What really doesn't make sense about the expired cert is that it disables extensions that were already installed and in use.

Imagine if an apt signing key expired, and so it deleted every package on your system and killed all the processes.

Why would they design it to fail this way?


All I can guess is this triggered code that was supposed to run when a single extension is found to be malicious and so its signature would be revoked and you'd want it to disable it.

And they didn't consider that a cert failure higher in the chain would do this.

@joeyh That seems to be about the shape of it: check the signatures on extensions regularly to allow revocation, and as it turns out if something higher in that chain is invalid, the signature is invalid. (This isn't necessarily *bad*, as you might have good reason to revoke an intermediate cert as well, but obviously in this case it didn't go as one might like.)

My guess is so that a malicious virus/trojan-installed extension would not load successfully. e.g. a virus could install an extension in Firefox to keep reinstalling the virus, or to let it rum traffic through FF's process to evade antivirus, etcetera. If certs were only checked at install-time then a manual install could bypass cert checks. Being checked at runtime guarantees that what runs is what's trusted.

@joeyh I think it was intermediate certificate, so everytime the extension runs, or maybe everytime firefox starts, it checks the signatures of all extensions against their certificate. But since the respective certificates are signed by this intermediate certificate, the signature is only valid when all certs in the chain are valid. That's my guess. Why didn't they have any expiration warning or why this exact problem wasn't addressed when it happened 3 years ago, that's mystery

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!