noscript/umatrix failures --- mozilla allies with data miners?
firefox now disables noscript and umatrix download fails. why is mozilla upgrading beyond security capabilities? is mozilla replacing them internally or is mozilla aligning with data thieves? i have worried about mozilla since pocket was added without uninstall. it seems obvious to me that mozilla is trying to make security harder. is NSA or Google leaning on you guys? maybe better to pack it up and go home? it is partially my fault for forgeting to disable updates which used to be in preferences area. now you have to dig in config area. also website might make it easier to install older versions of firefox. it's not clear where to find older versions.
Modified
All Replies (11)
Hi firefox9, you may have missed the news somehow.
At midnight on May 4th, a critical certificate Firefox uses to verify extension signatures -- necessary to run or install extensions -- expired. In order to restore normality, you need a new certificate.
Official Solutions: Firefox 66.0.4 and Firefox 60.6.2esr have the fix.
If you are not running a current version of Firefox, but it is recent, you might be able to use the "hotfix" delivered via a study. See: Add-ons disabled or fail to install on Firefox.
If you are running an older version, Mozilla is looking at making an extension which will install the new certificate but it's not working yet.
For the time being, you may need to use an **unofficial** and **unsupported** workaround in that case.
Is it so hard to just ask a question about why insert Extensions are disabled instead of jumping to unfounded conclusions.
"why insert Extensions are disabled"?
Does this explain failure to download umatrix? they didn't put a notice of non-compliance on it. there seem to be multiple problems and a distinct direction to them. it would appear mozilla is more concerned with upgrading with silly bells and whistles and leaving security in the dust. from this and other issues it would appear they are aligning with google who has no interest in security or privacy.
Modified
Hi firefox9, this problem was not caused by an upgrade. Quite the opposite: an upgrade that installed the new certificate would have prevented this problem from happening.
Anyway, if you want help using or installing extensions, we're here. Check out my first reply.
According to noscript staff the problem does not exist with FF52 only most recent versions. there are multiple problems... and they all point in one direction.
firefox9 said
According to noscript staff the problem does not exist with FF52 only most recent versions. there are multiple problems... and they all point in one direction.
What version are you running? The ESR versions (52 and 60) have a feature to completely disable signature verification, which is not recommended, but if someone has that setting, then they wouldn't be aware of how this certificate expiration problem affects those versions when the default setting is in place.
i am running 60.6.1esr on my main debian machine... what config entries are you referring to? one other nice firefox feature would be an auto update for security patches separate from an auto update for "new features". both should have "notify only" option.
Modified
Hi firefox9, the Mozilla builds for Linux (here) have been updated to 60.6.2esr with the new certificate, but individual distribution repositories might not be able to update as quickly due to their various customizations.
would be nice if an open source organization concentrated on open source solutions. would be great for firefox to have an "update" option or better yet "update security" and "update features" feature. i like to use "apt-get install". how hard would it be for mozilla to publish package names? trying to figure out where files go is a bit much to ask for non-administrators.
As a Windows user, I am not familiar with most of that, but I know you have a choice whether you install Firefox from your repo or from Mozilla, and that causes variations in configuration.
Windows? my condolences. NOBODY knows what's going on inside windows. not even microsoft :D Bill Gates, inventor of viruses. ok... dont mean to be mean but no more post here please? it marks thread as answered... thanks