Firefox update check can't talk to the mothership (likely)
I run Firefox on a number of systems and two of my work computers seem to be unable to check in with the Firefox update servers to get updates. See image for the exact error message.
"Firefox can't update to the latest version. Download a fresh copy of Firefox and we'll help you to install it."
My suspicion is my network team is blocking my browsers from getting to the Firefox update servers but I don't know how to test it. One of my browsers is 77.0, the other is 77.0.1. Both of them give me the error in the image. Both of them insist I'm on the latest version of Firefox when I use 'Help/About Firefox' to check.
If anyone knows what data I should collect to get this figured out I'd appreciate it.
Thanks
被選擇的解決方法
Received the 'Firefox can't update to the latest version.' error again. Switched over to proxy and Firefox immediately updated. Confirmed it's the organizational firewall that's blocking updates. Next time it reoccurs I will take it up with my network security staff.
Thank you all for your help. I'm leaving this question as open in case there is something about the remediation that is fit for public consumption and if so I'll post it here to assist others.
從原來的回覆中察看解決方案 👍 0所有回覆 (13)
You should contact your IT for this problem.
Meantime, to update, you will need to download the full installer.
Current version: https://www.mozilla.org/en-US/firefox/releasenotes/
This can also be because you do not have write permissions for the Firefox program folder.
- (64-bit Firefox) "C:\Program Files\Mozilla Firefox\"
- (32-bit Firefox) "C:\Program Files (x86)\Mozilla Firefox\"
Normally the Mozilla Maintenance Service takes care of this, but it sounds that updating has been disabled for you.
In Firefox 63+ you can check the about:policies#active page to see whether policies are active.
FredMcD said
You should contact your IT for this problem. Meantime, to update, you will need to download the full installer.
Current version: https://www.mozilla.org/en-US/firefox/releasenotes/
I'm part of IT :), and I know it will work much better with the network team if I can tell them that connections from IP x to destination y on ports a,b,c are being blocked inside the corporate network but not outside. If possible I'm looking to get a deeper understanding of how the updates work and why one of my Firefox instances is reporting 'up to date' when it's on version 77.0 and state of the art is 77.0.1.
I supposed I can start packet capture on my workstation and see if a manual update will tell me where the browser is trying to connect to but I was hoping to get that figured out here rather than sort through all those logs.
You can use the Browser Console and check for a XHR request that should be triggered by opening Help -> About Firefox .
cor-el said
This can also be because you do not have write permissions for the Firefox program folder.Normally the Mozilla Maintenance Service takes care of this, but it sounds that updating has been disabled for you. In Firefox 63+ you can check the about:policies#active page to see whether policies are active.
- (64-bit Firefox) "C:\Program Files\Mozilla Firefox\"
- (32-bit Firefox) "C:\Program Files (x86)\Mozilla Firefox\"
I'm a member of the local Administrators group on the workstation so permissions shouldn't be a problem.
Auto updates and background service are both enabled.
"The Enterprise Policies service is inactive."
Is there something else I should be checking?
cor-el said
You can use the Browser Console and check for a XHR request that should be triggered by opening Help -> About Firefox .
Very useful, thank you. Screen shot attached and it looks like nothing is getting blocked when Firefox reaches out for updates. I'm going to let this cook for a bit to see if anything interesting shows up.
Cooking completed overnight. You can see from the attached screen shots lots of check in's with the Firefox mothership with lots of HTTP 304 responses but the browser doesn't pick up that there is a new version and asks for a manual download again.
I wonder if we're doing some web caching at my company firewall that's preventing updates from the following from being seen? If that is the case would that break the Firefox update process?
The https://firefox.settings.services.mozilla.com XHR requests for me looks something related to Sync and not to updating Firefox.
You would have to expand the first message about aus5.mozilla.org to see what the server response is for the update check (click the arrow at the start of the message).
The second message is about checking for a captive portal.
cor-el said
The https://firefox.settings.services.mozilla.com XHR requests for me looks something related to Sync and not to updating Firefox. You would have to expand the first message about aus5.mozilla.org to see what the server response is for the update check (click the arrow at the start of the message).
The second message is about checking for a captive portal.
There is nothing in the response section in the XHR request either on my work computers or my home one but I found another site that would partially load pages and hang. I refreshed Firefox with no change in page loading in the other site. I then ran everything through a proxy and voila, it worked. I expect the same thing is happening for Firefox updates. I also know my organization likes to man in the middle our network traffic so perhaps Firefox is fighting the good fight and not just taking whatever employer provided root cert is being provided by GPO, but it might also be doing it wrong enough so that it's failing without telling me about it.
I'll wait until the next version of Firefox comes out and do some more testing. If it is my org mucking with the traffic I'll have a reproducible case that we can use to test remediations. I'll let folks here know what I find out but it might be some weeks before I have a response.
選擇的解決方法
Received the 'Firefox can't update to the latest version.' error again. Switched over to proxy and Firefox immediately updated. Confirmed it's the organizational firewall that's blocking updates. Next time it reoccurs I will take it up with my network security staff.
Thank you all for your help. I'm leaving this question as open in case there is something about the remediation that is fit for public consumption and if so I'll post it here to assist others.
That was very good work. Well Done.
Please flag your last post as Solved Problem
as this can help others with similar problems.
FredMcD said
That was very good work. Well Done.
Please flag your last post as Solved Problem as this can help others with similar problems.
I'm going to leave this open for a bit in the hopes that I can figure out if it's blocked ports, bad certificates from the man in the middle my company does, so something special and different. Once I have that figured out, or am convinced that it's not worth it to figure it out I'll mark this as solved.
Confirmed it was a company mandated man in the middle attack as they want to inspect all SSL traffic going out of the network. After I added their root certificates Firefox updates are happening normally.