Mozilla's mea culpa for breaking Firefox
Mozilla has issued an apology for the issue with its Firefox web browser which broke existing add-ons from working and prevented new ones from being installed.
The incident, which occurred earlier this month, has been traced to the expiration of a digital certificate used to sign add-ons. Mozilla CTO Eric Rescorla shared details of the gaffe in a blog post.
The expired certificate acted as an intermediate certificate for the digital signing process used to verify new add-ons or ensure add-ons loaded into Firefox are legitimate.
This meant that the vast majority of the more than 15,000 Firefox add-ons that are available stopped working, and the browser rejected attempts to install new add-ons due to the expired certificate. The effect was delayed because Firefox only checks add-ons about every 24 hours, and the time of these checks is different for each user.
Once Mozilla became aware of the issue, the company initially temporarily disabled signing of new add-ons, and pushed a hotfix designed to suppress re-validating the signatures on add-ons, in an attempt to prevent disruption for users who had not re-validated yet and encountered the issue.
As a more long-term solution, Mozilla developed a new certificate with the same subject name and public key as the old certificate, and then set about developing and pushing an update to Firefox to install the new certificate and force the browser to re-verify every add-on.
“We strive to make Firefox a great experience. Last weekend we failed, and we’re sorry,” new Mozilla Head of Engineering Joe Hildebrand said.
“You deserve a full accounting, but we didn’t want to wait until that process was complete to tell you what we knew so far. We let you down and what happened might have shaken your confidence in us a bit, but we hope that you’ll give us a chance to earn it back.”
Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.
The Australian Cyber Security Centre has released guidance into how organisations can limit the...
With months to go until the demise of Windows 7, Microsoft has introduced a free service aimed at...
The new supercomputer is set to be 10 times faster than the National Computational...