←back to thread

All extensions disabled due to expiration of intermediate signing cert

(bugzilla.mozilla.org)
1318 points xvector | 3 comments | 04 May 19 01:31 UTC | HN request time: 0.554s | source
Show context
Wowfunhappy ◴[04 May 19 02:12 UTC] No.19823890[source]
This is why users need to be in control of their own computers. Why can't I tell my copy of Firefox to ignore the certificate? Why can't I sign my own extensions?

Mistakes happen, it's okay. But users should be empowered to work around them.

replies(9): >>19823918 #>>19823919 #>>19823921 #>>19823930 #>>19824013 #>>19824265 #>>19824275 #>>19824334 #>>19824438 #
1. lmz ◴[04 May 19 02:40 UTC] No.19824013[source]
Because it's hard to tell the difference between "users" and "malicious software running on their computers".
replies(2): >>19824274 #>>19824646 #
2. Wowfunhappy ◴[04 May 19 03:35 UTC] No.19824274[source]
If the malicious software can adjust protected user settings, can't it also just inject into the Firefox process directly?

If there's a privilege level that allows for one but not the other, that sounds like something Mozilla should fix.

3. altfredd ◴[04 May 19 05:31 UTC] No.19824646[source]
Fortunately, it is no longer necessary to run malicious software on user computers. With latest "advancements" in Firefox security everyone can publish malware directly in Firefox addon center [1]. No review needed!

"We accidentally uploaded all your HTTP requests to our servers, but we will definitely fix that in next addon version!~"

[1]: https://arstechnica.com/?post_type=post&p=1340459