| View previous topic :: View next topic |
| Author |
Message |
Kurmis
n00b
Joined: 04 Jun 2010
Posts: 47
Location: LV
|
 Posted: Fri Mar 21, 2025 1:20 pm Post subject: 2025-03-15 expired FireFox root certificate |
 |
|
Good day, experts.
On ≈15years olde 64bit laptop i am still using gentoo(studio) from year 2021.
Actually everything i need still worked until 2025-03-14.
From 2025-03-15 expired root certificate for my firefox,
and from this date all FF extensions stopped to work.
| Code: | [I] www-client/firefox
Available versions:
(esr) 102.8.0 |
I have some more laptops/PCs with windows10, ubuntu 24.04 LTS , Gentoo-2025
and different browsers installed : firefox, edge, opera, chrome, brave ...
What is easiest way to install/get ONLY new certificate for FF 102.8 without emerge --sync && emerge @world ?
Can i simply copy(rewrite) some FF files from Gentoo-2025, ubuntu (or even windoze) to gentoo-2021 ?
Must it work this way ?
Thanks in advance @ all. |
|
| Back to top |
|
 |
rab0171610
Guru
Joined: 24 Dec 2022
Posts: 492
|
| Posted: Fri Mar 21, 2025 2:03 pm Post subject: |
|
|
I am not affected as I use the latest version. I was wondering the same thing -- whether the new certificate could be imported into FF and replace the old, expired one. My understanding is that FF uses hard coded internal CA/certificate for security, so that it cannot be manipulated. I believe from reading discussions online that it is hard coded into the binary. I assume if you build from source you might be able to fork and patch your own version with a different certificate but I don't know for that for certain.
https://news.slashdot.org/story/25/03/11/1446251/firefox-certificate-expiration-threatens-add-ons-streaming-on-march-14 |
|
| Back to top |
|
|
Kurmis
n00b
Joined: 04 Jun 2010
Posts: 47
Location: LV
|
| Posted: Fri Mar 21, 2025 2:36 pm Post subject: |
|
|
On my gentoo-2025 fresh FF also is not affected.
Assumed tha certificate(s) is hardcoded.
How to re-hardcode new certificate ?
Can it be done this way : ?
| Code: | ebuild /var/db/pkg/www-client/firefox-102.8.0/firefox-102.8.0.ebuild unpack
ebuild /var/db/pkg/www-client/firefox-102.8.0/firefox-102.8.0.ebuild configure |
?? Now copy what exactly to where ??
After replacing continue compiling: | Code: | ebuild /var/db/pkg/www-client/firefox-102.8.0/firefox-102.8.0.ebuild compile
ebuild /var/db/pkg/www-client/firefox-102.8.0/firefox-102.8.0.ebuild install
ebuild /var/db/pkg/www-client/firefox-102.8.0/firefox-102.8.0.ebuild merge |
|
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 55041
Location: 56N 3W
|
| Posted: Fri Mar 21, 2025 5:46 pm Post subject: |
|
|
Or make a patch to go into /etc/portage/patches/...
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
|
Networking & Security
