Author Topic: Firefox extensions do not work, no more cert legacy for add-ons.  (Read 2778 times)

0 Members and 1 Guest are viewing this topic.

Online bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 41027
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Firefox extensions do not work, no more cert legacy for add-ons.
« Reply #15 on: May 05, 2019, 07:49:30 PM »
My extensions in my Firefox still hasn't been resolved, GOD I"M SO ANGRY AS HELL.

Shame on you Mozilla  >:(
There are other browsers. :)
Free avast! Security Seminar: https://goo.gl/kh3cqR  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.5.2378, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81647
  • No support PMs thanks
Re: Firefox extensions do not work, no more cert legacy for add-ons.
« Reply #16 on: May 05, 2019, 08:10:48 PM »
My extensions in my Firefox still hasn't been resolved, GOD I"M SO ANGRY AS HELL.

Shame on you Mozilla  >:(
There are other browsers. :)

Such as MS Edge soon to become a Chromium clone Or Google Chrome and I know whom I trust more less ;)

The fewer players in the browser arena the less choice we have.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.6.2383 (build: 19.6.4546.508)/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Online polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31546
  • malware fighter
Re: Firefox extensions do not work, no more cert legacy for add-ons.
« Reply #17 on: May 05, 2019, 10:50:56 PM »
DavidR, SpeedyPC, mchain, bob3160 & others,

Happy to inform you all, Mozilla team produced an update with the fix for this included,
download firefox 66.0.4 build 1  restart the browser and voila.

polonus
« Last Edit: May 05, 2019, 10:54:24 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81647
  • No support PMs thanks
Re: Firefox extensions do not work, no more cert legacy for add-ons.
« Reply #18 on: May 05, 2019, 11:37:09 PM »
DavidR, SpeedyPC, mchain, bob3160 & others,

Happy to inform you all, Mozilla team produced an update with the fix for this included,
download firefox 66.0.4 build 1  restart the browser and voila.

polonus


Thanks,

Strangely I hadn't been hit by this, until I opened firefox to check for this update.

It has been applied and restarted.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.6.2383 (build: 19.6.4546.508)/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Online polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31546
  • malware fighter
Re: Firefox extensions do not work, no more cert legacy for add-ons.
« Reply #19 on: May 06, 2019, 12:08:42 AM »
Hi DavidR,

Good Firefox can at least hold some ground, as a complete chromium mono-culture is not something to be glad about
or to look forward to. Mono-cultures always will spell elevated risks and a greater attack surface.

So those on Firefox run less risk, as all major script injection mimicks Google scripts,
as in the latest magecart gang attacks.

What Windows means as a main vector for operational system threats,
chromium will be in the case of browser vector attacks.
(e.g. against Edge, Google Chrome, chromium-forks like Iridium, Brave etc.).

Always nice to have a browser that is not a run of the mill one and kept for the masses.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Online bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 41027
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Firefox extensions do not work, no more cert legacy for add-ons.
« Reply #20 on: May 06, 2019, 12:28:33 AM »
Hi DavidR,

Good Firefox can at least hold some ground, as a complete chromium mono-culture is not something to be glad about
or to look forward to. Mono-cultures always will spell elevated risks and a greater attack surface.

So those on Firefox run less risk, as all major script injection mimicks Google scripts,
as in the latest magecart gang attacks.

What Windows means as a main vector for operational system threats,
chromium will be in the case of browser vector attacks.
(e.g. against Edge, Google Chrome, chromium-forks like Iridium, Brave etc.).

Always nice to have a browser that is not a run of the mill one and kept for the masses.

polonus
Firefox is one of my available browsers. It just doesn't happen to be my default browser. :)
I've also updated Firefox but didn't know about a problem till I saw it reported here on the forum.
Free avast! Security Seminar: https://goo.gl/kh3cqR  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.5.2378, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3237
  • Avast shall conquer the whole world
Re: Firefox extensions do not work, no more cert legacy for add-ons.
« Reply #21 on: May 06, 2019, 06:38:31 AM »
Thank GOD!!!!!! for the new update.
ASUS G75VX-T4153H - Avast Premier v19.6.2383 - W8.1 64bit - Avast SecureLine VPN - Avast Secure Browser - Firefox 64bit - Thunderbird - MBAM Premium - Adguard Premium - CryptoPrevent Premium - Privacy Eraser - MCShield - WinPatrol PLUS - Macrium Reflect Home Edition

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 59925
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Firefox extensions do not work, no more cert legacy for add-ons.
« Reply #22 on: May 06, 2019, 06:48:21 AM »
DavidR, SpeedyPC, mchain, bob3160 & others,

Happy to inform you all, Mozilla team produced an update with the fix for this included,
download firefox 66.0.4 build 1  restart the browser and voila.

polonus
Note, Firefox ESR also got fixed (60.6.2). Cheers
Windows 8.1 [x64] - Avast Premier 19.7.2384.B1 - CC 5.60 - EEK - Firefox ESR 60.8 [NS/AOS/uBO] - TB 60.8 [EM] - ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523

Online polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31546
  • malware fighter
Re: Firefox extensions do not work, no more cert legacy for add-ons.
« Reply #23 on: May 06, 2019, 04:01:07 PM »
Background on the certification mishap. Quoted info source snippet credits go to Bitwiper,

Quote
xul.dll (part of Mozilla Firefox webbrowser) has an inbuilt rootcertificate, named "root-ca-production-amo".
This certificate is not visible in Firefox certificate viewer.

Every validated Mozilla Add-on comes signed with a supplier-specific code-signing certificate, issued by Mozilla
Also in this case we see an intermediate certificate, named "signingca1.addons.mozilla.org",
that comes together with every add-on (together with the code signing certificate).

For instance the extension "https everywhere" has two certificates:
1) "https-everywhere@eff.org" - valid from 02 May, 2019 23:35:08 until 01 May, 2020 23:35:08
2) "signingca1.addons.mozilla.org" - valid from 04 May, 2017 02:09:46 until 04 May, 2019 02:09:46 <== that is strange

It is strange that no alarm bells went off, because a certificate with a later end date set than the accompanying intermediate certificate
is a stupid thing to do, it does not make sense. Probably the inplementer later left the Mozilla ranks, and nobody gave it a second thought.

The rootcertificaat ("root-ca-production-amo") is valid until15 March, 2025 00:53:57.

So some code changes were necessary to allow Firefox to surpass intermediate certificates in the normal certification store.
I thank Bitwiper for his explanation of what happened over the weekend.

polonus


Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3237
  • Avast shall conquer the whole world
Re: Firefox extensions do not work, no more cert legacy for add-ons.
« Reply #24 on: May 07, 2019, 04:49:28 AM »
Hey Pol,

Tell Bitwiper to come over and joined Avast and become our Firefox certificate security advisor for Avast
« Last Edit: May 07, 2019, 04:52:54 AM by SpeedyPC »
ASUS G75VX-T4153H - Avast Premier v19.6.2383 - W8.1 64bit - Avast SecureLine VPN - Avast Secure Browser - Firefox 64bit - Thunderbird - MBAM Premium - Adguard Premium - CryptoPrevent Premium - Privacy Eraser - MCShield - WinPatrol PLUS - Macrium Reflect Home Edition

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 59925
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Windows 8.1 [x64] - Avast Premier 19.7.2384.B1 - CC 5.60 - EEK - Firefox ESR 60.8 [NS/AOS/uBO] - TB 60.8 [EM] - ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523