[ad_1]
The company has already explained that the mass inactivation of add-ons was due to the expiration of a signing certificate because it pushed updates and was encrypted to solve the problem in a weekend.
Now we have a lot more details about how the certificate may have expired and why it has affected people at different times.
Rescorla explains that Mozilla noticed the problem around 6 pm on Friday night, probably just as the technical team was preparing for the weekend. At this point, not all users were concerned because "the add-ons are checked approximately every 24 hours, the time of verification being different for each user". Once the installation of Firefox performed by a user, she discovered that the appropriate signing certificate had expired and disabled all the add-ons signed by it, which was most of them.
Rescorla gives a lot of details about the fixes that were considered and ultimately deployed, but the key question that a lot of Firefox will look for in its article is why it took so long.
First, the CTO reports that the team sent a fix "at 2:44 am, or after less than 9 hours, and then we had to wait 6 to 12 hours before most of our users received it." . "
He then explains in detail why the resolution of this problem is not as simple as it may seem, including the company's security protocol, which is a "good practice" but "a bit awkward if you want to issue a new one. certificate in case of emergency ".
Even now, Rescorla indicates that not all users have received a patch, including older version users. As noted in our previous article on this problem, some people have voluntarily opted for outdated versions for various reasons, often because an add-on had stopped being updated after this release or because it was not possible to update it. he used older operating systems.
Firefox declares that it can not offer a solution to these people and recommends instead to update them to a newer and more secure version of the browser.
Finally, the publication details some of the lessons learned from Firefox from the whole debacle, including better tracking of potentially urgent issues and a way to send urgent updates when the update system is not working.
In addition to saying that the company will release a summary report on the problem and its treatment next week, Rescorla responds to user complaints of slowness with the following comment:
"As a person who attended the meeting where it happened, I can say that people were working incredibly hard in a difficult situation and that very little time was lost."
You can find the full article on the Mozilla blog here. We think other browsers will read with interest.
[ad_2]
Source link