HoppaLong Posted January 7, 2017 Share Posted January 7, 2017 (edited) XP Pro_SP3 Please, before you read this post perform a google search. Type "firefox reCAPTCHA." I just did and the results list is 218,000. On the first page of that google search you'll find a post entitled, "ReCaptcha impossibly difficult on Firefox exclusively." There are countless posts, blogs, etc., trying to resolve this problem. Google's reCAPTCHA is used on thousands of sites. As you can see from the attached image, it frequently fails to load into Firefox and other Mozilla browsers. I've got the latest version of Light Firefox and K-Meleon installed. If you're not familiar, Light Firefox uses the same Gecko engine. It loads web pages faster and the features it lacks I don't need. I decided to try one of the smallest browsers, QtWeb. It has many flaws, but I just wanted to see if it would load a reCAPTCHA box. It also fails to load reCAPTCHA. The version numbers for Firefox and Light Firefox are not the same. I just installed Light Firefox 48, which is the latest version. Many experts recommend disabling add-ons, if reCAPTCHA is blocked. Since I just installed Light Firefox there are no add-ons. The folks at Mozilla want you to have the latest version of Java (JRE). The last version of Java compatible with XP is 1.7.0.25. The problem is, many people are running Windows 7, 8, and 10 and they also fail to load that reCAPTCHA box. Another recommended "fix" is trying different UA (User Agent) strings. I've tried two or three dozen. Didn't work. I need a browser (excluding IE) that is compatible with XP Pro_SP3 and displays Google's latest version of reCAPTCHA. Edited January 7, 2017 by HoppaLong Link to comment Share on other sites More sharing options...
jumper Posted January 7, 2017 Share Posted January 7, 2017 There is sometimes a hidden, secondary submit button that will bypass the reCAPTCHA. Try View->Use Style->None to display hidden page elements. This trick got me through several job-related website registrations during the Fall. I think the problem is ECMAscript-related. Link to comment Share on other sites More sharing options...
dencorso Posted January 7, 2017 Share Posted January 7, 2017 4 hours ago, jumper said: There is sometimes a hidden, secondary submit button that will bypass the reCAPTCHA. Try View->Use Style->None to display hidden page elements. This trick got me through several job-related website registrations during the Fall. I think the problem is ECMAscript-related. Can you please post a screeshot highlighting it, for us all to know exactly what to look for, visually? Link to comment Share on other sites More sharing options...
jumper Posted January 7, 2017 Share Posted January 7, 2017 No screenshot is available. Find the original submit button and the second should be just to the right of or below it. If it's there, it'll be obvious. Update: the ReCAPTCHA demo at https://www.google.com/recaptcha/api2/demo doesn't have a hidden button, but also seems to have been fixed for the better in the last few months. It now works in SeaMonkey 2.0.14 (like FF3.6) with scripting disabled. Click in the proper check boxes, click Verify, copy the text that appears into the lower box, and click Submit. ->"Verification Success... Hooray!" Link to comment Share on other sites More sharing options...
Mathwiz Posted January 8, 2017 Share Posted January 8, 2017 (edited) 22 hours ago, HoppaLong said: XP Pro_SP3 I need a browser (excluding IE) that is compatible with XP Pro_SP3 and displays Google's latest version of reCAPTCHA. Uh, Chrome 49? Also, Opera 12.18 works. I would imagine Opera 36 would work too since it uses Chromium. All three run on XP SP3. Edit: Opera 12.18's engine is too old to render some modern sites properly, so even though it works with the reCAPTCHA demo page, you may still want to avoid it. Edited January 8, 2017 by Mathwiz Link to comment Share on other sites More sharing options...
HoppaLong Posted January 8, 2017 Author Share Posted January 8, 2017 It never crossed my mind that a reCAPTCHA challenge would function with JavaScript toggled off! I tried that Google reCAPTCHA demo with K-Meleon. As you can see in the attached image, JavaScript has been disabled on the privacy toolbar. It worked perfectly! I immediately visited two sites that failed to load reCAPTCHA. They both displayed that message about enabling JavaScript. After releasing the K-Meleon JavaScript button I reloaded the page. The reCAPTCHA challenge displayed normally. 1. I go to a site with JavaScript disabled.2. Wait for the message about enabling JavaScript.3. Reload the page with JavaScript enabled.4. reCAPTCHA works! I don't know why this disabling and enabling of JavaScript fixes reCAPTCHA in my browser, but at least I've got a procedure that works. That Google demo works with scripting disabled. It's hard to imagine any "real" reCAPTCHA challenges functioning without JavaScript. jumper, I found several posts that mention SeaMonkey working with reCAPTCHA. I will download the last version for XP: http://www.seamonkey-project.org/releases/legacy Thanks jumper, dencorso, and Mathwiz. 1 Link to comment Share on other sites More sharing options...
Monroe Posted January 8, 2017 Share Posted January 8, 2017 (edited) HoppaLong ... why don't you also download the last version of Pale Moon that works with XP. I think it was in November that XP support was dropped. I just checked my PM setup and it works fine with reCAPTCHA. I also have an older version of K-Meleon that works fine also (v1.8.2.4) but I don't think you can find that at the KM forum now ... the KM member that developed this particular version ... deleted ALL his posts and the download link and just left sometime back in 2016 or 2015. There may be someone there with the complete download. However, that version of KM is not possibly safe for banking and such. I just discovered this last month (December) ... I had my worries about it until I ran the browser test but KM is so handy to use in turning things off and on ... I sort of looked the other way until I ran the browser check. So you probably don't want that KM browser version anyway. It's still OK for everyday surfing. The last version of PM (Pale Moon 26.5.0 for Atom/Windows XP) works just fine so far and passes the browser test with flying colors and should be OK for banking and other sites ... hopefully for a long time. Pale Moon 26.5.0 for Atom/Windows XP http://www.palemoon.org/palemoon-atom.shtml End of Windows XP support in Pale Moon http://www.palemoon.org/PM_end_of_WinXP_support.shtml Browser Test Page: Mathwiz posted this browser test link in another thread ... "You can go to ... https://www.ssllabs.com/ssltest/viewMyClient.html ... with any browser to see what security protocols, encryption ciphers, etc. your browser supports." ... just ran the browser test again on my KM version and PM. I do not understand the terms but there are six insecure notifications with KM and none with PM v26.5.0. I now use PM for more security at certain sites. I don't know how insecure KM is but the PM results look better to me. My KM results from the test ... everything else seemed to be OK except for these six mentions. Protocols TLS 1.2 Yes TLS 1.1 Yes TLS 1.0 Yes SSL 3 No SSL 2 No Cipher Suites (in order of preference) TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007) INSECURE 128 TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011) INSECURE 128 TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002) INSECURE 128 TLS_ECDH_RSA_WITH_RC4_128_SHA (0xc00c) INSECURE 128 TLS_RSA_WITH_RC4_128_SHA (0x5) INSECURE 128 TLS_RSA_WITH_RC4_128_MD5 (0x4) INSECURE 128 ... Edited January 8, 2017 by monroe addition Link to comment Share on other sites More sharing options...
Mathwiz Posted January 8, 2017 Share Posted January 8, 2017 The RC4 cipher isn't considered secure anymore. I don't think it's terrible, but if possible you should disable the suites listed above. If KM is based on FF, you can probably use about:config and search for "security" to find the Booleans to toggle off. 1 Link to comment Share on other sites More sharing options...
Monroe Posted January 8, 2017 Share Posted January 8, 2017 OK ... thanks for that information about 'turning off' those six insecure findings. I did turn them off or set them to False in 'about:config'. I did not know about doing that ... yes, K-Meleon is similar to Firefox in many ways. Just ran that browser test again and nothing is showing as Insecure. monroe Link to comment Share on other sites More sharing options...
Monroe Posted January 9, 2017 Share Posted January 9, 2017 (edited) I actually had one more problem showing up with the K-Meleon browser when going to that test page. I also was getting this warning ... Logjam Vulnerability Your user agent is vulnerable. Upgrade as soon as possible. ... so checking around with Google ... I found this solution for Firefox and applied it to the K-Meleon browser. So now when I go to the test page, I get this: Logjam Vulnerability Your user agent is not vulnerable. This is the information I found to fix it: Nice. But way better: Change all 'security.ssl3' lines to 'false' EXCEPT security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256 (?) security.ssl3.ecdhe_rsa_aes_128_gcm_sha256 (?) security.ssl3.ecdhe_rsa_aes_256_sha (OK) security.ssl3.ecdhe_rsa_aes_256_sha;true (KM) and security.ssl3.rsa_aes_256_sha (OK) security.ssl3.rsa_aes_256_sha;true (KM) These 4 lines must stay 'true'. Done! Ralf Buxa May 27, 2015 I could not find the first two lines (?) ... only the last two where I have (OK) and below each line is a 'line copy' from K-Meleon ... they match exactly ... but as I said earlier, the first two lines don't appear in my K-Meleon version. So all the ssl3 lines in my K-Melon browser are now FALSE except for those two lines that I did find and and left as 'true'. So my question would be now ... since the browser test page is no longer showing 'any problems' ... would the KM browser be OK for banking and more secure type pages or could there still be some problems not showing with this older browser? I can keep using Pale Moon but I was wondering about K-Meleon also being OK now to use again with these sites? ... just to add about those first two lines that I did not find in the KM 'about:config' ... I did find two lines that were very similar but those two lines did not have 'gcm' in them. Not sure if I should have left those two lines as 'true' but they did not 'exactly' match so I made them 'false'. Any input on this would be helpful. Everything seems to be working so far with the KM browser. monroe Edited January 9, 2017 by monroe spacing Link to comment Share on other sites More sharing options...
rn10950 Posted January 9, 2017 Share Posted January 9, 2017 It works fine for me on my Server 2003 x64 and x86 installs on both Firefox and SeaMonkey. Maybe try clearing your cache or creating a new browser profile. Link to comment Share on other sites More sharing options...
Mathwiz Posted January 10, 2017 Share Posted January 10, 2017 I think the Logjam attack only applies to cipher suites with DHE (not ECDHE) key exchange, so if you have it, I'd try disabling the ones that start with DHE and leave the other cipher suites alone unless they have other issues (such as RC4). 1 Link to comment Share on other sites More sharing options...
Monroe Posted January 10, 2017 Share Posted January 10, 2017 Thanks again for the information ... I have gotten enough direction now to search around about cipher suites, DHE, ECDHE and other things to read up on. ... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now