Package: firefox-esr
Version: 128.11.0esr-1~deb12u1
Severity: normal
Tags: upstream
X-Debbugs-Cc: [email protected]

Dear Maintainer,

Firefox ETP attempts to check a site-login cookie (intra-site, not cross-site 
not advertising-related AFAIK), retrieved from Cisco subsidiary, App Dynamics 
adtrum.js, but fails and (from console-tab) results in a...

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the 
remote resource at https://thirdparty-request.bankingsite.com/oauth/token. 
(Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 403

Also (network-tab) has two requests, what I believe to be the original genuine 
request generated by 'adtrum.js' which is text/plain and succeeds, followed by 
what I suspect is an ETP request text/html which fails with a '403 Forbidden' 
response.

Reference may assist 
https://docs.appdynamics.com/appd/23.x/23.11/en/end-user-monitoring/browser-monitoring/browser-real-user-monitoring/troubleshoot-browser-rum/javascript-errors?scroll-versions:version-name=23.12

I looked at #814188 but thought it to be different if similar.

If this has been fixed upstream, then consider this a request for a 
stable-backport inclusion.

I use private-browsing mode for this website. The ETP exception list is not 
consulted in private-browsing mode.  I can work-around the issue by disabling 
the ETP padlock and waiting for a typical 10-minute period before reloading the 
page with a normal 'ctrl-R' (ctrl-shift-R doesn't appear to help), I can then 
login successfully but have to repeat this every time that firefox is restarted 
due to there being no permanent exception.

I won't provide logs unless I can anonymize all the domain-related information.


Regards,

Scott.

-- Package-specific info:


-- Addons package information

-- System Information:
Debian Release: 12.11
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-35-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_USER, TAINT_OOT_MODULE
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages firefox-esr depends on:
ii  debianutils          5.7-0.5~deb12u1
ii  fontconfig           2.14.1-4
ii  libasound2           1.2.8-1+b1
ii  libatk1.0-0          2.46.0-5
ii  libc6                2.36-9+deb12u10
ii  libcairo-gobject2    1.16.0-7
ii  libcairo2            1.16.0-7
ii  libdbus-1-3          1.14.10-1~deb12u1
ii  libevent-2.1-7       2.1.12-stable-8
ii  libffi8              3.4.4-1
ii  libfontconfig1       2.14.1-4
ii  libfreetype6         2.12.1+dfsg-5+deb12u4
ii  libgcc-s1            12.2.0-14+deb12u1
ii  libgdk-pixbuf-2.0-0  2.42.10+dfsg-1+deb12u1
ii  libglib2.0-0         2.74.6-2+deb12u6
ii  libgtk-3-0           3.24.38-2~deb12u3
ii  libnspr4             2:4.35-1
ii  libnss3              2:3.87.1-1+deb12u1
ii  libpango-1.0-0       1.50.12+ds-1
ii  libstdc++6           12.2.0-14+deb12u1
ii  libvpx7              1.12.0-1+deb12u3
ii  libx11-6             2:1.8.4-2+deb12u2
ii  libx11-xcb1          2:1.8.4-2+deb12u2
ii  libxcb-shm0          1.15-1
ii  libxcb1              1.15-1
ii  libxcomposite1       1:0.4.5-1
ii  libxdamage1          1:1.1.6-1
ii  libxext6             2:1.3.4-1+b1
ii  libxfixes3           1:6.0.0-2
ii  libxrandr2           2:1.5.2-2+b1
ii  procps               2:4.0.2-3
ii  zlib1g               1:1.2.13.dfsg-1

Versions of packages firefox-esr recommends:
ii  libavcodec59  10:5.1.3-dmo5
ii  libavcodec60  10:6.0.1-dmo0+deb12u1

Versions of packages firefox-esr suggests:
pn  fonts-lmodern          <none>
pn  fonts-stix | otf-stix  <none>
ii  libcanberra0           0.30-10
ii  libgssapi-krb5-2       1.20.1-2+deb12u3
pn  pulseaudio             <none>

-- no debconf information

Reply via email to