We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Potential Security Risk Ahead

  • 6
  • 3
  • 1 view
  • Nzaghachi ikpeazụ nke yadinf

more options

Thunderbird is completely unusable in the latest release. Attempting to set up a gmail based account results in

"Warning: Potential Security Risk Ahead

Thunderbird detected a potential security threat and did not continue to 192.168.1.250. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details."

That's it. No options, no explanation, no KB articles, nothing. It just doesn't work. But why is Thunderbird trying to open a web connection to my local machine? If it's trying to talk to itself, why can't it? This is clearly an issue with trying to authenticate to Google as it happens after auth, but come on, this is a given requirement these days. If your app doesn't work out of the box (MacOS 13 btw), it may as well not exist for the OS, so this is very confusing.

Trying out older versions was a real comedy of failures as well. Too old and it's just a disaster. Too new and it just self updated to 115 again which doesn't work. So kinda seems like this is not a functional app anymore, at least not on Mac. Baffling. I guess it can only be used with legacy style email systems.

Thunderbird is completely unusable in the latest release. Attempting to set up a gmail based account results in "Warning: Potential Security Risk Ahead Thunderbird detected a potential security threat and did not continue to 192.168.1.250. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details." That's it. No options, no explanation, no KB articles, nothing. It just doesn't work. But why is Thunderbird trying to open a web connection to my local machine? If it's trying to talk to itself, why can't it? This is clearly an issue with trying to authenticate to Google as it happens after auth, but come on, this is a given requirement these days. If your app doesn't work out of the box (MacOS 13 btw), it may as well not exist for the OS, so this is very confusing. Trying out older versions was a real comedy of failures as well. Too old and it's just a disaster. Too new and it just self updated to 115 again which doesn't work. So kinda seems like this is not a functional app anymore, at least not on Mac. Baffling. I guess it can only be used with legacy style email systems.

All Replies (6)

more options

Seriously is your computer IP address on the local network 192.168.1.250? Does it have an untrusted or self signed certificate installed on it? Perhaps from an antivirus program.

Authentication using oauth uses the local host IP address of 127.0.0.1 to pass information back to the local machine about your choices in the web browser component. So yes it should be looping back to your machine. Sounds like you might want to fix your security software so it allows the program to function.

more options

If you're implying that Thunderbird needs to set up a local web service with trusted cert to do auth, that's poor design to say the least and a security concern as well, not to mention well beyond the average user. There is no reason for this, and other software doing Google auth on this system has no such issue. Also, there is no security software in play, it's a Mac with no 3rd party security products. This is simple out of the box behavior which is not functional.

more options

115 is a disaster!!!! I need the old view to work properly. I don't see any way to change it back using 115 menu options. HELP!!! I use Tbird for ALL mail business and I'm handcuffed by a bug-ridden way-too-early beta. Have you no shame in Mozilla land?

more options

jimflynnlotus said

115 is a disaster!!!! I need the old view to work properly. I don't see any way to change it back using 115 menu options. HELP!!! I use Tbird for ALL mail business and I'm handcuffed by a bug-ridden way-too-early beta. Have you no shame in Mozilla land?

If you want support ask for it in your own topic. https://support.mozilla.org/en-US/questions/new/thunderbird try clicking the ask now button if you missed it in your haste to post on a topic posted by someone else.

Your intrusion here is neither welcomed, nor going to elicit any attempt at support.

more options

yadinf said

If you're implying that Thunderbird needs to set up a local web service with trusted cert to do auth, that's poor design to say the least and a security concern as well, not to mention well beyond the average user. There is no reason for this, and other software doing Google auth on this system has no such issue. Also, there is no security software in play, it's a Mac with no 3rd party security products. This is simple out of the box behavior which is not functional.

I am working through a load of old emails and came to this topic again.

I don't know how you managed to get something about a web service out of my response. Thunderbird has received a security certificate for that IP address. As all addresses in the range 192.168 are local, That means it is between the chair and ISP. You have something making and offering certificates, I offered a couple of suggestions as to what it is. Today I googles 6the IP address and it returned many results for netgear WiFi extenders. I really have no idea if it is malware, over zealous Apple setting or my normal cause of generally messes up networking the antivirus "solution" or the WiFi as the Google search suggests. What I do know is I made no mention of any local web services.

more options

"Authentication using oauth uses the local host IP address of 127.0.0.1 to pass information back to the local machine about your choices in the web browser component. So yes it should be looping back to your machine." "I don't know how you managed to get something about a web service out of my response."

If it's looping back to the local machine on port 80/443 then it's looking for a web service. If Thunderbird isn't therefore using a web service, how does it expect this response? Either way, this is not functional design which is why it doesn't work. No other piece of software has this issue with Google auth. The app should be communicating with Google, and any browser handoff should be cleanly handled with the app and not trying to pass through localhost over http/https where other services could respond to the generic request. Indeed, this is insecure design that basically begs for hijacking.

Given your response attitude however, it's pretty clear that Mozilla doesn't really have an interest in usage or feedback, leaving this a dead product. Note also there is a difference between not "beating around the bush" and just being rude. You are the latter. I've dealt with many Aussies and appreciate their candor. You're not direct, you're insulting. If Mozilla does care about support in this forum they should remove you and get someone helpful.