. Not all certs are for
> webpages. Some classes are for e-mail digital signing security.
> There are also classes for software authentication.
>
> Nuking those root certs will not close you out from the internet,
> but will mess you up with using any site served by SSL.

That's what I was afraid of...nuking standard authorities that are
part of an initial install in order to ease the life for users.  I
have some follow-on questions which I've enumerated below with (Q#),
and I'd appreciate input for anyone who feels up to responding.

So where would I find the certificates that I accepted, for the
purpose of nuking them?  In my original post, I mentioned that one of
the level 1 indentation items on the list was my own organization (the
one in which I am a pion, not an owner, that is).  (Q1) Would the
certificates that I accept fall under that CA?  If so, I would simply
nuke them all.

Secondly, when I am presented with such invalid certificates, (Q2a)
*should* I be accepting them?  [Of course, the converse is (Q2b)
whether I should be nuking them].  I said that I thought that the
certificate warnings might be due to the use of a proxy server behind
a corporate firewall.  I mistyped that I was entirely sure about this
when I meant that I was not.  (Q3) Am I right about blaming the proxy
& firewall?  On a related note, the warnings normally come up when
something is amiss -- (Q4) is it possible to tell when something is
really amiss versus the results of pathological behaviour from working
with a proxy behind a firewall?

Finally, (Q5) is there another solution besides creating exceptions?
I imagine that proliferating exceptions willy-nilly is not wise.
There is also the issue that I am not always operating with a proxy
behind a firewall, and those exceptions are unnecessary.  If
exceptions do represent potential risks, then I will be incurring
those compromises unnecessarily when I am off-site.
0
AndyHancock
5/21/2012 12:26:33 AM
Ron K. wrote:
> Thomas Boehm on 5/20/2012 6:46 AM, keyboarded a reply:
>> AndyHancock wrote:
>>> I access tools->options->Advanced->Servers.  I see a list of items,
>>> some indented, some not.  My vague understanding of how certificates
>>> work (correct me if I'm wrong) is that trusted authorities give them.
>>> I am assuming that the unindented list items are authorities that I
>>> have somehow chosen to trust e.g. DigiNotar, DigiNotar B.V., my own
>>> organization shows up on the list, Entrust.net, Equifax Secure Inc.,
>>> GTE Corporation, The USERTRUST Network, etc.  If I nuke them all,
>>> perhaps I would be nuking entries that are suppose to be universal.
>>> Would I be obliterating any ability to access the internet at all?
>>> Would I have to install FF from scratch?  I would have to access the
>>> internet just to get at the current version of FF.
>>>
>>> What should I do?  There are several specific questions that I mean by
>>> this.
>>
>> I think you can delete them without problems. The next time you visit
>> one of those servers it will be added again if you have the CA installed
>> or you add an exception when asked by FF.
> 
> Seems to be confusion in this thread. To Andy, the names you have cited
> are those of certificate authorities which have submitted there Root
> Certificates to Mozilla for inclusion in the browser.

Not from my side. He was talking about the Server tab, not the
Authorities tab. All the server names he quoted I have in my server list
as well. Have a look by yourself...

0
Thomas
5/21/2012 8:26:43 AM
"Thomas Boehm" <t_boehm@expires-2012-05-31.arcornews.de> wrote in message 
news:4FB9FC43.4070301@bla.boehmi.net...
> Ron K. wrote:
>> Thomas Boehm on 5/20/2012 6:46 AM, keyboarded a reply:
>>> AndyHancock wrote:
>>>> I access tools->options->Advanced->Servers.  I see a list of items,
>>>> some indented, some not.  My vague understanding of how certificates
>>>> work (correct me if I'm wrong) is that trusted authorities give them.
>>>> I am assuming that the unindented list items are authorities that I
>>>> have somehow chosen to trust e.g. DigiNotar, DigiNotar B.V., my own
>>>> organization shows up on the list, Entrust.net, Equifax Secure Inc.,
>>>> GTE Corporation, The USERTRUST Network, etc.  If I nuke them all,
>>>> perhaps I would be nuking entries that are suppose to be universal.
>>>> Would I be obliterating any ability to access the internet at all?
>>>> Would I have to install FF from scratch?  I would have to access the
>>>> internet just to get at the current version of FF.
>>>>
>>>> What should I do?  There are several specific questions that I mean by
>>>> this.
>>>
>>> I think you can delete them without problems. The next time you visit
>>> one of those servers it will be added again if you have the CA installed
>>> or you add an exception when asked by FF.
>>
>> Seems to be confusion in this thread. To Andy, the names you have cited
>> are those of certificate authorities which have submitted there Root
>> Certificates to Mozilla for inclusion in the browser.
>
> Not from my side. He was talking about the Server tab, not the
> Authorities tab. All the server names he quoted I have in my server list
> as well. Have a look by yourself...


That list is the server exceptions list that tells Fx how to handle specific 
exceptions to the normal way of handling certificates from authorities. If 
you click on one of the indented ones to delete it you get a pop-up asking 
are you certain you want to do that because if you do then Fx will restore 
the normal security checks next time you visit that site and will require a 
valid certificate or will require you to again make an exception.


For me, that server list is partly the exceptions I have made to certs from 
Trusted Root Authorities which I have UNtrusted. I have ALL Comodo and 
Comodo related certs as untrusted in all browsers. I also have GoDaddy certs 
as untrusted in all browsers. Both are sleazy certificate authorities 
(Comodo has almost been pulled permanently from Firefox and SeaMonkey on 
several occasions but Mozilla ended up not having the guts to do the right 
thing) and I want my browsers to alert me if I go to a site that uses a cert 
from either authority. If I can, I simply do not go to sites using certs 
from either of these but if necessary to go, for some unavoidable reason, 
then at least I am alerted that a cert from an extremely questionable 
authority is being used and I can take extra caution at that site. When 
alerted by Fx, I either choose a ONE TIME exception (which will not be in 
the server list) or, if it is a site I must access frequently and uses certs 
from Comodo/Comodo related or Go Daddy, then I choose to make a permanent 
exception. That permanent exception is noted in the information pulldown 
regarding the security of the site and also in the Server list.

UserTrust is Comodo. Maybe you untrusted Comodo back in December 2008 when 
Mozilla devs told us to do so? And then you made an exception for a 
particular site?

Mozilla had an emergency security update during the diginotar crisis and 
that update hard coded those to the Server exception list for both Fx and 
SeaMonkey. Click one of them (not the expired one) and view the cert. You'll 
see it says to explicitly distrust that cert and those also for diginotar 
B.V. 


0
Desiree
5/21/2012 10:39:08 AM
On May 21, 6:39=A0am, "Desiree" <melel...@medscape.com> wrote:
> "Thomas Boehm" <t_bo...@expires-2012-05-31.arcornews.de> wrote in message
>
> news:4FB9FC43.4070301@bla.boehmi.net...
>
>
>
>
>
> > Ron K. wrote:
> >> Thomas Boehm on 5/20/2012 6:46 AM, keyboarded a reply:
> >>> AndyHancock wrote:
> >>>> I access tools->options->Advanced->Servers. =A0I see a list of items=
,
> >>>> some indented, some not. =A0My vague understanding of how certificat=
es
> >>>> work (correct me if I'm wrong) is that trusted authorities give them=
..
> >>>> I am assuming that the unindented list items are authorities that I
> >>>> have somehow chosen to trust e.g. DigiNotar, DigiNotar B.V., my own
> >>>> organization shows up on the list, Entrust.net, Equifax Secure Inc.,
> >>>> GTE Corporation, The USERTRUST Network, etc. =A0If I nuke them all,
> >>>> perhaps I would be nuking entries that are suppose to be universal.
> >>>> Would I be obliterating any ability to access the internet at all?
> >>>> Would I have to install FF from scratch? =A0I would have to access t=
he
> >>>> internet just to get at the current version of FF.
>
> >>>> What should I do? =A0There are several specific questions that I mea=
n by
> >>>> this.
>
> >>> I think you can delete them without problems. The next time you visit
> >>> one of those servers it will be added again if you have the CA instal=
led
> >>> or you add an exception when asked by FF.
>
> >> Seems to be confusion in this thread. To Andy, the names you have cite=
d
> >> are those of certificate authorities which have submitted there Root
> >> Certificates to Mozilla for inclusion in the browser.
>
> > Not from my side. He was talking about the Server tab, not the
> > Authorities tab. All the server names he quoted I have in my server lis=
t
> > as well. Have a look by yourself...
>
> That list is the server exceptions list that tells Fx how to handle speci=
fic
> exceptions to the normal way of handling certificates from authorities. I=
f
> you click on one of the indented ones to delete it you get a pop-up askin=
g
> are you certain you want to do that because if you do then Fx will restor=
e
> the normal security checks next time you visit that site and will require=
 a
> valid certificate or will require you to again make an exception.
>
> For me, that server list is partly the exceptions I have made to certs fr=
om
> Trusted Root Authorities which I have UNtrusted. I have ALL Comodo and
> Comodo related certs as untrusted in all browsers. I also have GoDaddy ce=
rts
> as untrusted in all browsers. Both are sleazy certificate authorities
> (Comodo has almost been pulled permanently from Firefox and SeaMonkey on
> several occasions but Mozilla ended up not having the guts to do the righ=
t
> thing) and I want my browsers to alert me if I go to a site that uses a c=
ert
> from either authority. If I can, I simply do not go to sites using certs
> from either of these but if necessary to go, for some unavoidable reason,
> then at least I am alerted that a cert from an extremely questionable
> authority is being used and I can take extra caution at that site. When
> alerted by Fx, I either choose a ONE TIME exception (which will not be in
> the server list) or, if it is a site I must access frequently and uses ce=
rts
> from Comodo/Comodo related or Go Daddy, then I choose to make a permanent
> exception. That permanent exception is noted in the information pulldown
> regarding the security of the site and also in the Server list.
>
> UserTrust is Comodo. Maybe you untrusted Comodo back in December 2008 whe=
n
> Mozilla devs told us to do so? And then you made an exception for a
> particular site?
>
> Mozilla had an emergency security update during the diginotar crisis and
> that update hard coded those to the Server exception list for both Fx and
> SeaMonkey. Click one of them (not the expired one) and view the cert. You=
'll
> see it says to explicitly distrust that cert and those also for diginotar

Even if they are exceptions in the Server tab, I still don't know
which ones are suppose to be there e.g. put in there by IT to handle
the situation when I'm on-site.  So I came up with an idea...I nuked
my profile.  I had to recreate the directory (empty) by looking at
FF's profiles.ini, but that allowed FF to start again, as if for the
first time.  Now I don't have to worry about all these extra
exceptions, and I just won't create any henceforth.  Of course, this
likely means that *if* IT deliberately set us up with exceptions
beyond the default, I won't  have them.  Oh well.  Better to be on the
safe side of things.

I'd still be interested in what people thought about the best practice
for exceptions.  So far, the thread seems to imply that they aren't so
good, and perhaps accepting exceptions only for the session is a
reasonable compromise if an exception absolutely is needed.  But while
on site, I believe that a more advisable alternative is to use another
browser which as more active support from IT (not saying that the
other browser is better, just that it is better from the point of view
of complying with security requirements).
0
AndyHancock
5/22/2012 8:29:48 PM
On 05/22/2012 10:29 PM, AndyHancock wrote:
> Of course, this
> likely means that *if* IT deliberately set us up with exceptions
> beyond the default, I won't  have them.  Oh well.  Better to be on the
> safe side of things.

If you have to use a proxy while being within the corporate network, and
you get a security certificate exceptions when you browse e.g.
google.com, that most likely means that your company is intercepting the
SSL traffic. In other words, they can read everything you send over a
connection which you think is secure, but in fact it is not.
There is nothing IT needs to set-up in your FF profile for this.

> I'd still be interested in what people thought about the best practice
> for exceptions.  So far, the thread seems to imply that they aren't so
> good, and perhaps accepting exceptions only for the session is a
> reasonable compromise if an exception absolutely is needed.

It is your call to decide what to do. Best practice to me would be to be
on high alert.

>  But while
> on site, I believe that a more advisable alternative is to use another
> browser which as more active support from IT (not saying that the
> other browser is better, just that it is better from the point of view
> of complying with security requirements).

This has got nothing to do whether a browser is supported by IT or not.
Thankfully FF is more strict in applying security than other browsers,
therefore you get the security exception notification. Unfortunately
most people don't have a clue what it means and what to do with it.

-- 
Christian
0
Christian
5/22/2012 8:49:08 PM
On May 22, 4:49 pm, Christian Riechers
<chriech...@netscape.net.invalid> wrote:
> On 05/22/2012 10:29 PM, AndyHancock wrote:
>> Of course, this
>> likely means that *if* IT deliberately set us up with exceptions
>> beyond the default, I won't  have them.  Oh well.  Better to be on the
>> safe side of things.

Here, I meant the safe side as in living with inaccessibility using FF
if one were to not make certificate exception.

> If you have to use a proxy while being within the corporate network,
> and you get a security certificate exceptions when you browse e.g.
> google.com, that most likely means that your company is intercepting
> the SSL traffic. In other words, they can read everything you send
> over a connection which you think is secure, but in fact it is not.
> There is nothing IT needs to set-up in your FF profile for this.

Yes, I realize that the IT people could in fact be the man in the
middle, and they have every right to.  But perhaps arrangements have
been made to prevent these certificate messages for the better
supported browser.  The beneficial consequence is that people don't
get into the habit of ignoring certificate warnings.  It's already too
easy for that to happen, so when a real problem occurs, people might
never be on the alert, and never pause to question whether something
might be amiss when warning messages are issued..

>> I'd still be interested in what people thought about the best
>> practice for exceptions.  So far, the thread seems to imply that
>> they aren't so good, and perhaps accepting exceptions only for the
>> session is a reasonable compromise if an exception absolutely is
>> needed.
>
> It is your call to decide what to do. Best practice to me would be
> to be on high alert.

Got it.  Thanks.

>> But while on site, I believe that a more advisable alternative is
>> to use another browser which as more active support from IT (not
>> saying that the other browser is better, just that it is better
>> from the point of view of complying with security requirements).
>
> This has got nothing to do whether a browser is supported by IT or
> not.

Hopefully, I explained what I meant in the 2nd paragraph of my
response in this message.

> Thankfully FF is more strict in applying security than other
> browsers, therefore you get the security exception notification.
> Unfortunately most people don't have a clue what it means and what
> to do with it.

I find that the other unnamed browser also throws up warnings.  I just
think that measure might have been taken to prevent such messages for
the circumstances which are known not to be a threat.
0
AndyHancock
5/25/2012 4:40:05 AM
Reply:

Similar Artilces:

Firefox or not Firefox
Name: M B Fletcher Email: mf38794atntlworlddotcom Product: Firefox Summary: Firefox or not Firefox Comments: You asked why I took it off but did not ask more than the basics. I put security but in fact I put on Fire fox today and found a GOOGLE front page for searching when I had nothing there before. I wondered if I had been hijacked or you had done a very stupid update. I still do not know for sure. I do not ever use Google that I know of. The biggest spy on computers in the world and you should know better. If I find it is correct on Firefox I will go back to IE. At...

Firefox 3 Beta 4: Add exception for invalid security certificate does not work
Name: Jonas Wagner Email: jdotbdotwatgmxdotch Product: Firefox Release Candidate Summary: Firefox 3 Beta 4: Add exception for invalid security certificate does not work Comments: When acessing the wireless network at my university, the browser is first redirected to a login form found at https://1.1.1.1/login.html . This form has an invalid (valid only in the future) security certificate, thus I get a Page Load Error sec_error_expired_issuer_certificate. Firefox offers the option to add an exception for this site. This opens the "Add Security Exception" dialog. H...

Remove all firefox certificate authorities from firefox
I'd like to remove all ca's from a profile in firefox and then enable each one I need by and (case by case), how can I do that (without interfering with other profiles I use for general browsing) and without having to do it by hand? thei're many! Any advice? Aquarina wrote: > I'd like to remove all ca's from a profile in firefox and then enable > each one I need by and (case by case), how can I do that (without > interfering with other profiles I use for general browsing) and without > having to do it by hand? thei're many! > Any advice? ...

Firefox and security certificates
Secure data transmission on the internet relies on encryption and security certificates. Mozilla has revised the way Firefox 3 handles certificates, but not always for the better. A few modifications will sort things out - and give you more security. http://www.h-online.com/security/The-right-way-to-handle-encryption-with-Firefox-3--/features/112797 -- "Never drive faster than your ANGEL can fly" ...

Password Security for Firefox (Can future version of Firefox pass all 21 security tests?)
Name: HY Tan Email: elfelleatgmaildotcom Product: Shiretoko Summary: Password Security for Firefox (Can future version of Firefox pass all 21 security tests?) Comments: http://news.softpedia.com/news/IE7-vs-Chrome-1-0-vs-Opera-9-62-vs-Firefox-3-0-4-vs-Safari-3-2-vs-Password-Security-100103.shtml Above link is not based on 3.1b2 results but hope firefox can pass all security tests to make it the leading secure browser. Speed is one area but Security is another key area where it will attract more people to switch to most secure browsers with the less loopholes :) Browser De...

thread pointer for Firefox OS Gaia Email app and invalid certificates/certificate exceptions
In an attempt to address the cross-cutting https://bugzil.la/874346 on adding certificate exceptions initiated by the Firefox OS Gaia email app I've started a thread on dev.platform entitled "B2G, email, and SSL/TLS certificate exceptions for invalid certificates". If you're interested, please comment on the thread there. If you're not already subscribed, you can find the message in the archive and potentially comment via google groups at: https://groups.google.com/forum/#!topic/mozilla.dev.platform/lT4Mhi-B1JI Subscription information for the group, inc...

thread pointer for Firefox OS Gaia Email app and invalid certificates/certificate exceptions
In an attempt to address the cross-cutting https://bugzil.la/874346 on adding certificate exceptions initiated by the Firefox OS Gaia email app I've started a thread on dev.platform entitled "B2G, email, and SSL/TLS certificate exceptions for invalid certificates". If you're interested, please comment on the thread there. If you're not already subscribed, you can find the message in the archive and potentially comment via google groups at: https://groups.google.com/forum/#!topic/mozilla.dev.platform/lT4Mhi-B1JI Subscription information for the group, inc...

thread pointer for Firefox OS Gaia Email app and invalid certificates/certificate exceptions
In an attempt to address the cross-cutting https://bugzil.la/874346 on adding certificate exceptions initiated by the Firefox OS Gaia email app I've started a thread on dev.platform entitled "B2G, email, and SSL/TLS certificate exceptions for invalid certificates". If you're interested, please comment on the thread there. If you're not already subscribed, you can find the message in the archive and potentially comment via google groups at: https://groups.google.com/forum/#!topic/mozilla.dev.platform/lT4Mhi-B1JI Subscription information for the group, inc...

thread pointer for Firefox OS Gaia Email app and invalid certificates/certificate exceptions
In an attempt to address the cross-cutting https://bugzil.la/874346 on adding certificate exceptions initiated by the Firefox OS Gaia email app I've started a thread on dev.platform entitled "B2G, email, and SSL/TLS certificate exceptions for invalid certificates". If you're interested, please comment on the thread there. If you're not already subscribed, you can find the message in the archive and potentially comment via google groups at: https://groups.google.com/forum/#!topic/mozilla.dev.platform/lT4Mhi-B1JI Subscription information for the group, inc...

thread pointer for Firefox OS Gaia Email app and invalid certificates/certificate exceptions
In an attempt to address the cross-cutting https://bugzil.la/874346 on adding certificate exceptions initiated by the Firefox OS Gaia email app I've started a thread on dev.platform entitled "B2G, email, and SSL/TLS certificate exceptions for invalid certificates". If you're interested, please comment on the thread there. If you're not already subscribed, you can find the message in the archive and potentially comment via google groups at: https://groups.google.com/forum/#!topic/mozilla.dev.platform/lT4Mhi-B1JI Subscription information for the group, inc...

firefox companion for firefox
Name: william faulks Email: wf010a4342atblueyonderdotcodotuk Product: eBay Companion Summary: firefox companion for firefox Comments: great program, been looking for something like this for ages Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3 ...

Firefox within Firefox
For a short time now (likely since upgrading to FF 1.5.02) I've noticed that when running a Firefox session, ZA will popup a notice that Firefox -- verified the same exe as the running one -- is "trying to access the internet." This is confusing because it's already accessing the internet, thanks much. However, the destination IP is always along the lines of 206.141.192.60:DNS, which translates to dns1.chcgil.sbcglobal.net, part of my ISP. So I've been saying yes. But I'm wondering why of a sudden this access is taking place, or being questioned, or what...

Firefox, meet the Firefox
Name: brooks Email: brooksonleyatyahoodotcom Product: Firefox Summary: Firefox, meet the Firefox Comments: I don't know if this will go anywhere, but as both a die-hard Firefox user and an advocate for wildlife, I think it should be said.... As you may or may not know, "firefox" is the literal translation of the Chinese name for the Red Panda. Yes, the OTHER panda -- the cute, orange, raccoon-like one, not the big, black-and-white, bear-like one. Here is a link to an article at the National Wildlife Foundation [http://poprl.com/EIb], "Fighting for the Fi...

Firefox, and Firefox Portable
Name: Brian Email: silverdragona1ataol Product: Firefox Summary: Firefox, and Firefox Portable Comments: Feedback. After several hefty fallouts with AOL, and the complete dogs dinner we are presented with that they claim is worthy of using, be it the AOL9 browser, I decided to try Firefox.... I am very annoyed. Why?... because stupidly, I had not tried Firefox EARLIER.... I have now replaced AOL9 completely on all the family computers with Firefox... I am also TOTALLY bewildered as to how you can get a fully functioning Firefox to run on a USB Flash Drive......... I...

Web resources about - Firefox security certificate exceptions - mozilla.support.firefox

Wildcard certificate - Wikipedia, the free encyclopedia
In addition, wildcards themselves can have subjectAltName extensions, including other wildcards. For example: The wildcard certificate *.wikipedia.org ...

December Patch Tuesday avalanche of patches includes leaked Xbox certificate
... of a security fumble by Microsoft's internal IT team—the inadvertent disclosure of the private encryption keys for a wildcard SSL/TLS certificate. ...

Xbox Live certificate keys exposed according to Microsoft
... necessarily mean you've been hacked, but the possibility is there. In a new security bulletin the company claims that the SSL/TLS digital certificate ...

Protecting your site for free with Let's Encrypt SSL certificates and acmetool
... has been more elevated lately, due to their opening up their service as a public beta. If you don't know what Let's Encrypt is, it's a Certificate ...

MSNBC's Chris Matthews confronted Donald Trump about Obama's birth certificate after the debate
... , MSNBC host Chris Matthews confronted Donald Trump over the real-estate mogul's past questioning of President Barack Obama's birth certificate. ...

Microsoft zaps dodgy Dell digital certificates
Microsoft has updated several of its security tools to remove two digital certificates installed on some Dell computers that could compromise ...

A second dangerous Dell root certificate discovered
The plot thickens: After Dell confirmed that one of its support tools installed a dangerous self-signed root certificate and private key on computers, ...

Chrome will soon stop supporting weak SHA-1 certificates
Google hasn't had confidence in SHA-1's the algorithm used for encryption by most SSL certificates, which add the "s" to https:// ability to ...

Google Pulls Trust for Symantec Root Certificate
For security reasons, Chrome, the Android OS and other Google products will no longer trust digital certificates from an old Symantec root certificate. ...

Texas has only recently stepped up birth certificate enforcement for immigrants, records show
Texas has only recently stepped up birth certificate enforcement for immigrants, records show

Resources last updated: 12/20/2015 10:10:34 AM