Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Firefox 115.0.x fails a checksum test when extracting.

more options

As many users do, I download the full FireFox package directly from the Mozilla FTP server and extract the contents of the EXE for checking and direct copying into a custom configured target directory. I do this for a number of reasons which will not be detailed here.

The the setup files for the latest version of the ESR release are failing the checksum test during extraction. This is not isolated to this version as the 114.x.x and 113.x.x version files also seem to be effected by this problem.

Checksum failures directly indicate that the files extracted can not be trusted.

@FireFox Dev team, Please investigate this issue and resolve as soon as possible.

Thank You!

As many users do, I download the full FireFox package directly from the Mozilla FTP server and extract the contents of the EXE for checking and direct copying into a custom configured target directory. I do this for a number of reasons which will not be detailed here. The the setup files for the latest version of the ESR release are failing the checksum test during extraction. This is not isolated to this version as the 114.x.x and 113.x.x version files also seem to be effected by this problem. Checksum failures directly indicate that the files extracted can not be trusted. @FireFox Dev team, Please investigate this issue and resolve as soon as possible. Thank You!
已附加屏幕截图

由lexluthermiester于修改

所有回复 (12)

more options

On Windows you can get a special version with a Unique Download Identifier (__MOZCUSTOM__).

more options

cor-el said

On Windows you can get a special version with a Unique Download Identifier (__MOZCUSTOM__).

That's interesting, but doesn't seem related to this problem.

more options

The files from https://archive.mozilla.org/pub/firefox/releases/115.0.3esr/win64/ should not have the mentioned above thing you may get (for Windows) if you downloaded from say https://www.mozilla.org/firefox/enterprise/

lexluthermiester said

I download the full FireFox package directly from the Mozilla FTP server

There is no FTP server as Mozilla disabled the ftp:// protocol on servers back on Aug 5th, 2015. If you mean the http://ftp.mozilla.org then that is not FTP as FTP used to be ftp://ftp.mozilla.org

more options

lexluthermiester said

cor-el said

On Windows you can get a special version with a Unique Download Identifier (__MOZCUSTOM__).

That's interesting, but doesn't seem related to this problem.

It is the reason though.

more options

James said

There is no FTP server as Mozilla disabled the ftp:// protocol on servers back on Aug 5th, 2015. If you mean the http://ftp.mozilla.org then that is not FTP as FTP used to be ftp://ftp.mozilla.org

The following is the only place I download FireFox from; https://ftp.mozilla.org/pub/firefox/releases/

James said

The files from https://archive.mozilla.org/pub/firefox/releases/115.0.3esr/win64/ should not have the mentioned above thing you may get (for Windows) if you downloaded from say https://www.mozilla.org/firefox/enterprise/

As mentioned above, the archive site is not used and will not be used for certain reasons. Additionally, I use the 32bit and 64bit versions of FireFox side-by-side for reasons I'm not going to detail here. Both setup files for each version are exhibiting the same checksum error problem as are all of the setup files for 115.0.2, 115.0.1 and 115.0.0. It is possible that the checksum failure is taking place on version 116.x.xb versions, however I never touch the beta builds.

For reference, the latest Thunderbird builds do not exhibit the checksum failure. https://ftp.mozilla.org/pub/thunderbird/releases/

This problem seems limited to the recent builds of FireFox.

由lexluthermiester于修改

more options

James said

It is the reason though.

I have doubts of this. The reason is, earlier versions of FireFox do not exhibit the checksum failure. For example; https://ftp.mozilla.org/pub/firefox/releases/102.13.0esr/ None of these EXE's fail the checksum test.

The problem is not the download method, it is a change made to the files themselves when compiled, one that is disrupting the checksum calculations.

由lexluthermiester于修改

more options

Not sure why you are avoiding the archive.mozilla.org when I have never seen anything of concern about it over the years here and at mozillaZine forums. Mozilla prefers people link to say archive.mozilla.org or https://download-installer.cdn.mozilla.net/pub/firefox/releases/ to reduce the load on the (not ftp) https://ftp.mozilla.org

Keep in mind that there is Fx 115.0.2 for Release and Fx 115.0.2 for ESR for example so they will each have their own checksum. Right now there is actually a 115.0.3 ESR but not for Release channel currently as it is still at 115.0.2

As said if the (full offline) Firefox setup .exe from Mozilla.org website has the Unique Download Identifier then that can explain the different checksums.

If you download from a mozilla org page you may get the small online stub installer and not the full offline setup as you can get from www.mozilla.org/firefox/all/ . This of course is not a issue for macOS or Linux users.

more options

James said

Keep in mind that there is Fx 115.0.2 for Release and Fx 115.0.2 for ESR for example so they will each have their own checksum. Right now there is actually a 115.0.3 ESR but not for Release channel currently as it is still at 115.0.2

https://ftp.mozilla.org/pub/firefox/releases/115.0.3esr/


James said

As said if the (full offline) Firefox setup .exe from Mozilla.org website has the Unique Download Identifier then that can explain the different checksums.

If that was the problem, then all EXE files for all versions of the FireFox download section would be affected. This has been tested to show not being the the case. Only the most recent versions are affected, from 112.x.x forward.

more options
more options

cor-el said

See also:

That might be part of the problem, seems plausible. Only the Dev team would know for sure. They really need to be the ones looking into this, specifically the persons responsible for compiling the setup package.

More than a decade ago, this same problem was happening. It took some time but the Dev team figured it out, updated all the setup files and the problem was solved. I suspect that it might be a similar problem.

more options

Update on the situation, the newest release of the ESR 102.14.0, both 32 and 64 bit, pass the check-sum test when extracted.

The newest 115.1.0 ESR does not.

See screenshot. So this problem continues. It affecting the 115.x.xESR package, but not the older 102.x.xESR package.

@Devs, This seems less like a compiler problem and more like a payload problem. Please resolve this issue soon.

由lexluthermiester于修改

more options

Update, version 115.3.1esr, both 32bit and 64bit are still failing checksum testing. This continues to be true regardless of the location the files are downloaded from. As before, the 102.X.X ESR version do not fail checksum tests.

@Mozilla Devs, This needs to be resolved as moving forward to the 115 ESR versions is important for users and a failing checksum is a deal breaker.

由lexluthermiester于修改