We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Avatar for Username

Mozilla サポートの検索

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

詳しく学ぶ

このスレッドはアーカイブに保管されました。 必要であれば新たに質問してください。

Can't open Paypal because of potential security risk.

  • 1 件の返信
  • 1 人がこの問題に困っています
  • 1 回表示
  • 最後の返信者: philipp

CRUGG
CRUGG
more options

Hey! When I want to go to paypal.com I get an error message with the title "Warning: Potential Security Risk Ahead". Below the title it says: "Nightly detected a potential security threat and did not continue to www.paypal.com. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.

www.paypal.com has a security policy called HTTP Strict Transport Security (HSTS), which means that Nightly can only connect to it securely. You can’t add an exception to visit this site."

I don't think PayPal is in-secure.

I tried many answers I found here, like going to about:config and changing security.tls.version.max from the default of 4 to 3 etc.

Hey! When I want to go to paypal.com I get an error message with the title "Warning: Potential Security Risk Ahead". Below the title it says: "Nightly detected a potential security threat and did not continue to www.paypal.com. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details. www.paypal.com has a security policy called HTTP Strict Transport Security (HSTS), which means that Nightly can only connect to it securely. You can’t add an exception to visit this site." I don't think PayPal is in-secure. I tried many answers I found here, like going to about:config and changing security.tls.version.max from the default of 4 to 3 etc.

すべての返信 (1)

philipp
philipp
  • Moderator
more options

hi, paypal is using an insecure symantec certificate - firefox is gradually revoking trust in those and as you are using a nightly build you're one of the first users noticing: https://blog.nightly.mozilla.org/2018/08/14/symantec-distrust-in-firefox-nightly-63/

a temporary workaround would be setting security.pki.distrust_ca_policy to 1 (but don't forget to reset that preference to the default later on once most common websites have adapted)