If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
Firefox disabled all add-ons because a certificate expired
https://www.engadget.com/2019/05/03/firefox-extension-add-on-cert/ The event occurred as the clock rolled over on UTC (Coordinated Universal Time, aka GMT or Greenwich Mean Time), and impacted users quickly narrowed it down to "expiration of intermediate signing cert" -- as it's described on Mozilla's bug tracker. https://bugzilla.mozilla.org/show_bug.cgi?id=1548973 |
Ads |
#2
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
(This is a repost of the the response I gave to the same post in the
alt.os.linux newsgroup) As someone on slashdot mentioned, why are those add-ons even checked each-and-every time you start your browser ? Are they expected to mutate somehow (and no, I do not mean updates) ? All the thats that certificate /should/ be needed for is to make sure that you get & install the add-on as the developer has created it. In its current implementation its simply a kill-switch for anything Mozilla wishes to declare "obsolete". :-( And by the way: the work around is to go into about:config, find "xpinstall.signatures.required" and set it to false (which is actually the first thing I do when installing FF :-) ) Regards, Rudy Wieser |
#3
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
"R.Wieser" wrote
| As someone on slashdot mentioned, why are those add-ons even checked | each-and-every time you start your browser ? Are they expected to mutate | somehow (and no, I do not mean updates) ? | It's a bug. https://techcrunch.com/2019/05/03/a-...ox-extensions/ The lesson here is yet one more example of why you shouldn't allow software companies onto your system to do unreliable and intrusive dripfeed updates. If your extensions were disabled you simply don't have adequate security. |
#4
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
Woops. The news says it's a cert that's built in.
I have signature requirement disabled, but I still see a warning with unsigned extensions in the add-ons window. FF today is not warning me about all extensions. Yet according to the story it should have as of 4AM today EST. I've got FF 52.9. Maybe it's only a problem with particular recent versions. I'm curious whether xpinstall.signatures.required works in all versions. I was under the impression that it could only be used in ESR versions. Last year they removed access to "legacy" extensions. Last week they announced they're going to block all extensions with "obfuscated code". They seem to be trying to increase their own control of the product in the interest of consistency and security. I installed FF66 recently on my Win7 box to see what it's like. Not great. I can't get rid of tabs and while many extensions still exist they seem to have been crippled in order to accommodate Mozilla's new system. |
#5
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
On 5/4/19 9:21 AM, Mayayana wrote:
Woops. The news says it's a cert that's built in. I have signature requirement disabled, but I still see a warning with unsigned extensions in the add-ons window. FF today is not warning me about all extensions. Yet according to the story it should have as of 4AM today EST. I've got FF 52.9. Maybe it's only a problem with particular recent versions. I'm curious whether xpinstall.signatures.required works in all versions. I was under the impression that it could only be used in ESR versions. Last year they removed access to "legacy" extensions. Last week they announced they're going to block all extensions with "obfuscated code". They seem to be trying to increase their own control of the product in the interest of consistency and security. I installed FF66 recently on my Win7 box to see what it's like. Not great. I can't get rid of tabs and while many extensions still exist they seem to have been crippled in order to accommodate Mozilla's new system. You can reload them by doing the following: about:debugging enable add-on debugging Load Temporary Add-On Browse to your Firefox profile In the extensions folder choose the ..xpi file of your extension You can use about:support to find your profile directory I've reloaded 6 of mine now and they work great. Linux Mint, FF 66.0.3 |
#6
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
In message , R.Wieser
writes: (This is a repost of the the response I gave to the same post in the alt.os.linux newsgroup) As someone on slashdot mentioned, why are those add-ons even checked each-and-every time you start your browser ? Are they expected to mutate somehow (and no, I do not mean updates) ? All the thats that certificate /should/ be needed for is to make sure that you get & install the add-on as the developer has created it. In its current implementation its simply a kill-switch for anything Mozilla wishes to declare "obsolete". :-( And by the way: the work around is to go into about:config, find "xpinstall.signatures.required" and set it to false (which is actually the first thing I do when installing FF :-) ) Regards, Rudy Wieser Does the "xp" in its name mean it's only for Windows XP versions? (If not, what _does_ it mean?) -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf The web is a blank slate; you can't design technology that is 'good'. You can't design paper that you can only write good things on. There are no good or evil tools. You can put an engine in an ambulance or a tank. - Sir Tim Berners-Lee, Radio Times 2009-Jan-30 to -Feb-5. |
#7
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
On 5/4/19 9:31 AM, J. P. Gilliver (John) wrote:
In message , R.Wieser writes: (This is a repost of the the response I gave to the same post in the alt.os.linux newsgroup) As someone on slashdot mentioned, why are those add-ons even checked each-and-every time you start your browser ?Â*Â*Â*Â* Are they expected to mutate somehow (and no, I do not mean updates) ? All the thats that certificate /should/ be needed for is to make sure that you get & install the add-on as the developer has created it. In its current implementation its simply a kill-switch for anything Mozilla wishes to declare "obsolete".Â* :-( And by the way: the work around is to go into about:config, find "xpinstall.signatures.required" and set it to false (which is actually the first thing I do when installing FF :-) ) Regards, Rudy Wieser Does the "xp" in its name mean it's only for Windows XP versions? (If not, what _does_ it mean?) Since extensions are .xpi files, I would guess the XP comes from that. The setting is in all versions of FF. Al |
#8
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
"J. P. Gilliver (John)" wrote
| Does the "xp" in its name mean it's only for Windows XP versions? (If | not, what _does_ it mean?) Extension package install. It's just a ZIP with a different extension, holding javascript files, images, language options, GUI specs, etc. |
#9
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
Mayayana,
"Mayayana" wrote in message ... "R.Wieser" wrote | As someone on slashdot mentioned, why are those add-ons even | checked each-and-every time you start your browser ? Are they | expected to mutate somehow (and no, I do not mean updates) ? It's a bug. From the page you linked to "and suggests the sudden failure is due to a code signing certificate built into the browser that expired just after 5 PM". So no, not even they consider it to be a bug. But, try to come up with rational explanation how such a bug could hit /all/ plugins for /all/ users at /the same time/. Good luck. :-) The lesson here is yet one more example of why you shouldn't allow software companies onto your system to do unreliable and intrusive dripfeed updates. Agreed. If your extensions were disabled you simply don't have adequate security. Bull****. This is not some hacker that tries to gain entrance and create havock, or a virus that tries to "do it's thang", this is a program which does exactly what its designed for. There is /no/ security measure you can have implemented to ward it off. And no, restoring a backup would not have helped either - the certificate would still be expired. Regards, Rudy Wieser |
#10
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
John,
Does the "xp" in its name mean it's only for Windows XP versions? I wondered the same thing. I cannot check it though (am on XP, FF 52). (If not, what _does_ it mean?) eXtra Plugin ? eXperience Points ? :-) Sorry, no idea. Regards, Rudy Wieser |
#11
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
Big Al,
Since extensions are .xpi files, I would guess the XP comes from that. Shucks, ofcourse. Thanks. Regards, Rudy Wieser |
#12
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
Mayayana,
Extension package install. Nope: https://developer.mozilla.org/en-US/docs/Mozilla/XPI It's just a ZIP with a different extension, holding javascript files, images, language options, GUI specs, etc. That is an answer to a question that has not been asked. Regards, Rudy Wieser |
#13
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
"R.Wieser" wrote
Does the "xp" in its name mean it's only for Windows XP versions? (If not, what _does_ it mean?) Extension package install. | That is an answer to a question that has not been asked. I wonder if you're getting enough sleep, Rudy. You seem to argue with virtually everything these days. |
#14
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
Mayayana,
I wonder if you're getting enough sleep, Rudy. I wonder if you get enough yourself. Pointing to websites that supposedly classifies this whole debacle as a "bug", only to need to be told that if you actually read-and-absorbed the (rather small bit of) info there it says quite a different thing. Whoops! Regards, Rudy Wieser |
#15
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
Mayayana,
And I ofcourse forgot to to mention the obvious: that you focus on something you find "wrong" with the other, in the hope they won't notice that you drop everything else what has been said but do not like to talk about (it almost worked). Like your bull**** about your "don't have adequate security". Even if you would try - which you have no intention of - to come up with a/any kind of "security" /by the user/ that could have prevented this than I'm pretty sure that anyone can poke a few holes in it. Like I already did (backups don't work). Kiddo, you think that you are /much/ smarter than that you are, or simply do not think long enough about the implications of what you suggest. Which, too bad for you, results in getting called out for it. Which you than forcefully ignore in the hope it will go away. .... which it doesn't. "The biggest mistake you can make is thinking that you cannot make any. An even bigger one is to, when you made one, deny you made it." (and yes, there is a joke in there). Regards, Rudy Wieser |
Thread Tools | |
Display Modes | |
|
|