• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

ConnectSafe blocking Firefox extensions; SafeWeb reports problems too

Norton ConnectSafe  (a DNS service) is blocking Firefox extension updates.

People do upload extensions to the extension website, so I am glad that ConnectSafe blocks them. 
However, the people at Firefox/Mozilla remove these extensions containing malware, but ConnectSafe/SafeWeb doesn't whitelist the site after they are removed.
There are thousands of extensions on the Firefox/Mozilla website.  The website is blocked if just one extension has malware.  None of the extensions I use have malware.

When I try to download or update an extension, it fails noting the following in the Firefox browser console:

addons.cdn.mozilla.net:443 uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.
The server might not be sending the appropriate intermediate certificates.
An additional root certificate may need to be imported.
The certificate is only valid for search.dnsadvantage.com
The certificate expired on Monday, September 18, 2017, 12:03 AM. The current time is Wednesday, June 13, 2018, 10:17 PM.

Error code: <a id="errorCode" title="SEC_ERROR_UNKNOWN_ISSUER">SEC_ERROR_UNKNOWN_ISSUER</a>

The Norton SafeWeb site notes there is a problem  https://safeweb.norton.com/report/show?url=addons.cdn.mozilla.net
It reports

Safe Web Report for: addons.cdn.mozilla.net

Norton Rating
Safeweb Share
Norton Safe Web has analyzed addons.cdn.mozilla.net for safety and security problems. Below is a sample of the threats that were found.
Summary

    Computer Threats: 2
    Identity Threats: 0
    Annoyance factors: 0

Total threats on this site: 2

If I paste  addons.cdn.mozilla.net into my Firefox address bar, I get the following error:

Your connection is not secure

The owner of addons.cdn.mozilla.net has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate.

This is a know issue. 

Here are some Firefox support comments on this issue
    https://support.mozilla.org/en-US/questions/1196487
    https://support.mozilla.org/en-US/questions/1183370

I haven't been able to update my Firefox extensions for over a month.  I had to stop using ConnectSafe as my DNS service.

Once I switch to a different DNS service, the problem goes away, and I can download extensions successfully.  Norton Security doesn't raise any issues.

Could the people supporting ConnectSafe/SafeWeb please look into this issue?  You need to work more closely with the people at Mozilla.

suggestion #1: Why doesn't Norton work with Mozilla to scan extension that are uploaded by developers?

Suggestion #2: allow people to whitelist sites in ConnectSafe.  I would still be protected since my Norton Security would place the extension in Quarantine when it was downloaded if it contained malware.

Replies

Kudos0

Re: ConnectSafe blocking Firefox extensions; SafeWeb reports problems too

@floplot should be able to bring this to the SafeWeb team to check.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: ConnectSafe blocking Firefox extensions; SafeWeb reports problems too

Hello Mike1776

Welcome to the Norton Community Forum

When you put the addon link into your browser you are coming up with an error which has to do with a security certificate. Security certificates have nothing to do with Norton. Firefox has to get a root certificate for that website which is valid and up to date. You can notify Mozilla about the security certificate which needs to be updated.

I can ask Safe Web to re-evaluate the addon link to see if it still has malware in it or if it is a False Positive, but that would have nothing to do with the security certificate.

I don't think it would be possible to whitelist it because Mozilla would need to get another whitelist every time another extension was added or removed. If that website is using http then it's not going to be secure. It needs to use https to be secure. That's also something which Mozilla needs to take care of.

Have a Good Night and

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NS with BackUp 22.16.0.247 Core Firmware 267 I E 11
Kudos0

Re: ConnectSafe blocking Firefox extensions; SafeWeb reports problems too

Hi Mike1776

We have manually analyzed the site 'addons.cdn.mozilla.net' and found it to be clean so we have changed its rating to green.

https://safeweb.norton.com/report/show?url=addons.cdn.mozilla.net

Cops

Kudos0

Re: ConnectSafe blocking Firefox extensions; SafeWeb reports problems too

Thanks for clearing the issue with the Firefox website, but it will happen again as soon as someone else adds malware to their site.

So this isn't a long term solution.

How often does Norton scan websites for malware?

Does Norton have a policy to review sites with malware within a certain time period to see if the owner removed the malware? I wasn't able to update my extensions for over a month.

Kudos0

Re: ConnectSafe blocking Firefox extensions; SafeWeb reports problems too

Hello Mike

That's the problem with any website. Once it is cleaned up, it can always get re-infected again. If you know who the owner is for a malicious website, then you can notify the owner. I don't think that Norton can go back to every malicious site to check to see if it was cleaned up or not. It would have to be requested by someone.

Have a Nice Day and

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NS with BackUp 22.16.0.247 Core Firmware 267 I E 11

This thread is closed from further comment. Please visit the forum to start a new thread.