←back to thread

All extensions disabled due to expiration of intermediate signing cert

(bugzilla.mozilla.org)
1318 points xvector | 1 comments | 04 May 19 01:31 UTC | HN request time: 0s | source
Show context
xvector ◴[04 May 19 01:34 UTC] No.19823709[source]
Looks like all extensions have been disabled for all Firefox users.

I think this fail-closed behavior is more of a security issue than the one it is trying to solve. All of my security add-ons - Privacy Badger, NoScript, Decentraleyes, and many more were disabled. Even worse, it happened without notice to the user.

One moment I was browsing the internet (just barely) secured by these add-ons, and the next moment, all of them disappeared (without warning) and I only noticed when I saw my password manager was missing.

replies(6): >>19823819 #>>19823903 #>>19824040 #>>19824202 #>>19824361 #>>19825228 #
stevenwliao ◴[04 May 19 02:15 UTC] No.19823903[source]
If it failed open, anyone unlucky enough to update their extensions could end up having a malicious version installed. It also would have taken longer to notice.
replies(4): >>19824177 #>>19824284 #>>19824335 #>>19825081 #
Causality1 ◴[04 May 19 03:37 UTC] No.19824284{3}[source]
So why not just disable extension updates instead of disabling the extensions themselves?
replies(2): >>19824505 #>>19824666 #
ssadler ◴[04 May 19 05:36 UTC] No.19824666{4}[source]
Presumably because how would it differentiate between a legit "already installed" extension with a signature that cannot be verified, and an extension installed by malware that also cannot be verified?
replies(4): >>19824690 #>>19824705 #>>19825056 #>>19825962 #
1. josteink ◴[04 May 19 07:48 UTC] No.19825056{5}[source]
> Presumably because how would it differentiate between a legit "already installed" extension with a signature that cannot be verified, and an extension installed by malware that also cannot be verified?

This is why a signature can also be accompanied by a trusted time stamp which can confirm that the signature was made while the certificate was valid.

This is the common way to sign all Windows software to avoid this exact kind of problem.

Yes, that implies this is a known and solved problem. It’s embarrassing for Mozilla to not have prepared for this.