When I download Firefox ESR from the Mozilla website while on my company’s VPN, it causes the hash for Firefox executable to change.
What brought this to my attention was that there were folks in the Information Security division, stating that the version of Firefox 78.10.0 ESR I was releasing to the enterprise had a SHA256 hash that didn’t match what was provided in the mozilla website, and what was found in certutil on windows. It caused some concerns for them so I decided to investigate. I figured out that when I was downloading it on my computer while on my company’s VPN, it would change the SHA256 hash (causing it to not match what is documented online). However, if I download it on my own personal device, the hash matches the documentation. Each proceeding download would have a different hash than the last, (e.g. I downloaded Firefox ESR 64 bit from the same link multiple times and it would be the same executable, just with a different hash each time) which I thought was very interesting.
Has anyone experienced this? Any explanations/concerns I should have about this?
You received this message because you are subscribed to the Google Groups "enter...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to enterprise+...@mozilla.org.
To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/enterprise/eeba685c4e984899b91d336b99cdff5a%40boeing.com.
Thanks Mike, appreciate the info. This explains a lot.
I was grabbing it from https://www.mozilla.org/en-US/firefox/all/#product-desktop-esr
From: Mike Kaply <mka...@mozilla.com>
Sent: Tuesday, April 27, 2021 8:43 AM
To: Hoang (US), Victor T <victor....@boeing.com>
Subject: [EXTERNAL] Re: [Mozilla Enterprise] Inquiry: downloading Firefox ESR and hash changes on VPN?
To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/enterprise/021b0f44-355d-d5ed-4381-4bf4b3dedcd4%40gmx.de.
To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/enterprise/82d4adaa-2baa-6b32-43e1-81923c995103%40gmx.de.