←back to thread

All extensions disabled due to expiration of intermediate signing cert

(bugzilla.mozilla.org)
1318 points xvector | 1 comments | 04 May 19 01:31 UTC | HN request time: 0.207s | source
Show context
Chirael ◴[04 May 19 03:19 UTC] No.19824201[source]
Just discovered the same message in the Tor browser, and it seems that NoScript got disabled. So people running Tor are a lot more vulnerable right now.

Also, wow, the web has a ton of ads. I've been running uBlock origin so long I forgot how bad it had gotten :(

replies(9): >>19824208 #>>19824291 #>>19824333 #>>19824345 #>>19824397 #>>19825657 #>>19826085 #>>19826417 #>>19827286 #
1. iamnothere ◴[04 May 19 13:50 UTC] No.19826417[source]
Considering that JavaScript has been used in the past to unmask Tor users, this is a frightening security bug and is not "fail-safe" behavior. The extension should remain enabled, but with a warning.

It is doubtful that Mozilla will change this behavior, as they will likely consider it a niche case, but the Tor browser should probably look into alternate means of changing the behavior (patching).

Edit: apparently the packaged versions of NoScript and HTTPS Everywhere were not affected. See thread here https://old.reddit.com/r/TOR/comments/bkg7vf/due_to_a_bug_in...