Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Saturday May 04 2019, @04:46AM   Printer-friendly
from the FFS! dept.

Armagadd-on 2.0, Mozilla expired certificate disables add-ons

No, the culprit you are losing add-ons isn't your computer, or maybe your old FF, or dropping of Webextensions API. Twitter, Reddit, everyone is wondering what is going on. This Armagadd-on 2.0 has a simple explanation: Mozilla forgot to renew certificates, and so add-ons are failing like if they were not properly signed, because technically they are not. Even signing of new add-ons is down (see comment 9). Great weekend at Mozilla HQ!

Some workarounds, until they clean up the mess, include playing with the computer clock (NTP? forget it) or disabling signature checks (not possible in default releases).

All Firefox extensions disabled due to expiration of intermediate signing cert

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0

Steps to reproduce:

Wait until it's past midnight on 2019-05-04 UTC.

Actual results:

All addons got disabled due not having valid signature.

Expected results:

If the signature was due to expire, it should have been renewed weeks ago. Not all extensions were disabled. Fakespot and Google Scholar Button were left in their disabled state.

Some reports on reddit says that they had their clocks a day forward, but they may be just early canaries for the actual widespread issue.

Going backwards in time allows installation from AMO (Mozilla Add-ons) but do not remove the unsupported mark from the add-ons already installed.

https://bugzilla.mozilla.org/show_bug.cgi?id=1548973

Workaround: Go to about:config and set xpinstall.signatures.required to false


Original Submission #1Original Submission #2

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Informative) by rayko on Saturday May 04 2019, @05:48AM (10 children)

    by rayko (6096) Subscriber Badge on Saturday May 04 2019, @05:48AM (#838732)

    Goto about:config, then change this setting to false.

    xpinstall.signatures.required false

    Starting Score:    1  point
    Moderation   +4  
       Informative=4, Disagree=1, Total=5
    Extra 'Informative' Modifier   0  

    Total Score:   5  
  • (Score: 3, Informative) by Anonymous Coward on Saturday May 04 2019, @10:34AM (6 children)

    by Anonymous Coward on Saturday May 04 2019, @10:34AM (#838781)

    That doesn't work for everyone. If not, you can goto about:debugging, click the "Load Temporary Add-on". Navigate to "~/.mozilla/firefox//extensions" (on Linux, on Windows it will be in a different location), and one by one load every .xpi file. The extensions will work until you exit Firefox.

    • (Score: 4, Insightful) by jmorris on Saturday May 04 2019, @06:28PM (5 children)

      by jmorris (4844) on Saturday May 04 2019, @06:28PM (#838918)

      Here is wisdom, cast before swine who will ignore it:

      If setting xpinstall.signatures.required to false doesn't work, Moz Corp owns your ass and believes it has the right to utterly control your experience. Accept that or get the Hell off the official builds and onto any of the myriad options out there. Pretty safe bet no Linux build would ever lock that setting, btw.

      Moz Corp is not locking those settings to protect users, they are locking out alternate extension repositories to enforce their efforts to censor. They have gone bad, about as bad as a Free Software based tech company can go. They are an open, declared enemy of every free man, woman and child. If you think the censorship against people you don't like anyway is where this ends you are a fool who deserves what is coming.

      Btw, curious data point. Haven't updated in a few days, haven't even launched FF in weeks, and the build Fedora 28 ships still works. Guessing the Mad Hatters did something clever? But doesn't a PKI infrastructure at Moz preclude that? Most curious.

      • (Score: 2) by Pino P on Saturday May 04 2019, @07:43PM

        by Pino P (4721) on Saturday May 04 2019, @07:43PM (#838938) Journal

        If setting xpinstall.signatures.required to false doesn't work, Moz Corp owns your ass and believes it has the right to utterly control your experience.

        Fortunately, disabling code signing works in Mozilla Firefox Eric S. Raymond Edition, which is what Debian GNU/Linux ships.

      • (Score: 5, Informative) by jmorris on Saturday May 04 2019, @07:58PM (3 children)

        by jmorris (4844) on Saturday May 04 2019, @07:58PM (#838945)

        Update. Learning all sorts of horrible things about the Evil that is Moz Corp. Go look at about:studies. Now search for their explanation for what it is and why it exists. Raise your hand if you even knew this shit existed? WTF? They have a backdoor into every recent Firefox they can push whatever they want through? Who thought this was a good idea? Who thinks this ends other than in a flaming wreck? I wouldn't trust anyone with this kind of power, this is a power that should not be.

        Oh, and while launching FF to check this out, all of my extensions stopped working. So nope, the Mad Hatters didn't do anything, apparently it just doesn't always check the signatures and certs? Meh.

        • (Score: 0) by Anonymous Coward on Sunday May 05 2019, @03:26AM (1 child)

          by Anonymous Coward on Sunday May 05 2019, @03:26AM (#839070)

          jmorris is just still angry over what happened with gab "dysentary".

          • (Score: 0) by Anonymous Coward on Monday May 06 2019, @05:34PM

            by Anonymous Coward on Monday May 06 2019, @05:34PM (#839722)

            Why dissing Dissenter?

        • (Score: 2) by corey on Monday May 06 2019, @02:26AM

          by corey (2202) on Monday May 06 2019, @02:26AM (#839476)

          Tried this on my Fennec F-Droid 66.0.2. They must've ripped it out....

          The address isn’t valid

          The URL is not valid and cannot be loaded.

                  Web addresses are usually written like http://www.example.com/ [example.com]

          Make sure that you’re using forward slashes (i.e. /).

  • (Score: 1, Informative) by Anonymous Coward on Saturday May 04 2019, @01:48PM

    by Anonymous Coward on Saturday May 04 2019, @01:48PM (#838802)

    Also, disable auto update on each extension till the signing problem is sorted out.

  • (Score: 1, Insightful) by Anonymous Coward on Sunday May 05 2019, @12:38AM (1 child)

    by Anonymous Coward on Sunday May 05 2019, @12:38AM (#839033)

    Goto Mozilla and set brendaneich.ceo = true

    Everything went to shit since the SJW contingent set that preference to false.

    • (Score: 0) by Anonymous Coward on Sunday May 05 2019, @03:01PM

      by Anonymous Coward on Sunday May 05 2019, @03:01PM (#839237)

      That may be so, but his new Brave browser is a money grabbing scam.