• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

ConnectSafe blocking Firefox extensions; SafeWeb reports problems too

Norton ConnectSafe  (a DNS service) is blocking Firefox extension updates.

People do upload extensions to the extension website, so I am glad that ConnectSafe blocks them. 
However, the people at Firefox/Mozilla remove these extensions containing malware, but ConnectSafe/SafeWeb doesn't whitelist the site after they are removed.
There are thousands of extensions on the Firefox/Mozilla website.  The website is blocked if just one extension has malware.  None of the extensions I use have malware.

When I try to download or update an extension, it fails noting the following in the Firefox browser console:

addons.cdn.mozilla.net:443 uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.
The server might not be sending the appropriate intermediate certificates.
An additional root certificate may need to be imported.
The certificate is only valid for search.dnsadvantage.com
The certificate expired on Monday, September 18, 2017, 12:03 AM. The current time is Wednesday, June 13, 2018, 10:17 PM.

Error code: <a id="errorCode" title="SEC_ERROR_UNKNOWN_ISSUER">SEC_ERROR_UNKNOWN_ISSUER</a>

The Norton SafeWeb site notes there is a problem  https://safeweb.norton.com/report/show?url=addons.cdn.mozilla.net
It reports

Safe Web Report for: addons.cdn.mozilla.net

Norton Rating
Safeweb Share
Norton Safe Web has analyzed addons.cdn.mozilla.net for safety and security problems. Below is a sample of the threats that were found.
Summary

    Computer Threats: 2
    Identity Threats: 0
    Annoyance factors: 0

Total threats on this site: 2

If I paste  addons.cdn.mozilla.net into my Firefox address bar, I get the following error:

Your connection is not secure

The owner of addons.cdn.mozilla.net has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate.

This is a know issue. 

Here are some Firefox support comments on this issue
    https://support.mozilla.org/en-US/questions/1196487
    https://support.mozilla.org/en-US/questions/1183370

I haven't been able to update my Firefox extensions for over a month.  I had to stop using ConnectSafe as my DNS service.

Once I switch to a different DNS service, the problem goes away, and I can download extensions successfully.  Norton Security doesn't raise any issues.

Could the people supporting ConnectSafe/SafeWeb please look into this issue?  You need to work more closely with the people at Mozilla.

suggestion #1: Why doesn't Norton work with Mozilla to scan extension that are uploaded by developers?

Suggestion #2: allow people to whitelist sites in ConnectSafe.  I would still be protected since my Norton Security would place the extension in Quarantine when it was downloaded if it contained malware.

Replies

Kudos0

Re: ConnectSafe blocking Firefox extensions; SafeWeb reports problems too

@floplot should be able to bring this to the SafeWeb team to check.

Things happen. Export/Backup your Identity Safe data.
Kudos0

Re: ConnectSafe blocking Firefox extensions; SafeWeb reports problems too

Hello Mike1776

Welcome to the Norton Community Forum

When you put the addon link into your browser you are coming up with an error which has to do with a security certificate. Security certificates have nothing to do with Norton. Firefox has to get a root certificate for that website which is valid and up to date. You can notify Mozilla about the security certificate which needs to be updated.

I can ask Safe Web to re-evaluate the addon link to see if it still has malware in it or if it is a False Positive, but that would have nothing to do with the security certificate.

I don't think it would be possible to whitelist it because Mozilla would need to get another whitelist every time another extension was added or removed. If that website is using http then it's not going to be secure. It needs to use https to be secure. That's also something which Mozilla needs to take care of.

Have a Good Night and

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NS with BackUp 22.14.2.13 Core Firmware 237 I E 11