From 0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 03:47:29 +0200 Subject: Adding upstream version 115.8.0esr. Signed-off-by: Daniel Baumann --- .../content/neterror/gen_aboutneterror_codes.py | 31 ++ .../supportpages/connection-not-secure.html | 205 +++++++++++++ .../content/neterror/supportpages/time-errors.html | 319 +++++++++++++++++++++ 3 files changed, 555 insertions(+) create mode 100644 toolkit/content/neterror/gen_aboutneterror_codes.py create mode 100644 toolkit/content/neterror/supportpages/connection-not-secure.html create mode 100644 toolkit/content/neterror/supportpages/time-errors.html (limited to 'toolkit/content/neterror') diff --git a/toolkit/content/neterror/gen_aboutneterror_codes.py b/toolkit/content/neterror/gen_aboutneterror_codes.py new file mode 100644 index 0000000000..806756422f --- /dev/null +++ b/toolkit/content/neterror/gen_aboutneterror_codes.py @@ -0,0 +1,31 @@ +#!/usr/bin/env python3 +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this file, +# You can obtain one at http://mozilla.org/MPL/2.0/. + +import sys + +from fluent.syntax import parse +from fluent.syntax.ast import Message + + +def find_error_ids(filename, known_strings): + with open(filename, "r", encoding="utf-8") as f: + known_strings += [ + m.id.name for m in parse(f.read()).body if isinstance(m, Message) + ] + + +def main(output, *filenames): + known_strings = [] + for filename in filenames: + find_error_ids(filename, known_strings) + + output.write("const KNOWN_ERROR_MESSAGE_IDS = new Set([\n") + for known_string in known_strings: + output.write(' "{}",\n'.format(known_string)) + output.write("]);\n") + + +if __name__ == "__main__": + sys.exit(main(sys.stdout, *sys.argv[1:])) diff --git a/toolkit/content/neterror/supportpages/connection-not-secure.html b/toolkit/content/neterror/supportpages/connection-not-secure.html new file mode 100644 index 0000000000..1df8b7501f --- /dev/null +++ b/toolkit/content/neterror/supportpages/connection-not-secure.html @@ -0,0 +1,205 @@ + + + + + + + + + + Secure connection failed and Firefox did not connect + + +
+

Secure connection failed and Firefox did not connect

+

+ This article explains why you may see a + Secure Connection Failed or a + Did Not Connect: Potential Security Issue error page and what + you can do. +

+ +

+ Secure connection cannot be established +

+

+ When a website that requires a secure (https) + connection tries to secure communication with your computer, Firefox + cross-checks this attempt to make sure that the website certificate and + the connection method are actually secure. If Firefox cannot establish a + secure connection, it will display an error page. +

+

Secure Connection Failed

+

+ A Secure Connection Failed error page will include a + description of the error, an option to report the error to Mozilla and a + Try Again button. There is no option to add + a security exception to bypass this type of error. +

+

+

The error page will also include the following information:

+
    +
  • + The page you are trying to view cannot be shown because the + authenticity of the received data could not be verified. +
  • +
  • + Please contact the website owners to inform them of this + problem. +
  • +
+

+ Did Not Connect: Potential Security Issue +

+

+ Certain secure connection failures will result in a + Did Not Connect: Potential Security Issue error page. +

+

+

+ The error page will include a description of the potential security + threat, an option to report the error to Mozilla and an + Advanced… button to view the error code and + other technical details. There is no option to add a security exception + to visit the website. +

+

Website issues

+

TLS version unsupported

+

+ Some websites try using outdated (no longer secure) Transport Layer + Security(TLS) mechanisms in an attempt to secure your + connection. Firefox protects you by preventing navigation to such sites + if there is a problem in securely establishing a connection. Contact the + owners of the website and ask them to update their TLS version to a + version that is still current and still secure. +

+

+ Starting in Firefox version 74, the minimum TLS version allowed by + default is TLS 1.2. Websites that don't support TLS version 1.2 or + higher will display a Secure Connection Failed error page with + Error code: SSL_ERROR_UNSUPPORTED_VERSION and a message that + This website might not support the TLS 1.2 protocol, which is the + minimum version supported by Firefox. + The error page may also include a button, + Enable TLS 1.0 and 1.1 that will allow you + to override the minimum TLS requirement; however, Mozilla plans to + remove this option and permanently disable TLS 1.0 and 1.1 in a future + version of Firefox. +

+

HSTS required

+

+ Other websites may require HTTP Strict Transport Security (HSTS) and + will not allow access with an insecure connection. +

+

Security software conflict

+

+ Many security products use a feature that intercepts secure connections + by default. This can produce connection errors or warnings on secure + websites. If you see secure connection errors on multiple secure + websites, updating your security product or modifying its settings may + resolve the issue. +

+

+ + Alternatively, you can uninstall third-party security software and use + Windows Defender, the built-in antivirus on Windows 8 and Windows 10. + +

+

+

Incorrect system clock

+

+ Firefox uses certificates on secure websites to ensure that your + information is being sent to the intended recipient and can't be read by + eavesdroppers. An incorrect system date can cause Firefox to detect that + the website's security certificate is expired or invalid. Make sure your + computer is set to the correct date, time and time zone. +

+
+ + diff --git a/toolkit/content/neterror/supportpages/time-errors.html b/toolkit/content/neterror/supportpages/time-errors.html new file mode 100644 index 0000000000..c96c5ba95f --- /dev/null +++ b/toolkit/content/neterror/supportpages/time-errors.html @@ -0,0 +1,319 @@ + + + + + + + + + + How to troubleshoot time related errors on secure websites + + +
+

How to troubleshoot time related errors on secure websites

+

+ Certificates for secure websites (the address begins with + https://) are valid only for a certain period of time. + If a website presents a certificate with validity dates that don't match + the date on your computer's clock, Firefox can't verify that it is + secure and will show you an error page. +

+

+ Such issues can often be fixed by setting the correct date, time and + time zone on your computer system. If this does not solve the problem, + it could be caused by other issues, such as a misconfigured web server + or an expired certificate. +

+ +

+ List of time-related error codes you may encounter +

+
+
+ Note: A Your Computer Clock is Wrong error + page almost certainly means that your computer's clock is set to the + wrong date. Some time-related errors will show a + Warning: Potential Security Risk Ahead error page. For other + time-related errors, you'll get a Secure Connection Failed or + Did Not Connect: Potential Security Issue error page. +
+

+ + +

+

+ Click + + More Information or + Advanced…, depending on the error page, + + + Advanced… on the error page + to view the error code. One of the following error codes will indicate + that the secure connection couldn't be established due to a + time-related error: +

+
+
+
+ Note: If you get a + Your connection is not secure error page, click the + Advanced button to view the error code and + other details. A Secure Connection Failed error page may also + indicate a time-related error. +
+

+ One of the following error codes will indicate that the secure + connection couldn't be established due to a time-related error: +

+
+

+ SEC_ERROR_EXPIRED_CERTIFICATE
+ SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE
+ SEC_ERROR_OCSP_FUTURE_RESPONSE
+ SEC_ERROR_OCSP_OLD_RESPONSE
+ MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE
+ MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE +

+

+ The text on the error page will warn you when Firefox detects that your + system date and time is probably wrong and will also show the date and + time currently set in your system. If the clock settings are incorrect + you should set it to the right time + as explained below. Even if the displayed time settings seem to be correct, you should + make sure that the time zone settings of your system match your current + location. +

+

+ Set your system clock to the correct time +

+

+ Time-related errors on secure websites caused by a skewed system clock + can be resolved by setting your correct date, time and time zone:. + + Change your date and time settings from the clock on the Windows + taskbar or follow these instructions: +

+
+

If your are on Windows 10:

+
    +
  1. + Click the Windows Start button or press the Windows key. +
  2. +
  3. In the Start menu, selectSettings.
  4. +
  5. + In Settings, selectTime & language. +
  6. +
  7. + In theDate & time section you can + review the current date and time settings. To change your settings + click on Change below + Change date and time or expand the + Time zone dropdown menu. +
    + If your system is set to manage the time and time zone + automatically, you cannot make manual changes. +
    +
  8. +
  9. If you are done with your changes, close the Settings window.
  10. +
+
+
+

If your are on Windows 8:

+
    +
  1. + From the Start Screen, click the Desktop tile. The + Desktop view will open. +
  2. +
  3. + From the Desktop, hover in the lower right-hand corner to access the + Charms. +
  4. +
  5. + Select Control Panel from the + Settings charm. The Control Panel window + will open. +
    +
    +
    +
  6. +
  7. + In the Control Panel window, click on + Clock, Language, and Region and then + Date and Time. +
  8. +
  9. + The panel that opens shows the current date and time settings. To + change your settings click the + Change date and time or + Change time zone button. +
  10. +
  11. To confirm your changes click OK.
  12. +
+
+
+

If your are on Windows 7:

+
    +
  1. + Click the Windows Start button or press the Windows key + . +
  2. +
  3. + In the Start Menu, click Control Panel. +
    +
    +
    +
  4. +
  5. + In the Control Panel window, click on + Clock, Language, and Region and then + Date and Time. +
  6. +
  7. + The panel that opens shows the current date and time settings. To + change your settings click the + Change date and time or + Change time zone button. +
  8. +
  9. To confirm your changes click OK.
  10. +
+
+
+

If your are on Mac OS:

+
    +
  1. + Click the Apple menu and select + System Preferences. +
  2. +
  3. + In the System Preferences window, click on + Date & Time. +
  4. +
  5. + The panel that opens shows the current date and time settings. In + order to adjust them, disable + Set date and time automatically, manually + enter the date and time and click + Save to confirm your changes. +
  6. +
  7. + In order to review your time zone settings, click on the + Time Zone tab. In order to adjust your time zone, + disable + Set time zone automatically using current location, click onto your approximate location in the map and select the + city closest to you in the dropdown panel. +
  8. +
  9. + If you are done with your changes, close the Date & Time window. +
  10. +
+
+
+ Note: If the clock on your device constantly resets + after you power it off, this might indicate that the battery cell that + runs the real-time clock is getting low or is empty. Please consult your + manufacturer's manual on how to replace the CMOS battery. +
+

Contact the website owner

+

+ If you get a time related error on a secure website and you have already + checked the correct settings of your system’s clock, please contact the + owner of the website which you can’t access and inform them of the + problem. The website owner might need to renew the expired certificate, + for example. +

+
+

Bypass the warning

+
+ Warning: You should never bypass the warning for a + legitimate major website or sites where financial transactions take + place – in this case an invalid certificate can indicate that your + connection is compromised by a third party. +
+

+ If you see a Your connection is not secure warning page and + the website allows it, you can add an exception to be able to visit + the site, despite the fact that the certificate is not trusted by + default: +

+
    +
  1. + On the warning page, click Advanced. +
  2. +
  3. + Click Add Exception…. The + Add Security Exception dialog will appear. +
  4. +
  5. + Read the text describing the problems with the website. You can + click View… + to closer inspect the untrusted certificate. +
  6. +
  7. + Click Confirm Security Exception if you + are sure you want to trust the site. +
  8. +
+
+
+ + -- cgit v1.2.3