@Hueristic, thanks but is this safe and permanent?
And why does Mozilla not fix it properly?
Thank You!
THANK YOU!
THANK YOU!
THANK YOU!!!
NOTE: ON FF 56.02 Linux32b be sure to:
about:config
Then
You may need to enable the browser console input mode via about:config
Set devtools.chrome.enabled to true
THEN CTRL-SHFT-J and then follow the steps.
Now moz…Why? WHY??? was this done by a 3rd party???
WHY Was this so simple a CAVE MAN COULD DO IT!
GEEZ!
Yes, YOU BET I am MAD! MAD MAD MAD!
A week of borq’d up browsers! Open to ads, cookies, and other crap.
And a 3rd party provides the solution.
All you had to do is EXACTLY WHAT THIS PERSON DID!
GEEZ!
Here is the Cert. do this… done! No drama… no “we are working on it…”
You are still FIRED! Going forward we will NOT be using FF… we can’t go past 56 any way… but thats another issue… we don’t use webby thingys… and the authors can’t rewrite even if they wanted to ! NO API’s!
To hueristic…
THANK YOU !! ! ! !
Safe, yes. Perm, well till like 2022 IIRC
100% safer than no script protections!!!
Hi @msdobrescu – this blog post has the technical details about why you weren’t affected. The tl;dr is that your Firefox hadn’t yet checked whether or not the certificate was valid by the time we were aware of the problem, so we were able to deploy a temporary hotfix that told your Firefox to hold off on checking the certificate.
That doesn’t sound good. I’ll look into this.
What was the initial fix that you downloaded? Was it from an official Mozilla channel?
A legacy extension for Firefox 52-56 was created 48 hours ago but it turns out to be difficult to roll out automatically for various reasons, including the likelihood that Firefox 56 users have blocked automatic updates. So in the meantime, once QA is completed, it should go up on either the Add-ons site or another Mozilla site.
If you can’t wait, the pre-QA extension is currently a bug attachment. https://bugzilla.mozilla.org/show_bug.cgi?id=1549604#51 It worked when I tested on Firefox 52 ESR.
That’s not a fix, it’s a way to temporarily run an extension for the current session. Maybe that wasn’t clear from the video.
It is preferred to get the certificate from Mozilla if you plan to import manually. I have a link to one here: https://www.jeffersonscher.com/sumo/intermediate-cert.html
May 10. 15:40 CDT. Just d/l and installed 66.0.5 on IMac, after removing disabled Lastpass add-on. After several successive download fails from addons.mozilla.org, wound up here. The “fix” didn’t fix anything, even after multiple reboots.
I am also on 56.0.2, “Studies” for the fix is marked as “Completed”, yet no Mozilla cert. I keep applying my crude fix and every 24hrs, FF takes those add-ons offline. I wonder if that can somehow be stopped by some config setting.
Hi @jscher2000
After a week of frustration I stumbled across your post.
I run ESR 52 on Mac/OSX.
I am not a developer and nothing on the bugzilla page/link you posted makes any sense to me whatsoever, so that’s not going to help me, sadly.
I downloaded the crt file at the other link in your following post, and imported it. (Even did it twice, to confirm - second time - that it was already installed.) Rebooted FF but no change.
Any idea where this is? (Hopefully with some instructions!) I cannot find any reference to it or relevant announcement by Mozilla.
Thanks in advance for any pointers you (or anyone else) can provide.
ETA just noticed you posted 2 hours ago - my bad, I first read it as 2 days ago, so is it still in QA? If so, where will I find any announcement once it is out of QA? The announcements at
https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/comment-page-6/#comments seem not to have been updated for several days!!
Presumably
You’ll likely find it on here, the blog etc.
See hueristics posts:
https://www.velvetbug.com/benb/icfix/
This SOLVED IT. FF 56.0.2 Linux 32b.
Quit waiting on moz, they don’t care, and not going to fix.
Thanks
I understand
less so - isn’t the blog that thing I linked to and which I said did not appear to have been updated for several days? Not even an “older ESR fix is in QA - please watch this space” announcement.
And as for “etc” - well this is not aimed at you personally but some parts of this community may sometimes fall into the trap of assuming everyone knows where everything is or may be. I can count the number of times I have ever had to come to the Mozilla site on the fingers of one hand. It took a lot of googling and linking here and there to get to this thread. A lot of the discussion around this certificate mess-up topic is arcane (in the extreme) to the average FF user. Most information seems aimed at developers or the very technically adept. Where is the public page for the millions of users who just want to know the nature of the issue and likely timescale and method for fixing whatever just severely broke their browser? “Studies”? Not an effing clue, mate. Hey-ho. More fool me for refusing to have things fixed that aint broke (i.e. staying religiously on ESR 52!)
/rant
Anyway, holding my breath for a fix because LastPass, AdBlockPlus, ClassicThemeRestorer, ClassicToolbarButtons are things without which I will not use FF. Newer versions repel me. Sorry.
Interesting. What if I just wanted to import that .prem file and not run those two commands. Should not the existence of that certificate in the system be enough once FF is restarted? BTW… I am Windows 7 not Linux.
It should let you install new, but Firefox won’t immediately re-verify the existing disabled extensions. It would be approximately 24 hours after the time stamp in this preference in about:config
app.update.lastUpdateTime.xpi-signature-verification
To trigger re-verification sooner, you can right-click > Reset that preference, then do a normal Exit/Quit and restart of Firefox. Within about 60 seconds that should run and validly signed extensions should be re-enabled.
Also, I don’t know what a .prem file is, so you might get the certificate from a Mozilla site I’ve linked over here: https://www.jeffersonscher.com/sumo/intermediate-cert.html
At this point, the extensions are baked but still in QA. If you want to be a volunteer tester, you can go to the following bug, scan down a bit to the Attachments section, and install the extension for your version. Please report back on whether it works or not.
Hi, @jscher2000, do you know how to convert that date-time format of about:config entry to mm-dd-yyyy?
For instance, here I have this:
app.update.lastUpdateTime.xpi-signature-verification = 1557482561
What does it means?
I want to know that to better control the time to trigger verifications and to better understand FF automatic procedure for that.
Thats a *NIX epoch date
Open your terminal and enter:
$ date -d @1557482561
Fri May 10 06:02:41 EDT 2019
Nice!
Thank you, rec9140.