Announcement

**Teggs** · 04 May 2019, 04:49 PM

Pah. Don't reward them by giving them your data by joining a 'study group'. Why is that somehow the 'official' solution to this, even temporarily? Instead toggle xpinstall.signatures.required as Soulsource said. For the time being.

Aside from a whole gaggle of people being stripped of their security extensions mid-session and exposed to who knows what, I wonder what it means when they say Tor browser was 'broken'. Exposing people to malware is bad enough. Compromising some Tor users could get them tortured, imprisoned, or killed by their own governments. That's a special brand of unacceptable.

I hope Mozilla investigates to find out if their was malice involved and not just incompetence. And makes double sure no one does it again, on purpose or not.

**Kayote** · 05 May 2019, 12:10 AM

are palemoon or waterfox affected or not? I'm using palemoon and seems not, waterfox seems unaffected as well. Remember those guys recommending not using them? Which one is the unsecure browser now? uh?

**wpupkin** · 05 May 2019, 12:24 AM

Without enabling "studies" or installing additional xpi from google storage:

Code:

xpinstall.signatures.required = false

Menu -> Web Development -> Browser Console

Code:

ChromeUtils.defineModuleGetter(this, "XPIDatabase", "resource://gre/modules/addons/XPIDatabase.jsm");
let intermediate = "MIIHLTCCBRWgAwIBAgIDEAAIMA0GCSqGSIb3DQEBDAUAMH0xCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3ppbGxhIEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTEfMB0GA1UEAxMWcm9vdC1jYS1wcm9kdWN0aW9uLWFtbzAeFw0xNTA0MDQwMDAwMDBaFw0yNTA0MDQwMDAwMDBaMIGnMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTTW96aWxsYSBDb3Jwb3JhdGlvbjEvMC0GA1UECxMmTW96aWxsYSBBTU8gUHJvZHVjdGlvbiBTaWduaW5nIFNlcnZpY2UxJjAkBgNVBAMTHXNpZ25pbmdjYTEuYWRkb25zLm1vemlsbGEub3JnMSEwHwYJKoZIhvcNAQkBFhJmb3hzZWNAbW96aWxsYS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/qluiiI+wO6qGA4vH7cHvWvXpdju9JnvbwnrbYmxhtUpfS68LbdjGGtv7RP6F1XhHT4MU3v4GuMulH0E4Wfalm8evsb3tBJRMJPICJX5UCLi6VJ6J2vipXSWBf8xbcOB+PY5Kk6L+EZiWaepiM23CdaZjNOJCAB6wFHlGe+zUk87whpLa7GrtrHjTb8u9TSS+mwjhvgfP8ILZrWhzb5H/ybgmD7jYaJGIDY/WDmq1gVe03fShxD09Ml1P7H38o5kbFLnbbqpqC6n8SfUI31MiJAXAN2e6rAOM8EmocAY0EC5KUooXKRsYvHzhwwHkwIbbe6QpTUlIqvw1MPlQPs7Zu/MBnVmyGTSqJxtYoklr0MaEXnJNY3g3FDf1R0Opp2/BEY9Vh3Fc9Pq6qWIhGoMyWdueoSYa+GURqDbsuYnk7ZkysxK+yRoFJu4x3TUBmMKM14jQKLgxvuIzWVn6qg6cw7ye/DYNufc+DSPSTSakSsWJ9IPxiAU7xJ+GCMzaZ10Y3VGOybGLuPxDlSd6KALAoMcl9ghB2mvfB0N3wv6uWnbKuxihq/qDps+FjliNvr7C66mIVH+9rkyHIy6GgIUlwr7E88Qqw+SQeNeph6NIY85PL4p0Y8KivKP4J928tpp18wLuHNbIG+YaUk5WUDZ6/2621pi19UZQ8iiHxN/XKQIDAQABo4IBiTCCAYUwDAYDVR0TBAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwMwHQYDVR0OBBYEFBY++xz/DCuT+JsV1y2jwuZ4YdztMIGoBgNVHSMEgaAwgZ2AFLO86lh0q+FueCqyq5wjHqhjLJe3oYGBpH8wfTELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE01vemlsbGEgQ29ycG9yYXRpb24xLzAtBgNVBAsTJk1vemlsbGEgQU1PIFByb2R1Y3Rpb24gU2lnbmluZyBTZXJ2aWNlMR8wHQYDVQQDExZyb290LWNhLXByb2R1Y3Rpb24tYW1vggEBMDMGCWCGSAGG+EIBBAQmFiRodHRwOi8vYWRkb25zLm1vemlsbGEub3JnL2NhL2NybC5wZW0wTgYDVR0eBEcwRaFDMCCCHi5jb250ZW50LXNpZ25hdHVyZS5tb3ppbGxhLm9yZzAfgh1jb250ZW50LXNpZ25hdHVyZS5tb3ppbGxhLm9yZzANBgkqhkiG9w0BAQwFAAOCAgEAX1PNli/zErw3tK3S9Bv803RV4tHkrMa5xztxzlWja0VAUJKEQx7f1yM8vmcQJ9g5RE8WFc43IePwzbAoum5F4BTM7tqM//+e476F1YUgB7SnkDTVpBOnV5vRLz1Si4iJ/U0HUvMUvNJEweXvKg/DNbXuCreSvTEAawmRIxqNYoaigQD8x4hCzGcVtIi5Xk2aMCJW2K/6JqkN50pnLBNkPx6FeiYMJCP8z0FIz3fv53FHgu3oeDhi2u3VdONjK3aaFWTlKNiGeDU0/lr0suWfQLsNyphTMbYKyTqQYHxXYJno9PuNi7e1903PvM47fKB5bFmSLyzB1hB1YIVLj0/YqD4nz3lADDB91gMBB7vR2h5bRjFqLOxuOutNNcNRnv7UPqtVCtLF2jVb4/AmdJU78jpfDs+BgY/t2bnGBVFBuwqS2Kult/2kth4YMrL5DrURIM8oXWVQRBKxzr843yDmHo8+2rqxLnZcmWoe8yQ41srZ4IB+V3w2TIAd4gxZAB0Xa6KfnR4D8RgE5sgmgQoK7Y/hdvd9Ahu0WEZI8Eg+mDeCeojWcyjF+dt6c2oERiTmFTIFUoojEjJwLyIqHKt+eApEYpF7imaWcumFN1jR+iUjE4ZSUoVxGtZ/Jdnkf8VVQMhiBA+i7r5PsfrHq+lqTTGOg+GzYx7OmoeJAT0zo4c=";
let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
certDB.addCertFromBase64(intermediate, ",,");
XPIDatabase.verifySignatures();

Content from [email protected]/uzip://experiments/skeleton/api.js

**thedukesd** · 05 May 2019, 12:25 AM

The problem with the add-ons is not really fixed.
There are 2 cases:
1) you already had the add-ons when the problem started and the add-ons work now (this is what they "FIXED")
2) you want to install the add-ons, it won't let you download the add-ons (this is what they DIDN'T FIXED) (workaround is to change the date to something like 3 may)

Pushing updates/changes with no notification what so ever it's shady practice in my eyes.

This was my last drop with Firefox. Sorry to say but I reported web-pages that are not rendered properly with their engine over and over in the last 6 years (2 times/year for each of them) to just see how they totaly ignore the reports, to view those pages correctly I have to use Chrome (or any Chromium based browser) or IE (Windows case cause I dual boot). I have other reasons (some of them from Windows side) (why on earth do bookmarks go by default in other bookmarks folder and I have to use an Default Bookmark extension to fix this retarded behaviour?!?). If I have to use another browser to properly see some webpages (we are talking about major problems with how it's rendered making that page a unusual from all points of view) then why I shouldn't just use it permanently?
Firefox has a low market share, there are things you just can't afford when you are nowhere near the top player in the market. But it's not the first that act like this, AMD did it in the same way.

Don't get me wrong but when I report a bug and the bug gets ignored for years or is close with NOT OUR BUG (this is mostly related to Mesa) I stop reporting the problems and look for altenative solutions (like other browser, like going NVIDIA and their proprietary drivers). You can happy blame the devs for their attitude, because their attitude makes me basicaly blacklist them (the conclusion is that I don't have with how and I should use my energy in another place, in the end it's not me losing).

**MilesBHuff** · 05 May 2019, 02:14 AM

If the privacy implications about studies, telemetry, etc concern you (or if you don't want to wait 6 hours for the study to take effect), you can download the fix manually at the following link: https://storage.googleapis.com/moz-f...0.2-signed.xpi
(Thanks to this post for pointing this out: https://blog.mozilla.org/addons/2019...comment-226171)

If you're on a development version of the browser, you can also just edit the following setting in about:config:

Code:

xpinstall.signatures.required = false

**randomizer** · 05 May 2019, 02:55 AM

Originally posted by Teggs View Post

Pah. Don't reward them by giving them your data by joining a 'study group'. Why is that somehow the 'official' solution to this, even temporarily? Instead toggle xpinstall.signatures.required as Soulsource said. For the time being.

This doesn't work on official stable builds unless they're ESR, although distro builds may enable it.

**Slartifartblast** · 05 May 2019, 06:05 AM

What a cluster FSCK, amateurs.

**R41N3R** · 05 May 2019, 06:39 AM

Oh Noooo, Firefox mobile on Android is now affected as well :-(

**Bsdisbetter** · 05 May 2019, 08:54 AM

Originally posted by Kayote View Post

are palemoon or waterfox affected or not? I'm using palemoon and seems not, waterfox seems unaffected as well. Remember those guys recommending not using them? Which one is the unsecure browser now? uh?

Waterfox was fine. Palemoon was also ok too.
Firefox is ui junk. It's attrocious design.

**TheCanadianBacon** · 05 May 2019, 09:21 AM

Originally posted by R41N3R View Post

Oh Noooo, Firefox mobile on Android is now affected as well :-(

At least in the development version of firefox mobile, I was about to use about:config and set to false this line

Code:

xpinstall.signatures.required

to get extensions working again, it should work in beta I think.

Announcement

Mozilla Had A Rough Night With Add-Ons Getting Disabled Due To An Expired Certificate

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment