為了改善您的使用體驗,本網站正在進行維護,部分功能暫時無法使用。若本站的文件無法解決您的問題,想要向社群發問的話,請到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 發問,我們的社群成員將很快會回覆您的疑問。

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

The extensions hotfix was not applied yesterday. How can I manually apply it?

  • 12 回覆
  • 2 有這個問題
  • 4 次檢視
  • 最近回覆由 soylentplaid

more options

Hi folks,

I enabled Studies last night to get the certificate hotfix, and it hasn't appeared in my list. The studies I currently have are:

(Active) prefflip-push-performance-1491171

(Completed) hotfix-reset-xpi-verification-timestamp-1548973 pref-flip-screenshots-release-1369150

hotfix-update-xpi-signing-intermediate-bug-1548973 hasn't appeared on my list. Is there a way to force Firefox to check the active studies? If not, is there a place to manually get the certificate from an official source? Should I reinstall Firefox?

Hi folks, I enabled Studies last night to get the certificate hotfix, and it hasn't appeared in my list. The studies I currently have are: (Active) prefflip-push-performance-1491171 (Completed) hotfix-reset-xpi-verification-timestamp-1548973 pref-flip-screenshots-release-1369150 hotfix-update-xpi-signing-intermediate-bug-1548973 hasn't appeared on my list. Is there a way to force Firefox to check the active studies? If not, is there a place to manually get the certificate from an official source? Should I reinstall Firefox?

被選擇的解決方法

i *think* right-clicking and resetting the "app.normandy.first_run" preference in about:config and restarting the browser might be a way to trigger a check.

從原來的回覆中察看解決方案 👍 1

所有回覆 (12)

more options

hi soylentplaid, most of the users we're seeing at this point where the hotfix didn't apply yet are using security software that's intercepting secure connections (commonly avast/avg, kaspersky, bitdefender and eset), this might prevent the hotfix from applying unfortunately.

if this is applicable to your system as well, as a workaround you could try disabling ssl-scanning in your security software or else wait until mozilla releases a general update to firefox 66.0.4 fixing the matter...

more options

I just need to clarify: In order to receive a security update (to fix a broken certificate) to re-enable add-ons that I consider essential for the security of my browser, I have to disable my antivirus? Doesn't that seem a little extreme to you?

more options

hi, i am not saying you should deactivate your antivirus altogether - you *can* disable this one feature of your antivirus, which is quite questionable in the first place and often leads to more harm than good & a greater attack surface.

references: http://www.cbc.ca/news/technology/antivirus-software-1.3668746 https://blog.vpn.ac/disable-https-scanning.html https://jhalderm.com/pub/papers/interception-ndss17.pdf https://www.pcworld.com/article/3154608/https-scanning-in-kaspersky-antivirus-exposed-users-to-mitm-attacks.html (there are many more of those, but i don't have time to dig them up at the moment)

more options

Well, I've gone ahead and disabled SSL checking in Kaspersky (probably for the best if what I'm reading is correct). Is there a way to force another check, or will that happen sometime over the next X hours?

more options

選擇的解決方法

i *think* right-clicking and resetting the "app.normandy.first_run" preference in about:config and restarting the browser might be a way to trigger a check.

more options

And so it is! (*much rejoicing*)

It's definitely good that you guys were on the problem quickly, although not letting the cert expire would have been better. As feedback, I'll say that using the Studies mechanism to push a hotfix is a bad look (forcing the browser to collect data) and this whole process was a lot more fragile than it needed to be.

Applying the hotfix, for me, involved diving into settings, enabling data collection, waiting and searching for about a day with no feedback as to why it wasn't working, disabling SSL interception in my anti-virus (and restarting my computer), setting app.normandy.first_run to true, then restarting my browser.

I believe in Firefox and Mozilla's mission, I really do. I intend to keep using it. But this sort of screw-up will make people switch to Chrome, and they'd be completely justified in doing so. You really need to be far more diligent about your certificates.

more options

oh great, thanks for reporting back & sorry for all the hassle this was causing!

you can be sure that after this whole incident is dealt with, there will be a diligent post mortem and review of actions that need to be taken at mozilla, so something like this is not gonna happen again.

more options

soylentplaid said

I believe in Firefox and Mozilla's mission, I really do. I intend to keep using it. But this sort of screw-up will make people switch to Chrome, and they'd be completely justified in doing so. You really need to be far more diligent about your certificates.

This was caused by an unforeseen technical problem …..

more options

My Kaspersky doesn't list a SSL thing.When is the fix coming

philipp said

hi, i am not saying you should deactivate your antivirus altogether - you *can* disable this one feature of your antivirus, which is quite questionable in the first place and often leads to more harm than good & a greater attack surface. references: http://www.cbc.ca/news/technology/antivirus-software-1.3668746 https://blog.vpn.ac/disable-https-scanning.html https://jhalderm.com/pub/papers/interception-ndss17.pdf https://www.pcworld.com/article/3154608/https-scanning-in-kaspersky-antivirus-exposed-users-to-mitm-attacks.html (there are many more of those, but i don't have time to dig them up at the moment)
more options

Firefox 66.0.4 was just released for both desktop Firefox and Android Firefox, which should fix the expired certificate problem. An updated Firefox 60 ESR (60.6.2esr) was also released.

Sometimes the auto-updater doesn't see an update right away, either because it isn't scheduled to check yet or when you click Check for Updates, because the server is limiting the rate of installations "just in case" it creates a new problem.

At some point, we should get the 66.0.4 and 60.6.2esr full installers through the usual pages, but I currently get the older version:

more options

You could try opening Help > About Firefox and see it tells you that Firefox 66.0.4 is available and to Update Now.

I just tried that and was able to update to 66.0.4 .

more options

Just finished updating. Thanks for jumping on this issue everyone, it's been a weird couple of days in browser-land.