Noscript got disabled

awokd · May 4, 2019, 1:31am

See Firefox deactivates NoScript...and calls it Legacy - InformAction Forums. Looks wide spread.

awokd · May 4, 2019, 1:42am

Looks like it’s more accurate to say one of Mozilla’s intermediate certs expired, which caused a lot of addons to get disabled including Noscript. https://bugzilla.mozilla.org/show_bug.cgi?id=1548973

HulaHoop · May 4, 2019, 3:10am

Please report to the Tor Project if seeing this in Tor Browser

micky · May 4, 2019, 3:51am

Happened to me too. In TorBrowser.

0brand · May 4, 2019, 9:20am

Its been reported.

torjunkie · May 5, 2019, 12:14am

Ah, that explains that clusterF (thought I was being targeted by the Eye of Sauron for the 50th time )

Since it completely disables NoScript in Tor Browser, which is a major issue, one (pretty unsafe) workaround in the interim for NoScript functionality:

about:config
change xpinstall.signatures.required to false

You’ll be warned that NoScript can’t be verified in the interim and to use cautiously yada yada, but that is better than a completely disabled, essential addon… pretty disappointing stuff from Mozilla as cert currency is pretty basic stuff.

Alternatively:

about:config
enable.javascript = true
change to
enable.javascript=false

Patrick · June 22, 2019, 8:11am

This was a nice demonstration how much power remote computers at Mozilla / certificate authories / whoever have over us. If they were to flip some buttons, XYZ happened at our local computers. Without even installing upgrades. Without anyone being aware and warning of this beforehand?

HulaHoop · June 22, 2019, 8:40pm

I don’t know how bad trusting firefox signing is compared to Debian packaged addons. The fact it has to be resigned regularly just makes it very brittle.