You are not logged in.
Hi all,
Hmmm... I just got some kind of a yellow warning message under the URL bar which mentioned that all my extensions are now disabled. I went into extensions and all of them are disabled because "they could not be verified". Is that a cert issue? I use:
firefox-developer-edition 67.0b14-1
Haven't tried other versions...
Anyone else got this warning? Any fixes?
Thanks.
Please vote for all the AUR packages you're using. You can mass-vote for all of them by doing: "pacman -Qqm | xargs aurvote -v" (make sure to run "aurvote --configure" first)
Offline
Offline
Thanks!!
To clarify, XPCShell signing tests are failing because of the expired cert.
That's amateur hour over at Mozilla :\
Edit: temp fix is to disable or set to false:
xpinstall.whitelist.required
in about:config
Last edited by Batou (2019-05-04 06:18:16)
Please vote for all the AUR packages you're using. You can mass-vote for all of them by doing: "pacman -Qqm | xargs aurvote -v" (make sure to run "aurvote --configure" first)
Offline
I removed all my addons.
when trying to reinstall them from the addon store, I get:
Download failed. Please check your connection.
this is seriously f**ked up.
back to seamonkey.
Offline
Edit: temp fix is to disable or set to false:
xpinstall.whitelist.required
in about:config
Did this and restarted firefox, but no luck, add-ons still disabled. I have firefox 66.0.3-1 here.
On german tech site heise.de I read setting
xpinstall.signatures.required
to false would help, but no changes.
Any Ideas?
Offline
My addons are still enabled and working, strange...
https://ugjka.net
paru > yay | webcord > discord
pacman -S spotify-launcher
mount /dev/disk/by-...
Offline
xpinstall.signatures.required
to false would help, but no changes.
Any Ideas?
That helps only with the developer edition. You can probably use this
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
Thanks, this worked like a charm! I added the temporary fix to the Firefox Wiki page.
Offline
My addons are still enabled and working, strange...
Same here, even though one of my addons , CanvasBlocker , is listed as not working everything works as intended.
EDIT
Seems I spoke to soon, now all addons are disabled.
Last edited by Lone_Wolf (2019-05-04 11:16:33)
Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
(A works at time B) && (time C > time B ) ≠ (A works at time C)
Offline
firefox -> preferences -> allow to install and run studies ensure this option is enabled
then in about:config reduce app.normandy.run_interval_seconds from 21600 to a few seconds from 6 hours
check webtools -> browser console that the hotfix has been pushed
then you can reset the timeout and preferences.
Last edited by loqs (2019-05-04 11:25:05)
Offline
The fix was rolled out using the Studies system several hours ago. I know on mine all was as it should be when I woke up an hour ago.
Offline
firefox -> preferences -> allow to install and run studies ensure this option is enabled
then in about:config reduce app.normandy.run_interval_seconds from 21600 to a few seconds from 6 hours
You also need to restart the browser after changing the settings.
And for those wondering, here's the output from the browser console:
WebExtensions: new intermediate certificate added
WebExtensions: signatures re-verified
Offline
firefox -> preferences -> allow to install and run studies ensure this option is enabled
That's the option I disabled on all my own systems and those I (help) maintain after
https://techcrunch.com/2017/12/15/mozil … ermission/ .
Thank you for the tip, but I'll wait for a solution that keeps me in control
Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
(A works at time B) && (time C > time B ) ≠ (A works at time C)
Offline
That's the option I disabled on all my own systems and those I (help) maintain after
https://techcrunch.com/2017/12/15/mozil … ermission/ .Thank you for the tip, but I'll wait for a solution that keeps me in control
A fellow on slashdot suggested this, which works for me:
A much better and safer method, if much less convenient, is to enable them temporarily using about:debugging, then clicking on the xpi in the profile folder for each desired extension, and not closing the browser.
I think my permanent solution is going to be flushing mozilla's browser.
P.S. Isn't it convenient that something comes along to prompt people to enable studies?
Last edited by duaner (2019-05-04 12:51:50)
Offline
I can't find an english source, but you should be able to install the hotfix xpi manually as well:
https://www.deskmodder.de/blog/2019/05/ … problemen/
Edit: https://news.ycombinator.com/item?id=19825921
Last edited by progandy (2019-05-04 13:20:02)
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
I can't find an english source, but you should be able to install the hotfix xpi manually as well:
That website says:
Mozilla has provided a preliminary update that will create a new intermediate certificate with the same name / key but an updated validity period. Mozilla continues to work to solve the problem completely.
Download: hotfix-update-xpi-intermediate@mozilla.com-1.0.2-signed.xpi
I used it on Firefox Quantum 66.0.3 and it seems to work.
URL for the download is:
https://storage.googleapis.com/moz-fx-n … signed.xpi
Last edited by philo (2019-05-04 15:23:22)
Offline
I'm glad this has been fixed. All the extensions came immediately back after the hotfix install. I disabled other "fixes".
Last edited by Batou (2019-05-04 16:34:49)
Please vote for all the AUR packages you're using. You can mass-vote for all of them by doing: "pacman -Qqm | xargs aurvote -v" (make sure to run "aurvote --configure" first)
Offline
Please remember to mark your thread as [Solved] by editing your first post and prepending it to the title.
Offline
Saw this to late, the fix for me was to simply create a new profile, and import the configurations from the old one, it worked.
Offline
So... where exactly does this hotfix xpi come from? I would be extremely nervous to install this as it is not Mozzilla sanctioned. The official information and fix for this bug is at:
https://blog.mozilla.org/addons/2019/05 … n-firefox/
Let me add, total major fail for Mozilla on this.
May you live all the days of your life.
- Jonathan Swift
Offline
Yes it is a major fail. At least a month ago they should have been spammed by automated warning mails.
The link was extracted from the normandy / studies API provided by mozilla.
If it is enough for you to know the download link is provided by mozilla, then you copy it from there.
https://normandy.cdn.mozilla.net/api/v3/recipe/761/
The link is in the *addonUrl* field in the json result.
Otherwise you can also read the code of the extension and compare the contained certificate with the one added to the mercurial repository with this changeset..
There may be better solutions, but I am not aware of them.
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
Yes it is a major fail.
That's putting it mildly. Tor users were also affected and many of those depend on NoScript and other tools to keep their identities safe. JS blocking stops all kinds of known and unknown attacks. Who knows how many of those were exposed after Mozilla killed extensions.
Mozilla's mismanagement of FF and their general decline is worrisome. Their marketshare is now under 10%. Chrome is something like 65%. And Mozilla is sabotaging itself. We're already in a monoculture worse than from IE days. It's sad really.
Please vote for all the AUR packages you're using. You can mass-vote for all of them by doing: "pacman -Qqm | xargs aurvote -v" (make sure to run "aurvote --configure" first)
Offline
Didn't notice anything as I wasn't using FF, instead I was being rather brave (chrome derivative).
I may have to CONSOLE you about your usage of ridiculously easy graphical interfaces...
Look ma, no mouse.
Offline
All I see above seems complicated. To solve temporarily issue, it's very simple:
preferences -> privacy & security -> Firefox Data Collection and Use -> allow all (except crash reports)
Check with 'about:studies'
You have to see something like 'hotfix-update-xpi-signing-intermediate-bug-1548973'
Last edited by maderios (2019-05-05 10:46:19)
Offline
For FF v56 and older, the provided intermediate workaround might not work.
In that case, this might be worth for such cases to try: https://www.reddit.com/r/firefox/commen … 602_older/
It helped me.
Logic clearly dictates that the needs of the many outweigh the needs of the few.
Offline