(bugzilla.mozilla.org)

1318 points xvector | 1 comments | 04 May 19 01:31 UTC | HN request time: 0.203s | source

Show context

Grue3 ◴[04 May 19 07:47 UTC] No.19825053[source]▶

>>19823701 (OP) #

What kind of idiot thought that the add-ons I have personally installed on my browser need to have a capability to be remotely disabled despite literally nothing being changed.

This is absolutely inexcusable. I want to see everyone being responsible for this "verified add-ons" fiasco fired from the team (after they roll it back of course).

replies(7): >>19825074 #>>19825084 #>>19825094 #>>19825120 #>>19825147 #>>19825255 #>>19825358 #

1. founderling ◴[04 May 19 08:00 UTC] No.19825084[source]▶

>>19825053 #

    remotely disabled

Were they really remotely disabled? That would mean somebody out there pushed a button and made your add-ons go poof.

As I understand it, the browser checks the certificate of add-ons at some point (on startup? on an interval?) and only uses signed ones. And since signatures are date restricted, previously valid signatures can become invalid.

I'm not 100% sure if this really is the mechanism. Would be interesting to hear from someone in the know.

↑

All extensions disabled due to expiration of intermediate signing cert