Closed Bug 1512962 Opened 5 years ago Closed 5 years ago

BitDefender is not adding it's certificate on Non-ASCII profiles and the https webpages are displaying a "connection is not secured" error

Categories

(External Software Affecting Firefox :: Other, defect)

Product:
External Software Affecting Firefox
Component:
Other
Platform:
x86_64
Windows 10
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(firefox63 wontfix, firefox64 wontfix, firefox65 verified, firefox66 verified)

Status:
VERIFIED FIXED
Tracking Flags:
Tracking Status
firefox63 --- wontfix
firefox64 --- wontfix
firefox65 --- verified
firefox66 --- verified

People

(Reporter: emilghitta, Unassigned)

Details

[Affected versions]:
Firefox 63.0.3 
Firefox 65.0a1

[Affected platforms]:
Windows 10 64bit.

[Preconditions]:
Install BitDefender Pro 2019 (trial).

[Steps to reproduce]:
1. Launch Firefox 63.0.3 with a new, Non-ASCII profile. (ex: åÞÛÚ).
2. Close Firefox 63.0.3.
3. Launch latest nightly with the same Non-ASCII profile.
4. Access the https://twitter.com/ webpage.
5. Close latest nightly.
6. Launch Firefox 63.0.3 again
7. Access the https://twitter.com/ webpage.

[Expected result]:
The webpage loads successfully.

[Actual result]:
Steps 4 and 7: An error stating that the "connection is not secured" is displayed.

[Workaround]
1. Set the "security.enterprise_roots.enabled" pref to "true".

[Note]:
For further information regarding this issue, please view the following screencast: https://drive.google.com/file/d/1QwzgEYEiytnfeL7-61ntqFYxgY6_DNVV/view?usp=sharing

Please note that you may have to repeat step 3 and 4 a couple of times (2-3 times) in order to reproduce (sometimes this is reproducible from the first try).

It seems that BitDefender is not adding it's certificate inside the Certificate manager on Non-ASCII profiles.
Just an update note:
You don't have to launch a different version of Firefox (with the same Non-ASCII profile). Launching the same version (ex: 63.0.3) with the same profile several times (2-3 times) will also reproduce this issue.
status-firefox63: --- → affected
Other than just turning enterprise mode on for Windows by default, I don't know what to do here.
Emil, per Gijs suggestion, can you please confirm that there are certificates installed for other vendors (ESET, Avast or Kaspersky all default to installing their certs into our NSS store) into the profile (not just via the about:config pref to use the windows DB). If confirmed it means it is a BitDefender issue, not a Firefox issue and we can open a ticket with them.
Flags: needinfo?(emil.ghitta)
Confirming here as well (for better transparency).

BitDefender:

- Tested using non-ascii profile (freshly created, using the default pref configurations). BitDefender fails to add it's certificate (verified by viewing the Certificate Manager) and leads to the issue that was mentioned in comment 0. 

Avast free antivirus 18.82356 (build 18.8.4084.0) and AVG Antivirus free 18.8.3071 (build 18.8.4084.0):

- Tested using newly created non-ascii profiles (using the default pref configurations). It seems that both Avast and AVG successfully adds the certificates inside the Certificate Manager.
Flags: needinfo?(emil.ghitta)
Component: Security: PSM → Other
Product: Core → External Software Affecting Firefox
Version: Trunk → unspecified

hi radu, there seems to be a problem with bitdefender not placing its certificates into the firefox trust store under some circumstances. could you look into this problem or forward it to the right people at bitdefender?

Flags: needinfo?(rportase)

Also, you could consider switching to the Windows store, which Firefox supports. Kaspersky did the same, and it resolved a few problems for them.

Hello,

Thank you for reporting the issue. We started an investigation on our end and are trying to solve it as fast as possible. We'll keep you informed on the progress.

Flags: needinfo?(rportase)

See Bug 1508624 Comment 14. It is likely that this specific case of the issue is also fixed.

(In reply to Radu Portase from comment #8)

Hello,

Thank you for reporting the issue. We started an investigation on our end and are trying to solve it as fast as possible. We'll keep you informed on the progress.

Radu, any chance of an update on this?

Hello,

Sorry for not replying sooner... I'm not directly involved in the development of the components responsible for this bug... so I thought the comment above ( See Bug 1508624 Comment 14. It is likely that this specific case of the issue is also fixed.
) meant that this issue was fixed.

Can you please check if the issue reproduces with Bitdefender Total Security updated to the latest version? If you don't have the product, a 30 days trial can be downloaded from the Bitdefender website (https://www.bitdefender.com/solutions/total-security.html).

Please note that a restart might be required after the update for the fix to be in place.

Let me know if the issue remains :)

Thank you

(In reply to Marco Castelluccio [:marco] from comment #7)

Also, you could consider switching to the Windows store, which Firefox supports.

If localized profile names are preventing them from updating the certificate database they could just as well have the same problem finding that profile's prefs.js to turn on the enterprise root feature.

I can confirm that this issue is no longer reproducible from my side while using BitDefender total security provided in comment 11 with Firefox 65.0.2 and Firefox 66.0b1.

Marking fixed based on comment #13.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Status: RESOLVED → VERIFIED
status-firefox65: affectedverified
status-firefox66: --- → verified
You need to log in before you can comment on or make changes to this bug.