Your message dated Mon, 06 May 2019 11:03:56 -0400
with message-id <[email protected]>
and subject line Re: Bug#928509: Firefox insecure because of missing extensions
has caused the Debian Bug report #928509,
regarding Firefox insecure because of missing extensions
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
928509: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928509
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: firefox-esr
Version: 60.6.1esr-1~deb8u1
Justification: user security hole
Severity: grave
Tags: security
Hello Debian-Team,
this security bug shall show that Firefox is going to be more and more unusable
to be secure in the internet.
Today one of the most vulnerable things has happen, because all the
addons/extensions has gone,
and there is no No-Script and Ublock or other Tracking-Protection any more.
It is not possible to reinstall them!
There are several articles about this out there like
*
https://www.tenforums.com/browsers-email/131965-firefox-has-deleted-all-extensions-wont-reload-them.html
*
https://discourse.mozilla.org/t/fixed-certificate-issue-causing-add-ons-to-be-disabled-or-fail-to-install/39047/12
When there is no fix for the used Firefox-Version, then a new browser solution
is needed for Debian.
>From my point of view it's really a pity with the Mozilla Foundation.
Cheers
karsten
-- System Information:
Debian Release: 8.11
APT prefers oldstable
APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
On 2019-05-06 16:06:35, Karsten wrote:
> Am 06.05.19 um 15:51 schrieb Antoine Beaupré:
>> I am not sure I understand the problem you're trying to outline here.
>
> The problem is to be spammed with advertisement
> <https://www.dict.cc/englisch-deutsch/advertisement.html> and to have no
> No-Script.
> It's true that i didn't know that the package xul-ext-noscript exists, but
> this is only a part of the solution.
>
>> I would therefore argue that this effect is not necessarily a security
>> hole in itself and affects only "third-party" code not shipped in
>> Debian.
>
> I will argue that Firefox is not usable any more without this senseful
> "third-party" stuff.
Okay well, that's definitely a different bug report than "my extensions
stopped working" - it's more like "Firefox is unusable out of the
box". ;)
I'm not sure this warrants a separate bug in the Debian BTS. We can
track the problems with the extensions being disabled in that other bug,
so I'll close this one.
>> I would otherwise be curious to hear more about which problem you
>> specifically think 60.6.1 (the fixed version) actually still has that
>> needs to be address and, ideally, how that should be addressed.
(Actually, that's 60.6.2.)
> There are more and more problems like you can't use test automatization with
> this version.
> Everything really useful in Firefox is going more and more to be not usable
> any more.
>
> Is this the sense and target of the Mozilla Foundation?
I can't comment on the Mozilla foundation's objectives, of course.
>> Thank you for the bug report!
>
> Thank you for the quick answer!
>
> My hope is that the LTS maintainers can fix the problem.
> Thanks for the work on it.
I think it *will* get fixed in stretch in "a day or two", so I wouldn't
worry about it too much.
A.
--
The greatest tragedy in mankind's entire history may be the hijacking of
morality by religion.
- Arthur C. Clarke
--- End Message ---
