[Engadget] Firefox disabled all add-ons because a certificate expired (updated) - Page 2 - Overclock.net - An Overclocking Community

Forum Jump: 

[Engadget] Firefox disabled all add-ons because a certificate expired (updated)

Reply
 
Thread Tools
post #11 of 38 (permalink) Old 05-05-2019, 07:59 AM
New to Overclock.net
 
ILoveHighDPI's Avatar
 
Join Date: Oct 2011
Posts: 3,221
Rep: 133 (Unique: 84)
Well after using Edge for a day and a half I can’t complain about how slow Firefox was anymore.
ILoveHighDPI is offline  
Sponsored Links
Advertisement
 
post #12 of 38 (permalink) Old 05-05-2019, 08:34 AM
Old to Overclock.net
 
Join Date: Jan 2008
Posts: 2,010
Rep: 109 (Unique: 96)
Quote: Originally Posted by Imouto View Post
Shouldn't you be asking yourself why your Waterfox is running expired certificates normally?
It's a browser that doesn't hold your hand and get in in the way if you go manually install something off github, some forum or anywhere else but the mozilla repo. It assumes you know and understand what extensions you are installing and where they come from and can deal with that accordingly.

362436
(15 items)
CPU
AMD Ryzen 5 1600
Motherboard
Asus Prime X370-A AMD Ryzen AM4 DDR4
GPU
Gigabyte GeForce GTX 950
RAM
2x Corsair Valueselect 8GB 288 Pin DDR4 SDRAM DDR4 @ 2133
Hard Drive
Corsair Force LS 2.5" 120GB SATA III MLC SSD
Optical Drive
Lite-On 24X SATA DVD/RW Optical Drive
Power Supply
Corsair RM550x 550W 80 Plus Gold
Cooling
Noctua NH-L9A-AM4 Low-Profile
Case
Antec NSK4100 Steel ATX Mid Tower
Operating System
Mint 18.2 x64
Monitor
HP 24" LCD/LED 1920x1080
Keyboard
IBM PC-AT
Mouse
Logitech G5
Audio
Sennheiser HD650
Audio
Asus Essence STX II
▲ hide details ▲


xJumper is offline  
post #13 of 38 (permalink) Old 05-05-2019, 08:54 AM
Overclocker
 
JackCY's Avatar
 
Join Date: Jun 2014
Posts: 9,274
Rep: 309 (Unique: 225)
I was about to make a thread, didn't see one yesterday and no clean solutions either. A day later there is still no fix from Mozilla, they don't care, they only "patched" the latest version via "studies"/beta/nightly feature.
The Force was clearly not with them yesterday.

The only fix I know of that works is this:

https://www.reddit.com/r/firefox/com...or_5602_older/
https://www.velvetbug.com/benb/icfix/



Code:
-----BEGIN CERTIFICATE-----
MIIHLTCCBRWgAwIBAgIDEAAIMA0GCSqGSIb3DQEBDAUAMH0xCzAJBgNVBAYTAlVT
MRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3ppbGxh
IEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTEfMB0GA1UEAxMWcm9vdC1j
YS1wcm9kdWN0aW9uLWFtbzAeFw0xNTA0MDQwMDAwMDBaFw0yNTA0MDQwMDAwMDBa
MIGnMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTTW96aWxsYSBDb3Jwb3JhdGlvbjEv
MC0GA1UECxMmTW96aWxsYSBBTU8gUHJvZHVjdGlvbiBTaWduaW5nIFNlcnZpY2Ux
JjAkBgNVBAMTHXNpZ25pbmdjYTEuYWRkb25zLm1vemlsbGEub3JnMSEwHwYJKoZI
hvcNAQkBFhJmb3hzZWNAbW96aWxsYS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4IC
DwAwggIKAoICAQC/qluiiI+wO6qGA4vH7cHvWvXpdju9JnvbwnrbYmxhtUpfS68L
bdjGGtv7RP6F1XhHT4MU3v4GuMulH0E4Wfalm8evsb3tBJRMJPICJX5UCLi6VJ6J
2vipXSWBf8xbcOB+PY5Kk6L+EZiWaepiM23CdaZjNOJCAB6wFHlGe+zUk87whpLa
7GrtrHjTb8u9TSS+mwjhvgfP8ILZrWhzb5H/ybgmD7jYaJGIDY/WDmq1gVe03fSh
xD09Ml1P7H38o5kbFLnbbqpqC6n8SfUI31MiJAXAN2e6rAOM8EmocAY0EC5KUooX
KRsYvHzhwwHkwIbbe6QpTUlIqvw1MPlQPs7Zu/MBnVmyGTSqJxtYoklr0MaEXnJN
Y3g3FDf1R0Opp2/BEY9Vh3Fc9Pq6qWIhGoMyWdueoSYa+GURqDbsuYnk7ZkysxK+
yRoFJu4x3TUBmMKM14jQKLgxvuIzWVn6qg6cw7ye/DYNufc+DSPSTSakSsWJ9IPx
iAU7xJ+GCMzaZ10Y3VGOybGLuPxDlSd6KALAoMcl9ghB2mvfB0N3wv6uWnbKuxih
q/qDps+FjliNvr7C66mIVH+9rkyHIy6GgIUlwr7E88Qqw+SQeNeph6NIY85PL4p0
Y8KivKP4J928tpp18wLuHNbIG+YaUk5WUDZ6/2621pi19UZQ8iiHxN/XKQIDAQAB
o4IBiTCCAYUwDAYDVR0TBAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwFgYDVR0lAQH/
BAwwCgYIKwYBBQUHAwMwHQYDVR0OBBYEFBY++xz/DCuT+JsV1y2jwuZ4YdztMIGo
BgNVHSMEgaAwgZ2AFLO86lh0q+FueCqyq5wjHqhjLJe3oYGBpH8wfTELMAkGA1UE
BhMCVVMxHDAaBgNVBAoTE01vemlsbGEgQ29ycG9yYXRpb24xLzAtBgNVBAsTJk1v
emlsbGEgQU1PIFByb2R1Y3Rpb24gU2lnbmluZyBTZXJ2aWNlMR8wHQYDVQQDExZy
b290LWNhLXByb2R1Y3Rpb24tYW1vggEBMDMGCWCGSAGG+EIBBAQmFiRodHRwOi8v
YWRkb25zLm1vemlsbGEub3JnL2NhL2NybC5wZW0wTgYDVR0eBEcwRaFDMCCCHi5j
b250ZW50LXNpZ25hdHVyZS5tb3ppbGxhLm9yZzAfgh1jb250ZW50LXNpZ25hdHVy
ZS5tb3ppbGxhLm9yZzANBgkqhkiG9w0BAQwFAAOCAgEAX1PNli/zErw3tK3S9Bv8
03RV4tHkrMa5xztxzlWja0VAUJKEQx7f1yM8vmcQJ9g5RE8WFc43IePwzbAoum5F
4BTM7tqM//+e476F1YUgB7SnkDTVpBOnV5vRLz1Si4iJ/U0HUvMUvNJEweXvKg/D
NbXuCreSvTEAawmRIxqNYoaigQD8x4hCzGcVtIi5Xk2aMCJW2K/6JqkN50pnLBNk
Px6FeiYMJCP8z0FIz3fv53FHgu3oeDhi2u3VdONjK3aaFWTlKNiGeDU0/lr0suWf
QLsNyphTMbYKyTqQYHxXYJno9PuNi7e1903PvM47fKB5bFmSLyzB1hB1YIVLj0/Y
qD4nz3lADDB91gMBB7vR2h5bRjFqLOxuOutNNcNRnv7UPqtVCtLF2jVb4/AmdJU7
8jpfDs+BgY/t2bnGBVFBuwqS2Kult/2kth4YMrL5DrURIM8oXWVQRBKxzr843yDm
Ho8+2rqxLnZcmWoe8yQ41srZ4IB+V3w2TIAd4gxZAB0Xa6KfnR4D8RgE5sgmgQoK
7Y/hdvd9Ahu0WEZI8Eg+mDeCeojWcyjF+dt6c2oERiTmFTIFUoojEjJwLyIqHKt+
eApEYpF7imaWcumFN1jR+iUjE4ZSUoVxGtZ/Jdnkf8VVQMhiBA+i7r5PsfrHq+lq
TTGOg+GzYx7OmoeJAT0zo4c=
-----END CERTIFICATE-----
My altered guide:

Save the block including the BEGIN & END lines in a text file with the extension .pem
Such as icfix.pem.

Then import the certifcate into FF via:
  1. Options - Advanced - Certifcates - View Certifcates
  2. Authorities - Import - Select the PEM file
  3. No need to tick the trust checkboxes, click OK
  4. Enable the browser console input mode via about:config by setting devtools.chrome.enabled to true
  5. In browser console Ctrl+Shift+J run the following two lines:
    Code:
    Components.utils.import("resource://gre/modules/addons/XPIProvider.jsm");
    XPIProvider.verifySignatures();

All being well in the addons page everything should pop back to being enabled. All activated on it's own, only waited a few seconds for the console to write a few lines of output.
You may need to disable & enable some of the addons to kick them into life. I didn't.

---

I've only used Waterfox 64bit before FF switched to 64bit itself. Since then Waterfox to me fell behind, maybe it's updated now and similar to what older version of FF I use, seems so, but it's still regarded as slower than FF64 = not good for me.

Last edited by JackCY; 05-05-2019 at 09:04 AM.
JackCY is offline  
Sponsored Links
Advertisement
 
post #14 of 38 (permalink) Old 05-05-2019, 09:16 AM
curmudgeon
 
miklkit's Avatar
 
Join Date: Apr 2013
Posts: 5,701
Rep: 305 (Unique: 176)
I ran into this and found a simple fix a couple of days ago. AdGuard seems to just work, but I am private browsing now.

IOKIYAR
Junkyard Dog
(18 items)
Blackie
(17 items)
CPU
AMD Ryzen 1700
Motherboard
Biostar X370 GT7
GPU
Sapphire Nitro+ Radeon Vega 64
RAM
G. Skill Ripjaws ddr4 3200 16 GB 4x4
Hard Drive
Samsung 850 EVO 500gb SSD
Hard Drive
Western Digital 500gb
Hard Drive
Samsung 860 evo 1tb ssd
Optical Drive
Memorex Lightscribe dvd
Power Supply
Seasonic 850 watt
Cooling
Thermalright Silver Arrow IB-E Extreme
Case
Silverstone Redline RL05
Operating System
Win 10 64bit
Monitor
Pixio 27" 1440P
Keyboard
yes
Mouse
Evoluent vertical mouse
Mouse
yes
Audio
Creative X-FI
Other
Sennheiser headphones HD 599
CPU
AMD FX8370 @ 5 ghz
Motherboard
ASUS Sabertooth
GPU
Sapphire Fury
RAM
G Skill F3-14900CL9Q-16GBXL
Hard Drive
Western Digital
Hard Drive
Samsung 850 EVO
Optical Drive
Memorex Lightscribe dvd
Power Supply
Seasonic SS-850KM Active PFC F3
Cooling
Thermalright Silver Arrow IB-E Extreme
Case
Silverstone Redline RL02b
Operating System
Win X 64 bit
Monitor
Pixio 27" 1440P
Keyboard
yes
Mouse
Evoluent VM4
Mouse
yes
Audio
Creative Soundblaster Z
Audio
Sennheiser 428 headphones
▲ hide details ▲
miklkit is offline  
post #15 of 38 (permalink) Old 05-05-2019, 09:17 AM
New to Overclock.net
 
Imouto's Avatar
 
Join Date: Mar 2012
Posts: 1,824
Rep: 208 (Unique: 96)
Quote: Originally Posted by xJumper View Post
It's a browser that doesn't hold your hand and get in in the way if you go manually install something off github, some forum or anywhere else but the mozilla repo. It assumes you know and understand what extensions you are installing and where they come from and can deal with that accordingly.
I think you don't understand the issue. Your browser is fed with a certificate and doesn't give a damn if it is expired or not. This isn't like eating unsigned add-ons for breakfast and having seconds, it is a total disregard for basic security.

I mean, not even a frigging warning?

#EnthusiastLivesMatter
Imouto is offline  
post #16 of 38 (permalink) Old 05-05-2019, 09:31 AM
Overclocker
 
JackCY's Avatar
 
Join Date: Jun 2014
Posts: 9,274
Rep: 309 (Unique: 225)
Some people don't mind to download the code or binary from anywhere and use it, edit it, ..., just like the "old days". Certificates only make the issue they are trying to solve more difficult to exploit. So you download an addon from official store (or you think it's official store but it's not, only looks the same, or the file download is fed from elsewhere), install it and oh no it's malicious, how could this happen, very easily, with or without certificates.
JackCY is offline  
post #17 of 38 (permalink) Old 05-05-2019, 09:43 AM
New to Overclock.net
 
Imouto's Avatar
 
Join Date: Mar 2012
Posts: 1,824
Rep: 208 (Unique: 96)
Quote: Originally Posted by JackCY View Post
Some people don't mind to download the code or binary from anywhere and use it, edit it, ..., just like the "old days". Certificates only make the issue they are trying to solve more difficult to exploit. So you download an addon from official store (or you think it's official store but it's not, only looks the same, or the file download is fed from elsewhere), install it and oh no it's malicious, how could this happen, very easily, with or without certificates.
I think you don't even know how signing and checking a certificate work with Firefox.

#EnthusiastLivesMatter
Imouto is offline  
post #18 of 38 (permalink) Old 05-05-2019, 12:23 PM
Overclocker
 
JackCY's Avatar
 
Join Date: Jun 2014
Posts: 9,274
Rep: 309 (Unique: 225)
Then enlighten us all.

Because as it's painfully obvious to many now, it does not work
And if someone is determined enough they can get it signed even if contents are malicious, one way or another.
How many other browsers bother with enforcing signed addons only? On top of that how many fail to update their certificate and extend it's valid date?

Last edited by JackCY; 05-05-2019 at 12:29 PM.
JackCY is offline  
post #19 of 38 (permalink) Old 05-05-2019, 12:40 PM
New to Overclock.net
 
Imouto's Avatar
 
Join Date: Mar 2012
Posts: 1,824
Rep: 208 (Unique: 96)
Quote: Originally Posted by JackCY View Post
Then enlighten us all.
Mozilla signs the add-ons. You can spoof the site all you want and however you download wouldn't work anyway. That is precisely why they sign them.

Quote: Originally Posted by JackCY View Post
Because as it's painfully obvious to many now, it does not work
And if someone is determined enough they can get it signed even if contents are malicious, one way or another.
You would need the private key held by Mozilla or hijack the browser distribution. Which is quite different than the walk in the park you presented as how easy it would be to distribute counterfeit add-ons.

Quote: Originally Posted by JackCY View Post
How many other browsers bother with enforcing signed addons only? On top of that how many fail to update their certificate and extend it's valid date?
Oh, please. Deflecting already? I never denied Mozilla screwed it up royally here. It is you who's wrong about the certificates.

Now that this is out of the way I wouldn't use your method because you obviously have no idea about what you're talking.

#EnthusiastLivesMatter
Imouto is offline  
post #20 of 38 (permalink) Old 05-05-2019, 03:00 PM
Old to Overclock.net
 
Join Date: Jan 2008
Posts: 2,010
Rep: 109 (Unique: 96)
I get my extensions from the developers actual website or FTP server and github and check the checksum if it is provided. Why do I need Mozilla to sign it?

362436
(15 items)
CPU
AMD Ryzen 5 1600
Motherboard
Asus Prime X370-A AMD Ryzen AM4 DDR4
GPU
Gigabyte GeForce GTX 950
RAM
2x Corsair Valueselect 8GB 288 Pin DDR4 SDRAM DDR4 @ 2133
Hard Drive
Corsair Force LS 2.5" 120GB SATA III MLC SSD
Optical Drive
Lite-On 24X SATA DVD/RW Optical Drive
Power Supply
Corsair RM550x 550W 80 Plus Gold
Cooling
Noctua NH-L9A-AM4 Low-Profile
Case
Antec NSK4100 Steel ATX Mid Tower
Operating System
Mint 18.2 x64
Monitor
HP 24" LCD/LED 1920x1080
Keyboard
IBM PC-AT
Mouse
Logitech G5
Audio
Sennheiser HD650
Audio
Asus Essence STX II
▲ hide details ▲



Last edited by xJumper; 05-05-2019 at 03:05 PM.
xJumper is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off