We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Hierdie gesprek is in die argief. Vra asseblief 'n nuwe vraag as jy hulp nodig het.

Firefox 33 broke our enterprise application. What to use instead of window.crypto.signText or how to downgrade to FireFox 32?

more options

There is nothing suitable to sign content in your current implementation of webcrypto specification. Firefox 33 total breaks signing content with client certificates and leaves us with few options: either tell thousands of clients to switch to IE or downgrade to Firefox 32. How can we download to Firefox 32? How do we sign text with new/future webcrypto api?

There is nothing suitable to sign content in your current implementation of webcrypto specification. Firefox 33 total breaks signing content with client certificates and leaves us with few options: either tell thousands of clients to switch to IE or downgrade to Firefox 32. How can we download to Firefox 32? How do we sign text with new/future webcrypto api?

All Replies (4)

more options

There is a bug on file to address this that you can vote to get fixed:

I don't know of any short-term workarounds, but you could consider using the extended support release (ESR) designed for corporate environments. It is the Firefox 31 code base with additional security patches.

https://www.mozilla.org/firefox/organizations/faq/

more options
more options

Thank you! I'll upvote it, but I'd rather see this change rolled back or at least some quick fix to temporarily enable the lost functionality should be made available. We are offering a service to many individual customers who now should just uninstall 33, install Firefox 32 and disable the auto-update. Using ESR makes no difference. I understand you want to remove legacy code, but that cleaning should have been made after there is an alternative running.

more options

From a security perspective, it would be better advice to your customers to use the latest version of IE for your application rather that install a known vulnerable version of Firefox and potentially block updates for the rest of time. I think that's a level of potential liability you wouldn't want to take on.

Also, I'm surprised that the ESR version doesn't work. Usually this kind of change would not be included until the next major release.