Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Hierdie gesprek is in die argief. Vra asseblief 'n nuwe vraag as jy hulp nodig het.

Getting security exception dialogue box. How do I know this is valid to allow an exception? Especially with the SSL bug out there?

more options

Worried about Heartbleed bug. Getting "Add Security Exception" when sending e-mail. How can I verify this change is accurate?

Worried about Heartbleed bug. Getting "Add Security Exception" when sending e-mail. How can I verify this change is accurate?

All Replies (3)

more options

Normally Firefox talks directly to the mail server, but there are a few reasons that an intermediate program or server might intercept your mail session. Not all of these are good reasons.

Some security suites include a filtering feature. In order to filter secure connections (HTTPS URLs), the security software presents a fake certificate to Firefox so it can intercept and stand in the middle of the secure connection. To have Firefox trust these certificates, you may need to do something such as import a root certificate, or click something in your security software's settings.

But... many users are finding that rogue software they didn't realize they had installed is the culprit.

When you are offered the option to add a security exception, does Thunderbird let you view the problem certificate? For example, in Firefox, you can click the Add Exception button in the error page, then in the dialog click View Certificate or Get Certificate to see the Issued by section. You do not need to finish adding an exception.

We want to get to the "Issued by" section of the certificate, as this often points to the source of the problem.

The kind of issuer you might find is:

  • Name associated with your security software, such as ESET, BitDefender, etc.
  • Sendori (indicates unwanted software from Sendori)
  • FiddlerRoot (indicates unwanted software named similarly to BrowserSafeguard, BrowserSafe, SafeGuard)
  • Something else

What do you see?

more options

The Issued by information is common name "Positive SSL CA2" and the organization is "Comodo CA Limited", which has some pretty bad reviews as a SSL certificate issuer. I assume this is whom hostgator obtained the SSL cert from?

more options

We could cross-check. What is the server name and port that Thunderbird is trying to connect to?