I recently switched from Ubuntu 10.04 gnome to Debian wheezy Kde. Everything's work fine, except to the Iceweasel/firefox custom protocols! I added komodo.protocol in my ~/.kde/share/services with: [Protocol] exec=python /path/to/my/script.py "%u" protocol=komodo input=none output=none helper=true listing= reading=false writing=false makedir=false deleting=false **This works for chrom(e|ium), but not for firefox.** I've read about firefox should use the gnome configs even under Kde, so I tried: gconftool-2 -s /desktop/gnome/url-handlers/komodo/enabled --type Boolean true gconftool-2 -s /desktop/gnome/url-handlers/komodo/command 'python /path/to/my/script.py %s' --type String that used to work when I was on ubuntu, but it doesn't on kde. Any idea? **EDIT** An example link: komodo:/var/www/app/0/Modules/Controller/Node/Controller_Node.class.php:1202 And if I run the command komodo /var/www/app/0/Modules/Controller/Node/Controller_Node.class.php:1202 from the terminal it works correctly; my python script simply check few things and then runs this command - but with firefox/iceweasel it never gets triggered.

I have used Mozilla Firefox on Windows, and now I'm using Iceweasel on Debian 6. Are there any differences between the two programs? What are the advantages and disadvantages of each program? Which one seems better?

I use Iceweasel (a libre/security-focused fork of Firefox). I use Parabola GNU/Linux and recently upgraded to Iceweasel version 108. Slack (a chat website) had worked with the previous version I had installed; however, now Slack does not seem to work. It gives me a page saying that my browser is no longer supported, despite the system requirements saying that it supports Firefox v.92 or above. Does anyone know what has changed here? Is there any simple way to resolve this issue, so that I can continue using Slack with Iceweasel?

While surfing with Iceweasel, I tried typing in a Web address, but I found, that every few keys, it started typing other letters instead of the ones I typed. For example, if I typed "c-c-c-c-c-c-c-c-c-c-c-c" it printed "ckexccccckex" or if I typed "a-b-c-d-e-f-g-h-j-i", it printed "abckexghi" instead. - Each time this occurs, the misplaced letters are different, but always in some pattern. Sometimes, it places backspaces or spaces, not just letters. - When I did not type anything, no words appeared. - When I unplugged and replugged the USB keyboard, it still had the problem. - The problem only appears in Iceweasel, in the URL bar or in text fields, but not in other applications. - The problem went away after closing Iceweasel and reopening it. - I can find no pattern in when it appears. How can I determine the cause? Could this be the result of a security issue? I am using Debian 7.0 with a Logitech K120 keyboard.

I was poking around the flashplugin of Adobe for Linux trying to get the Hardware Acceleration working (which my current configuration supports). Then I found several forums/blogs that recommend I create/modify some or other value in the /etc/adobe/mms.cfg, which didn't help at all for my current situation. This leads me to think, does the Flash non-free plugin of Adobe for Linux read this file for configuration? Is there another way to modify Flash configuration without the traditional GUI's (flash-player-properties doesn't help in the HWA topic and I am already tired of ticking the box Right-click -> Settings -> Enable Hardware Acceleration)? I'm using Iceweasel 24.0a2, Debian Wheezy 7.0, _Shockwave Flash 11.2 r202 11,2,202,297_. $ glxinfo | grep render direct rendering: Yes OpenGL renderer string: Gallium 0.4 on ATI RV515

I caused the bug but I would like to fix it without doing the amateur "fresh" install. HOW: I copied a bunch of commands and ran them. OS: Debian 8 When I run Iceweasel the following services crash the browser - gmail - facebook Additionally my browser crashes after I input words of a certain length into the search bar, the issue won't reproduce today and I haven't saved any logs.

espo@EVA-00:~$ sudo iceweasel
[sudo] password for espo:

(process:2060): GLib-CRITICAL **: g_slice_set_config: assertion >'sys_page_size == 0' failed
console.error:
  [CustomizableUI]
  Custom widget with id loop-button does not return a valid node
console.error:
  [CustomizableUI]
  Custom widget with id loop-button does not return a valid node

(gst-plugin-scanner:2146): GStreamer-CRITICAL **: gst_structure_new_empty: >assertion 'gst_structure_validate_name (name)' failed
espo@EVA-00:~$ sudo iceweasel

(process:2161): GLib-CRITICAL **: g_slice_set_config: assertion >'sys_page_size == 0' failed
console.error:
  [CustomizableUI]
  Custom widget with id loop-button does not return a valid node
console.error:
  [CustomizableUI]
  Custom widget with id loop-button does not return a valid node
WARNING: content window passed to PrivateBrowsingUtils.isWindowPrivate. Use isContentWindowPrivate instead (but only for frame scripts).
pbu_isWindowPrivate@resource://gre/modules/PrivateBrowsingUtils.jsm:25:14
nsBrowserAccess.prototype.openURI@chrome://browser/content/browser.js:15030:21
espo@EVA-00:~$ iceweasel

(process:2256): GLib-CRITICAL **: g_slice_set_config: assertion >'sys_page_size == 0' failed

My Issue with apt-get is more straightforward.

espo@EVA-00:~$ sudo apt-get install vlc
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Some packages could not be installed. 
This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 vlc : Depends: vlc-nox (= 1:2.2.1-dmo12) but it is not going to be installed
       Depends: libavcodec56 (>= 10:2.8.4) but 6:11.4-1~deb8u1 is to be installed
       Depends: libstdc++6 (>= 5.2) but 4.9.2-10 is to be installed
       Depends: libvlccore8 but it is not going to be installed
       Depends: libvncclient1 (>= 0.9.10) but it is not installable
       Recommends: vlc-plugin-notify (= 1:2.2.1-dmo12) but it is not going >to be installed
E: Unable to correct problems, you have held broken packages.
espo@EVA-00:~$

When I click on a PDF link in Iceweasel (Firefox in Debian) there is no option to open the document, only to save it. In Edit -> Preferences -> Applications I have set the action for PDF documents to "Use Atril Document Viewer" but apparently it has no effect. Any clues?

How do I install the roboform lite extension in Debian Wheezy Iceweezel browser? All I have is an XPI file.

I need to install Flash player in Icewesel (Firefox), but I don't want to install it globally. I only want to use it in one of my several firefox profiles. This is similar to installing addons as a user in Firefox (inside the user's profile only). User can install any addon he wants and other users/profile on the same machine are not affected by that addon. I have downloaded the Flash player plugin from adobe.com and placed it in my plugins folder: ~/.mozilla/plugins/libflashplayer.so When I restart Firefox, nothing happens (I have expected the new plugin will be found upon start and activated). When I inspect ~/.mozilla/firefox/xxxxxxxx.default/pluginreg.dat, I see that a new entry has been added for the flashplayer plugin, but in the section [INVALID]: [INVALID] ~/.mozilla/plugins/libflashplayer.so:$ 1411257137000:$ I am sure this plugin version is compatible with my browser, because I was able to instal it on my test machine (using the standard installation method) **How can I install Flash player locally (in one user's profile only) without root privileges?** I am using Iceweasel (Firefox) 31.2.0 on Debian Wheezy (64-bit)

I have a customized Debian (built with debootstrap) Linux debian 4.9.0-4-686 #1 SMP Debian 4.9.51-1 (2017-09-28) i686 GNU/Linux with read-only file system Here is the tunnel config (it works perfectly on a classical installation) Host * # ForwardAgent no # ForwardX11 no # ForwardX11Trusted yes # RhostsRSAAuthentication no # RSAAuthentication yes PasswordAuthentication yes # HostbasedAuthentication no # GSSAPIAuthentication no # GSSAPIDelegateCredentials no # GSSAPIKeyExchange no # GSSAPITrustDNS no # BatchMode no CheckHostIP yes # AddressFamily any # ConnectTimeout 0 # StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # IdentityFile ~/.ssh/id_ecdsa # IdentityFile ~/.ssh/id_ed25519 # Port 22 Protocol 2 # Cipher 3des Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc # MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 # EscapeChar ~ Tunnel yes # TunnelDevice any:any # PermitLocalCommand no # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h SendEnv LANG LC_* HashKnownHosts yes I mount the tunnel: ssh -ND 1080 -vvv -p 443 user@server the output looks fine: OpenSSH_7.4p1 Debian-10+deb9u1, OpenSSL 1.0.2l 25 May 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: resolving "xxxx" port 443 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to xxxxx [xxxx] port 443. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: SELinux support disabled debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u1 debug1: Remote protocol version 2.0, remote software version dropbear_2012.55 debug1: no match: dropbear_2012.55 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to xxxxxxx:443 as 'xxxxxxx' debug3: put_host_port: [xxxxxxxx]:443 debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1 debug2: host key algorithms: ssh-rsa,ssh-dss debug2: ciphers ctos: aes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc debug2: ciphers stoc: aes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc debug2: MACs ctos: hmac-sha1-96,hmac-sha1,hmac-md5 debug2: MACs stoc: hmac-sha1-96,hmac-sha1,hmac-md5 debug2: compression ctos: zlib,zlib@openssh.com,none debug2: compression stoc: zlib,zlib@openssh.com,none debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: diffie-hellman-group14-sha1 debug1: kex: host key algorithm: ssh-rsa debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none debug1: sending SSH2_MSG_KEXDH_INIT debug2: bits set: 1024/2048 debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEXDH_REPLY debug3: receive packet: type 31 debug1: Server host key: ssh-rsa SHA256:k5AHnNs87cyG5my8AcjKp6KY1tWUeGIH2b3ZWALCsnU debug3: put_host_port: [xxx.xxx.xx.xx]:443 debug3: put_host_port: [xxxxxxxxxxx]:443 debug1: checking without port identifier The authenticity of host '[xxxxxx]:443 ([xxx.xxx.xx.xx]:443)' can't be established. RSA key fingerprint is SHA256:k5AHnNs87cyG5my8AcjKp6KY1tWUeGIH2b3ZWALCsnU. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[xxxxxx]:443,[xxxxxx]:443' (RSA) to the list of known hosts. debug2: bits set: 999/2048 debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey after 4294967296 blocks debug2: key: /root/.ssh/id_rsa ((nil)) debug2: key: /root/.ssh/id_dsa ((nil)) debug2: key: /root/.ssh/id_ecdsa ((nil)) debug2: key: /root/.ssh/id_ed25519 ((nil)) debug3: send packet: type 5 debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 53 debug3: input_userauth_banner +++++++++xxxxxxxxx+++++++++ * No Reupload and Repost Your Account * No DDOS * No Hacking * No Torrent * No Fraud * No Spam etc. You are allowed a maximum of 3 Bitvise for using SSH account!! Don't forget to support us!! xxxxxxxx +++++++++XXXXXXXXXX+++++++++ debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/id_rsa debug3: no such identity: /root/.ssh/id_rsa: No such file or directory debug1: Trying private key: /root/.ssh/id_dsa debug3: no such identity: /root/.ssh/id_dsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ecdsa debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ed25519 debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password xxxxxxxxx password: debug3: send packet: type 50 debug2: we sent a password packet, wait for reply debug3: receive packet: type 52 debug1: Authentication succeeded (password). Authenticated to xxxxx ([xxxxx]:443). debug1: Local connections to LOCALHOST:1080 forwarded to remote address socks:0 debug3: channel_setup_fwd_listener_tcpip: type 2 wildcard 0 addr NULL debug1: Local forwarding listening on 127.0.0.1 port 1080. debug2: fd 4 setting O_NONBLOCK debug3: fd 4 is O_NONBLOCK debug1: channel 0: new [port listener] debug3: sock_set_v6only: set socket 5 IPV6_V6ONLY debug1: Local forwarding listening on ::1 port 1080. bind: Cannot assign requested address debug1: Requesting tun unit 2147483647 in mode 1 debug1: sys_tun_open: tunnel mode 1 fd 5 debug2: fd 5 setting O_NONBLOCK debug3: fd 5 is O_NONBLOCK debug1: channel 1: new [tun] debug3: send packet: type 90 debug2: fd 3 setting TCP_NODELAY debug3: ssh_packet_set_tos: set IP_TOS 0x10 debug1: Entering interactive session. debug1: pledge: network debug3: receive packet: type 92 channel 1: open failed: unknown channel type: debug2: channel 1: zombie debug2: channel 1: garbage collecting debug1: channel 1: free: tun, nchannels 2 debug3: channel 1: status: The following connections are open: # lsof -i :1080 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME ssh 3937 root 4u IPv4 60066 0t0 TCP localhost:socks (LISTEN) #netstat -ltpe tcp 0 0 127.0.0.1:1080 0.0.0.0:* LISTEN 3937/ssh tcp 0 0 192.168.1.29:40112 xxx.xxx.xx.xx:443 ESTABLISHED 3937/ssh then I configured firefox-esr (the new name for iceweasel in Debian) to use the newly created proxy: Manual proxy configuration http proxy,ssl proxy,ftp proxy = cleared 'use this proxy for all protocols' = cleared. socks host 127.0.0.1 port 1080 No proxy for localhost, 127.0.0.1 Then when doing http request nothing happens (the browser just hangs). I try tor (configured with Socks5Proxy 127.0.0.1:1080), it does the same thing the ssh tunnel does not say anything (no output in verbose mode) tcpdump -i wlp2s0 port 1080 -> no traffic at all then I try: nc 127.0.0.1 1080 -> nothing happens last test, but I am not sure it is relevant: I kill the tunnel and do: nc -l -p 1080 netstat says: Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name tcp 0 0 0.0.0.0:socks 0.0.0.0:* LISTEN root 65776 3985/nc nc 127.0.0.1 1080 -> nothing happens iptables is empty: # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination conclusion: it looks like the issue is not due to ssh or the Browser, but maybe the socket (?). I am stuck from there. Thanks for your help folks! I do need this to be working!

On Debian Jessie 8.4 GNU/Linux, I am experiencing a certificate validation inconsistency between [Iceweasel](https://en.wikipedia.org/wiki/Iceweasel) (Debian's derivative of Firefox) and [cURL](https://en.wikipedia.org/wiki/CURL) in relation to the URL https://profile.mensa.org.uk/contact.aspx . ### Iceweasel Visiting https://profile.mensa.org.uk/contact.aspx using Iceweasel results in no errors or warnings. Clicking on the padlock icon at the left of the address bar, and then clicking the "More Information..." button, yields a window saying, among other things: > **Web Site Identity**
> Web site: **profile.mensa.org.uk**
> Owner: **This web site does not supply ownership information.**
> Verified by: **GeoTrust Inc.**
Clicking the "View Certificate" button yields a window with two tabs, "General" and "Details". The General tab says: > **This certificate has been verified for the following uses:**
> SSL Client Certificate
> SSL Server Certificate
> **Issued To**
> Common Name (CN) profile.mensa.org.uk
> Organisation (O)
> Organisational Unit (OU) GT91227394
> Serial Number 06:26:4F
> **Issued By**
> Common Name (CN) RapidSSL SHA256 CA - G3
> Organisation (O) GeoTrust Inc.
> Organisational Unit (OU)
> **Period of Validity**
> Begins On 05/08/15
> Expires On 06/09/16
> **Fingerprints**
> SHA-256 Fingerprint 9C:F3:D7:B8:96:D6:A5:BC:98:9E:F0:DE:26:63:BD:17:
C5:29:24:C9:02:A9:90:D3:A5:49:AB:10:5D:E8:C0:3C
> SHA1 Fingerprint
Clicking on the Details tab shows a three-level hierarchy in the Certificate Hierarchy field: GeoTrust Global CA RapidSSL SHA256 CA - G3 profile.mensa.org.uk Selecting the GeoTrust Global CA item in that field, then clicking the "Export..." button, and then saving as the file ~/Documents/organisations/mensa/geotrust_global_ca.pem works as expected. Here is the fingerprint: $ openssl x509 -noout -in ~/Documents/organisations/mensa/geotrust_global_ca.pem -fingerprint SHA1 Fingerprint=DE:28:F4:A4:FF:E5:B9:2F:A3:C5:03:D1:A3:49:A7:F9:96:2A:82:12 Let's compare this with cURL. ### cURL Visiting https://profile.mensa.org.uk/contact.aspx using cURL results in a certificate error. Here is the verbose output, attempting to fetch only header information: $ curl -v --head https://profile.mensa.org.uk/contact.aspx * Hostname was NOT found in DNS cache * Trying 93.159.201.114... * Connected to profile.mensa.org.uk (93.159.201.114) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS alert, Server hello (2): * SSL certificate problem: unable to get local issuer certificate * Closing connection 0 curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. cURL works OK for this URL over HTTP, and also for other domains over HTTPS: $ curl --head http://profile.mensa.org.uk/contact.aspx HTTP/1.1 302 Found Date: Sat, 28 May 2016 14:30:56 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 4.0.30319 Location: /login.aspx?target=%2fcontact.aspx Set-Cookie: ASP.NET_SessionId=axylcyf2cep2lq4e3brkggln; path=/; HttpOnly Set-Cookie: WebToolsParam= ; path=/; HttpOnly Cache-Control: no-cache, no-store Pragma: no-cache Expires: -1 Content-Type: text/html; charset=utf-8 Content-Length: 151 $ curl --head https://www.mensa.org.uk HTTP/1.1 200 OK Date: Sat, 28 May 2016 12:39:56 GMT Server: Apache Pragma: no-cache Expires: Sun, 19 Nov 1978 05:00:00 GMT Cache-Control: store, no-cache, must-revalidate, post-check=0, pre-check=0 Set-Cookie: SESS4b296932593725667cea89bf7eb4e462=d10lbmrpju03rccsaftdemiai6; path=/; domain=.mensa.org.uk Last-Modified: Sat, 28 May 2016 12:39:56 GMT Content-Type: text/html; charset=utf-8 Here is information about the current version of cURL: $ curl -V curl 7.38.0 (i586-pc-linux-gnu) libcurl/7.38.0 OpenSSL/1.0.1k zlib/1.2.8 libidn/1.29 libssh2/1.4.3 librtmp/2.3 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smtp smtps telnet tftp Features: AsynchDNS IDN IPv6 Largefile GSS-API SPNEGO NTLM NTLM_WB SSL libz TLS-SRP I believe that whereas Iceweasel has its own CA store, cURL looks for certificate authority certificates in /etc/ssl/certs, as shown in the verbose output above. So, my first thought was that the error cURL experienced in visiting https://profile.mensa.org.uk/contact.aspx must be due to /etc/ssl/certs being devoid of a certificate for the CA that Iceweasel identified: GeoTrust Global CA. However, I found that /etc/ssl/certs *does* contain a suitable certificate: $ openssl x509 -noout -in /etc/ssl/certs/GeoTrust_Global_CA.pem -fingerprint SHA1 Fingerprint=DE:28:F4:A4:FF:E5:B9:2F:A3:C5:03:D1:A3:49:A7:F9:96:2A:82:12 As you can see, this is the same fingerprint as for ~/Documents/organisations/mensa/geotrust_global_ca.pem above. So, something else must be going on. I tried forcing cURL to use each of these two certificates, via the --cacert option, but that didn't yield success: $ curl --cacert ~/Documents/organisations/mensa/geotrust_global_ca.pem --head https://profile.mensa.org.uk/contact.aspx curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. $ curl --cacert /etc/ssl/certs/GeoTrust_Global_CA.pem --head https://profile.mensa.org.uk/contact.aspx curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. My primary question is: **what is causing this inconsistency between cURL and Iceweasel?** My secondary question is: **does this inconsistency mean that there is a bug in Iceweasel and/or a bug in cURL?**

I have this Mozilla Archive Format, with MHT and Faithful Save addon installed with Iceweasel on debian 8.3 jessie stable. The addon is useful in saving webpages into single file with extension **maff**. The mimetype for this maff file is application/zip. Because of this, whenever I open maff file, it opens in Archive Manager or analogous application. In order to open maff files in iceweasel, I have chosen Open with Iceweasel in file properties. Doing so opens maff files with iceweasel, but also opens every zip file in iceweasel with a download dialogue box. I think this is because the system has set mime type application/zip with iceweasel. All I want is to open maff files with iceweasel/firefox and open zip files in regular Archive Manager. How can I achieve this?

Does anyone know if Iceweasel (Firefox) runs HTML5 audio/video in a separate process that can be restarted? With Flash I can restart plugin-container after changing the sound card in ~/.asoundrc. With HTML5 audio/video it seems like I need to restart the whole browser, which at times can be a bit inconvenient.

How does one install the latest version of Adobe's Flash Player for Iceweasel/Firefox?

I hav an older Debian 7 VM for testing. I'm trying to reduce VM footprint size because I am about out of space. I wanted to remove Iceweasel since I don't really use it, and I can usually get by with wget. When I ran Apt it told me it was removing GNOME, too: $ sudo apt-get remove iceweasel* ... The following packages were automatically installed and are no longer required: hyphen-en-us libfs6 task-desktop x11-apps x11-session-utils x11-xfs-utils xinit xorg Use 'apt-get autoremove' to remove them. The following extra packages will be installed: icedove iceowl-extension Suggested packages: apparmor calendar-google-provider The following packages will be REMOVED: gnome gnome-core iceweasel task-gnome-desktop The following NEW packages will be installed: icedove iceowl-extension 0 upgraded, 2 newly installed, 4 to remove and 0 not upgraded. Need to get 44.7 MB of archives. After this operation, 100 MB of additional disk space will be used. ... Why does removing Iceweasel nuke GNOME? ----- After removing Iceweasel and then making an autoclean and autoremove pass, this was presented. I'm fairly certain this VM has been rendered useless. The following packages will be REMOVED: aisleriot ant ant-optional argyll at-spi2-core baobab browser-plugin-gnash ca-certificates-java caribou caribou-antler cheese dconf-tools default-jre default-jre-headless empathy empathy-common espeak-data file-roller finger fonts-cantarell fonts-opensymbol fonts-sil-gentium fonts-sil-gentium-basic gcalctool gdebi gdm3 gedit gedit-common gedit-plugins gir1.2-atspi-2.0 gir1.2-gdata-0.0 gir1.2-gnomekeyring-1.0 gir1.2-goa-1.0 gir1.2-gtop-2.0 gir1.2-gucharmap-2.90 gir1.2-javascriptcoregtk-3.0 gir1.2-rb-3.0 gir1.2-tracker-0.14 gir1.2-webkit-3.0 gir1.2-wnck-3.0 glchess glines gnash gnash-common gnect gnibbles gnobots2 gnome-backgrounds gnome-color-manager gnome-dictionary gnome-disk-utility gnome-documents gnome-font-viewer gnome-games gnome-games-data gnome-games-extra-data gnome-icon-theme-extras gnome-mag gnome-nettool gnome-orca gnome-packagekit gnome-packagekit-data gnome-screenshot gnome-shell-extensions gnome-sudoku gnome-system-log gnome-tweak-tool gnome-video-effects gnomine gnotravex gnotski gnuchess gnuchess-book grilo-plugins-0.1 gtali gucharmap guile-2.0-libs hamster-applet hyphen-en-us iagno icedtea-6-jre-cacao icedtea-6-jre-jamvm icedtea-netx icedtea-netx-common inkscape iputils-tracepath java-common libapache-pom-java libatk-adaptor libatk-adaptor-data libatk-bridge2.0-0 libatk-wrapper-java libatk-wrapper-java-jni libatspi1.0-0 libatspi2.0-0 libavahi-gobject0 libavahi-ui-gtk3-0 libblas3gf libboost-program-options1.49.0 libboost-thread1.49.0 libcaribou-gtk-module libcaribou-gtk3-module libcmis-0.2-0 libcolamd2.7.1 libcolorblind0 libcommons-beanutils-java libcommons-collections3-java libcommons-compress-java libcommons-digester-java libcommons-logging-java libcommons-parent-java libdb-java libdb-je-java libdb5.1-java libdb5.1-java-jni libdee-1.0-4 libdiscid0 libdmapsharing-3.0-2 libdotconf1.0 libespeak1 libexttextcat-data libexttextcat0 libfs6 libgail-common libgdict-1.0-6 libgdict-common libgdu-gtk0 libgeocode-glib0 libgexiv2-1 libgnome-mag2 libgpod-common libgpod4 libgraphite2-2.0.0 libgrilo-0.1-0 libgtk-vnc-2.0-0 libgupnp-av-1.0-2 libgupnp-dlna-1.0-2 libgvnc-1.0-0 libhsqldb-java libhyphen0 libicc2 libicu4j-java libimdi0 libjaxp1.3-java libjline-java libjtidy-java liblinear-tools liblinear1 liblouis-data liblouis2 liblucene2-java libmagick++5 libminiupnpc5 libmtp-common libmtp-runtime libmtp9 libmythes-1.2-0 libnatpmp1 libplot2c2 libpstoedit0c2a libraw5 libregexp-java libreoffice libreoffice-base libreoffice-base-core libreoffice-calc libreoffice-common libreoffice-core libreoffice-draw libreoffice-emailmerge libreoffice-evolution libreoffice-filter-binfilter libreoffice-filter-mobiledev libreoffice-gnome libreoffice-gtk libreoffice-help-en-us libreoffice-impress libreoffice-java-common libreoffice-math libreoffice-report-builder-bin libreoffice-style-galaxy libreoffice-style-tango libreoffice-writer librhythmbox-core6 libsctp1 libservlet2.5-java libsofia-sip-ua-glib3 libsofia-sip-ua0 libsonic0 libspeechd2 libstlport4.6ldbl libsvm-tools libtelepathy-farstream2 libunique-3.0-0 libvisio-0.0-0 libwnck-common libwnck22 libwpd-0.9-9 libwpg-0.2-2 libwps-0.2-2 libxalan2-java libxerces2-java libxml-commons-external-java libxml-commons-resolver1.1-java libxss1 libxz-java lightsoff lksctp-tools lp-solve mahjongg media-player-info minissdpd mobile-broadband-provider-info mythes-en-us network-manager-gnome nmap openjdk-6-jre openjdk-6-jre-headless openjdk-6-jre-lib openjdk-7-jre openjdk-7-jre-headless p7zip-full perlmagick pstoedit python-brlapi python-louis python-mako python-markupsafe python-pyatspi python-pyatspi2 python-speechd python-uno python-wnck python-zeitgeist quadrapassel rdesktop rhythmbox rhythmbox-data rhythmbox-plugin-cdrecorder rhythmbox-plugins rygel rygel-playbin rygel-preferences rygel-tracker seahorse shotwell shotwell-common simple-scan sound-juicer sound-theme-freedesktop speech-dispatcher swell-foop task-desktop telepathy-gabble telepathy-idle telepathy-logger telepathy-rakia telepathy-salut transmission-common transmission-gtk ttf-liberation ttf-sil-gentium-basic tzdata-java uno-libs3 unoconv ure vinagre vino x11-apps x11-session-utils x11-xfs-utils xbrlapi xdg-user-dirs-gtk xfonts-mathml xinit xorg xul-ext-adblock-plus zeitgeist-core 0 upgraded, 0 newly installed, 278 to remove and 0 not upgraded.

Okay, I can run Iceweasel 17 ESR fine and some simple X apps like xkill, so I know that it's not merely an X display problem. However any version of Chromium and Iceweasel 24 fail with the following errors respectively: mikoto@localhost:~$ chromium [12031:12031:1010/111246:FATAL:zygote_host_impl_linux.cc(73)] Check failed: PathService::Get(base::FILE_EXE, &chrome_path). Aborted mikoto@localhost:~$ iceweasel (process:12035): GLib-CRITICAL **: g_slice_set_config: assertion `sys_page_size == 0' failed I'm using the standard Debian chroot environment produced by sudo debootstrap --variant=minbase --arch=i386 unstable chroot on a x86-64 system without any 32-bit compatibility libs installed. I can't run wine or the Google Android SDK directly on my base system, but I've extracted some of the tools into my 32-bit chroot and they run fine. Note that the Iceweasel 24 error message above appears to be non-fatal since I can find that line even when running Iceweasel 24 successfully on my base system. By "non-fatal", I mean the error message, despite the ominous "CRITICAL" tag, most likely doesn't provide a clue as to why Iceweasel 24 won't run. This is confirmed by the few hours of web searching I spent using the error message as a keyword. So, besides spitting out this error message, Iceweasel 24 fails silently. I'm posing this as a chromium question since I suspect anything that fixes the Chromium startup failure will also fix Iceweasel 24.

Since Debian uses firefox instead of iceweasel, apt-get update returns 404 errors with this URL: http://mozilla.debian.net/dists/wheezy-backports/iceweasel-release/binary-amd64/Packages I had installed firefox-esr in order to migrate to firefox and I have no problem, I can use Firefox. I use rvm and when I try to install ruby with it, it stop the installation because apt-get update returns a error 404. Read this. I use Kali Linux and my sources.list is clean: #kali 2.0 deb http://http.kali.org/kali sana main non-free contrib deb http://security.kali.org/kali-security/ sana/updates main contrib non-free How to delete these 404 errors?

How to install the latest Firefox build (called Aurora) on Debian unstable? Are there any packages or repositories?

I've done a clean install of Raspian Lite on my Rasperry Pi (there is no desktop environment installed). I'd like a kiosk-mode browser running fullscreen without having to worry about maintaining/securing a DE. After installing Raspbian Lite, I did apt-get install iceweasel and apt-get install x-window-system. I'm now able to login and run startx iceweasel and I get a functional iceweasel as required; however it's only about a quarter of the screen! The console I ran startx from was using the full screen; but after launching X/iceweasel the used area got smaller. Ideally I'd like it to inherit the resolution the console was already using, but I'd settle for having to provide them manually if that's not possible.

I run Debian wheezy with Iceweasel as browser and have installed the Flash plugin similar to this description . Today I read that not only Flash on Windows and Mac also Adobe Flash Player 11.2.202.350 and earlier versions for Linux are vulnerable to exploitation . When checking my version in Iceweasel > Tools > Add-ons I was surprised to see that it is an older version, even though I did all upgrades with apt-get. Does Debian provide updates for the Iceweasel plugin Flash at all? Are they not automatically provided? Do I always have to manually update the plugin?