Why is Firefox is not loading the pages properly?
When I'm connected to the internal corporate network and behind their proxy servers and the firewalls, my Firefox is not loading the pages properly (i.e. www.stackoverflow.com, please see the uploaded image) rendering only the text and the links while the same pages are rendering with no issues when I use Chrome, IE, Edge, or Opera browsers. To my surprise, when I disconnect from the internal corporate network and switch over to the corporate guest network the same Firefox is rendering the same pages with no issues at all. I have been a Firefox user for many years now and have not had this issue up until now. I am on Firefox 54.0.1 (64-bit) and it appears as this issue has been introduced new.
الحل المُختار
If other browsers of your system trust the fake certificates, they probably have been configured with an authority certificate that validates all of the fake certificates. Traditionally you would import that certificate into Firefox to solve the problem. However, recently another option was added which you could try:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.
(2) In the search box above the list, type or paste roots and pause while the list is filtered
(3) Double-click the security.enterprise_roots.enabled preference to switch the value from false to true
If it works, Firefox then would piggyback on the system certificate store.
Read this answer in context 👍 1All Replies (20)
I had no problem with the link.
Many site issues can be caused by corrupt cookies or cache.
- Clear the Cache and
- Remove Cookies
Warning ! ! This will log you out of sites you're logged in to. You may also lose any settings for that website.
Type about:preferences<enter> in the address bar.
- Cookies; Select Privacy. Under History, select
Firefox will Use Custom Settings. Press the button on the right side called Show Cookies. Use the search bar to look for the site. Note; There may be more than one entry. Remove All of them.
- Cache; Select Advanced > Network. Across from
Cached Web Content, Press Clear Now.
If there is still a problem, Start Firefox in Safe Mode {web link} A small dialog should appear. Click Start In Safe Mode (not Refresh). While you are in safe mode;
Type about:preferences#advanced<enter> in the address bar.
Under Advanced, Select General. Look for and turn off Use Hardware Acceleration.
Then restart. Poke around safe websites. Are there any problems?
I implemented your instructions however they did not help!
If you read the problem description again. This issue is not about the stale cache or the cookies, or the hardware acceleration, or add-on plugins. When I disconnect from the internal corporate network and connect to the corporate guest network I am not having this issue with the same Firefox, with all the same settings, and with all the same add-ons.
I am also not having this issue with the Chrome, IE, Edge, or Opera browsers when I am connected to the internal corporate or to the corporate guest networks.
I am also not having this issue when I take my laptop home, connect to my home network, and use the same Firefox.
Modified
Since your description requires viewing an image to understand what is missing, could you attach it to a reply? https://support.mozilla.org/questions/1168294#question-reply
Also, are other sites affected? When users observe widespread issues with partially or completely unstyled pages, I usually ask whether they have encountered any secure connection or certificate errors. Since you use a proxy, this could be an issue for you.
jscher2000 said
Since your description requires viewing an image to understand what is missing, could you attach it to a reply? https://support.mozilla.org/questions/1168294#question-reply
I uploaded images from www.stackoverflow.com and the www.amazon.com. I also am having this issue with the www.target.com that's partially rendering.
jscher2000 said
Also, are other sites affected? When users observe widespread issues with partially or completely unstyled pages, I usually ask whether they have encountered any secure connection or certificate errors. Since you use a proxy, this could be an issue for you.
Yes, when I research for something and google for it I come across many other sites that are also affected. One thing I noticed was that all those sites having this issue are using the https protocol.
Yes, you're correct! I sometimes get secure connection or certificate errors for some of our internal sites in our intranet occasionally but not with these sites. And every time when I get a secure connection or certificate error with our internal sites I add an exception and accept the certificates over and over again.
It appears as this may have something to do with secure connections or the certificates that Firefox thinks there are issues with them while the other browsers do not.
acolpan said
And every time when I get a secure connection or certificate error with our internal sites I add an exception and accept the certificates over and over again.
Bingo! Complex sites tend to use multiple servers. The exception is only for the top level server, and the files from the supporting servers end up still being blocked, such as style sheets.
But... you should never need to add exceptions for well-run sites! Please pause and investigate, to make your life easier and if there is malware reading your browsing, to root that out.
I'm assuming you never set an exception for my server so could you see whether you can trigger the error on this page, then click the Advanced button and copy/paste the more detailed error description into a reply:
https://www.jeffersonscher.com/res/jstest.php
At the bottom of that extra detail section should be a code IN CAPS that helps more precisely identify the problem. This article covers one of the most common that users report here:
How to troubleshoot security error codes on secure websites
To share with us more information about the certificates that Firefox believes are fakes, click the blue error code in the error page to reveal an encoded version of the certificate. (I upload it to https://certlogik.com/decoder/ if you're curious what is embedded in that information.)
I am not sure if this a malware issue because as I said earlier when I switch over to the corporate guest network or take my laptop to home and use my home network I can browse the same sites with no issues.
I went to your site however I did not get a "SEC_ERROR_UNKNOWN_ISSUER" error and my Firefox did not ask me if I wanted to add an exception for it. Please find uploaded the image from my visit to your site.
Hmm, the problem is selective. Could you check the certificates for sites where you added an exception to see whether there is a pattern to the "Issued by" information which points to a specific culprit. Here's how:
"3-bar" menu button (or Tools menu) > Options
In the left column, click Advanced. Then on the right side, click the Certificates mini-tab along the top. Then click the "View Certificates" button.
This should open the Certificate Manager. Click the "Servers" tab. Ignore the ones for "*" and check for any servers you remember adding an exception for. You can select one and click View to check the "Issued by" information (and repeat for a good sampling of them).
Any pattern? Here's a screenshot for https://stackoverflow.com/ for comparison -- note that it may be listed under stackexchange.com.
All of the certificates in the Servers tab but two are issued by the internal applications. The remaining two are from answers.acrobatusers.com and mail.google.com. I am not showing any certificates for the www.stackoverflow.com or the www.amazon.com. More interestingly, when I click on the "Add Exception" button to add a certificate for example for the www.stackoverflow.com by clicking on the "Get Certificate" button in the "Add Security Exception" I get a message that says "This site provides valid, verified identification. There is no need to add an exception.". Please see the uploaded image.
acolpan said
More interestingly, when I click on the "Add Exception" button to add a certificate for example for the www.stackoverflow.com by clicking on the "Get Certificate" button in the "Add Security Exception" I get a message that says "This site provides valid, verified identification. There is no need to add an exception.". Please see the uploaded image.
Can you access StackOverflow without the www?
I can but the page is still partially rendered. Please see the uploaded image.
If you open Firefox's Network Monitor in the lower part of the tab and reload the page, can you see any information on why some page elements are not loaded? To open the network monitor, either:
- Ctrl+Shift+q
- "3-bar" menu button > Developer > Network
- (menu bar) Tools > Web Developer > Network
If you reload using Ctrl+Shift+r, that will bypass the cache and require fresh retrieval of all files. I'm attaching an example of a successful retrieval (allowing some but not all of the ad sources...), and also what you can view on the security panel if you click a row for a particular server and change the panel on the right side from Rules (or whatever it shows) to Security.
I did ctrl+Shift+q, went to https://stackoverflow.com, then did a ctrl+Shift+r. Uploaded are the images from the Network tab.
Modified
Your Firefox didn't load any files from cdn.sstatic.net (0 bytes). It says Connection Established so that implies no SSL issue, but then there's a warning triangle next to the server name instead of a lock. ??
If you view the Security panel for one of those requests, does the certificate information match my second screenshot?
Over the years, users occasionally have reported problems with sites that have "cdn" in their host name. It was never clear to me what caused that, whether some security software, parental controls, or something else.
In my first posting to your previous question, I posted the Headers tab by mistake and when I realized that you were asking for the Security tab I updated my last posting with a new image from the Security tab. You identified the problem I am running into and that's due to the invalid and not trusted cdn.sstatic.net certificate.
Your analysis has given me the hint to resolve this issue as below: 1. I went to the "3-bar menu button > Options > Advanced > Certificates > view Certificates > Add Exception" 2. In the Location field on the "Add Security Exception" dialog I typed in https://cdn.sstatic.net clicked on the "Get Certificate", and finally the "Confirm Security Exception" button.
I can now browse the https://stackoverflow.com with no issues. Please see the uploaded image.
Thank you for all your time and effort helping me troubleshooting this issue and getting to the bottom of it.
This issue is not happening with the other browsers. Previously, I was able to use these sites with Firefox with no issues at all either. This seems to have been introduced with the most recent Firefox upgrade. But, at least I now have a way of dealing with it by manually adding certificate exceptions.
Thanks again for all the help you extended to me and you have a great day.
Thanks for the update. In the interest of science (and security), if you look at the details of the certificate for cdn.sstatic.net in the Certificate Manager (https://support.mozilla.org/questions/1168294#answer-988560), is there any obvious explanation for why Firefox wasn't accepting it? Here's a screenshot of what I see for comparison.
Uploaded are the view certificate images from my FireFox. My understanding is that our corporate proxies are intercepting the traffic and acting as man-in-the-middle monitoring the traffic, therefore the cdn.sstatic.net certificate arriving in the FireFox is not from the "DigiCert SHA2 High Assurance Server CA" anymore but from the "BlueCoat SSL Intercept Root Certificate Authority" instead. Consequently, unless you manually add an exception for it the FireFox is not accepting a certificate from the "BlueCoat SSL Intercept Root Certificate Authority" and the content from those sites associated with the certificate are declined. Please correct me if I am mistaken in my analysis.
Modified
الحل المُختار
If other browsers of your system trust the fake certificates, they probably have been configured with an authority certificate that validates all of the fake certificates. Traditionally you would import that certificate into Firefox to solve the problem. However, recently another option was added which you could try:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.
(2) In the search box above the list, type or paste roots and pause while the list is filtered
(3) Double-click the security.enterprise_roots.enabled preference to switch the value from false to true
If it works, Firefox then would piggyback on the system certificate store.
This solved the problem with all the sites that were running into this issue. I updated the chosen solution with your last response.
I can't thank you enough for all your time and help. Thanks.
Modified