←back to thread

All extensions disabled due to expiration of intermediate signing cert

(bugzilla.mozilla.org)
1318 points xvector | 2 comments | 04 May 19 01:31 UTC | HN request time: 1.34s | source
Show context
weavejester ◴[04 May 19 02:21 UTC] No.19823928[source]
There's a workaround that involves going to about:config and setting xpinstall.signatures.required to false.

However, if you're running the Stable or Beta version, it will only work under Linux. On Windows and MacOS you'll need to download Nightly or the Developer Edition.

To fix this on MacOS I did the following:

1. Downloaded and installed Firefox Nightly

2. Ran /Applications/Firefox\ Nightly.app/Contents/MacOS/firefox-bin --profilemanager

3. Changed the profile to "default" so my normal Firefox profile would be used

4. Started up Firefox Nightly, opened about:config, then set xpinstall.signatures.required to false

Not sure if it's a good idea to use my default profile in Nightly. It might be a wiser idea to copy it instead.

replies(14): >>19824011 #>>19824101 #>>19824109 #>>19824183 #>>19824225 #>>19824268 #>>19824299 #>>19824700 #>>19824983 #>>19825109 #>>19825195 #>>19825237 #>>19825421 #>>19826226 #
SilasX ◴[04 May 19 13:16 UTC] No.19826226[source]
Firefox stopped respecting the signature-required setting in the mainline version in 2016. I know because I got burned by it and made a Hitler parody.

https://youtube.com/watch?v=taGARf8K5J8

And frankly, this an extra absurdity on top of that. If you’re going to require signatures for all extensions, regardless of user preference, shouldn’t you be keeping an eye on the signing process?

replies(1): >>19826267 #
chappi42 ◴[04 May 19 13:23 UTC] No.19826267[source]
Why does Mozilla do this? Same with removing the option to not update. Why not let users choose (in the case of update maybe with an about config setting)?
replies(2): >>19826306 #>>19826489 #
the8472 ◴[04 May 19 13:28 UTC] No.19826306[source]
Because (stable) users are dumb, are easily manipulated and can't be trusted. Thus the mothership has to be in control for the greater good. They also argue that enduser computers are already effectively "compromised" from a mozilla perspective because adware runs installers with admin privs and thus could insert things into the program folders. Thus anything the user can do adware could do too and therefore they can't give them any choice.

They put it in nicer words though.

To their credit, you can opt out but only if you switch to dev edition, nightly or custom builds, which either is a one-way road since downgrades corrupt profiles or tedious because you don't receive auto-updates.

But what they should really have done is allowing additional signing roots. Even secure boot does that.

replies(2): >>19826325 #>>19828291 #
1. lordlimecat ◴[04 May 19 18:33 UTC] No.19828291[source]
This sounds like a threat model and mitigation developed by a college intern.

How, exactly, is a user land application going to protect itself from modification by a computer admin? I think DRM, anti-virus, and os vendors everywhere would love an answer to this.

This threat model completely fails to account for live patching, trusted cert root modification, dll hooking, etc. Either the Mozilla security folks are incompetent / winging it, or this isn't the real reason.

replies(1): >>19828906 #
2. the8472 ◴[04 May 19 19:57 UTC] No.19828906[source]
Here's the official reason in case you don't trust my grim representation of it: https://blog.mozilla.org/addons/2015/04/15/the-case-for-exte...