[opensuse] Last Webkit Updates Broke UBlock Origins and NoScript! Warning Please?
All, The last webkit (or other) updates pushed last night completely disables all existing extensions in Firefox 60.6.1esr. U-Block Origins is now disabled NoScript is now disabled Copy to Plain Text is now disabled What gives? What exact rpm was the culprit. Don't you think if you are going to push an update that will break all extensions in Firefox -- there should be reasonable notice? When and how is this going to be fixed? -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
David C. Rankin composed on 2019-05-04 14:08 (UTC-0500):
The last webkit (or other) updates pushed last night completely disables all existing extensions in Firefox 60.6.1esr.
U-Block Origins is now disabled NoScript is now disabled Copy to Plain Text is now disabled
What gives? What exact rpm was the culprit. Don't you think if you are going to push an update that will break all extensions in Firefox -- there should be reasonable notice? When and how is this going to be fixed?
Old news. See opensuse-factory mailing list archive, and https://discourse.mozilla.org/t/certificate-issue-causing-add-ons-to-be-disa... -- Evolution as taught in public schools is religion, not science. Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* David C. Rankin <drankinatty@suddenlinkmail.com> [05-04-19 15:09]:
All,
The last webkit (or other) updates pushed last night completely disables all existing extensions in Firefox 60.6.1esr.
U-Block Origins is now disabled NoScript is now disabled Copy to Plain Text is now disabled
What gives? What exact rpm was the culprit. Don't you think if you are going to push an update that will break all extensions in Firefox -- there should be reasonable notice? When and how is this going to be fixed?
no, it was not updates. firefox has security certs problem and deliberately disabled extensions until they solved the problem. should be ok now or shortly as they found or achieved a solution. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/04/2019 02:16 PM, Patrick Shanahan wrote:
* David C. Rankin <drankinatty@suddenlinkmail.com> [05-04-19 15:09]:
All,
The last webkit (or other) updates pushed last night completely disables all existing extensions in Firefox 60.6.1esr.
U-Block Origins is now disabled NoScript is now disabled Copy to Plain Text is now disabled
What gives? What exact rpm was the culprit. Don't you think if you are going to push an update that will break all extensions in Firefox -- there should be reasonable notice? When and how is this going to be fixed?
no, it was not updates. firefox has security certs problem and deliberately disabled extensions until they solved the problem. should be ok now or shortly as they found or achieved a solution.
Thank God: Firefox Extended Support Release (ESR), Firefox Developer Edition and Nightly versions of Firefox will allow you to override the setting to enforce the extension signing requirement, by changing the preference xpinstall.signatures.required to false in the Firefox Configuration Editor (about:config page). There are also special unbranded versions of Firefox that allow this override. See the MozillaWiki article, Add-ons/Extension Signing for more information. -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* David C. Rankin <drankinatty@suddenlinkmail.com> [05-04-19 15:40]:
On 05/04/2019 02:16 PM, Patrick Shanahan wrote:
* David C. Rankin <drankinatty@suddenlinkmail.com> [05-04-19 15:09]:
All,
The last webkit (or other) updates pushed last night completely disables all existing extensions in Firefox 60.6.1esr.
U-Block Origins is now disabled NoScript is now disabled Copy to Plain Text is now disabled
What gives? What exact rpm was the culprit. Don't you think if you are going to push an update that will break all extensions in Firefox -- there should be reasonable notice? When and how is this going to be fixed?
no, it was not updates. firefox has security certs problem and deliberately disabled extensions until they solved the problem. should be ok now or shortly as they found or achieved a solution.
Thank God:
Firefox Extended Support Release (ESR), Firefox Developer Edition and Nightly versions of Firefox will allow you to override the setting to enforce the extension signing requirement, by changing the preference
xpinstall.signatures.required to false
in the Firefox Configuration Editor (about:config page). There are also special unbranded versions of Firefox that allow this override. See the MozillaWiki article, Add-ons/Extension Signing for more information.
should not be necessary as they arrived at a solution. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/04/2019 02:41 PM, Patrick Shanahan wrote:
* David C. Rankin <drankinatty@suddenlinkmail.com> [05-04-19 15:40]:
On 05/04/2019 02:16 PM, Patrick Shanahan wrote:
* David C. Rankin <drankinatty@suddenlinkmail.com> [05-04-19 15:09]:
All,
The last webkit (or other) updates pushed last night completely disables all existing extensions in Firefox 60.6.1esr.
U-Block Origins is now disabled NoScript is now disabled Copy to Plain Text is now disabled
What gives? What exact rpm was the culprit. Don't you think if you are going to push an update that will break all extensions in Firefox -- there should be reasonable notice? When and how is this going to be fixed?
no, it was not updates. firefox has security certs problem and deliberately disabled extensions until they solved the problem. should be ok now or shortly as they found or achieved a solution.
Thank God:
Firefox Extended Support Release (ESR), Firefox Developer Edition and Nightly versions of Firefox will allow you to override the setting to enforce the extension signing requirement, by changing the preference
xpinstall.signatures.required to false
in the Firefox Configuration Editor (about:config page). There are also special unbranded versions of Firefox that allow this override. See the MozillaWiki article, Add-ons/Extension Signing for more information.
should not be necessary as they arrived at a solution.
Smells a lot more like "Web ad giant Google to block ad-blockers in Chrome. For safety, apparently" https://www.theregister.co.uk/2019/01/22/google_chrome_browser_ad_content_bl... I sure hope that isn't the issue. So much for allowing innovation and competition among ad-on designers... (until they begin to limit the number of ads you can sling in front of someones face....) This could get bad... (Patrick - you may get 2 copies by accident :( -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
In data sabato 4 maggio 2019 21:39:09 CEST, David C. Rankin ha scritto:
xpinstall.signatures.required to false
can be done in ANY FF included the shelf version of Leap 15.0. But should NOT be done, because it is a huge security risk. So if you do have extension for security and privacy you should wait for the patch to happen instead of undermining you security. _________________________________________________________________ ________________________________________________________ Ihre E-Mail-Postf�cher sicher & zentral an einem Ort. Jetzt wechseln und alte E-Mail-Adresse mitnehmen! https://www.eclipso.de -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/04/2019 02:43 PM, stakanov wrote:
can be done in ANY FF included the shelf version of Leap 15.0. But should NOT be done, because it is a huge security risk. So if you do have extension for security and privacy you should wait for the patch to happen instead of undermining you security.
On the sites I frequent, I'd rather not see the ads. Should be temporary, this link has a bit more detail: https://www.ghacks.net/2019/05/04/your-firefox-extensions-are-all-disabled-t... -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/04/2019 03:01 PM, David C. Rankin wrote:
On 05/04/2019 02:43 PM, stakanov wrote:
can be done in ANY FF included the shelf version of Leap 15.0. But should NOT be done, because it is a huge security risk. So if you do have extension for security and privacy you should wait for the patch to happen instead of undermining you security.
On the sites I frequent, I'd rather not see the ads. Should be temporary, this link has a bit more detail:
https://www.ghacks.net/2019/05/04/your-firefox-extensions-are-all-disabled-t...
Update. This would be funny if not for the sheer impact of it all: (Choice posts below) https://bugzilla.mozilla.org/show_bug.cgi?id=1548973 <quote> In case it's not understood I'm seeing a rash of reports of this across mozilla and freenode IRC networks as well as reddit. Many people are very angry and it seems to be growing. We don't yet know how broadly affected the user base is. This seems like an urgent matter we want to get fixed as quickly as possible, at a high cost if necessary. </quote> <quote>
We don't yet know how broadly affected the user base is.
We do. All users with add-ons and remotely accurate system clocks are affected, with the possible exception of nightly/dev edition users with signing disabled. </quote> (angry people on reddit) https://www.reddit.com/r/firefox/comments/bkcjoa/all_of_my_addons_got_disabl... -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/04/2019 02:43 PM, David C. Rankin wrote:
On 05/04/2019 03:01 PM, David C. Rankin wrote:
can be done in ANY FF included the shelf version of Leap 15.0. But should NOT be done, because it is a huge security risk. So if you do have extension for security and privacy you should wait for the patch to happen instead of undermining you security. On the sites I frequent, I'd rather not see the ads. Should be temporary, this
On 05/04/2019 02:43 PM, stakanov wrote: link has a bit more detail:
https://www.ghacks.net/2019/05/04/your-firefox-extensions-are-all-disabled-t...
Update. This would be funny if not for the sheer impact of it all:
(Choice posts below)
https://bugzilla.mozilla.org/show_bug.cgi?id=1548973
<quote> In case it's not understood I'm seeing a rash of reports of this across mozilla and freenode IRC networks as well as reddit.
Many people are very angry and it seems to be growing.
We don't yet know how broadly affected the user base is. This seems like an urgent matter we want to get fixed as quickly as possible, at a high cost if necessary. </quote>
<quote>
We don't yet know how broadly affected the user base is.
We do. All users with add-ons and remotely accurate system clocks are affected, with the possible exception of nightly/dev edition users with signing disabled. </quote>
(angry people on reddit) https://www.reddit.com/r/firefox/comments/bkcjoa/all_of_my_addons_got_disabl...
I searched for "xpinstall.signatures.required" in about:config and changed it from "true" to "false". All now seems to be well, the add-on page says ublock and privacy badger are untrusted, but that's okay for now, at least they're running. Note that this is on an old Firefox version, I have no idea it it will work on newer ones. YMMV. Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Lew Wolfgang <wolfgang@sweet-haven.com> [05-04-19 18:35]:
On 05/04/2019 02:43 PM, David C. Rankin wrote:
On 05/04/2019 03:01 PM, David C. Rankin wrote:
can be done in ANY FF included the shelf version of Leap 15.0. But should NOT be done, because it is a huge security risk. So if you do have extension for security and privacy you should wait for the patch to happen instead of undermining you security. On the sites I frequent, I'd rather not see the ads. Should be temporary, this
On 05/04/2019 02:43 PM, stakanov wrote: link has a bit more detail:
https://www.ghacks.net/2019/05/04/your-firefox-extensions-are-all-disabled-t...
Update. This would be funny if not for the sheer impact of it all:
(Choice posts below)
https://bugzilla.mozilla.org/show_bug.cgi?id=1548973
<quote> In case it's not understood I'm seeing a rash of reports of this across mozilla and freenode IRC networks as well as reddit.
Many people are very angry and it seems to be growing.
We don't yet know how broadly affected the user base is. This seems like an urgent matter we want to get fixed as quickly as possible, at a high cost if necessary. </quote>
<quote>
We don't yet know how broadly affected the user base is.
We do. All users with add-ons and remotely accurate system clocks are affected, with the possible exception of nightly/dev edition users with signing disabled. </quote>
(angry people on reddit) https://www.reddit.com/r/firefox/comments/bkcjoa/all_of_my_addons_got_disabl...
I searched for "xpinstall.signatures.required" in about:config and changed it from "true" to "false". All now seems to be well, the add-on page says ublock and privacy badger are untrusted, but that's okay for now, at least they're running. Note that this is on an old Firefox version, I have no idea it it will work on newer ones. YMMV.
supposedly the certificate is now good and "jumping thru hoops" should not now be necessary, ymmv -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-05-04 01:43 PM, stakanov wrote:
In data sabato 4 maggio 2019 21:39:09 CEST, David C. Rankin ha scritto:
xpinstall.signatures.required to false can be done in ANY FF included the shelf version of Leap 15.0. But should NOT be done, because it is a huge security risk. So if you do have extension for security and privacy you should wait for the patch to happen instead of undermining you security.
That is the default setting in Seamonkey 2.49.4. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/05/2019 21.08, David C. Rankin wrote:
All,
The last webkit (or other) updates pushed last night completely disables all existing extensions in Firefox 60.6.1esr.
U-Block Origins is now disabled NoScript is now disabled Copy to Plain Text is now disabled
What gives? What exact rpm was the culprit. Don't you think if you are going to push an update that will break all extensions in Firefox -- there should be reasonable notice? When and how is this going to be fixed?
Firefox disabled all add-ons because a certificate expired <https://www.engadget.com/2019/05/03/firefox-extension-add-on-cert/> The event occurred as the clock rolled over on UTC (Coordinated Universal Time, aka GMT or Greenwich Mean Time), and impacted users quickly narrowed it down to "expiration of intermediate signing cert" -- as it's described on Mozilla's bug tracker. <https://bugzilla.mozilla.org/show_bug.cgi?id=1548973> -- Cheers / Saludos, Carlos E. R. (from openSUSE, Leap 15.1 x86_64 (ssd-test)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (7)
-
Carlos E. R. -
Darryl Gregorash -
David C. Rankin -
Felix Miata -
Lew Wolfgang -
Patrick Shanahan -
stakanov