Bug 1549078 Comment 36 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

Original comment by
on 
(In reply to c borghi from comment #29)

> (In reply to sjw from comment #9)
> 
> > (In reply to cacilie from comment #8)
> > 
> > > Is this a reasonable way to apply the hotfix?: https://github.com/NixOS/nixpkgs/issues/60916 (without enabling studies)
> > 
> > On your own risk, you can download it manually:
> > `hxxps://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate@mozilla.com-1.0.2-signed.xpi`
> 
> As far as I can tell, the XPI mentioned in the NixOS fix injects the correct intermediate certificate in Firefox.  I extracted the DER from the XPI and imported it in my Firefox *ESR* certificate store.  Now addons can be installed again, and they work.
> 
> I believe that by publishing that certificate at some trusted url (owned by Mozilla) and telling ESR users how to import it would solve the problem for many people, without waiting for studies and the like.


The source of this url is https://normandy.cdn.mozilla.net/api/v1/recipe/signed/, which is the default url set in `app.normandy.api_url`. The extension is also signed by Mozila. However, a new release is scheduled in bug 1549061.
Revision 1 by
on 
(In reply to c borghi from comment #29)

> As far as I can tell, the XPI mentioned in the NixOS fix injects the correct intermediate certificate in Firefox.  I extracted the DER from the XPI and imported it in my Firefox *ESR* certificate store.  Now addons can be installed again, and they work.
> 
> I believe that by publishing that certificate at some trusted url (owned by Mozilla) and telling ESR users how to import it would solve the problem for many people, without waiting for studies and the like.


The source of this url is https://normandy.cdn.mozilla.net/api/v1/recipe/signed/, which is the default url set in `app.normandy.api_url`. The extension is also signed by Mozila. However, a new release is scheduled in bug 1549061.


Edit:
> There are a number of work-arounds being discussed in the community. These are not recommended as they may conflict with fixes we are deploying. We’ll let you know when further updates are available that we recommend, and appreciate your patience. (May 4, 15:01 EST)
https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/

Back to Bug 1549078 Comment 36