←back to thread

1318 points xvector | 4 comments | | HN request time: 0.806s | source
Show context
gpm ◴[] No.19824410[source]
To re-enable all disabled non-system addons you can do the following. I am not responsible if this fucks up your install:

Open the browser console by hitting ctrl-shift-j

Copy and paste the following code, hit enter. Until mozilla fixes the problem you will need to redo this once every 24 hours:

    // Re-enable *all* extensions

    async function set_addons_as_signed() {
        Components.utils.import("resource://gre/modules/addons/XPIDatabase.jsm");
        Components.utils.import("resource://gre/modules/AddonManager.jsm");
        let addons = await XPIDatabase.getAddonList(a => true);

        for (let addon of addons) {
            // The add-on might have vanished, we'll catch that on the next startup
            if (!addon._sourceBundle.exists())
                continue;

            if( addon.signedState != AddonManager.SIGNEDSTATE_UNKNOWN )
                continue;

            addon.signedState = AddonManager.SIGNEDSTATE_NOT_REQUIRED;
            AddonManagerPrivate.callAddonListeners("onPropertyChanged",
                                                    addon.wrapper,
                                                    ["signedState"]);

            await XPIDatabase.updateAddonDisabledState(addon);

        }
        XPIDatabase.saveChanges();
    }

    set_addons_as_signed();
Edit: Cleanup up code slightly...
replies(13): >>19824419 #>>19824512 #>>19824757 #>>19824939 #>>19825095 #>>19825736 #>>19826031 #>>19826062 #>>19826188 #>>19826298 #>>19826513 #>>19827530 #>>19829476 #
userbinator ◴[] No.19824512[source]
I wonder how long until the "security vultures" come upon this workaround and stop it from working... would be ironic if that happened sooner than the expired cert getting fixed.
replies(1): >>19824640 #
floatingatoll ◴[] No.19824640[source]
Seems unlikely. If you’re willing and able to run code like the above, sourced from a random comment on the Internet, there’s no amount of security vulture that’s going to protect you from skillfully making your Internet experience unsafe for yourself.
replies(2): >>19824832 #>>19828276 #
1. bostik ◴[] No.19824832[source]
Isn't that how most programming, security or not, works these days anyway?

Joe Random Developer googles for a problem, hits SO, tries a couple of the different proposed snippets and keeps the one that happens to work. (For given values of "work".)

This would be a great spot to end the post with a "</snark>", but sadly that'd be lying. Up until ~2 years ago the most common solution to requests between different subdomains subdomains failing was... "just use CORS: *"

replies(3): >>19824844 #>>19824962 #>>19827218 #
2. floatingatoll ◴[] No.19824844[source]
I believe the Mozilla Observatory has given CORS: * a -50 score penalty since the day it launched, precisely because of how horrifically dangerous that advice is.
3. adrianN ◴[] No.19824962[source]
More dangerous than copypasting code from SO is using some 0.0.1alpha library you found on Github/crates.io/npm... At least with the copypaste snippet you had a cursory look at the implementation.
4. snazz ◴[] No.19827218[source]
You can even automate the procedure: https://gkoberger.github.io/stacksort/