If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
|
#1
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
Firefox disabled all add-ons because a certificate expired
https://www.engadget.com/2019/05/03/firefox-extension-add-on-cert/ The event occurred as the clock rolled over on UTC (Coordinated Universal Time, aka GMT or Greenwich Mean Time), and impacted users quickly narrowed it down to "expiration of intermediate signing cert" -- as it's described on Mozilla's bug tracker. https://bugzilla.mozilla.org/show_bug.cgi?id=1548973 |
#2
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
(This is a repost of the the response I gave to the same post in the
alt.os.linux newsgroup) As someone on slashdot mentioned, why are those add-ons even checked each-and-every time you start your browser ? Are they expected to mutate somehow (and no, I do not mean updates) ? All the thats that certificate /should/ be needed for is to make sure that you get & install the add-on as the developer has created it. In its current implementation its simply a kill-switch for anything Mozilla wishes to declare "obsolete". :-( And by the way: the work around is to go into about:config, find "xpinstall.signatures.required" and set it to false (which is actually the first thing I do when installing FF :-) ) Regards, Rudy Wieser |
#3
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
"R.Wieser" wrote
| As someone on slashdot mentioned, why are those add-ons even checked | each-and-every time you start your browser ? Are they expected to mutate | somehow (and no, I do not mean updates) ? | It's a bug. https://techcrunch.com/2019/05/03/a-...ox-extensions/ The lesson here is yet one more example of why you shouldn't allow software companies onto your system to do unreliable and intrusive dripfeed updates. If your extensions were disabled you simply don't have adequate security. |
#4
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
Woops. The news says it's a cert that's built in.
I have signature requirement disabled, but I still see a warning with unsigned extensions in the add-ons window. FF today is not warning me about all extensions. Yet according to the story it should have as of 4AM today EST. I've got FF 52.9. Maybe it's only a problem with particular recent versions. I'm curious whether xpinstall.signatures.required works in all versions. I was under the impression that it could only be used in ESR versions. Last year they removed access to "legacy" extensions. Last week they announced they're going to block all extensions with "obfuscated code". They seem to be trying to increase their own control of the product in the interest of consistency and security. I installed FF66 recently on my Win7 box to see what it's like. Not great. I can't get rid of tabs and while many extensions still exist they seem to have been crippled in order to accommodate Mozilla's new system. |
#5
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
On 5/4/19 9:21 AM, Mayayana wrote:
Woops. The news says it's a cert that's built in. I have signature requirement disabled, but I still see a warning with unsigned extensions in the add-ons window. FF today is not warning me about all extensions. Yet according to the story it should have as of 4AM today EST. I've got FF 52.9. Maybe it's only a problem with particular recent versions. I'm curious whether xpinstall.signatures.required works in all versions. I was under the impression that it could only be used in ESR versions. Last year they removed access to "legacy" extensions. Last week they announced they're going to block all extensions with "obfuscated code". They seem to be trying to increase their own control of the product in the interest of consistency and security. I installed FF66 recently on my Win7 box to see what it's like. Not great. I can't get rid of tabs and while many extensions still exist they seem to have been crippled in order to accommodate Mozilla's new system. You can reload them by doing the following: about:debugging enable add-on debugging Load Temporary Add-On Browse to your Firefox profile In the extensions folder choose the ..xpi file of your extension You can use about:support to find your profile directory I've reloaded 6 of mine now and they work great. Linux Mint, FF 66.0.3 |
#6
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
Mayayana,
"Mayayana" wrote in message ... "R.Wieser" wrote | As someone on slashdot mentioned, why are those add-ons even | checked each-and-every time you start your browser ? Are they | expected to mutate somehow (and no, I do not mean updates) ? It's a bug. From the page you linked to "and suggests the sudden failure is due to a code signing certificate built into the browser that expired just after 5 PM". So no, not even they consider it to be a bug. But, try to come up with rational explanation how such a bug could hit /all/ plugins for /all/ users at /the same time/. Good luck. :-) The lesson here is yet one more example of why you shouldn't allow software companies onto your system to do unreliable and intrusive dripfeed updates. Agreed. If your extensions were disabled you simply don't have adequate security. Bull****. This is not some hacker that tries to gain entrance and create havock, or a virus that tries to "do it's thang", this is a program which does exactly what its designed for. There is /no/ security measure you can have implemented to ward it off. And no, restoring a backup would not have helped either - the certificate would still be expired. Regards, Rudy Wieser |
#7
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
On Sat, 4 May 2019 17:21:49 +0200, in alt.comp.os.windows-10, R.Wieser
wrote: Mayayana, "Mayayana" wrote in message ... "R.Wieser" wrote | As someone on slashdot mentioned, why are those add-ons even | checked each-and-every time you start your browser ? Are they | expected to mutate somehow (and no, I do not mean updates) ? It's a bug. From the page you linked to "and suggests the sudden failure is due to a code signing certificate built into the browser that expired just after 5 PM". So no, not even they consider it to be a bug. But, try to come up with rational explanation how such a bug could hit /all/ plugins for /all/ users at /the same time/. Good luck. :-) The lesson here is yet one more example of why you shouldn't allow software companies onto your system to do unreliable and intrusive dripfeed updates. Agreed. If your extensions were disabled you simply don't have adequate security. Bull****. This is not some hacker that tries to gain entrance and create havock, or a virus that tries to "do it's thang", this is a program which does exactly what its designed for. There is /no/ security measure you can have implemented to ward it off. And no, restoring a backup would not have helped either - the certificate would still be expired. Maybe they'll wise up and fix this with a 3-day waiting period where the browser warns you that extension verification has failed. "Run at your own risk," but it'll run at least. Gives them time to fix it. A bad, built-in cert. At the least, they're going to have to start mandatory clock set tests for nightly and beta to ward this off in the future. And surprise, surprise, Persona (light) themes are also signed. There is no reason for that other than the desire to centrally control themes in case one is found to be offensive, or in support of civil unions, or violates copyright. SMH. More info at: https://support.mozilla.org/en-US/kb...nstall-firefox They'd better fix this in less than a day or so or people will be switching to Chrome in droves. -- Zag No one ever said on their deathbed, 'Gee, I wish I had spent more time alone with my computer.' ~Dan(i) Bunten |
#8
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
On Sat, 04 May 2019 13:14:49 -0500, Zaghadka wrote:
https://support.mozilla.org/en-US/kb...nstall-firefox They'd better fix this in less than a day or so or people will be switching to Chrome in droves. Thanks for that link which says that "studies" is used for the "temporary" fix, apparently, but not on all platforms (apparently). Firefox: Options Privacy & Security Firefox Data Collection and Use [x]Allow Firefox to install and run studies I do not claim to understand either the problem or the permanent solution, so, given that, what I wonder, perhaps too innocently, is why don't they just compile a new Firefox binary that contains a new built-in certificate that is known to be good? Then we could all download that new binary, and be done with it. What's wrong with my assumption (bearing in mind I admit I don't fully understand the problem set yet). |
#9
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
In message , R.Wieser
writes: (This is a repost of the the response I gave to the same post in the alt.os.linux newsgroup) As someone on slashdot mentioned, why are those add-ons even checked each-and-every time you start your browser ? Are they expected to mutate somehow (and no, I do not mean updates) ? All the thats that certificate /should/ be needed for is to make sure that you get & install the add-on as the developer has created it. In its current implementation its simply a kill-switch for anything Mozilla wishes to declare "obsolete". :-( And by the way: the work around is to go into about:config, find "xpinstall.signatures.required" and set it to false (which is actually the first thing I do when installing FF :-) ) Regards, Rudy Wieser Does the "xp" in its name mean it's only for Windows XP versions? (If not, what _does_ it mean?) -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf The web is a blank slate; you can't design technology that is 'good'. You can't design paper that you can only write good things on. There are no good or evil tools. You can put an engine in an ambulance or a tank. - Sir Tim Berners-Lee, Radio Times 2009-Jan-30 to -Feb-5. |
#10
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
On 5/4/19 9:31 AM, J. P. Gilliver (John) wrote:
In message , R.Wieser writes: (This is a repost of the the response I gave to the same post in the alt.os.linux newsgroup) As someone on slashdot mentioned, why are those add-ons even checked each-and-every time you start your browser ?Â*Â*Â*Â* Are they expected to mutate somehow (and no, I do not mean updates) ? All the thats that certificate /should/ be needed for is to make sure that you get & install the add-on as the developer has created it. In its current implementation its simply a kill-switch for anything Mozilla wishes to declare "obsolete".Â* :-( And by the way: the work around is to go into about:config, find "xpinstall.signatures.required" and set it to false (which is actually the first thing I do when installing FF :-) ) Regards, Rudy Wieser Does the "xp" in its name mean it's only for Windows XP versions? (If not, what _does_ it mean?) Since extensions are .xpi files, I would guess the XP comes from that. The setting is in all versions of FF. Al |
#11
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
Big Al,
Since extensions are .xpi files, I would guess the XP comes from that. Shucks, ofcourse. Thanks. Regards, Rudy Wieser |
#12
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
"J. P. Gilliver (John)" wrote
| Does the "xp" in its name mean it's only for Windows XP versions? (If | not, what _does_ it mean?) Extension package install. It's just a ZIP with a different extension, holding javascript files, images, language options, GUI specs, etc. |
#13
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
Mayayana,
Extension package install. Nope: https://developer.mozilla.org/en-US/docs/Mozilla/XPI It's just a ZIP with a different extension, holding javascript files, images, language options, GUI specs, etc. That is an answer to a question that has not been asked. Regards, Rudy Wieser |
#14
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
"R.Wieser" wrote
Does the "xp" in its name mean it's only for Windows XP versions? (If not, what _does_ it mean?) Extension package install. | That is an answer to a question that has not been asked. I wonder if you're getting enough sleep, Rudy. You seem to argue with virtually everything these days. |
#15
|
|||
|
|||
Firefox disabled all add-ons because a certificate expired
John,
Does the "xp" in its name mean it's only for Windows XP versions? I wondered the same thing. I cannot check it though (am on XP, FF 52). (If not, what _does_ it mean?) eXtra Plugin ? eXperience Points ? :-) Sorry, no idea. Regards, Rudy Wieser |
Thread Tools | |
Display Modes | |
|
|