Arthur T Knackerbracket has processed the following story:
Mozilla is reminding Firefox users that a necessary root certificate expires soon and that older browser versions could become a security and usability nightmare in a few months. Starting March 14, 2025, Firefox versions older than 128 (ESR 115.13) containing the expired certificate will likely cause "significant" issues with add-ons, content signing, and streaming of DRM-protected media.
Failing to update Firefox before next March means losing features relying on remote functionality. Many installed add-ons will become disabled, and other systems that require content verification could also break. The issue affects Firefox editions for Android and Windows operating systems, including Windows, macOS, and Linux. Those with iPhone or iPad versions of Firefox should be okay.
Mozilla's FAQs explain that a root certificate authenticates browser content as trusted. When a certificate expires, Firefox cannot verify content anymore. The newest versions of Firefox and other Mozilla software using the same root-of-trust model include a new root certificate that will prevent the expiration issue in March 2025.
Mozilla is likely trying to prevent the chaos experienced by Firefox users in 2019 when an expired certificate suddenly borked many instances of the open-source browser. Today's Firefox market share is much lower than five years ago, but we're still talking about millions of users potentially becoming vulnerable to the expiration issue.
Some add-on developers have expressed concern over how Mozilla is managing the problem. One developer said Firefox should clearly state what could happen on all the affected platforms. Otherwise, disgruntled users could direct their complaints directly to add-on programmers. One-star review bombing campaigns after the certificate expires could also be part of the deal.
Mozilla advises users to update to Firefox 128 on each device with the browser installed, which is the best practice to avoid this and other issues. The latest release always provides significant performance improvements and important security fixes. Mozilla released Firefox 128 and ESR 115.13 on July 9, 2024, so there have been minor incremental updates since then. The most current version is Firefox 131.0.3.
(Score: 4, Insightful) by pTamok on Monday October 28, @09:36AM (10 children)
I have a device which cannot be updated: it is old, on Android Lollipop, abandoned by the retailer/manufacturer, but the software is locked/encrypted so can't be updated by volunteers.
Even though it is over 10 years old, it is still more powerful than the only FLOSS option I can find now: the Pine64 tablet - PineTab [pine64.org].
The 10-year old device has a better screen, and more powerful CPU.
To say I am disappointed in the progress being made on open hardware is an understatement.
I will likely end up having to buy either an iPad or an Alphabet/Google/Android tablet. AFAIK there is no alternative (FLOSS) o/s for Apples, so I'll need to buy an Android device and re-flash the O/S with /e/OS , Graphene OS, or Calyx OS or something else. Any recommendations?
(Score: 3, Interesting) by acid andy on Monday October 28, @09:46AM
Just get the PineTab. I added a screen, track pad and very lightweight keyboard built into a tablet case to a Raspberry Pi. It was fun but it is bulkier and heavier than the smallest notebooks, but at least I can replace or upgrade the individual parts easily. It's an old Pi though so it's slow and I almost never use it now.
Welcome to Edgeways. Words should apply in advance as spaces are highly limite—
(Score: 2) by Frosty Piss on Monday October 28, @07:34PM
Paraphrase:
(Score: 3, Insightful) by Reziac on Tuesday October 29, @03:00AM (2 children)
This is probably a dumb question, but why can't they just upgrade the bits that are the root certificate?
[As one with a lot of older-more-useful-than-newer myself, I feel your pain.]
And there is no Alkibiades to come back and save us from ourselves.
(Score: 3, Interesting) by VLM on Tuesday October 29, @01:15PM (1 child)
Probably a justified fear of MITM attacks where they don't want to make it too easy for corporates and TLAs to insert their own root keys that would lead to shenanigans.
(Score: 2) by Reziac on Tuesday October 29, @02:46PM
Not like there aren't plenty of other ways to insert shenanigans....
And there is no Alkibiades to come back and save us from ourselves.
(Score: 4, Informative) by NotSanguine on Tuesday October 29, @04:58AM (2 children)
I use LineageOS [lineageos.org] (v21, which is Android 14 [android.com]), currently on a seven year old Google Pixel 2A. I even get weekly OTA updates. Perhaps your device is supported too [lineageos.org].
I am building my own [lineageos.org] from source right this moment too.
What's more, you don't need to install any Google services unless you want to.
Hope you find something that works for you!
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 1) by pTamok on Tuesday October 29, @07:23AM (1 child)
Thank you for the suggestion. I'll look into it - the problem with my 10-year old tablet is the software locking.
I use it mainly for reading e-books/pdfs/other text, watching videos, and playing puzzle-games to relax (Latest are sum1337 [brainonfire.net] and Sumplete [sumplete.com]) - for which it still works fine.
(Score: 2) by bart9h on Thursday October 31, @10:56PM
I would suggest Simon Tatham's Portable Puzzle Collection.
Get it on F-Droid:
https://f-droid.org/en/packages/name.boyle.chris.sgtpuzzles/ [f-droid.org]
Original homepage, where you can play on the browser:
https://www.chiark.greenend.org.uk/~sgtatham/puzzles/ [greenend.org.uk]
(Score: 1, Interesting) by Anonymous Coward on Tuesday October 29, @02:06PM (1 child)
I have computers still running windows 8.1. Computers that can't update browsers due to removal of HW decoding and phones where they no longer compile a firefox that actually supports addons.
MFW, literal fucking browsers are what deprecate a machine.
"open" companies collaborate on planned obsolescence.
(Score: 3, Informative) by Reziac on Tuesday October 29, @03:07PM
Supermium is current Chrome, or rather Chromium (the one I'm using is v122, but it's up to v126) that runs on old Windows all the way back to XP (I still use XP64 as my daily driver... btw there also exists an NVME driver that works great) and I think also runs on Win2K. Runs on 8.1 as well (I have an 8.1 VM on the XP64 box). It accepts current add-ons too. About the worst I can say of it is that it occasionally silently crashes, or Cloudflare pukes it back. It uses a lot less RAM than Chrome, too.
It is maintained and updated. x86 and x64 versions.
https://github.com/win32ss/supermium/releases [github.com]
Also, put cache where you want it, not wearing out your boot drive, with this commandline in shortcut properties (and your file locations, of course -- ideally a RAMdisk):
C:\Internet\Browsers\Supermium\chrome.exe --disk-cache-dir="S:\ChromeCache"
If you prefer the Mozilla/Palemoon family, there are these XP-compatible browsers (several options) also updated and maintained, and work well, but are more likely to be missing features (eg. may not support add-ons):
http://rtfreesoft.blogspot.com/2024/10/weekly-browser-binaries-20241026.html [blogspot.com]
As you say, browsers are the #1 factor deprecating otheriwise-perfectly-good hardware (and OSs, too).
And there is no Alkibiades to come back and save us from ourselves.
(Score: 3, Interesting) by acid andy on Monday October 28, @09:41AM (16 children)
Why do certificates have to expire so often? Can we put this in the same category as policies that impose periodical password changes?
Welcome to Edgeways. Words should apply in advance as spaces are highly limite—
(Score: 5, Informative) by Unixnut on Monday October 28, @10:23AM (6 children)
You don't have to have certificates expiring so often. Technically they can never expire but most SSL implementations have some upper limit on number of days of validity. Years ago it was not uncommon to have certificates with 10 year expiry. In fact because I have to manually confirm and verify my self signed certificate on each of my devices, I make the thing last 10 years so I don't have to manually go around updating certs every year.
As you alluded to in your post, it is mostly a policy decision rather than a technical one. Not sure who started the stupidity but I know letsencrypt was the first time I ever heard of certs that expired in a year or less (I think it is 90 days for letsencrypt, which was a real PITA because their auto-cert bot would constantly break causing regular outages)
(Score: 3, Informative) by pTamok on Monday October 28, @12:16PM (5 children)
...certificate revocation is broken.
Scott Helme gives a readable summary on his blog, here: Scott Helmes blog (2018-02-13): Why we need to do more to reduce certificate lifetimes [scotthelme.co.uk]
Yes, it's from 2018. The problem has not gone away, and short lifetimes are a sticking plaster on the gaping wound that is the problem of certificate revocation. We need a better system than the current certificate-based security system. There might not be one.
(Score: 5, Insightful) by Unixnut on Monday October 28, @02:38PM (4 children)
Thanks for the link, it was insightful to see the reasoning behind why they now do such short certificates. Saying that the system of certificates is completely broken full stop IMO. The fact that you can install a wildcard root CA in my system that will basically MITM every SSL collection proves to me that its basically broken as a system of security.
I have no way of verifying all the myriad of root CAs that are installed by default on my system are legitimate. I have to trust them blindly which I dislike, and the paranoia due to the security holes means that the providers of the default root CA set are quick to remove suspect root CAs, which then breaks websites that legitimately used that root CA for their own certificates.
This is another reason why I don't like the push for "https everywhere", it gives people a false sense of security because they think "oh its encrypted", when most of the time its just a waste of cpu cycles to de/encrypt everything.
(Score: 3, Interesting) by pTamok on Monday October 28, @04:24PM
I agree.
Part of the reason that you don't see the padlock on the browser bar any more is that people were interpreting it to mean that the site you were connecting to was secure, rather than that the connection to the site was difficult to eavesdrop. What the site did with the data you sent over the apparently secure connection was up to the site - so, as people found out, passwords could be stored in a plain-text file on the site that was world readable.
As for trusting certificate authorities: I regard it in the same light as you. There was a very nice project called 'Perspectives' from Carnegie Mellon
Carnegie Mellon University (2008): Perspectives Project [cmu.edu]
I thought it was quite a nice idea.
Nowadays, Cloudfare MITMs a massive amount of Internet traffic.
While I understand the issues with a Trust-on-First-Use model (TOFU [wikipedia.org]), in some ways I think it, or something like it, could be made to work with some reasonable changes in people's behaviour and use of Internet infrastructure.
(Score: 3, Interesting) by Anonymous Coward on Tuesday October 29, @01:43AM (1 child)
Thousands of ssh server keys don't expire often (or at all) and we don't have tons of security issues due to that. The security issues are due to other stuff.
If they really cared about security, browsers would be keeping track of certificates for sites and warning us if the cert or CA changes unexpectedly (but also allow remembering multiple certs per sites for load balancers etc). Just like ssh clients warning of ssh server key changes.
But then tons of orgs would be using self signed certs and lots of CAs would be out of business.
And some random CA can't sign the wrong cert by "accident"/mistake.
https everywhere is great, there is significant added security. Just the browsers should work more like ssh clients.
You can disable the ones you don't want to trust. Of course if your browser uses Window's CA stuff then it's trickier than that because it can auto-add CA certs...
(Score: 2) by VLM on Tuesday October 29, @01:11PM
I donno about that. There's a reason people like Kerberos and Kerberos-adjacent (like MS AD, which works fine on Linux with Samba, my "AD" at home is both served by and used by Samba quite successfully)
Not just authentication, but also SSO works fine on my all linux AD although I remember it was a PITA to initially set up. Don't care about the effort required its all Ansible scripts.
(Score: 2) by Reziac on Tuesday October 29, @03:14PM
That must explain the accelerating quantity of perfectly-valid sites randomly making the browser spit up "Danger! Turn back!"
And there is no Alkibiades to come back and save us from ourselves.
(Score: 1) by throckmorten on Monday October 28, @12:18PM (4 children)
See also:
"Max validity down from 398 days to proposed 45 by 2027"
https://www.theregister.com/2024/10/15/apples_security_cert_lifespan/ [theregister.com]
(Score: 3, Interesting) by Reziac on Tuesday October 29, @03:06AM (3 children)
My cynical little voice opines that if they expire often, browsers that want to kill off adblockers can regularly force you to update and break existing adblockers.
And there is no Alkibiades to come back and save us from ourselves.
(Score: 3, Insightful) by janrinok on Tuesday October 29, @03:08AM (2 children)
I alluded to that in the Dept field. I agree that it becomes a useful tool for browsers to employ against almost anything that they object to.
I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
(Score: 2) by Reziac on Tuesday October 29, @03:36AM (1 child)
Ah, the one day I fail to notice the Dept. I'm in... yeah, I'm sure Gooey is salivating.
And there is no Alkibiades to come back and save us from ourselves.
(Score: 2) by janrinok on Tuesday October 29, @03:52AM
We've all done it!
I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
(Score: 2) by ikanreed on Monday October 28, @02:54PM (3 children)
The fear is an untended garden grows weeds.
Let's take something that expires fairly often, SSL certs. The longer the private cert is sitting somewhere, the higher the risk that it has been pilfered. This isn't complicated to understand. Every zero day exploit that gets out there could be the one that's used on your server before you can patch and an attacker grabs a certificate, and now they can MITM your site. The risk grows linearly with time. Every time you go through the process of verifying your identify with some authority and get a new cert, that risk goes back to zero.
The certificate authority's reputation is built on attackers not being able to do that. So, it's in their interest to ask for periodic recertifications.
It's not really comparable to password resets.
(Score: 2, Touché) by Anonymous Coward on Tuesday October 29, @01:49AM (2 children)
The reason why certs expires is to make some people money and to give some parties more power and control. This isn't complicated to understand.
If things worked the ssh way and my bank used a self-signed cert and published the fingerprints, and the browser after the initial warning only warned me if it changed (doesn't keep warning me that it's self-signed), I would be safer than with the current CA system. The ones who don't know how to check the fingerprints would be just as unsafe as they are with the current system.
If the bank realizes they got hacked, they change the cert and make a new announcement. There's no practical difference whether with the ssh style system or the current system, except the bank doesn't need to keep paying others to sign its certs.
(Score: 1, Offtopic) by VLM on Tuesday October 29, @01:35PM (1 child)
From memory PCI-DSS "level WTF version WTF" requires each user to have an individual keypair for auditing purposes no shared keys and the private keys have to be protected with a "strong passphrase" so actually no you couldn't use SSH keys like that at a bank and the passphrase requirement makes it a PITA.
Its their carrot and stick strategy to get people to use Kerberos, generally speaking. We're not saying you can't use SSH keys, we'll just make it such a PITA you'll wish you never used SSH keys. Or you could just use Kerberos like a civilized bank and life will be great.
Note that you can manually-ish use SSL certs for auth on SSH although its a minor PITA. Note I'm not talking about a RSA/DSA keypair but straight up doing SSL with SSH.
You'll know it when you see it if you see options like "TrustedUserCAKeys" in sshd_config. From memory setting up ssh was not too painful and openssh will automatically use the SSL cert if its in your ~/.ssh directory, or maybe not, its been awhile. I vaguely recall you have to tell ssh-keygen to use the SSL cert to sign a key. IIRC (possibly not) the ssh-keygen generated SSL certs are about the same format as "openssh rsa -pubout" certs but they're not entirely intercompatible in some way I don't remember.
I think there's a way to use the same SSL cert for SSH and HTTPS although I don't remember the process.
Instead of doing "Kerberos by hand" as per above you could just install any Kerberos implementation and it would just work at much less effort.
(Score: 2) by VLM on Tuesday October 29, @01:38PM
openssl rsa -pubout, obviously, ugh. The point being if you're logging / auditing / "processing" openssl certs you probably have logging tools and scripts that will understand ssh SSL certs, or can be manipulated into cooperation. Fundamentally they're both just RSA certs so they should be vaguely compatible, but they're actually a little more compatible than "in theory".
(Score: 0) by Anonymous Coward on Monday October 28, @06:48PM
They are nothing more than thinly disguised tracking devices that have been hacked. Like the DMCA and CDA they need to be nuked from orbit.
(Score: 2) by hendrikboom on Tuesday October 29, @03:04PM (3 children)
Isn't it possible to issue a new certificate without having to replace the entire browser?
(Score: 2) by NotSanguine on Tuesday October 29, @05:22PM (2 children)
IIUC, that's what this update does:
From TFA [mozilla.org]:
In fact, Firefox is displaying a little green dot on my "hamburger menu" icon to let me know I have an update available. Although that update isn't related to the certificate issue addressed in TFA. I installed that last week.
I expect that this will only be an issue for those using really old browsers* -- presumably on phones/tablets that don't get updates any more. Which, IMNSHO, is on the phone OEMs and telecoms for not supporting their products.
That said, there are custom ROMs that can be used to update such devices, a number of which are mentioned by pTamok. They also note that their device is "locked" and, as such, they are unable to update their ROM. I'm not sure where pTamok is located (none of my business), but Canada has an unlocking requirement and the FCC is attempting (although a number of vendors already offer this) to enshrine an unlocking requirement into the regulastions in the US. Not sure about the UK, but these folks seem to think it's no big deal [uswitch.com]. Not sure about elsewhere, but there are tools and gray-market sites which will allow unlocking as well.
All that said, certificate expiration can be a thorny issue and isn't anything new either:
https://soylentnews.org/article.pl?sid=20/12/08/1619234 [soylentnews.org]
https://soylentnews.org/article.pl?sid=20/12/23/0536243 [soylentnews.org]
https://letsencrypt.org/2020/12/21/extending-android-compatibility/ [letsencrypt.org]
https://community.letsencrypt.org/t/letsencrypt-certificates-fails-on-android-phones-running-android-7-or-older/205686 [letsencrypt.org]
In any case, there are solutions for old hardware. Unsurprisingly, they're all FLOSS.
*For those of you running CP/M, Windows 3.1, GEOS, RSX-11 and the like, get your hands on the appropriate (open source) compilers and build Firefox/Palemoon/LibreWolf/IceWeasel/whatever for yourself. I'd expect that those running old versions of IOS, and Windows 2000/XP/7 can probably find binaries on the 'net too.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 0) by Anonymous Coward on Tuesday October 29, @07:45PM (1 child)
"For those of you running CP/M, Windows 3.1, GEOS, RSX-11 and the like, get your hands on the appropriate (open source) compilers and build Firefox/Palemoon/LibreWolf/IceWeasel/whatever for yourself"
(Score: 2) by NotSanguine on Tuesday October 29, @08:02PM
A fair point. I left out important stuff like MVS, OS360, MULTICS, SunOS, VMS and other widely used operating systems.*
*That should give you a chuckle too. ;)
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by ChrisMaple on Wednesday October 30, @04:25AM
The only difference in performance I've noted with firefox is that newer versions crash more frequently. 94.0 lives for two or more days, 112.0 rarely survives a full day.