All extensions disabled due to expiration of intermediate signing cert

(bugzilla.mozilla.org)

1318 points xvector | 1 comments | 04 May 19 01:31 UTC | HN request time: 0.348s | source

Show context

rmbryan ◴[04 May 19 10:27 UTC] No.19825581[source]▶

>>19823701 (OP) #

Update: We have rolled out a partial fix for this issue. We generated a new intermediate certificate with the same name/key but an updated validity window and pushed it out to users via Normandy (this should be most users). Users who have Normandy on should see their add-ons start working over the next few hours. We are continuing to work on packaging up the new certificate for users who have Normandy disabled.

replies(20): >>19825596 #>>19825603 #>>19825612 #>>19825623 #>>19825631 #>>19825665 #>>19825705 #>>19825721 #>>19825744 #>>19825813 #>>19825905 #>>19825998 #>>19826421 #>>19826769 #>>19826772 #>>19826878 #>>19827050 #>>19829585 #>>19831941 #>>19840386 #

brador ◴[04 May 19 10:31 UTC] No.19825596[source]▶

>>19825581 #

What is Normandy?

replies(2): >>19825604 #>>19825613 #

megous ◴[04 May 19 10:33 UTC] No.19825604[source]▶

>>19825596 #

https://wiki.mozilla.org/Firefox/Normandy/PreferenceRollout

replies(1): >>19825619 #

chinathrow ◴[04 May 19 10:36 UTC] No.19825619[source]▶

>>19825604 #

So is that a backdoor into my prefs? How can I check if Normandy is active on my installation?

replies(2): >>19825625 #>>19825696 #

megous ◴[04 May 19 10:58 UTC] No.19825696[source]▶

>>19825619 #

Something with a public wiki page describing what it does exactly is hardly a backdoor.

Also here's the code for the server: https://github.com/mozilla/normandy

replies(1): >>19825812 #

tssva ◴[04 May 19 11:29 UTC] No.19825812[source]▶

>>19825696 #

The wiki entry evidently doesn't describe what it does because according to the wiki entry it allows for the enabling and disabling of preferences. The updating of a certificate is beyond what is described in the wiki.

Mozilla should follow up with a post describing exactly how Normandy works and the full capabilities it gives them.

replies(2): >>19825915 #>>19831678 #

megous[dead post] ◴[04 May 19 12:03 UTC] No.19825915{3}[source]▶

>>19825812 #

So search elsewhere if you want more info. All code is available.

greendestiny_re ◴[04 May 19 13:07 UTC] No.19826178[source]▶

>>19825915 #

All code is available – as a tar.xzipped archive of Firefox source code containing over 150k files and measuring over 1GB in size when unpacked.

replies(1): >>19826748 #

megous ◴[04 May 19 14:43 UTC] No.19826748[source]▶

>>19826178 #

grep -iR normandy

I expect code related to normandy to be ~1k LOC in size and probably written in JS. I haven't checked though, because I don't really care today.

replies(1): >>19828332 #

1. devcpp ◴[04 May 19 18:38 UTC] No.19828332[source]▶

>>19826748 #

And you shouldn't have to care. No one should. The very fact that this exists and that we are expected to trust it is very disappointing.

↑