I opened Tor Browser earlier and immediately got a yellow banner across the top saying that some of my addons had been disabled. NoScript, in this case.
I opened regular Firefox, and found that all of my addons were disabled, with no option to re-enable.
Note that I had updated neither Tor Browser or Firefox: apparently Pozilla's ability to remotely JUST your fucking addons is built in to the current versions of the browser.
>>3830 >Just use old versions
I'm using 60.6.1esr.
>and disable all javashit.
Duh.
You're missing the forest for the trees. Apparently mozilla can reach out and disable all add-ons, including ones you've already downloaded, with the flick of a switch. Even in Tor Browser, which is something you would hope they would guard against.
This will fix the problem (about:config):
xpinstall.signatures.required -> false
xpinstall.whitelist.required -> false
Alternatively, just block all mozilla IPs and domain names with a firewall or hosts file.
>>3833 From the comments on the bug report:
>In case it's not understood I'm seeing a rash of reports of this across mozilla and freenode IRC networks as well as reddit.
>Many people are very angry and it seems to be growing.
>We don't yet know how broadly affected the user base is.
>This seems like an urgent matter we want to get fixed as quickly as possible, at a high cost if necessary.
Firefox market share shrinking yet again in 3...2...1...
>>3834 >Alternatively, just block all mozilla IPs and domain names with a firewall or hosts file.
I don't think that will work. Apparently the problem is related to an expired intermediate cert. Guess they were too busy coddling wombmen and trannies to bother with mere technical frippery like that. The config change you suggested should work, though. But I'm going to wait for them to fix their shit.
>>3837 >Calling someone by the incorrect name can inadvertently expose their gender status. Exposing someone's trans status without permission can get them fired from their job, renounced by their family, or threatened by strangers.
>Calling someone by the incorrect name is an insult and belittling, even when done by accident or mis-design. You are delegitimizing that person.
lol.
Their ability to just fuck your shit up depends. I am not sure which it is but I have the addon which doesn't check to see if addons are compatible and use a derivative browser based on the 50 series if I am not incorrect and none of my addons were disabled.
Use Jdavabrav. It allow to disable/enable JS, change User-Agent, proxies for each tab. It's now in highly development and don't support FTP, opening files in external programms and bookmarks, it's for future. Also onethreaded, yes. I'm going to fix this someday.
>>3843 Probably not that many. But I foresee a few million people leaving Firefox for Chrom(e/ium). Pozilla fucked up BIG TMIE with this one, and they know it. Time will tell whether they double down on their tranny/feminist/faggot agenda or actually get back to the technology business.
I've low expectations for Mozilla at this point, and nothing really surprises me any longer. I am more concerned that this affected even Tor Browser users, and I hope TBB devs take this lesson to heart and do something about it.
>>3844 Google's just as bad. The only reason everyone uses the Gecko-based browsers is they're more customizable. Mass switching to Chrome is an even worse prospect because it creates a total monopoly.
>>3847 >>3849 it had a standardized user agent, but when they updated TBB to be in line with firefox, it ignored the custom user agent and sent the actual user agent instead and the devs said it wasn't a bug originally since it was so "trivial" to ascertain information via other methods anyway. This was about 6 months ago or less. I honestly don't know if it's been fixed.
Just tested in Tor Browser. The user agent is:
Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0
At some point I recoreded it and it was:
Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0
So they don't keep it the same thing forever because they're cucks. User agent and referer [sic] header shouldn't be a thing.
>>3861 >firecuck devs
>actual programmers
stfu reddit-spacing faggot
>>3865 yeah and this will go on forever until the web dies. they will literally never remove referer [sic] because then centralized webshit will die under load from people referring to their crap by <video> and <img> and they wont know who to sue
>>3866 You could've easily checked what LTS releases are, and, maybe, even realize what made version 52 to become version 60. Instead of this, you chose to remain dumb and continue writing inane comments.
Setting default referrer policy has been possible for two whole years, and more crude ways to conceal it have been available for many more. I doubt you are able to read and understand the documentation, though.
>NoScript could not be verified for use in Tor Browser and has been disabled.
So there is absolutely nothing protecting me from a JS+SVG chain exploit now?
>>3867 so you're saying there's actually no reason referer [sic] still exists and they're just retarded, while calling me a retard for not giving a shit about the release policy of the shittiest piece of code ever made, which has nothing to do with the problem at hand
>,,,,,
like i said, >>>/reddit/
>>3867 It doesn't matter whether sites break from removing user agent. They deserve to break. Literally the only reason browser devs care about compatability is marketing. Boo hoo some clickbait website will braek for a few days until they fix their shit. Ironically clickbait and corporate websites have webshitters working 10 hours a day and they will just fix the user agent depedency a day after firecuck removes it. The entire browser is just a bunch of compatability hacks and XSS mitigations which lead to more compatability hacks and more XSS mitigations to fix the previous two.
>>3843 Odds are glowniggers have taken over another cp forum and this was part of an operation to decloak users.
This is why people shouldn't mess with cp. One can trust mozilla and the tor project to an extent, but everyone has a price. Glowniggers have had over a decade to crack the egg. In a country like USA with repressive laws and imprisonment levels, one's life is at stake. Have fun with anonymity we can believe in but don't bet one's life on it.
>>3873 > so you're saying there's actually no reason referer [sic] still exists
What the hell is wrong with your reading comprehension? Referrers are widely used in legacy services, and as a secondary measure in modern ones, however, they are not secure. You could always remove them, either through browser settings or third party tools (I guess you are too young to remember local filtering proxies; some ad lists in ublock originated in that era). It broke some things, obviously. There's now a standard that allows users to control the default policy, and websites to request referrer support on their domain(s) without any rewrites of existing code. It might break something, but you can rightfully nag that the fix is one line in server configuration.
If you haven't researched any of that in years, then you're not as bothered as you pretend to be. In any case, when people discuss privacy issues on the Web, they talk about surveillance of every Google service or Cloudflare, that's quite a different scale from just a referrer a web server sees.
>>3874 Yes, web browsers have not been constructed on a skeleton concept of auditing and controlling every piece of information they exchange with connected systems.
>>3892 >Setting default referrer policy has been possible for two whole years
What are you even talking about? network.http.sendRefererHeader has existed forever
>you are too young
I'm too old to have ever given a fuck about the umatrix. I stopped using browser plugins in 2005. If I have to use firefug I use it like a white man.
network.cookie.cookieBehavior;2
network.http.sendRefererHeader;0
javascript.enabled;false
dom.popup_allowed_events;
You're stupid fucking ass thinks it's a good idea to rely on a shitty plugin and all that it entails (is the plugin trustworthy? is the plugin stable? does the browser API make the plugin have bugs because it's a piece of shit written by retards? Is all of the above true and both devs involved are retards? do they drag down perf even more than god forsaken firefox already does - who knows since firefox is already slow as possible in the first place. Does the plugin cause XSS vulns? In fact a lot of plugins caused RCE vulns because they executed webshit in a privileged context and had the usual vulns like XSS. That's one step away from having XSS directly in the OS, which is something you retards will apologize to once you make your entire OS GUI in html5/JS)
How did you deduce that I don't know about the compat issues with referer [sic] after I just wrote about them in >>3874 Since you're sooooo old, you probably used noscript too, merely to disable JS, and have no fucking idea what it actually does. Noscript rewrites pages to avoid XSS,CSRF,etc vulnerabilities. Also from time to time it has introduced more vulns in the process - typical webshit.
>hurr durr you don't understand manuals
>wahhhhhh
>you don't understand my shitty idiom {LTS, latest shitty web API} you don't understand computing
NO. YOU don't understand ANYTHING. You webshitters need to all get deported. I don't get off to memorizing the latest web API or bullshit like CSP. I don't feel proud of myself because I learned a new API that does the exact same thing as the previous APIs created yearly for the last 20 years. I program DSP, network protocols, crypto, a PL. I'm a software engineer, not a webshitter. I don't use web banking (holy fuck how is this actually a thing). I don't rely on the web. It's for browsing static documents and even that it does horribly.
>and websites to request referrer support on their domain(s) without any rewrites of existing code
LOL OF COURSE THIS IS A THING. You have fucking brain damage if you think this is good. You webshitters will gladly add a new flag to fix any {security,privacy,compatability} issue anyone brings up, while half those issues are caused by previous shit added to "fix" such issues in the most copout way possible.
Ironically you're stupid fucking ass doesn't know how incompatible the web really is. A browser that's slightly out of date will not work with recaptcha. But I'm sure you also think it's acceptable to download an update every day for your piece of shit browser.
>Yes, web browsers have not been constructed on a skeleton concept of auditing and controlling every piece of information they exchange with connected systems.
Web browsers haven't been constructed period. User agent and referer [sic] matters because it affects the only real use case of the web which is static content. Links defaults to not sending referer, while your shitty browser created by the corporate cocksucking contest will NEVER fix either. Tor browser should have just removed user agent from the get go as it hardly breaks anything (Yes, cuckflare, the only big thing that would break, is dependent on user agent, but it only came to be so after whitelisting Tor after COMPLETELY BLOCKING IT for 8 years - if Tor removed user agent all along, the cuckflare whitelist would have just been no user agent). As usual the retards who pander to some vague compatability gains fucked everything up. I tried your fucking Firefox Quantum Rust blah whatever the fuck and downloads STILL get stuck at 0KB/s indefinitely and you can't cancel them. You fucking retards run circles around yourselves making the most locally optimized compat hacks and the end result is your software continues to be an absolute piece of shit where simple fundamental operations do not even work. Literally 1000000x worse than UNIX braindamage.
>>3891 Also case in point on why you shouldn't rely on a plugin to disable JS
>Odds are glowniggers have taken over another cp forum and this was part of an operation to decloak users.
If you're being more careful and using something like Tor Browser to reduce your fingerprint....
First: Nobody will ever attack you on this. Nobody is going to analyze all your posting and construct a set of web sessions that appears to be correlated to you. Such attacks are outside the realm of webshit.
Second: If they did, they'd have a collection of 0days against every webshit browser anyway, since it's trivial to find them, and would just do some RCE on you
Instead, fucking set javascript.enabled;false like a non-retard. Of course given we're talking about firecuck/chrome here, it's entirely possible they'll just automatically turn JS back on one day without telling you, or have an exploit that does so.
>>3843 It would not surprise me if this occurrence was premeditated, in the sense that someone was paid a bunch of money to let it "accidentally" happen. The plausible deniability makes it a good candidate for such a thing.
>>3923 >wahhhh someone doesn't like it when software crashes for no reason when you spin the mouse in a circle
>post moar desktops XDDD
oh yeah i forgot this is /g/
>>3944 what happened, plugins were disabled for a few hours? and so what? noscript/umatrix was diabled? this is no different than the RCE vulns browsers have every day which take 10-20 years to patch instead.
I opened Tor Browser earlier and immediately got a yellow banner across the top saying that some of my addons had been disabled. NoScript, in this case.
I opened regular Firefox, and found that all of my addons were disabled, with no option to re-enable.
Note that I had updated neither Tor Browser or Firefox: apparently Pozilla's ability to remotely JUST your fucking addons is built in to the current versions of the browser.
https://www.reddit.com/r/firefox/comments/bkfg00/also_had_all_my_addons_disabled_and_cant/
Yeah, yeah, I know, reddit. But that's the only place I can find talking about it.