←back to thread

All extensions disabled due to expiration of intermediate signing cert

(bugzilla.mozilla.org)
1318 points xvector | 1 comments | 04 May 19 01:31 UTC | HN request time: 0.219s | source
Show context
rmbryan ◴[04 May 19 10:27 UTC] No.19825581[source]
Update: We have rolled out a partial fix for this issue. We generated a new intermediate certificate with the same name/key but an updated validity window and pushed it out to users via Normandy (this should be most users). Users who have Normandy on should see their add-ons start working over the next few hours. We are continuing to work on packaging up the new certificate for users who have Normandy disabled.
replies(20): >>19825596 #>>19825603 #>>19825612 #>>19825623 #>>19825631 #>>19825665 #>>19825705 #>>19825721 #>>19825744 #>>19825813 #>>19825905 #>>19825998 #>>19826421 #>>19826769 #>>19826772 #>>19826878 #>>19827050 #>>19829585 #>>19831941 #>>19840386 #
inferiorhuman ◴[04 May 19 10:49 UTC] No.19825665[source]
pushed it out to users via Normandy (this should be most users)

Is the existence of a back door method of updating Firefox preferences something that will be disclosed to users? What about a UI knob to disable it?

replies(6): >>19825685 #>>19825686 #>>19825716 #>>19825995 #>>19826440 #>>19826786 #
daleharvey ◴[04 May 19 10:56 UTC] No.19825686[source]
> Is the existence of a back door method of updating Firefox preferences something that will be disclosed to users?

It will even be documented for them: https://wiki.mozilla.org/Firefox/Normandy/PreferenceRollout

> What about a UI knob to disable it?

app.normandy.enabled

replies(5): >>19825728 #>>19825732 #>>19825745 #>>19825755 #>>19825842 #
nanis ◴[04 May 19 11:13 UTC] No.19825755[source]
>> Is the existence of a back door method of updating Firefox preferences something that will be disclosed to users?

> It will even be documented for them:

That sounds like you do not think the concern is warranted. I've used Firefox since the first time it was available, and Netscape starting with the first ever betas. At no point was there a dialog that said "Do you want us to be able to change your browser settings remotely?"

>> What about a UI knob to disable it?

> app.normandy.enabled

That is not a "UI knob" by any stretch of the imagination. Looking in about:config revealed:

app.normandy.logging.level

Is there a way to find out what is being logged and why?

So, the question can be rephrased as "is the fact that Firefox has been logging all users' entire browsing history despite the fact that the user has not chosen to set up a Firefox account going to be disclosed?"

replies(1): >>19825792 #
Yoric ◴[04 May 19 11:23 UTC] No.19825792[source]
> So, the question can be rephrased as "is the fact that Firefox has been logging all users' entire browsing history despite the fact that the user has not chosen to set up a Firefox account going to be disclosed?"

Chill out, this preference only determines what is logged locally (never sent to the server). It's a debugging tool.

Sources: - https://searchfox.org/mozilla-central/source/toolkit/compone... - https://searchfox.org/mozilla-central/source/services/common...

replies(1): >>19828628 #
1. rue ◴[04 May 19 19:22 UTC] No.19828628[source]
Look, at this point it’s not the user’s responsibility to “chill out”. It’s very much Firefox’s responsibility to try to repair their reputation by:

1. being completely transparent about all the mechanisms that data or code can be pushed to or pulled by the browser, or pushed from or pulled from the browser; and

2. having a toggle for all of them, yes every single one, in Privacy & Security.