Adding a Firefox add-on error to -dvm ?
60 views
Skip to first unread message
22...@tutamail.com
May 6, 2019, 1:58:48 PM5/6/19
to qubes-users
I used to be able to add "add-ons" to my -dvm's (e.g. HHTPS Everywhere, No Script, etc...). I would periodically update these add-ons in the -dvm.
Recently I noticed an add-on needed update and when I went to update it, it says it was no longer compatible? I knew enough to start the -dvm using gnome->terminal->firefox in -dvm however this time it didn't allow me to update the add-on?
Not sure this is a security enhancement with a recent update but any feedback would be appreciated...I hate running scripts on random webpages...
Thx rip22...
Daniel Allcock
May 6, 2019, 2:37:12 PM5/6/19
to qubes...@googlegroups.com, 22...@tutamail.com
On Mon, 6 May 2019 10:58:47 -0700 (PDT)
22...@tutamail.com wrote:
> Recently I noticed an add-on needed update and when I went to update
> it, it says it was no longer compatible? I knew enough to start the
> -dvm using gnome->terminal->firefox in -dvm however this time it
> didn't allow me to update the add-on?
Perhaps this is a side effect of firefox's recent (last day or two)
22...@tutamail.com wrote:
> Recently I noticed an add-on needed update and when I went to update
> it, it says it was no longer compatible? I knew enough to start the
> -dvm using gnome->terminal->firefox in -dvm however this time it
> didn't allow me to update the add-on?
failure to update some key, leading everyone's firefox's to reject all
addons? google this and you will find tons of people complaining.
You can circumvent this by disabling signing altogether (!?!).
Obviously it's ridiculous for me to suggest this on the qubes list; you
should not install unsigned updates. But I was fine doing this for
my already-installed addons, whose signatures had been checked before.
Once they come up with a fix, I will turn signing back on and then
update.
(What worked for me was to set xpinstall.signatures.required to false
in about:config. Apparently this setting is only available on dev
builds, which the stock Fedora firefox seems to be.)
Best,
Daniel
haaber
May 6, 2019, 9:32:28 PM5/6/19
to qubes...@googlegroups.com
> On Mon, 6 May 2019 10:58:47 -0700 (PDT)
> 22...@tutamail.com wrote:
>
>> Recently I noticed an add-on needed update and when I went to update
>> it, it says it was no longer compatible? I knew enough to start the
>> -dvm using gnome->terminal->firefox in -dvm however this time it
>> didn't allow me to update the add-on?
>
> Perhaps this is a side effect of firefox's recent (last day or two)
> failure to update some key, leading everyone's firefox's to reject all
> addons? google this and you will find tons of people complaining.
> You can circumvent this by disabling signing altogether (!?!).
> Obviously it's ridiculous for me to suggest this on the qubes list; you
> should not install unsigned updates. But I was fine doing this for
> my already-installed addons, whose signatures had been checked before.
> Once they come up with a fix, I will turn signing back on and then
> update.
The update is through on debian (called firefox 60.6.2-esr), android
> 22...@tutamail.com wrote:
>
>> Recently I noticed an add-on needed update and when I went to update
>> it, it says it was no longer compatible? I knew enough to start the
>> -dvm using gnome->terminal->firefox in -dvm however this time it
>> didn't allow me to update the add-on?
>
> Perhaps this is a side effect of firefox's recent (last day or two)
> failure to update some key, leading everyone's firefox's to reject all
> addons? google this and you will find tons of people complaining.
> You can circumvent this by disabling signing altogether (!?!).
> Obviously it's ridiculous for me to suggest this on the qubes list; you
> should not install unsigned updates. But I was fine doing this for
> my already-installed addons, whose signatures had been checked before.
> Once they come up with a fix, I will turn signing back on and then
> update.
(different version number) and I guess also on fedora (but I have no
fedora anymore, so I cannot tell you. Just update all of your templateVMs.
Jon deps
May 7, 2019, 3:33:27 AM5/7/19
to qubes...@googlegroups.com
pretty lame FF is calling it a bug, when apparently it was them
forgetting to update their middleman certificates or so
found out chromium is much faster anyway :(
Jon deps
May 7, 2019, 3:35:30 AM5/7/19
to qubes...@googlegroups.com
On 5/7/19 1:32 AM, haaber wrote:
user@debian-9-1:~$ sudo apt-get install firefox-esr
Reading package lists... Done
Building dependency tree
Reading state information... Done
firefox-esr is already the newest version (60.6.1esr-1~deb9u1).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
awokd
May 8, 2019, 2:32:24 AM5/8/19
to qubes...@googlegroups.com
>>> 22rip-2xk3N/kkaK1Wk0Htik3J/w...@public.gmane.org wrote:
>>>
>>>> Recently I noticed an add-on needed update and when I went to update
>>>> it, it says it was no longer compatible? I knew enough to start the
>>>> -dvm using gnome->terminal->firefox in -dvm however this time it
>>>> didn't allow me to update the add-on?
The new Tor Browser package with updated certificate and working addons
>>>
>>>> Recently I noticed an add-on needed update and when I went to update
>>>> it, it says it was no longer compatible? I knew enough to start the
>>>> -dvm using gnome->terminal->firefox in -dvm however this time it
>>>> didn't allow me to update the add-on?
is out. Use update-torbrowser in your whonix-ws template to upgrade to
8.0.9.
Jon deps
May 9, 2019, 8:32:32 PM5/9/19
to qubes...@googlegroups.com
certifcate bug fix ?
awokd
May 9, 2019, 9:17:28 PM5/9/19
to Jon deps, qubes...@googlegroups.com
Jon deps:
Looks like it's coming in 60.6.2esr-1~deb9u1, which is in
stretch-updates, but not stable.
If you can't wait for it, then in your Debian template(s):
sudo su
nano /etc/apt/sources.list
Add this line:
deb https://deb.debian.org/debian stretch-updates main contrib non-free
ctrl-x, y to save
apt update
apt install firefox-esr
nano /etc/apt/sources.list
Remove this line:
deb https://deb.debian.org/debian stretch-updates main contrib non-free
ctrl-x, y to save
stretch-updates, but not stable.
If you can't wait for it, then in your Debian template(s):
sudo su
nano /etc/apt/sources.list
Add this line:
deb https://deb.debian.org/debian stretch-updates main contrib non-free
ctrl-x, y to save
apt update
apt install firefox-esr
nano /etc/apt/sources.list
Remove this line:
deb https://deb.debian.org/debian stretch-updates main contrib non-free
ctrl-x, y to save
Daniil Travnikov
May 14, 2019, 8:46:19 AM5/14/19
to qubes-users
I think it could be a problem which created by Mozilla:
https://blog.torproject.org/noscript-temporarily-disabled-tor-browser
You could try to do this:
1. Open the address about:config in the Firefox Browser address bar
2. At the top of the page, search for xpinstall.signatures.required
3. Set the xpinstall.signatures.requiredentry to false by double clicking it
john s.
May 15, 2019, 5:37:59 AM5/15/19
to awokd, qubes...@googlegroups.com
On 5/10/19 1:17 AM, awokd wrote:
> deb https://deb.debian.org/debian stretch-updates main contrib non-free
thanksforthereply,
> deb https://deb.debian.org/debian stretch-updates main contrib non-free
hmm just curious
in /etc/apt/sources.list there is this
deb https://deb.debian.org/debian-security stretch/updates main contrib
non-free
but that is not the same as
??
your solution worked am just curious if my sources.list was not
correct somehow ?
--
A895 0C7C A244 8E2E FD77 A3DB 180B 7D4D D158 F8B6
awokd
May 15, 2019, 7:46:09 AM5/15/19
to qubes...@googlegroups.com
john s.:
> in /etc/apt/sources.list there is this
>
> deb https://deb.debian.org/debian-security stretch/updates main contrib
> non-free
> but that is not the same as
> deb https://deb.debian.org/debian stretch-updates main contrib non-free
No, they are different. First is for high priority security updates.
Second is for proposed general updates- most of them will make it to
stable but not if there's a problem found with them in this stage. For
example, when I checked while responding to the above, there was also a
kernel update and some bind updates in there that hadn't yet been pushed
to stable.
> in /etc/apt/sources.list there is this
>
> deb https://deb.debian.org/debian-security stretch/updates main contrib
> non-free
> but that is not the same as
> deb https://deb.debian.org/debian stretch-updates main contrib non-free
Second is for proposed general updates- most of them will make it to
stable but not if there's a problem found with them in this stage. For
example, when I checked while responding to the above, there was also a
kernel update and some bind updates in there that hadn't yet been pushed
to stable.
Jon deps
May 15, 2019, 4:25:45 PM5/15/19
to qubes...@googlegroups.com
before I realized it was pulling them from the stretch-updates, then
removed that repo , hopefully, no harm done
thxagain
Reply all
Reply to author
Forward
0 new messages