Lynne Teaches Tech: Why did everyone’s Firefox add-ons get disabled around May 4th?
View the original post here: https://bune.city/2019/05/lynne-teaches-tech-firefox-addon-bug/
Mozilla, the company behind Firefox, have implemented a number of security checks in their browser related to extensions. One such check is a digital certificate that all add-ons must be signed with. This certificate is like a HTTPS certificate – the thing that gives you a green padlock in your browser’s URL bar.
You’ve probably seen a HTTPS error before. This happens when a site’s certificate is invalid for one reason or another. One such reason is that the certificate has expired.
HTTPS certificates are only valid for a certain amount of time. When that time runs out, they need to be renewed. This is done to ensure that the person with the certificate is still running the website, and is still interested in keeping the certificate.
When a certificate expires, your browser will refuse to connect to the website. A similar issue happened with Firefox – their own add-on signing certificate expired on the 4th of May, 00:09 UTC, causing everyone’s add-ons to be disabled after that timed passed.
One would think that Firefox wouldn’t disable an addon that had been signed with a certificate while it was still valid, but apparently they didn’t do that. Even so, this could have been avoided if anybody had remembered to renew the certificate, which nobody did. This is a particularly embarrassing issue for Firefox, especially considering both how easily it could have been avoided and the fact that it really shouldn’t have been possible for this to happen in the first place. It also raises the question: What happens if Mozilla disappears, and people keep using Firefox? Thankfully, there are ways to disable extension signing, which means that you can protect yourself from ever happening again, but note that doing this is a minor security risk.
One could argue that by remotely disabling some of the functionality of your browser, intentionally or not, Mozilla is violating the four essential freedoms, specifically, the right to unlimited use for any purpose.
as i tooted somewhere else:
there's this thing that you generally only see in religious cults. the leader predicts the end of the world; that date comes, and passes, and half the cultists leave. he predicts a new date; the world doesn't end again, and more leave. eventually he has only hard-core faithful left.
this is what mozilla is trying to do.
@email@example.com's anti-chud pro-skub instance for funtimes