Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Firefox update check can't talk to the mothership (likely)

  • 13 回覆
  • 1 有這個問題
  • 1 次檢視
  • 最近回覆由 Tallbek

more options

I run Firefox on a number of systems and two of my work computers seem to be unable to check in with the Firefox update servers to get updates. See image for the exact error message.

"Firefox can't update to the latest version. Download a fresh copy of Firefox and we'll help you to install it."

My suspicion is my network team is blocking my browsers from getting to the Firefox update servers but I don't know how to test it. One of my browsers is 77.0, the other is 77.0.1. Both of them give me the error in the image. Both of them insist I'm on the latest version of Firefox when I use 'Help/About Firefox' to check.

If anyone knows what data I should collect to get this figured out I'd appreciate it.

Thanks

I run Firefox on a number of systems and two of my work computers seem to be unable to check in with the Firefox update servers to get updates. See image for the exact error message. "Firefox can't update to the latest version. Download a fresh copy of Firefox and we'll help you to install it." My suspicion is my network team is blocking my browsers from getting to the Firefox update servers but I don't know how to test it. One of my browsers is 77.0, the other is 77.0.1. Both of them give me the error in the image. Both of them insist I'm on the latest version of Firefox when I use 'Help/About Firefox' to check. If anyone knows what data I should collect to get this figured out I'd appreciate it. Thanks
附加的畫面擷圖

被選擇的解決方法

Received the 'Firefox can't update to the latest version.' error again. Switched over to proxy and Firefox immediately updated. Confirmed it's the organizational firewall that's blocking updates. Next time it reoccurs I will take it up with my network security staff.

Thank you all for your help. I'm leaving this question as open in case there is something about the remediation that is fit for public consumption and if so I'll post it here to assist others.

從原來的回覆中察看解決方案 👍 0

所有回覆 (13)

more options

You should contact your IT for this problem.

Meantime, to update, you will need to download the full installer.
Current version: https://www.mozilla.org/en-US/firefox/releasenotes/

more options

This can also be because you do not have write permissions for the Firefox program folder.

  • (64-bit Firefox) "C:\Program Files\Mozilla Firefox\"
  • (32-bit Firefox) "C:\Program Files (x86)\Mozilla Firefox\"

Normally the Mozilla Maintenance Service takes care of this, but it sounds that updating has been disabled for you.

In Firefox 63+ you can check the about:policies#active page to see whether policies are active.

more options

FredMcD said

You should contact your IT for this problem. Meantime, to update, you will need to download the full installer.
Current version: https://www.mozilla.org/en-US/firefox/releasenotes/

I'm part of IT :), and I know it will work much better with the network team if I can tell them that connections from IP x to destination y on ports a,b,c are being blocked inside the corporate network but not outside. If possible I'm looking to get a deeper understanding of how the updates work and why one of my Firefox instances is reporting 'up to date' when it's on version 77.0 and state of the art is 77.0.1.

I supposed I can start packet capture on my workstation and see if a manual update will tell me where the browser is trying to connect to but I was hoping to get that figured out here rather than sort through all those logs.

more options

You can use the Browser Console and check for a XHR request that should be triggered by opening Help -> About Firefox .

more options

cor-el said

This can also be because you do not have write permissions for the Firefox program folder.
  • (64-bit Firefox) "C:\Program Files\Mozilla Firefox\"
  • (32-bit Firefox) "C:\Program Files (x86)\Mozilla Firefox\"
Normally the Mozilla Maintenance Service takes care of this, but it sounds that updating has been disabled for you. In Firefox 63+ you can check the about:policies#active page to see whether policies are active.


I'm a member of the local Administrators group on the workstation so permissions shouldn't be a problem. Auto updates and background service are both enabled. "The Enterprise Policies service is inactive."

Is there something else I should be checking?

more options

cor-el said

You can use the Browser Console and check for a XHR request that should be triggered by opening Help -> About Firefox .

Very useful, thank you. Screen shot attached and it looks like nothing is getting blocked when Firefox reaches out for updates. I'm going to let this cook for a bit to see if anything interesting shows up.

more options

Cooking completed overnight. You can see from the attached screen shots lots of check in's with the Firefox mothership with lots of HTTP 304 responses but the browser doesn't pick up that there is a new version and asks for a manual download again.

I wonder if we're doing some web caching at my company firewall that's preventing updates from the following from being seen? If that is the case would that break the Firefox update process?

https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/records?_since=%221591920078415%22&_expected=%221591920078415%22

more options

The https://firefox.settings.services.mozilla.com XHR requests for me looks something related to Sync and not to updating Firefox.

You would have to expand the first message about aus5.mozilla.org to see what the server response is for the update check (click the arrow at the start of the message).
The second message is about checking for a captive portal.

more options

cor-el said

The https://firefox.settings.services.mozilla.com XHR requests for me looks something related to Sync and not to updating Firefox. You would have to expand the first message about aus5.mozilla.org to see what the server response is for the update check (click the arrow at the start of the message).
The second message is about checking for a captive portal.

There is nothing in the response section in the XHR request either on my work computers or my home one but I found another site that would partially load pages and hang. I refreshed Firefox with no change in page loading in the other site. I then ran everything through a proxy and voila, it worked. I expect the same thing is happening for Firefox updates. I also know my organization likes to man in the middle our network traffic so perhaps Firefox is fighting the good fight and not just taking whatever employer provided root cert is being provided by GPO, but it might also be doing it wrong enough so that it's failing without telling me about it.

I'll wait until the next version of Firefox comes out and do some more testing. If it is my org mucking with the traffic I'll have a reproducible case that we can use to test remediations. I'll let folks here know what I find out but it might be some weeks before I have a response.

more options

選擇的解決方法

Received the 'Firefox can't update to the latest version.' error again. Switched over to proxy and Firefox immediately updated. Confirmed it's the organizational firewall that's blocking updates. Next time it reoccurs I will take it up with my network security staff.

Thank you all for your help. I'm leaving this question as open in case there is something about the remediation that is fit for public consumption and if so I'll post it here to assist others.

more options

That was very good work. Well Done.
Please flag your last post as Solved Problem as this can help others with similar problems.

more options

FredMcD said

That was very good work. Well Done.
Please flag your last post as Solved Problem as this can help others with similar problems.

I'm going to leave this open for a bit in the hopes that I can figure out if it's blocked ports, bad certificates from the man in the middle my company does, so something special and different. Once I have that figured out, or am convinced that it's not worth it to figure it out I'll mark this as solved.

more options

Confirmed it was a company mandated man in the middle attack as they want to inspect all SSL traffic going out of the network. After I added their root certificates Firefox updates are happening normally.