Eric Rescorla has a blog post over at Mozilla about the technical details on the recent Firefox add-on outage. He covers the background of how they use certificates, how they tried to mitigate the damage from the outage, how they worked to solve the problem without breaking more things, deployment of the replacement certificate, and why it took so long to fix.
Recently, Firefox had an incident in which most add-ons stopped working. This was due to an error on our end: we let one of the certificates used to sign add-ons expire which had the effect of disabling the vast majority of add-ons. Now that we've fixed the problem for most users and most people's add-ons are restored, I wanted to walk through the details of what happened, why, and how we repaired it.
There were a lot of work arounds discussed here and elsewhere, some of them quite stupid so, lastly, remember to undo any temporary work-arounds that might have been deployed last weekend.
Earlier on SN: In Firefox All Extensions Disabled Due to Expiration of Intermediate Signing Cert
(Score: 3, Insightful) by Anonymous Coward on Friday May 10 2019, @10:11PM (7 children)
To me the most important question is: Did Mozilla fix this issue for users who were using older versions of Firefox?
The answer, of course, is: No. The fix is only in version 66 (and later).
There are users of Firefox who have not updated for various reasons, including they are on an ESR version, a particular add-on stopped being updated after their version, or because they're using older operating systems. All of these users have been abandoned by Mozilla.
(Score: 0, Flamebait) by Anonymous Coward on Friday May 10 2019, @10:19PM (3 children)
I'm not going to donate my time to support people who figuratively use IE6. If you think the new version is shit, pick up one of the many forks.
If you think old versions should be supported, pay for the maintenance yourself rather than demanding others do so.
You aren't a customer, you are the recipient of a gift.
(Score: 0, Troll) by Anonymous Coward on Friday May 10 2019, @10:33PM
I'm pretty sure if 90% of firefox developers went away it would be better off.
(Score: 1, Funny) by Anonymous Coward on Friday May 10 2019, @11:05PM
It would be a match made in a cesspit if you really are one of FF devs.
(Score: 5, Insightful) by Bot on Friday May 10 2019, @11:20PM
1. This is not a normal bug. It is a bug that prevents people to restore the old browser from a backup and keep working. People will hate FF for this.
2. The browser is not an application, it's a virtual OS. The sites are the applications. As some applications still require some old OS, so does for example one of my home banking (hello java), and there are horror stories of other sites requiring SPECIFIC versions of java.
So 'just update your browser' is like 'just update your OS', often unfeasible.
Account abandoned.
(Score: 1, Informative) by Anonymous Coward on Friday May 10 2019, @11:17PM
I can confirm that ESR (I'm on v60.6.2esr) did receive an update related to this issue.
(Score: 1, Informative) by Anonymous Coward on Saturday May 11 2019, @05:14AM
Mozilla really doesn't advertise this, but they do maintain Extended Support Releases, the latest being version 60. I forget how long one is maintained for.
Here's the link to the 60's version bump to fix this issue: https://www.mozilla.org/en-US/firefox/60.6.3/releasenotes/ [mozilla.org]
(Score: 0) by Anonymous Coward on Saturday May 11 2019, @11:49AM
Bleh, go into the about:config and change xpinstall.signatures.required to false