Mozilla Firefox V3.5.1
Nahuel Anschutz
We are seeing the same pattern, with a story picked up by google news followed by very high spikes of traffic requesting the story (but not accessory files such as images). The outbound response traffic causes spikes which can saturate the network (or did, till we began responding with only a 503 error). These attacks (what else can we call them?) last about 30 minutes on average, but very popular stories can have high traffic for an hour or more (I am speaking of the firefox 3.0.10 traffic, of course normal traffic also remains high for a while).
In a one hour period (for a single server in a load balanced group) we saw 200,000 requests of which 97,000 were the firefox 3.0.10 requests, nearly 50% of all requests. And when you consider that normally a page generates 10 or more requests for the main file and accessory files the 97,000 looms much larger. I note that of the 97,000 there were 51,000 unique IP addresses. And I am talking about a single hour (actually it was closer to 45 minutes). Whatever is causing this is quite widespread.
This might be slightly off-topic, but is there a reason why you aren't using Malwarebytes v3.5.1.2522-1.0.365, the latest legacy version for Win XP and Vista (see the Malwarebytes FAQ for a download link)? And assuming you're using Firefox ESR v52.9.0 (the last legacy version for Win XP and Vista released 26-Jun-2018), do you have a reputable ad blocker like Adblock Plus for Firefox (see -US/firefox/addon/adblock-plus/) installed in your browser that still supports Firefox v52 and higher?
If you check for a product update from within Malwarebytes v3.1.2.1733 (e.g., Settings Application Install Application Updates) as shown below and the latest legacy Malwarebytes v3.5.1.2522 doesn't install correctly then try an over-the-top update. Download the full offline installer (mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.exe) from the link AdvancedSetup suggested at _legacy and save it to your desktop and then double-click to run the .exe installer.
Over-the-top updates always worked on my Vista SP2 machine, but if you run into problems let us know and someone will provide instructions for performing a clean reinstall of the legacy Malwarebytes v3.5.1.2522.
I didn't realize there was a legacy version of uBlock Origin that still works with Firefox ESR v52.9.0, so thanks for the link. Users should just be aware that they might have to disable xpinstall.signatures.required in the advanced about:config settings of Firefox ESR v52.9.0 in order to use this "old-style" .XPI installer (currently uBlock0_1.16.4.29.firefox-legacy.xpi) - see the instructions posted on gorhill's github site at -legacy.
Under advanced settings of firefox you should be able to set the encryption. By default SSL3.0 and TLS1.0 should be checked, so if firefox is trying to create ssl 3.0 connectons try unchecking the ssl 3.0s setting.
If you get the no cipher overlap error on firefox, and you have left it at default settings, you are using what must be a very insecure site trying to use a very weak "export grade" cipher. Use of these ciphers is discouraged these days and I personally would stop using a site trying to use such a weak cipher.
Note: It's easy to find the correspondences by looking at the Mercurial repository names: repositories starting by mozilla-b2g are the release repositories for Firefox OS, and have both Firefox OS and Gecko versions in their names.
IMPORTANT Before installing this release, please run a static code analyzer against your code, testing for any self-closing non-void DOM elements. The JET Audit Framework has been updated with new rules to test for these specific issues.
This release contains a new version of jQuery (v3.5.1) which fixes a security issue in any version older than or equal to v3.4.1 of jQuery. This security fix in jQuery introduces the need to make sure your HTML DOM is properly coded. Specifically it requires that you do not have any self-closing DOM elements that are not valid. Why this code cleaning is required can be demonstrated with the following example.
With older versions of jQuery the following code would have been "fixed" by jQuery before it was passed to the browsers.
The browsers would have seen this HTML as:
In the new jQuery release (v3.5.1), this fix is no longer performed and your invalid HTML is simply passed through to the browser as is. In which case that same invalid HTML would be rendered by the browser as:
Causing potential layout and CSS errors, or possibly not rendering your HTML at all. This would all be done without any errors in the browser console.
I added TLS 1.3 support to my Firefox ESR v52.9.0 browser by changing security.tls.version.max to a value of 4 in the advanced browser settings. See Martin Brinkmann's June 2017 ghacks.net article How to Enable TLS 1.3 Support in Firefox and Chrome for instructions.
----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1-1.0.365
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS
Further to my previous post, are you the user TerryWallace who created the VistaForums thread Enable TLS 1.2 today? If so, the additional information you posted there about your OS reinstall and hanging updates sounds like you're affected by the problem described in the FAQ How to Fix Vista SP2 "Checking for Updates..." Hangs and Slow Windows Updates that's pinned at the top of the Windows Update board of that forum. That FAQ includes a link to instructions on page 1 of m#l's thread Updates not working, it has been searching for updates for hours in the MS Answers Vista board that should get your OS patched to the end of extended support (11-Apr-2017).
----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1-1.0.365
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS
I also checked the system requirements for Flight1's Instant Scenery 3 (IS3) for your MS Flight Simulator 2004 and it says "Windows 10 (may not install on other operating systems)". Did the tech support people at Flight1 specifically say that IS3 would run correctly on a Vista SP2 OS as long as you had an Internet Explorer browser that supports TLS 1.2, or would a Firefox ESR v52.9.0 browser with built-in TLS 1.2 support still meet their system requirements? Perhaps a downgrade to Instant Scenery 2 (IS2), which is compatible with XP/Vista/WIn 7, would solve your problem.
----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1-1.0.365
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS
I rarely boot up my Vista SP2 machine these days since I purchased a new Win 10 laptop but I've always used Adblock Plus as the ad blocker in my Firefox ESR v52.9.0 browser. The latest version is currently v3.11.4 (rel. 23-Nov-2021) and is still compatible with Firefox ESR v52.9.0.
----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1.2522-1.0.365
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, 256 GB WD SATA HDD, NVIDIA GeForce 8400M GS
Hi Flyingshark:
Have you made any progress finding the cause of your Firefox ESR v52.9.0 crashes?
If not, the Mozilla support article Troubleshoot and Diagnose Firefox Problems might have some helpful hints. Note that a browser refresh / reset (Step # 5 - Help Troubleshooting Information Refresh button) will create a new Firefox user profile (i.e., remove your add-ons and reset your custom browser settings back to their defaults) but it will retain your bookmarks, cookies, and browsing history - see Refresh Firefox - Reset Add-ons and Settings for more information. Creating a new Firefox user profile as suggested by cryptodan (Step # 6 - I normally use the Firefox Profile Manager for this task) goes one step further and creates a clean profile without retaining any personal settings like bookmarks, etc. Before creating your new profile you can backup your bookmarks (Bookmarks Manage Bookmarks Import and Backup Backup) and then import them back into your new Firefox profile one it's created, but if you forget to do that you can still recover your bookmarks from your old profile.
If you haven't already done so, it might also be a good idea to run a Threat Scan with Malwarebytes Free v3.5.1 (the legacy version for Win XP and Vista available at -anti-malware/dl/383/_legacy) to see if it can find any PUPs (potentially unwanted programs like browser toolbars, adware, etc.) or PUMS (potentially unwanted registry modifications) missed by your antivirus that might be causing your browser to crash. If you haven't used Malwarebytes Free before see the hints for first-time users in MarcoHaidar's November 2021 thread Startup Pop Up in the Microsoft Answers Vista board where I post as user Great White North.
If you ever need to reinstall your Firefox ESR v52.9.0 browser note that the full offline installers for all languages and regions are available at (note that both 32-bit and 64-bit Vista should use the 32-bit installer). If you want the English-US version, for example, click the en-US/ directory to browse to -US/ where you can download the Firefox Setup 52.9.0esr.exe installer.
----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1.2522-1.0.365
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, 256 GB WD SATA HDD, NVIDIA GeForce 8400M GS