The currently available fix for Firefox doesn't work with ESR, but there's a temporary fix that works. At least, it's working for me: Go to about:config and set xpinstall.signatures.required to false. The Firefox folks say that a fix for ESR will be coming at some point, but at least this gets things working again in the short term. It's not clear to me if the fixed ESR (when available) will require a new Firefox rpm to be created and installed or if it's something that will just show up by magic and start working or if any steps will have to be taken to enable it. -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
> Am 04.05.2019 um 19:09 schrieb Frank Cox <theatre at sasktel.net>: > > The currently available fix for Firefox doesn't work with ESR, but there's a temporary fix that works. At least, it's working for me: > > Go to about:config and set xpinstall.signatures.required to false. > > The Firefox folks say that a fix for ESR will be coming at some point, but at least this gets things working again in the short term. > > It's not clear to me if the fixed ESR (when available) will require a new Firefox rpm to be created and installed or if it's something that will just show up by magic and start working or if any steps will have to be taken to enable it.There (Mozilla's) certificate expired, that is the reason. IMHO ignoring signatures checks is not the way to go. It opens a (small) attack window. -- LF
On Sat, 4 May 2019 19:20:02 +0200 Leon Fauster via CentOS wrote:> There (Mozilla's) certificate expired, that is the reason. IMHO ignoring > signatures checks is not the way to go. It opens a (small) attack window.I suppose you pick your poison. Your other choices are to use a different web browser (how much do you trust Google Chrome?) or use Firefox without any add-ons and accept the security risks that come with malvertising and unknown bits of javascript running on random websites. What disturbs me is that, regardless of intention, we see an embedded timebomb where after an arbitrary date your Firefox installation will stop working as expected. -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
Le 04/05/2019 ? 19:09, Frank Cox a ?crit :> The Firefox folks say that a fix for ESR will be coming at some > point, but at least this gets things working again in the short > term.uBlock Origin has been disabled on all our machines here, and all Firefox installations switched from french to english. Nice job, Mozilla. :o( -- Microlinux - Solutions informatiques durables 7, place de l'?glise - 30730 Montpezat Site : https://www.microlinux.fr Mail : info at microlinux.fr T?l. : 04 66 63 10 32 Mob. : 06 51 80 12 12
Hello Frank, On Sat, 4 May 2019 11:09:22 -0600 Frank Cox <theatre at sasktel.net> wrote:> The currently available fix for Firefox doesn't work with ESR, but there's a temporary fix that works. At least, it's working for me: > > Go to about:config and set xpinstall.signatures.required to false.[snip] And extensions.langpacks.signatures.required for language packs. Regards, -- wwp -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20190505/b513dc5d/attachment.sig>
On 05/05/2019 22:21, wwp wrote:> Hello Frank, > > > On Sat, 4 May 2019 11:09:22 -0600 Frank Cox <theatre at sasktel.net> wrote: > >> The currently available fix for Firefox doesn't work with ESR, but there's a temporary fix that works. At least, it's working for me: >> >> Go to about:config and set xpinstall.signatures.required to false. > [snip] > > And extensions.langpacks.signatures.required for language packs. > > > Regards, > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >Does anyone know what the latest on this is? Specifically can I reset the xpinstall.signatures.required? My machine is running C7 patched today. -- J Martin Rushton MBCS -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20190528/6721f1b3/attachment-0002.sig>