 |
Post AxMC1G950Ixsl2MHk8 by [email protected] |
 |
More posts by [email protected] |
|
Post #AxM3REWcke5tfrgJpw by [email protected] |
|
0 likes, 3 repeats |
|
|
|
Since months, every update of Firefox is a pain in the ass. This is because the… |
|
|
|
Post #AxM4KrIiHnInrUhPUm by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@masek ? Works without issues for me on both Windows 11 and Windows 10. |
|
|
|
Post #AxM4KrP5u4PGBHgVRQ by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@teezeh They have some kind of distributed system and in that system they have … |
|
|
|
Post #AxM5VZQjAYHtZn7Sr2 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
download.mozilla.org resolves for me like this:download.mozilla.org. 30 IN CN… |
|
|
|
Post #AxM5VZX6mpOLta6Yng by [email protected] |
|
0 likes, 0 repeats |
|
|
|
When I connect there:% openssl s_client -showcerts -servername download.mozilla… |
|
|
|
Post #AxM5VZd8QQDECGvNC4 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
If I use one of the other three IP addresses by using the manually, it looks a … |
|
|
|
Post #AxM6b3SV3DlU6u7xVA by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@masek Download? I just go to Help > About Firefox.https://support.mozilla.o… |
|
|
|
Post #AxM6b3ZacrR6StRcYK by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@teezeh There I got the same errorIn the thread I debugged this issue further. … |
|
|
|
Post #AxM6hf9XokDWkqPbsW by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@masek Can confirm that none of the IPs you get for download.mozilla.org have t… |
|
|
|
Post #AxM6hfGdONt96pjGvg by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Lalufu Remark: You have to use "-servername download.mozilla.org" to… |
|
|
|
Post #AxM7F2UK4xCYgR2v0y by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Testing further: it seems there is one IP in the rotation, that is broken. |
|
|
|
Post #AxM7F2aLiY1Qz7rjPM by [email protected] |
|
0 likes, 1 repeats |
|
|
|
I now get other servers via DNS:download.mozilla.org. 30 IN CNAME bouncer-b… |
|
|
|
Post #AxMBQpVIZzTnhmNdFQ by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@masek pinging @freddy |
|
|
|
Post #AxMBQpck8JR04rrZqq by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@seecurity thanks Sebastian for forwarding.@masek Where do you see a certifica… |
|
|
|
Post #AxMBQpj7kaXSOeqfnU by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@freddy @seecurity The certificate error was consistent between Safari, Firefox… |
|
|
|
Post #AxMC1G950Ixsl2MHk8 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@masek @seecurity thank you. I will make sure someone is taking a look. |
|
|
|
Post #AxMC1GEkfDVB2d0oaG by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@freddy @seecurity Thank you for that 🙏 |
|
|
|
Post #AxMEOnz7YWa2HG3VHU by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@masek Dangling DNS is a difficult threat for defenders to detect sometimes, if… |
|
|
|
Post #AxMEfkL4Mg1ptOOrGi by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@merospit The DNS records come with a TTL of 30s and I could see it counting do… |
|
|
|
Post #AxMHPNtmKRoHWaWZzk by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@masek Based on https://www.whatsmydns.net/#A/download.mozilla.org it looks lik… |
|
|
|
Post #AxMHPO0ru5TtsZqF2u by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@merospit Strangely, the server with the defunct cert is not part of that list.… |
|
|
|
Post #AxMJ0jlc5NRW1652US by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@freddy @seecurity Funny to see the ticket snowballing through the organisation… |
|
|
|
Post #AxMJ0jsLgKpYLzEPzM by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@masek @seecurity normal for us since 199x. But yeah, other bug trackers are bi… |
|
|
|
Post #AxMJ0jy1LFMqdZswpU by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@freddy @seecurity I didn't judge that negatively.I am working inside cloud… |
|
|
|
Post #AxMRf4jaLfAgGJsSVE by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Lalufu The DNS setup seems complicated. I get different answers depending from… |
|
|
|
Post #AxMRf4pbzFzYZ0hGtc by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@masek Can you see https://atlas.ripe.net/measurements/124591815 ?Pretty much a… |
|
|
|
Post #AxMRf4vzbX60sngMqG by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Lalufu Me too now 😄 Someone seems to be reading this thread and fixed somet… |
|
|
|
Post #AxMRf51JHlLj9IAc88 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@masek I don't know which DNS servers give you the wrong answers, so this i… |
|
|
|
Post #AxMRf56cxzbRPmerQ0 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Lalufu The strange thing is: I had this issue already several times. At least … |
|
|
|
Post #AxMRfvI6wXgbGSQlXM by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@masek moved over ungoogled chromium and never will go back.Firefox is dead. |
|
|
|
Post #AxMRkuwBgYLVcEYdP6 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@masek @seecurity Nah, that would be some pretty pointless spoofing. we sign ou… |
|
|
|
Post #AxMRmY5Dd0aBJUYm0G by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@masek I tested with `curl --connect-to` which takes care of all that stuff. |
|
|
|
Post #AxMRvgd9De1uQcmrT6 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Know anyone else hitting that?I haven't hit that and that cert doesn't … |
|
|
|
Post #AxMS085L5Kyqjh5l5c by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Sorry, just saw the rest of your replies and details 🤦♂️ |
|
|
|
Post #AxMTDljB6dyBP6nHgO by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@freddy @seecurity I expect it to be unlikely, but I have seen too much in my l… |
|
|
|
Post #AxMTiHFqSEhPs1cZdY by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@masek looks like a stale A record? Mayb e a load balancer IP that dropped out… |
|
|
|
Post #AxMTiHME4VnsBobfaC by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@nikolaihampton That would be a possibility and would explain why a certificate… |
|
|
|
Post #AxMToLGCTSOc20gAOO by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@zeroarg @masek I don't do anything. But I come with pre-installed AI featu… |
|
|
|
Post #AxMdSfWTSPCw2raxyS by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@masek It's AWS. Probably using Cloudfront for the auto resolving. The IPs … |
