Unsecure FireFox (Byzantium)

Hello !

i tried to use the Firefox ESR under Byzantium, but the FireFox is outdated and can’t support the current cipher sets. On my own server i got the following message.

TLS and Cipher-Sets : https://www.ssllabs.com/ssltest/analyze.html?d=cais.de

Is it possible to upgrade to an newer and more secure Firefox ?

1 Like

That seems wrong. From that error I’m reading that, it’s the website that is trying to use older protocols, contrary to what the ssltest shows. Repo shows that the ESR is pretty recent. Does the problem persist?

There is a form of attack also that tries to lower the encryption level of the transfer but modern browsers should show just this kind of warning, if memory serves. Not saying it’s that but…curious.

No, this message is wrong.

You can see it on the SSLLabs-Report my pages/servers are only support heavy ciphers and a min. of TLS 1.2. Typical pages are more unsecure and supports lower cipher sets - not my pages - in this case you can find unsecure systems/apps … :wink:

One thing i do not understand … with L5 Amber-Image it works with FF and Gnome-Webbrowser works also in Byzantium, but with to much issues on page rendering … :frowning:

I tested the same version ESR to your page and had no problems. And I agree, that the report is showing that there shouldn’t be any problem with the site either. Hence, the idea (an attack is just one, extreme, example) that it’s something specific to you or your device. The classic questions: problem and message persists after restarts and re-installation? Gnome browser works?

I’ve had this problem for the last few weeks on my Pinephone Mobian. Since I’m on the road, I haven’t had much time to troubleshoot. My workaround has been to tell Firefox to stop bugging me.

network.http.spdy.enforce-tls-profile = false

Not the greatest, but it will do for now.

2 Likes

Hello,
I had the same issue and reached out to support about it. This is what I got back and it did in fact fix it:

This is a bug in upstream debian:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990058

To solve this, you can type in firefox:

about:config

then paste the term:

network.http.spdy.enabled

and change it’s value to: false

Kind regards,
João Azevedo

5 Likes

@Photon & @steve

Thanks for this workaround !
No Spdy is hard, because it makes the net much more faster :sob:

Why it doesn’t work, is this version of Firefox running with an old Spdy Version ?

Opps, sorry it is a Bug - you post it :crazy_face:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990058

The command below adds the Debian Sid repo to your device’s sources.list file, checks for updates from all the repos in your device’s sources.list file, installs the most up-to-date version of the package “libnss3” (fixing the recent Firefox issue), and then removes the last line from your device’s sources.list file (which is the line we added in the beginning of this command).

sudo echo “deb https://deb.debian.org/debian sid main” >> /etc/apt/sources.list && sudo apt update && sudo apt install libnss3 && sudo sed ‘$d’ /etc/apt/sources.list

I could have sworn that I ran this command without error, but checking again, now I get a permission issue. So you need to use something like nano to manually add “deb https://deb.debian.org/debian sid main” (without quotes) into /etc/apt/sources.list on a new line, then run an update and install the libnss3 package, and then manually remove the line that was added.

This should work:

sudo nano /etc/apt/sources.list

then add the following on a new line:

deb https://deb.debian.org/debian sid main

then run the following:

sudo apt update && sudo apt install libnss3

then edit the sources.list file again:

sudo nano /etc/apt/sources.list

and delete what we added to this file in the beginning:

deb https://deb.debian.org/debian sid main

Sorry for the confusion.

1 Like

sudo -i bash -c “echo ‘deb https://deb.debian.org/debian sid main’ >> /etc/apt/sources.list”

This makes the redirect also elevated.

Thank you.

After some corrections, this is the command to fix Firefox, by installing the updated libnss3 package from the Debian Sid repo and then removing the Debian Sid repo:

sudo -i bash -c “echo ‘deb https://deb.debian.org/debian sid main’ >> /etc/apt/sources.list” && sudo apt update && sudo apt install libnss3 && sudo sed -i ‘$d’ /etc/apt/sources.list

This bug was automatically fixed via updates in L5 byzantium.

3 Likes