←back to thread

All extensions disabled due to expiration of intermediate signing cert

(bugzilla.mozilla.org)
1318 points xvector | 1 comments | 04 May 19 01:31 UTC | HN request time: 0s | source
Show context
Grue3 ◴[04 May 19 07:47 UTC] No.19825053[source]
What kind of idiot thought that the add-ons I have personally installed on my browser need to have a capability to be remotely disabled despite literally nothing being changed.

This is absolutely inexcusable. I want to see everyone being responsible for this "verified add-ons" fiasco fired from the team (after they roll it back of course).

replies(7): >>19825074 #>>19825084 #>>19825094 #>>19825120 #>>19825147 #>>19825255 #>>19825358 #
mk89 ◴[04 May 19 08:44 UTC] No.19825255[source]
I disagree. Probably what they need is a better monitoring an alerting system that triggers when these certs are expiring. The software did what it was supposed to do -> prevent MITM attacks, fake extensions, etc. What they could have done better is give users the possibility to say "keep using the extensions despite the certificate expiration".
replies(1): >>19825282 #
1. ubercow13 ◴[04 May 19 08:51 UTC] No.19825282[source]
The downloaded extensions already passed verification when they were installed before the expiration. Disabling them now makes absolutely no sense. Even if the cert was compromised the moment it expired, previously installed extensions can't have become vulnerable without being updated.