Ship system add-on update to disable cert transparency for 52.*

RESOLVED FIXED

Status

()

Core
Security
RESOLVED FIXED
3 months ago
3 months ago

People

(Reporter: ritu, Assigned: rhelmer)

Tracking

52 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(3 attachments, 1 obsolete attachment)

(Reporter)

Description

3 months ago
While we have a fix for bug 1353216 on ESR52.1.0, 53+, we need to flip this pref on Release52 channel. The pref that needs to be turned off is "security.pki.certificate_transparency.mode".
(Reporter)

Updated

3 months ago
Assignee: nobody → rhelmer
(Assignee)

Comment 1

3 months ago
Created attachment 8858407 [details]
disable-cert-transparency@mozilla.org-1.0-UNSIGNED.xpi

Can you please sign this as a system add-on? Thanks!
Attachment #8858407 - Flags: feedback?(wezhou)
(Assignee)

Comment 2

3 months ago
Created attachment 8858408 [details] [review]
Disable certificate transparency for 52.*
Attachment #8858408 - Flags: review?(felipc)
Stefan, can your team please take a look at this on Monday? Thanks!
Flags: needinfo?(stefan.georgiev)
Attachment #8858408 - Flags: review?(felipc) → review+
Please NI me when this is signed, I'll get it on test.
(Assignee)

Comment 5

3 months ago
Created attachment 8858463 [details]
disable-cert-transparency@mozilla.org-1.0-UNSIGNED.xpi

Since we have some more time before QA, I fixed a typo. Please disregard the earlier signing request from this bug.

Can you please sign this as a system add-on? Thanks!
Attachment #8858407 - Attachment is obsolete: true
Attachment #8858407 - Flags: feedback?(wezhou)
Attachment #8858463 - Flags: feedback?(jthomas)

Comment 6

3 months ago
Created attachment 8858794 [details]
disable-cert-transparency@mozilla.org-1.0-SIGNED.xpi

Please see attached.

Updated

3 months ago
Attachment #8858463 - Flags: feedback?(jthomas)
(Assignee)

Comment 7

3 months ago
(In reply to Jason Thomas [:jason] from comment #6)
> Created attachment 8858794 [details]
> disable-cert-transparency@mozilla.org-1.0-SIGNED.xpi
> 
> Please see attached.

Thanks!

(In reply to Cory Price [:ckprice] from comment #4)
> Please NI me when this is signed, I'll get it on test.

Should be ready now.
Flags: needinfo?(cprice)
This is up on test for 52 release.
Flags: needinfo?(cprice)

Comment 9

3 months ago
We have tested the signed xpi and everything is working fine on all tested versions.
We covered Windows 7/10, Ubuntu 16.04 and Mac OS X 10.11 on Release 52,Release 51 and Beta 53 channels. 

On Release 52.0.2 and Beta 53.0b10 the xpi is installed and the pref is turned off (set to 0). After removing the xpi the pref is reverted to the old value (1).

On Release 51 the xpi can not be installed.
Flags: needinfo?(stefan.georgiev)
This has been deployed to release.
Summary: Ship system add-on update to flip a pref to mitigate bug 1353216 → Ship system add-on update to disable cert transparency for 52.*
(Assignee)

Updated

3 months ago
Status: NEW → RESOLVED
Last Resolved: 3 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.