Much better, thanks! It's scripts like this that make me miss the old XUL addon interface; sure it was difficult to maintain, but it granted a level of control over the browser that wasn't (and now, sadly, isn't) possible anywhere else.
I was able to piece together most of my compact dark interface theme [1] with userChrome.css by sacrificing the all-tabs menu for its JS binding, but the all-tabs helper addon is a shadow of what it once was, and the Private Tabs addon is dead with no hope of revival due to the lack of a WebExtension API [2]. I can't even switch browsers to get the functionality back since the others are even less configurable.
In my case ctrl+shift+j opens a dumb console that only shows messages and doesn't take any input. I had to go to about:addons, hit F12 for the Dev Tools and paste it in the console there. Worked well.
There you can change the options in `about:config` (these options do not work in the main version of Firefox)
`
xpinstall.whitelist.required on false
xpinstall.signatures.required on false
extensions.legacy.enabled on true
`
And then every extension works, even experimental and a large part of those based on the former API.
In principle, the Firefox Unbranded version should be the most promoted because it has fewer restrictions on extensions. Even such a version with default options set in `about:config` should exist, and with a larger extension base than AMO.
This does not work for FF versions older than v57.
I use v56.0.2 because that was the last time we actually got to customize the browser (yes, boo me for using an old version).
So I dug around a little (okay, a lot) and worked out a solution for v <= 56.
Version for FF v <= 56
// For FF < v57 >...?
async function set_addons_as_signed() {
Components.utils.import("resource://gre/modules/addons/XPIProvider.jsm");
Components.utils.import("resource://gre/modules/AddonManager.jsm");
let XPIDatabase = this.XPIInternal.XPIDatabase;
let addons = await XPIDatabase.getAddonList(a => true);
for (let addon of addons) {
// The add-on might have vanished, we'll catch that on the next startup
if (!addon._sourceBundle.exists())
continue;
if( addon.signedState != AddonManager.SIGNEDSTATE_UNKNOWN )
continue;
addon.signedState = AddonManager.SIGNEDSTATE_NOT_REQUIRED;
AddonManagerPrivate.callAddonListeners("onPropertyChanged",
addon.wrapper,
["signedState"]);
await XPIProvider.updateAddonDisabledState(addon);
}
XPIDatabase.saveChanges();
}
set_addons_as_signed();
Please let me know which versions are compatible, and where it breaks down!
Don't forget to enable devtools.chrome.enabled in about:config and use the actual browser console, not the web console
Firefox ESR 52.5.0
This fails with error:
Promise { <state>: "rejected", <reason>: TypeError }
TypeError: this.XPIInternal is undefined[Learn More]
However I've re-enabled all extensions by:
Type about:config in a new window's address bar. Type 'signatures' in the search bar.
You should see a line saying 'xpinstall.signatures.required'. Double click on it and 'true' should change to 'false'
Restart Firefox.
Hey, so if you're going to do this, you're porting the wrong code. My code (which you ported) will need to be rerun every 24h to reset the signing state (assuming old firefox works like new firefox, it probably does). You should figure out how to make the following code (pulled from the .xpi mozilla created) work in firefox 56's browser console instead:
/* eslint no-unused-vars: ["error", { "varsIgnorePattern": "skeleton" }]*/
ChromeUtils.defineModuleGetter(this, "XPIDatabase", "resource://gre/modules/addons/XPIDatabase.jsm");
var skeleton = class extends ExtensionAPI {
getAPI(/* context */) {
return {
experiments: {
skeleton: {
async doTheThing() {
// first inject the new cert
try {
let intermediate = "MIIHLTCCBRWgAwIBAgIDEAAIMA0GCSqGSIb3DQEBDAUAMH0xCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3ppbGxhIEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTEfMB0GA1UEAxMWcm9vdC1jYS1wcm9kdWN0aW9uLWFtbzAeFw0xNTA0MDQwMDAwMDBaFw0yNTA0MDQwMDAwMDBaMIGnMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTTW96aWxsYSBDb3Jwb3JhdGlvbjEvMC0GA1UECxMmTW96aWxsYSBBTU8gUHJvZHVjdGlvbiBTaWduaW5nIFNlcnZpY2UxJjAkBgNVBAMTHXNpZ25pbmdjYTEuYWRkb25zLm1vemlsbGEub3JnMSEwHwYJKoZIhvcNAQkBFhJmb3hzZWNAbW96aWxsYS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/qluiiI+wO6qGA4vH7cHvWvXpdju9JnvbwnrbYmxhtUpfS68LbdjGGtv7RP6F1XhHT4MU3v4GuMulH0E4Wfalm8evsb3tBJRMJPICJX5UCLi6VJ6J2vipXSWBf8xbcOB+PY5Kk6L+EZiWaepiM23CdaZjNOJCAB6wFHlGe+zUk87whpLa7GrtrHjTb8u9TSS+mwjhvgfP8ILZrWhzb5H/ybgmD7jYaJGIDY/WDmq1gVe03fShxD09Ml1P7H38o5kbFLnbbqpqC6n8SfUI31MiJAXAN2e6rAOM8EmocAY0EC5KUooXKRsYvHzhwwHkwIbbe6QpTUlIqvw1MPlQPs7Zu/MBnVmyGTSqJxtYoklr0MaEXnJNY3g3FDf1R0Opp2/BEY9Vh3Fc9Pq6qWIhGoMyWdueoSYa+GURqDbsuYnk7ZkysxK+yRoFJu4x3TUBmMKM14jQKLgxvuIzWVn6qg6cw7ye/DYNufc+DSPSTSakSsWJ9IPxiAU7xJ+GCMzaZ10Y3VGOybGLuPxDlSd6KALAoMcl9ghB2mvfB0N3wv6uWnbKuxihq/qDps+FjliNvr7C66mIVH+9rkyHIy6GgIUlwr7E88Qqw+SQeNeph6NIY85PL4p0Y8KivKP4J928tpp18wLuHNbIG+YaUk5WUDZ6/2621pi19UZQ8iiHxN/XKQIDAQABo4IBiTCCAYUwDAYDVR0TBAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwMwHQYDVR0OBBYEFBY++xz/DCuT+JsV1y2jwuZ4YdztMIGoBgNVHSMEgaAwgZ2AFLO86lh0q+FueCqyq5wjHqhjLJe3oYGBpH8wfTELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE01vemlsbGEgQ29ycG9yYXRpb24xLzAtBgNVBAsTJk1vemlsbGEgQU1PIFByb2R1Y3Rpb24gU2lnbmluZyBTZXJ2aWNlMR8wHQYDVQQDExZyb290LWNhLXByb2R1Y3Rpb24tYW1vggEBMDMGCWCGSAGG+EIBBAQmFiRodHRwOi8vYWRkb25zLm1vemlsbGEub3JnL2NhL2NybC5wZW0wTgYDVR0eBEcwRaFDMCCCHi5jb250ZW50LXNpZ25hdHVyZS5tb3ppbGxhLm9yZzAfgh1jb250ZW50LXNpZ25hdHVyZS5tb3ppbGxhLm9yZzANBgkqhkiG9w0BAQwFAAOCAgEAX1PNli/zErw3tK3S9Bv803RV4tHkrMa5xztxzlWja0VAUJKEQx7f1yM8vmcQJ9g5RE8WFc43IePwzbAoum5F4BTM7tqM//+e476F1YUgB7SnkDTVpBOnV5vRLz1Si4iJ/U0HUvMUvNJEweXvKg/DNbXuCreSvTEAawmRIxqNYoaigQD8x4hCzGcVtIi5Xk2aMCJW2K/6JqkN50pnLBNkPx6FeiYMJCP8z0FIz3fv53FHgu3oeDhi2u3VdONjK3aaFWTlKNiGeDU0/lr0suWfQLsNyphTMbYKyTqQYHxXYJno9PuNi7e1903PvM47fKB5bFmSLyzB1hB1YIVLj0/YqD4nz3lADDB91gMBB7vR2h5bRjFqLOxuOutNNcNRnv7UPqtVCtLF2jVb4/AmdJU78jpfDs+BgY/t2bnGBVFBuwqS2Kult/2kth4YMrL5DrURIM8oXWVQRBKxzr843yDmHo8+2rqxLnZcmWoe8yQ41srZ4IB+V3w2TIAd4gxZAB0Xa6KfnR4D8RgE5sgmgQoK7Y/hdvd9Ahu0WEZI8Eg+mDeCeojWcyjF+dt6c2oERiTmFTIFUoojEjJwLyIqHKt+eApEYpF7imaWcumFN1jR+iUjE4ZSUoVxGtZ/Jdnkf8VVQMhiBA+i7r5PsfrHq+lqTTGOg+GzYx7OmoeJAT0zo4c=";
let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
certDB.addCertFromBase64(intermediate, ",,");
console.log("new intermediate certificate added");
} catch (e) {
console.error("failed to add new intermediate certificate:", e);
}
// Second, force a re-verify of signatures
try {
XPIDatabase.verifySignatures();
console.log("signatures re-verified");
} catch (e) {
console.error("failed to re-verify signatures:", e);
}
}
}
}
};
}
};
I also using 56.0.2 (64 bit). Can you help me finding solution? I am on different date now to use FF, but I am already 2 days in the past. I tried to use your script and have:
"// For FF < v57 >...?
async function set_addons_as_signed() {
Components.utils.import("resource://gre/modules/addons/XPIProvider.jsm");
Components.utils.import("resource://gre/modules/AddonManager.jsm");
let XPIDatabase = this.XPIInternal.XPIDatabase;
let addons = await XPIDatabase.getAddonList(a => true);
for (let addon of addons) {
// The add-on might have vanished, we'll catch that on the next startup
if (!addon._sourceBundle.exists())
continue;
if( addon.signedState != AddonManager.SIGNEDSTATE_UNKNOWN )
continue;
addon.signedState = AddonManager.SIGNEDSTATE_NOT_REQUIRED;
AddonManagerPrivate.callAddonListeners("onPropertyChanged",
addon.wrapper,
["signedState"]);
await XPIProvider.updateAddonDisabledState(addon);
}
XPIDatabase.saveChanges();
}
set_addons_as_signed();
Promise { <state>: "pending" }"
EDIT: have this one now: ado.config({ consent: true }); inpl.anc.js:40
Also what hotfix you refer too. I can not install hotfix-update-xpi-intermediate@mozilla.com-1.0.2-signed.xpi on old version :/
EDIT2: Installed this fix using debuging but it is not for a old FF and got some errors:
Reading manifest: Error processing hidden: An unexpected property was found in the WebExtension manifest.
Reading manifest: Error processing experiment_apis: An unexpected property was found in the WebExtension manifest.
I installed hotfix-update-xpi-intermediate@mozilla.com-1.0.2-signed.xpi as temporary extension and then was able somehow to install it in standard way.
I LOVE YOU SO MUCH. Firm 56.0.2 user here as well. Refuse to go with a newer version. I don't even care that we're basically putting it on life-support at this point. Anyway thanks for the help. Couldn't stand youtube or basically any other website without adblock.
Heheh, more like they've taken it OFF support - but anyways, have you seen the way to install Mozilla's intermediate certificate on older versions? It seems like that one actually solves it! :)))
async function set_addons_as_signed() {
Components.utils.import("resource://gre/modules/addons/XPIDatabase.jsm");
Components.utils.import("resource://gre/modules/AddonManager.jsm");
let addons = await XPIDatabase.getAddonList(a => true);
for (let addon of addons) {
// The add-on might have vanished, we'll catch that on the next startup
if (!addon._sourceBundle.exists())
continue;
if( addon.signedState != AddonManager.SIGNEDSTATE_UNKNOWN )
continue;
addon.signedState = AddonManager.SIGNEDSTATE_NOT_REQUIRED;
AddonManagerPrivate.callAddonListeners("onPropertyChanged",
addon.wrapper,
["signedState"]);
await XPIDatabase.updateAddonDisabledState(addon);
}
XPIDatabase.saveChanges();
}
set_addons_as_signed();
This is the fix Mozilla has published to be installed via shield studies, but skipping the shield studies part. You can be sure it's not malicious because it is signed by Mozilla... and if your browser installed unsigned extensions you wouldn't be looking for this solution in the first place.
Thank you for this, all of my add-ons were immediately re-enabled except for my selected theme.
Mozilla was warned beforehand about this, this problem was completely avoidable which is upsetting. I've been a fan of this browser for years but this is the 2nd time this has happened to add-ons that I can recall and to be blunt it's unacceptable.
It makes absolutely no sense that add-ons the user installs can be disabled like this without user consent, whether the add-ons in question are considered safe or not. Take into account how easy it is to migrate all of your bookmarks/etc. to another browser and this is clearly bad practice by Mozilla.
It's one thing if we had a way to bypass this through Firefox directly but they chose not to include a bypass for situations such as this. It wouldn't be so bad if it wasn't for the fact that this is affecting all add-ons, adblockers/dark mode/greasemonkey/everything.
"Date expiration on code signing cert should only prevent new signatures from being considered valid -- it should not even prevent installation of old software. The fact that an expired cert disabled software is the most retarded thing I've seen this decade on any web browser." <This quote nails it on the head, this whole situation is bull.
Help please somebody. I'm so upset. Firefox "disappeared" off my desktop and I got a notice that it couldn't find my profile file. Neither could I. I had to reinstall the entire operating system for it to work again, and my data is gone (bookmarks). My bookmarks are important data for me. If I can retrieve them, I'm leaving FFforever. And Mozilla. FF should be held responsible for my expenses and time. Help. I had no ff acct. I just chose it as my default browser.
Thanks to advice from @midlandsfirst, all is restored to its rightful place. Just leaves me wondering if I would've got the auto fix from Mozilla eventually if I hadn't done this myself. When I first logged on today (Monday in Australia), it still wasn't fixed.
To see all add-ons and theme disappear before my eyes with no explanation was pretty disconcerting and leads me to say that I totally disagree with Mozilla (or anyone else) having that kind of control. Bad policy (which it is) aside, though, someone dropped the ball big-time. I'm still astonished this was even allowed to happen, bad policy or not.
Hey ConeBone, hoping you see this here since your comment is marked as dead.
The .xpi has already fixed the problem permanently (I think). You can just leave it, or if you want you can uninstall it now just as a matter of cleanliness. I'm linking to this comment about how to uninstall because I'm not satisfied with my solution and I'm hoping someone will contribute a better one: https://news.ycombinator.com/item?id=19827428
You can see the addon in about:support, but it doesn't give you a way to uninstall it, just see that it is installed.
Fixed everything immediately upon installing before even restarting. Afterwards went to https://news.ycombinator.com/item?id=19827428 for uninstalling, had trouble finding my profile folder on my own and quickly saw the about:support has a direct link, opened, closed firefox, deleted the xpi. All good.
Thank you, 10/10 would prefer it never happens again
I've just done what you suggested but I'm running an older version of firefox:52.9.0 ESR (x86 en-GB) so it does not work!!!! PLEASE HELP ME, PLEASE!!!!!
I have an old notebook:
Microsoft Windows XP 2002,intel pentium M processor,1600MHz,
1.60GHz,760 MB RAM
I don't feel right responding without saying this, so even though you might have heard it before:
Using Windows XP and firefox 52 is in my humble estimation crazy. You're asking for viruses. I'd strongly recommend installing linux on your machine and using that instead.
Linux Mint Xfce 32 bit might manage to run on your system, but your pushing up against the minimum requirements for doing so. If it does run well enough it is IMHO the easiest distro for a new user to use.
If you find it doesn't, Debian with (again) xfce should run just fine. Debian isn't exactly scary to install, but it's scarier than mint for a new user.
I can't promise full support, but if you need a pointer in the right direction while installing linux, feel free to email me at morenzg@google's mail service here.com (since I'm unlikely to see any replies here).
Thks, it worked, I installed the fix. But do I have to uninstall the .xpi after? And how?
Also, my addons are back, but I still have the error message (see screenshot: http://i.imgur.com/t1wb316.png ) Also do I still have to allow the "allow firefow to install and run studies"?
Thks.
I don't see any reason that you need to uninstall the .xpi, but you might as well. See here (hoping someone replies there with a better method of uninstalling, my method is a bad hack) https://news.ycombinator.com/item?id=19827428
You don't need to allow firefox to install and run studies, that's just a way of letting firefox automatically install this xpi.
Did that error message only appear after you installed the .xpi fix? If so it's mildly worrisome, but probably not worth spending time figuring out what it's about if all your addons are back. If it appeared when the addons were initially disabled it's not an issue at all, it's just that nothing closed it.
"You don't need to allow firefox to install and run studies, that's just a way of letting firefox automatically install this xpi."
In that case I am wondering why Mozila didn't provide a direct link...it would have been faster. Maybe there is another reason to ask us to run studies...wondering.
in my case I had to copy the link and paste into a fresh tab as clicking actually caused firefox (nightly) to block the install with a message: "news.ycombinator.com - Nightly prevented this site from asking you to intsall software on your computer"
Doesn't work for me. Not sure if a user.js alteration is blocking the fix or what...but I don't want to (even temp) remove it and I certainly don't feel like going through all those prefs to figure out the issue.
66.0.3 (64-bit) osx 10.9.5
i only managed to change the status of devtools.chrome.enabled can only be 'modified' instead of default, not sure how you 'enable' it? new to this :)
clicking or copy pasting the link gives me the error msg too
"modified" should be fine as that would put it at "true" meaning that it's enabled. I then copy/paste the link and the fix add-on says that it's installed. however, ctrl-shift-j browser console displays:
"""WebExtensions: failed to add new intermediate certificate:"""
Not sure what would be causing a connection failure. I just verified that the link is still up for me, and obviously you have an internet connection if you're replying to me.
You're not behind a firewall that might be blocking it are you? E.g. being in China?
Hey doop, replying to you here since your post is showing up as dead so I can't reply to it.
If you installed the xpi you shouldn't need to do anything in the browser console, and your addons should have come back. Obviously the latter didn't happen.
Chances are a connection failure in the browser console is unrelated, the browser console is basically constantly spewing error messages, you should just ignore them unless they are in response to something you did.
All I can really suggest over the internet is to try reinstalling your addons - that might work - in which case I would assume they just got uninstalled somehow. If it doesn't I'm not sure what to suggest, and I can't realistically debug something too complex over HN comments. You might just have to wait for mozilla to publish an update to the browser that fixes this properly.
I do want to emphasize that I'm just some dude on the internet being helpful by the way, not associated with Mozilla or anything.
Edit: Just saw this error message you also posted: """WebExtensions: failed to add new intermediate certificate:"""
That sounds like an issue that happened when installing the .xpi? Did it give any other related debugging information?
FF shows the fix add-on as being installed with the standard pop-up notifications in the menu bar. However, in the browser console, I only see the error msgs that I've listed in my other posts.
I click the link. I click "Add", and Mozilla says addon could not be downloaded due to connection failure. Nothing appears in browser console.
Downloading an addon gives me "Download failed. Please check your connection." on the Addons site. In console, I get:
Events to handle the installation initialized. BigInteger.js:27
[GA: OFF] sendEvent {"hitType":"event","eventCategory":"AMO Addon Installs Download Failed","eventAction":"addon","eventLabel":"uBlock Origin"} BigInteger.js:27
Error:
In the studies, I have https://i.imgur.com/fqrd5Jo.png. I enabled it, and have tried setting both first run, and the update interval is set to 21 (to try and force it to update it quickly).
OK, so... I right clicked, saved-as and then ran the XPI... and that worked. So thank you for that suggestion.
As for the studies image, that's only half of the fix according to the blog post [1], mine is only verification-timestamp, not signing-intermediate-bug.
Hey, I think so (but I didn't go that route), now you either need to wait or use one of the tricks to cause it to update right away.
If I was you I would ignore Mozilla's advice to do it their way and do what I suggested above, of just clicking on the .xpi link and disabling shield studies. It will act immediately, which will give you a better idea of whether or not it will actually work with 58.0.2. I'm not sure it will (I suspect it won't in fact).
"""Error while detaching the browsing context target front: Connection closed, pending request to server1.conn0.parentProcessTarget1, type detach failed..."""
Applying the fix via the link above, will anything need to be done after this is all resolved. Example will this fix need removed or any settings it may edit be restored in about:config?
Not really, you could uninstall the .xpi but it's just a matter of "cleanliness", hoping someone replies with a better method, but I replied to this comment with one way: https://news.ycombinator.com/item?id=19827428
Worked for me, awesome! Now only question left is why this isn't mentioned in the blog post as fix for the no-studies people like me... Everybody put on your tinfoil hats.
Honestly, I suspect to minimize the support load, see how many questions I got here as just a dude suggesting it unofficially that no one should really trust? It's fine at HN scale, but it's probably not fine at Mozilla scale.
They'd rather that the people who are having issues with it just wait for a new build than waste engineering time. Probably rightly so.
The reason I don't want to upgrade is because I don't want to lose all my legacy addons, a lot of them dissapeared and there are no alternatives. I can't understand how Mozilla can break my browser remotely and force me tu upgrade to a more restricted browser...
Mozilla didn't really "break your browser remotely", it's more like there was a time bomb included that just went off.
If you try hard enough you can probably fix your browser, unpack the .xpi (it's just a zip), look at the source in experiments/skeleton, and try to figure out how to run something similar in the browser console.
But I really can't recommend doing this, I appreciate it's painful, but what you're running right now is massively insecure, there are published exploits. You're just asking for viruses by interacting with the internet using something that old.
I'm running Firefox 56 and installed this fix yesterday, but it does nothing for me.
Is there a way to fix this that works on older versions.
Updating the browser isn't an option because I've legacy addons running that I can't work without.
Have you tried reinstalling the addons? I know it's less than ideal, but on one of my installs firefox had decided to uninstall the addons after disabling them (I think because it updated firefox version after disabling them). If it did that I don't think there is any way to get them back short of reinstalling.
Yes, I installed the .xpi file, firefox still says my extensions are unsupported/unverified.
Reinstalling seems to work, but there are certain extensions that have data I do not want to lose. For example, if I reinstall ubock origin, I will lose all of my dynamic filtering rules.
Possibly you just need to force it to reverify again. If this is still the state of things try setting `app.update.lastUpdateTime.xpi-signature-verification` to 0 in about:config, and then restarting your browser.
But no guarantees. Do you have reason to believe the addons are still installed?
Yep, you're all good. I'm surprised it let you remove the fix from about:addons but I wouldn't worry about it.
That value resetting is expected, it's the time when Firefox thinks it last checked signatures, it resetting just means this convinced it to recheck as intended.
Maybe you pasted it in the wrong console? You need the 'browser console' which is different from the one you open on random webpages.
Go to "about:config" (in the url bar), search for and enable devtools.chrome.enabled, then hit ctrl-shift-j (or you can open it from Menu -> Web Developer -> Browser Console).
Ha! That did the trick! Though it gave me these cryptic errors the add-ons are now enabled, thanks!
TypeError: setting is undefined[Learn More] ExtensionPreferencesManager.jsm:90:7
No matching message handler for the given recipient.
MessageChannel.jsm:924
1556983316679 addons.xpi-utils WARN Add-on fxmonitor@mozilla.org is not correctly signed.
Edit: another weirdness: i decided to take a look at a different computer (unrelated to this one, at work via remote desktop) which is running exactly the same FF and Windows and all add-on are enabled. it's on 24x7; i didn't do anything to it.
As for your other weirdness. Signatures are only checked once every 24 hours, and it's only been 20 since the cert expired, your other computer probably just hasn't re-verified the signatures yet. You can find some comments here about how to delay it if you want.
That's an expected error, it has to do with how that addon (which is non critical but published by mozilla and really just a part of firefox) is installed, once mozilla publishes a new version of firefox with an updated signing key it should fix itself.
Well, uh, one way is to try and install it in firefox.
Assuming you meant without installing it in firefox, I don't quite know. You're going to need to find mozilla's public keys somewhere (maybe just extract them from firefox), unpack the xpi (it's just a zip file with a different extension) and find the signature contained within, and then figure out how to verify it.
It was for me, literally just had to click on the link, and then "Ok" on the "do you want to install this" dialogue that popped up. Not sure if firefox beta would be different.
Confirmed working with 66.0.3 (64-bit) on macOS 10.14.4 (18E226). After installation all plugins immediately came back.
This should really be one of the official ways to apply the patch instead of only telling users "it can take up to 6 hours for the fix to be installed" after enabling Shield studies. I can only imagine what kind of havoc this creates in businesses using Firefox working weekends.
Hi, you're shadow-banned and this comment, which seems alright, was only visible to people who are 'showdead'.
This is not the case anymore that I have vouched for it. But, all of the comments you make in the future, and (I'm guessing here) a lot of the comments you have made, cannot be seen by normal visitors, and are greyed out and delisted to people with 'showdead' enabled.
In your case, a lot of your comments are good and make fair points, I think (I only did a quick scan down your comments page). It might be worth for you to contact `dang` or one of the other administrators to see if they would remove the shadow-ban in your case.
Hi 'semenguzzler', as the person pointed out. The extension in question has been signed by firefox. If firefox accepted unsigned or badly-signed addons, then the problems with extensions would not exist in the first place.
I can confirm this on Ubuntu 19.04 with Firefox 66.0.3. Changing xpinstall.signatures.required from the default 'True' to 'False' resulted in addons working again.
I wonder how long until the "security vultures" come upon this workaround and stop it from working... would be ironic if that happened sooner than the expired cert getting fixed.
Seems unlikely. If you’re willing and able to run code like the above, sourced from a random comment on the Internet, there’s no amount of security vulture that’s going to protect you from skillfully making your Internet experience unsafe for yourself.
Isn't that how most programming, security or not, works these days anyway?
Joe Random Developer googles for a problem, hits SO, tries a couple of the different proposed snippets and keeps the one that happens to work. (For given values of "work".)
This would be a great spot to end the post with a "</snark>", but sadly that'd be lying. Up until ~2 years ago the most common solution to requests between different subdomains subdomains failing was... "just use CORS: *"
More dangerous than copypasting code from SO is using some 0.0.1alpha library you found on Github/crates.io/npm... At least with the copypaste snippet you had a cursory look at the implementation.
I believe the Mozilla Observatory has given CORS: * a -50 score penalty since the day it launched, precisely because of how horrifically dangerous that advice is.
It doesn't stop them from trying, however, and severely damaging the experience of users who do know what they're doing. They even invented the term "self-XSS" and contributed to the decline of JS "bookmarklets".
Open the browser console by hitting ctrl-shift-j
Copy and paste the following code, hit enter. Until mozilla fixes the problem you will need to redo this once every 24 hours:
Edit: Cleanup up code slightly...