[lug] FF Certificate Expiry vs. Good Practice

D. Stimits stimits at comcast.net
Sat May 4 07:51:21 MDT 2019

> On May 4, 2019 at 7:36 AM "Jed S. Baer" <blug at jbaer.cotse.net> wrote:
> I got smacked by this Firefox debacle yesterday, and of course, had no
> idea why my extensions suddenly quit working, especially since I hadn't
> done an upgrade, nor even stopped/restarted my browser. I discovered
> that, contra Mozilla's claim that it wasn't there, the xpinstall config
> item was present and usable, so I set that to false. Then, this AM I see
> the /. thread.

I'm still trying to find out which extensions were removed/disabled/broken. It seems the policy is to not provide any means of knowing which extension was disabled. It used to be I could see a list of extensions and they would be marked if disabled...now they are invisible.

> https://news.slashdot.org/story/19/05/04/0457201/a-glitch-is-breaking-all-firefox-extensions
> So, I'm not a modern 1337 h4X0r like the FF devs, so I guess I don't get
> the part about the certificate being "built into" the browser. Does that
> mean hard-coded?
> It it's hard-coded, than that means that when it expires, the only fix is
> to patch it? I guess I can sorta grok some thinking there, that if it's
> hard-coded, it's harder to tamper with it. There must be a better way, no?
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety

More information about the LUG mailing list