Errors and warnings in the console

[cronos1998]

Hi,

I'm using Firefox ESR 78.8 with a slightly modified Arkenfox v78.

As advised, I checked the browser console after startup if there are any errors or warnings.

There are quite a few, however, I don't understand them.

Can someone please look at the screenshot and tell me what the messages mean?

Thank you

[atomGit]

in the filter box, enter 'user' or 'pref' to see errors caused by user.js

[Thorin-Oakenpants]

https://github.com/arkenfox/user.js/blob/master/scratchpad-scripts/arkenfox-clear-removed.js

 /* 84-beta */
    'browser.newtabpage.activity-stream.asrouter.providers.snippets',

What version of the user.js are you using? I suggest you run the prefsCleaner (always a good idea), but also check out and reset any items we removed from the user.js

I haven't added the user.js to a new profile and checked what errors (i.e not syntax ones) that occur due to the user.js - have you tried that?

I get none of those three errors in my main FF. The middle one is already explained (reset it and make sure its not in your user.js). The other two IDK. Never seen them before

[earthlng]

As advised, I checked the browser console after startup if there are any errors or warnings.

The wiki page explicitly says "pref-parsing related" errors/warnings but I understand that not everyone will know exactly what that means. To help with that, I highlighted "pref-parsing related" and added an example image to that wiki page.

Can someone please look at the screenshot and tell me what the messages mean?

• the 1st error means you're using Linux for which secondsSinceLastOSRestart is not implemented
• the 2nd one is a side-effect of disabling the snippets prefs and a sign that we successfully stopped that shit
• the 3rd is about "messaging" + "experiments" and breaking that kinda stuff is always a good thing in my book :)

You don't have any pref-parsing related errors and nothing to worry about

[Jee-Hex]

Not sure about the first one, but for ESR 78 try:

user_pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", "{}");

for the second one (#992), and

user_pref("browser.newtabpage.activity-stream.feeds.asrouterfeed", false);

for the third one.

[rusty-snake]

Not sure about the first on

Don't use Linux or *BSD, use Window or Darwin instead. :imp:

[cronos1998]

@Thorin-Oakenpants @earthlng @atomGit @rusty-snake

Thank you all for your replies and your help. I really appreciate that.

What version of the user.js are you using? I suggest you run the prefsCleaner (always a good idea), but also check out and reset any items we removed from the user.js

I'm using a slightly modified v78 in Firefox ESR 78.8.0, so it is not necessary to update the user.js, is it? That's how I interprete your answer in https://github.com/arkenfox/user.js/issues/1131

I haven't added the user.js to a new profile and checked what errors (i.e not syntax ones) that occur due to the user.js - have you tried that?

It was in fact a new profile

To help with that, I highlighted "pref-parsing related" and added an example image to that wiki page.

Thanks for that

You don't have any pref-parsing related errors and nothing to worry about

Okay, thanks for explaining. Only one last question. I just installed HTTPSEverywhere, a script blocker and an ad blocker in Firefox and now I get the following additional error message (I replaced the id of HTTPSEverywhere):

Unchecked lastError value: Error: Could not establish connection. Receiving end does not exist. store.js:135 setStorage moz-extension://id_of_HTTPSEverywhere/background-scripts/store.js:135

Still nothing to worry about?

[atomGit]

probably not, but Firefox already has a built-in https only mode ( dom.security.https_only_mode ) with fallback to http so an extension isn't really necessary - if you don't like the Firefox behavior, i might recommend HTTPZ over HTTPSEverywhere

[Thorin-Oakenpants]

but Firefox already has a built-in https only mode

Not in ESR78

[Thorin-Oakenpants]

HTTPSEverywhere

Unchecked lastError value: Error: Could not establish connection. Receiving end does not exist. store.js:135 setStorage moz-extension://id_of_HTTPSEverywhere/background-scripts/store.js:135

That's a problem you need to sort out. Here's a similar one with NoScript: tor 23719 - note that WASM (2422) being disabled (which we do in the user.js) does not affect extensions since FF71, and we don't disable JIT (2421)

Is it caused by the user.js?

• If you install HTTPS-Everywhere in a new profile, with no user.js and no other extensions: do you still get the error?
• If you do, then you need to troubleshoot it

---

Maybe it's easier to just ditch it, and try HTTPZ rather than rely on some rules-based mechinism (although HTTPS-Everywhere does have an EASE mode)

• https://blog.mozilla.org/attack-and-defense/2021/03/10/insights-into-https-only-mode/ - over 7 in 10 sites successfully upgrade

[atomGit]

did you install uBlock Origin and, if so, did you enable its 'suspendTabsUntilReady' option (advanced config)? i would wonder if that could be a possible cause

as pants said, 'Could not establish connection' could be a problem, but i've seen that in my console on startup and i've not noticed any issues - i suspect (i really don't know) that if you see it on startup and not again, it may not be a problem, however if it shows up repeatedly during browsing that could well be a problem

[atomGit]

...also you said you installed both a script blocker and an ad blocker - uBlock Origin does both and i would personally highly recommend it over something like NoScript or virtually any of the other ad blockers - the developer is talented and trustworthy and uBO works great

[crssi]

Never understood HTTPS-Everywhere, until our 😸 friend @claustromaniac made super great HTTPZ I have been using other solutions... now I use purely FF solution.

[gitthehubs]

The first error refers to browserglue.jsm which processes your prefs, also your user.js. The second error already refers to an asrouter pref, so check that pref. The third error has to do with firefox remote settings which handles setting in firefox that can change, for example an add-on blocklist. https://remote-settings.readthedocs.io/en/latest/index.html

Remote Settings is a Mozilla service that makes it easy to manage evergreen settings data in Firefox. A simple API is available in Firefox for accessing the synchronized data.

To pin down the pref in your user.js I would suggest to make a new profile with about:profiles, no settings, no user.js and no add-ons. Check if the problem is there. If not add an user.js but just add the first section from your personal user.js to that new user.js, restart firefox and check if the problem occurs. Continue with adding section after section to the user.js till your problem occurs. Then remove the last section and add the prefs in that section one by one to see when the problem occurs.

The same could be done with your https everywhere error. Create a new profile, no settings, no user.js, add only the https everywhere add-on, restart firefox and check if that error occurs. I am not sure if your personal user.js is the cause of your https everywhere problem, you can add your personal user.js to see if the problem occurs or you can add a new user.js and add section by section again to see when that https everywhere problem occurs.

[gitthehubs]

As others already said, but uBlock Origin can be configured to block scripts, you don't really need an extra add-on for that. You should set uBO for advanced user and learn how to configure it, the dynamic filtering is very easy to configure. You can block all scripts, first-party, third-party and inline script with uBO.

Advanced user features https://github.com/gorhill/ublock/wiki/Advanced-user-features Blocking mode https://github.com/gorhill/ublock/wiki/Blocking-mode Overview of uBlock's network filtering engine https://github.com/gorhill/ublock/wiki/Overview-of-uBlock's-network-filtering-engine

[cronos1998]

If you install HTTPS-Everywhere in a new profile, with no user.js and no other extensions: do you still get the error?

Yes, I do.

So obviously it is not caused by the user.js

Maybe it's easier to just ditch it, and try HTTPZ

I think I'll use this as a temporary solution until I have time to find out what's the problem with HTTPSEverywhere

I'm just a bit concerned about my browser's fingerprint when I have such a rarely used addon installed

But this can't be recognised as long as javascript is disabled, right? Also, is it normal that HTTPZ doesn't display an icon in the toolbar? If you want to close the issue, please answer these two questions before you do so

did you install uBlock Origin and, if so, did you enable its 'suspendTabsUntilReady' option (advanced config)?

It is correct that I installed UBO, but I did not make any changes besides adding some more filter lists

...also you said you installed both a script blocker and an ad blocker - uBlock Origin does both and i would personally highly recommend it over something like NoScript or virtually any of the other ad blockers

You should set uBO for advanced user and learn how to configure it

That sounds reasonable. So far, I have only used UBO for blocking ads, but maybe it's time to check out its full potential. Thanks for the links @gitthehubs

To pin down the pref in your user.js I would suggest to make a new profile with about:profiles, no settings, no user.js and no add-ons. Check if the problem is there.

It is still there, so obviously not related to the user.js

Anyway, I don't think solving this has high priority because earthlng said it is nothing to be concerned about.

[Thorin-Oakenpants]

I'm just a bit concerned about my browser's fingerprint when I have such a rarely used addon installed [HTTPZ]

Don't be. No one is going to bother to FP this, even if they could. Most sites are going to be all HTTPS anyway - I think web uptake is now at 75%, but all major popular sites do not do insecure. When ESR91 comes along you can just flip to HTTP-Only mode. That's like in five months

What this type of addon covers is links to insecure sites: and 70% + of them auto upgrade. So it definitely has way more benefits than any potential FP. It;s not like it injects anything into the dom. You'll be just fine.

Anyway, I don't think solving this has high priority because earthlng said it is nothing to be concerned about

Well, the snippets one is easily fixed. The messaging one may have implications, IDK for sure. It says "experiments" in it, so probably OK. Messaging itself though is more than just experiments.

[atomGit]

just for reference, this is with a fresh profile, all default (no user.js, no ext., nothing), manjaro linux, network connection disabled...

[Exception... "Component returned failure code: 0x80004001 (NS_ERROR_NOT_IMPLEMENTED) [nsIAppStartup.secondsSinceLastOSRestart]"  nsresult: "0x80004001 (NS_ERROR_NOT_IMPLEMENTED)"  location: "JS frame :: resource:///modules/BrowserGlue.jsm :: _collectStartupConditionsTelemetry :: line 1724"  data: no] BrowserGlue.jsm:1724:9

TypeError: addon is null

BrowserGlue.jsm:2135:9

Region.jsm: Error fetching region TypeError: NetworkError when attempting to fetch resource. Region.jsm:420:11

Region.jsm: Failed to fetch region Error: NO_RESULT
    _getRegion resource://gre/modules/Region.jsm:422

Region.jsm:218:11

NetworkError when attempting to fetch resource. 2 RemoteSettingsClient.jsm:379:14

Error: Can't find profile directory. XULStore.jsm:66:15

Cc[("@mozilla.org/profile/migrator;1?app=browser&type=" + aKey)] is undefined MigrationUtils.jsm:789

Error: Can't find profile directory. XULStore.jsm:66:15

Structured Ingestion ping failure with error: error 4 PingCentre.jsm:202

NetworkError when attempting to fetch resource. RemoteSettingsClient.jsm:379:14

NetworkError when attempting to fetch resource. 5 RemoteSettingsClient.jsm:379:14

NetworkError when attempting to fetch resource. ASRouter.jsm:110:8

NetworkError when attempting to fetch resource. RemoteSettingsClient.jsm:379:14

Structured Ingestion ping failure with error: error 5 PingCentre.jsm:202

Error: Can't find profile directory. 4 XULStore.jsm:66:15

Structured Ingestion ping failure with error: error PingCentre.jsm:202

[cronos1998]

No one is going to bother to FP this, even if they could

Really? But isn't it possible for a site to easily detect which addons are installed, as long as javascript is enabled?

Also, is it normal that HTTPZ doesn't display an icon in the toolbar?

[crssi]

But isn't it possible for a site to easily detect which addons are installed, as long as javascript is enabled?

No, not known. That would be too simple. There was a way very long long time ago, which was fixed very long long time ago.

is it normal that HTTPZ doesn't display an icon in the toolbar?

When do you expect that icon to be shown in the toolbar?

[rusty-snake]

But isn't it possible for a site to easily detect which addons are installed, as long as javascript is enabled?

At least for FFX no, maybe it's possible by brute-forcing. But no website would run a FP script that consums 100% CPU for hours. The only thing that is possible, is to detect changes, but then you can only detect "an adblocker" instead of this adblocker.

[Thorin-Oakenpants]

You're talking about three things here

• exposing the web extension's Internal UUID (unique per install)
  • go to about:debugging: click "This Firefox"
  • in chromium, they don't do this: so it would be the Extension ID (same for everyone) that could be exposed
  • so if an extension leaks this, then in FF you are unique, but in chromium you are not
  • in chromium, you can bulk scan for known "leaky" ids, in FF you cannot for "leaky" uuids
  • in FF, you would have to craft a test for each known "leaky" extension
  • there are a number of ways extensions (in any browser) can leak it's ID or UUID
• exposing extension behavior
  • the simple example is an adblocker: the benefits far outweigh any possible fingerprinting: but it wouldn't be too hard to get some entropy by adding some specific language list entries. The problem here is that it's a bit time consuming, a game of maintenance, and there are easier fishies to fry 🐟
  • there are numerous other examples, the actual answer depends on what the extension is doing
    • e.g. randomized canvas and domrect and textmetrics can be detected by mathematical proofs
    • e.g. user agent spoofing can be detected
    • e.g. if cookies are enabled but workers fail: then that's an extension
    • e.g. it's not hard to detect Dark Reader or similar
    • etc etc: literally hundreds of examples
• exposing the extension
  • this too can be done: a lot extensions have their own fingerprintable characteristics
    • e.g. Cydec even exposes itself in the console
    • e.g. some extensions have unique characteristics
  • have a look here at the article
  • note that Firefox has an exportFunction , but even if an extension uses that for some protection ... see next point
  • now look at this

It really depends on what the extension is doing as to whether or not it can be detected: either itself, or it's behavior. That said, no-one is really digging this deep - but they will, one day ... soon .... they come at night, mostly - Newt

For HTTPZ, it can only be detected if it is used and has a different affect: e.g. if the website is fully HTTPS already, or auto-upgrades to secure, then this has no effect to measure. I'm not 100% sure how HTTPZ works, but lets say you click a link to HTTP, and HTTPZ autotries HTTPS first and it succeeds, then there's still nothing to measure: it's just like you went directly to HTTPS. The only way this "leaks" in some way, is when it tries but fails: but now that chrome and firefox are moving to HTTPS first, it's a bit of a moot point, and there are far easier ways to track the masses

For extensions that strip out tracking strings in URLS e.g. /utm=?id .. no big deal. It could possibly be detected, if the first site shared click data with the second site (or the clicks were all first party) and they connected your IP or something.

again .. there are far easier ways to track the masses

[Thorin-Oakenpants]

FWIW, here's the errors I get in my Firefox on startup (which is still the same profile I setup just prior to quantum)

Causes

• Errors 1+2 are Stylus
• Error 3 is uBlock Origin - from lib/regexanalyzer/regex.js
• Error 4 is Group Speed Dial
• Error 5 is Group Speed Dial - you can make it trigger by enabling/disabling the extension
• Error 6 is ClearURLS - see ClearUrls/-/issues/638
• Error 7 is uBlock Origin - see 1634240 - confirmed by starting with uBO disabled

[atomGit]

i opened a ticket for the ClearURLs one - i get the same thing and i didn't know if it was benign or not

edit by pants: https://gitlab.com/KevinRoebert/ClearUrls/-/issues/638#note_527232921

[cronos1998]

No, not known. That would be too simple.

At least for FFX no

It really depends on what the extension is doing as to whether or not it can be detected

Ah, okay. Thanks for making that clear.

I really appreciate all the information you guys give me, especially the detailed description from @Thorin-Oakenpants is awesome.

I will save a lot from this thread to a text file so I still have access to it in the future.

When do you expect that icon to be shown in the toolbar?

Normally, when I install an addon (e.g. UBO), Firefox automatically places its icon/logo in the toolbar so it can quickly be accessed.

This is not the case with HTTPZ, I have to go to the hamburger menu > Addons to access it. Also, I found no option to place its icon in the toolbar.

This is not a problem, it just confused me a bit.

[rusty-snake]

_{src: https://addons.cdn.mozilla.net/user-media/previews/thumbs/229/229048.png}

It's in the urlbar.

[Thorin-Oakenpants]

"gBrowserInit is undefined" - https://bugzilla.mozilla.org/show_bug.cgi?id=1634240

• error goes away when starting with uBO disabled

edit: sorry for hijacking the issue as a general console errors ticket

[Thorin-Oakenpants]

Well, I tracked down all my errors to extensions (updated my post further up), and they all seem to work just fine: except for the clearURLs one (I added a link above), they're just noise AFAICT

Anyway, closing this. If you have any more questions, sing out.