为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

话题已关闭并存档。 如果需要帮助请提出新问题。

Potential Security Risk Ahead

  • 6 个回答
  • 3 人有此问题
  • 17 次查看
  • 最后回复者为 yadinf

more options

Thunderbird is completely unusable in the latest release. Attempting to set up a gmail based account results in

"Warning: Potential Security Risk Ahead

Thunderbird detected a potential security threat and did not continue to 192.168.1.250. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details."

That's it. No options, no explanation, no KB articles, nothing. It just doesn't work. But why is Thunderbird trying to open a web connection to my local machine? If it's trying to talk to itself, why can't it? This is clearly an issue with trying to authenticate to Google as it happens after auth, but come on, this is a given requirement these days. If your app doesn't work out of the box (MacOS 13 btw), it may as well not exist for the OS, so this is very confusing.

Trying out older versions was a real comedy of failures as well. Too old and it's just a disaster. Too new and it just self updated to 115 again which doesn't work. So kinda seems like this is not a functional app anymore, at least not on Mac. Baffling. I guess it can only be used with legacy style email systems.

Thunderbird is completely unusable in the latest release. Attempting to set up a gmail based account results in "Warning: Potential Security Risk Ahead Thunderbird detected a potential security threat and did not continue to 192.168.1.250. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details." That's it. No options, no explanation, no KB articles, nothing. It just doesn't work. But why is Thunderbird trying to open a web connection to my local machine? If it's trying to talk to itself, why can't it? This is clearly an issue with trying to authenticate to Google as it happens after auth, but come on, this is a given requirement these days. If your app doesn't work out of the box (MacOS 13 btw), it may as well not exist for the OS, so this is very confusing. Trying out older versions was a real comedy of failures as well. Too old and it's just a disaster. Too new and it just self updated to 115 again which doesn't work. So kinda seems like this is not a functional app anymore, at least not on Mac. Baffling. I guess it can only be used with legacy style email systems.

所有回复 (6)

more options

Seriously is your computer IP address on the local network 192.168.1.250? Does it have an untrusted or self signed certificate installed on it? Perhaps from an antivirus program.

Authentication using oauth uses the local host IP address of 127.0.0.1 to pass information back to the local machine about your choices in the web browser component. So yes it should be looping back to your machine. Sounds like you might want to fix your security software so it allows the program to function.

more options

If you're implying that Thunderbird needs to set up a local web service with trusted cert to do auth, that's poor design to say the least and a security concern as well, not to mention well beyond the average user. There is no reason for this, and other software doing Google auth on this system has no such issue. Also, there is no security software in play, it's a Mac with no 3rd party security products. This is simple out of the box behavior which is not functional.

more options

115 is a disaster!!!! I need the old view to work properly. I don't see any way to change it back using 115 menu options. HELP!!! I use Tbird for ALL mail business and I'm handcuffed by a bug-ridden way-too-early beta. Have you no shame in Mozilla land?

more options

jimflynnlotus said

115 is a disaster!!!! I need the old view to work properly. I don't see any way to change it back using 115 menu options. HELP!!! I use Tbird for ALL mail business and I'm handcuffed by a bug-ridden way-too-early beta. Have you no shame in Mozilla land?

If you want support ask for it in your own topic. https://support.mozilla.org/en-US/questions/new/thunderbird try clicking the ask now button if you missed it in your haste to post on a topic posted by someone else.

Your intrusion here is neither welcomed, nor going to elicit any attempt at support.

more options

yadinf said

If you're implying that Thunderbird needs to set up a local web service with trusted cert to do auth, that's poor design to say the least and a security concern as well, not to mention well beyond the average user. There is no reason for this, and other software doing Google auth on this system has no such issue. Also, there is no security software in play, it's a Mac with no 3rd party security products. This is simple out of the box behavior which is not functional.

I am working through a load of old emails and came to this topic again.

I don't know how you managed to get something about a web service out of my response. Thunderbird has received a security certificate for that IP address. As all addresses in the range 192.168 are local, That means it is between the chair and ISP. You have something making and offering certificates, I offered a couple of suggestions as to what it is. Today I googles 6the IP address and it returned many results for netgear WiFi extenders. I really have no idea if it is malware, over zealous Apple setting or my normal cause of generally messes up networking the antivirus "solution" or the WiFi as the Google search suggests. What I do know is I made no mention of any local web services.

more options

"Authentication using oauth uses the local host IP address of 127.0.0.1 to pass information back to the local machine about your choices in the web browser component. So yes it should be looping back to your machine." "I don't know how you managed to get something about a web service out of my response."

If it's looping back to the local machine on port 80/443 then it's looking for a web service. If Thunderbird isn't therefore using a web service, how does it expect this response? Either way, this is not functional design which is why it doesn't work. No other piece of software has this issue with Google auth. The app should be communicating with Google, and any browser handoff should be cleanly handled with the app and not trying to pass through localhost over http/https where other services could respond to the generic request. Indeed, this is insecure design that basically begs for hijacking.

Given your response attitude however, it's pretty clear that Mozilla doesn't really have an interest in usage or feedback, leaving this a dead product. Note also there is a difference between not "beating around the bush" and just being rude. You are the latter. I've dealt with many Aussies and appreciate their candor. You're not direct, you're insulting. If Mozilla does care about support in this forum they should remove you and get someone helpful.