Closed Bug 1356676 Opened 4 years ago Closed 4 years ago

Ship system add-on update to disable cert transparency for 52.*

Categories

(Core :: Security, enhancement)

Product:
Core
Component:
Security
Version:
52 Branch
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: ritu, Assigned: rhelmer)

Details

Attachments

(3 files, 1 obsolete file)

Disable certificate transparency for 52.*
57 bytes, text/x-github-pull-request
Felipe
: review+
Details | Review
disable-cert-transparency@mozilla.org-1.0-UNSIGNED.xpi
1.32 KB, application/x-xpinstall
Details
disable-cert-transparency@mozilla.org-1.0-SIGNED.xpi
5.20 KB, application/x-xpinstall
Details 
While we have a fix for bug 1353216 on ESR52.1.0, 53+, we need to flip this pref on Release52 channel. The pref that needs to be turned off is "security.pki.certificate_transparency.mode".
Assignee: nobody → rhelmer
Can you please sign this as a system add-on? Thanks!
Attachment #8858407 - Flags: feedback?(wezhou)
Attachment #8858408 - Flags: review?(felipc)
Stefan, can your team please take a look at this on Monday? Thanks!
Flags: needinfo?(stefan.georgiev)
Attachment #8858408 - Flags: review?(felipc) → review+
Please NI me when this is signed, I'll get it on test.
Since we have some more time before QA, I fixed a typo. Please disregard the earlier signing request from this bug.

Can you please sign this as a system add-on? Thanks!
Attachment #8858407 - Attachment is obsolete: true
Attachment #8858407 - Flags: feedback?(wezhou)
Attachment #8858463 - Flags: feedback?(jthomas)
Attachment #8858463 - Flags: feedback?(jthomas)
(In reply to Jason Thomas [:jason] from comment #6)
> Created attachment 8858794 [details]
> disable-cert-transparency@mozilla.org-1.0-SIGNED.xpi
> 
> Please see attached.

Thanks!

(In reply to Cory Price [:ckprice] from comment #4)
> Please NI me when this is signed, I'll get it on test.

Should be ready now.
Flags: needinfo?(cprice)
This is up on test for 52 release.
Flags: needinfo?(cprice)
We have tested the signed xpi and everything is working fine on all tested versions.
We covered Windows 7/10, Ubuntu 16.04 and Mac OS X 10.11 on Release 52,Release 51 and Beta 53 channels. 

On Release 52.0.2 and Beta 53.0b10 the xpi is installed and the pref is turned off (set to 0). After removing the xpi the pref is reverted to the old value (1).

On Release 51 the xpi can not be installed.
Flags: needinfo?(stefan.georgiev)
This has been deployed to release.
Summary: Ship system add-on update to flip a pref to mitigate bug 1353216 → Ship system add-on update to disable cert transparency for 52.*
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.