Mozilla Firefox 66.0.4 :firefox: fixes certificate chain to re-enable web extensions:

– expired certificates resulted in disabled web extensions in Firefox and FF-based browsers like Tor Browser
– while some "security" experts recommended to temporarily disable signature checking, we recommend to never do so

@infosechandbook ok, but what about the Firefox for Android? there are no available updates on the Google Play Store.

@infosechandbook @rnickson firefox-esr 60.6.2 dropped in Debian Sid as well which fixes this mess; hopefully it will be in testing and stable very soon.

@infosechandbook @rnickson wonder how long it will take for Fenech to be updated as well

CC. @fdroidorg

even in the official tor browser blog they mentioned to disable signature check


Yes, we know. Sadly, the risks of disabling the checks are only discussed in the comment section.

@infosechandbook I have version 66.0.4, but my addons are still disabled. Probably some other setting is interferring. :/


On OpenBSD 6.5, update with:

$ doas env$(uname -r)/packages/$(arch -s)/ pkg_add -u firefox

* '''' is the repository of Landry ;)

#OpenBSD #Firefox

Sign in to participate in the conversation
Mastodon is a microblogging site that federates with most instances on the Fediverse.