1password for firefox 56.0 OSX High Sierra now says its corrupt
HI, im using FF 56.0 because of scrapbook, i refuse to upgrade because of this and yesterday my 1password addon started to flake and now i see i cant install it, says corrupt! just to be clear, i did down load it via safari but the same message appears happens when i drag it unto firefox
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @mamamia! Welcome to the forum!
Please see our official announcement here for the explanation and the solution.
0 -
@mamamia: the version of Firefox that you are using has nothing to do with this. This issue impacts every Firefox version, and every Firefox extension, not just 1Password.
This is the direct link to the Firefox bug report so you can read the technical details about what caused this.
0 -
@mamamia: You're correct. It wasn't caused by an update to Firefox, as the problem (as indicated in the Mozilla bug report Ana directed you to) is that one of their intermediate certificates expired. The only solution to that is an update to the browser. It's not something 3rd party developers have any control over, only Mozilla.
0 -
i and (430k) users of scrapbook cant update because because its not supported in new versions
That's something only Scrapbook can help you with.
I've no idea what Scrapbook is but it sounds like the website is no longer under active development which is a good reason to move away from it. Deprecated websites eventually pose a security risk.
Because of the incident with Firefox, and how security certificates work, this isn't going to be retrospectively fixed in older versions.
You'll need to speak with Scrapbook.
0 -
Put another way, security certificates are a critical part of how it's safe to use any of this stuff at all: they allow us to verify that what we're using is legitimate by seeing who's signed an app/extension/driver, who owns a website, etc. If they didn't expire, then one of the signing keys falling into the wrong hands would mean that there would be no recourse as far as requiring a new security certificate. That's why they expire. It's unfortunate that one link in the chain being overlooked can cause a lot of headaches for users, but the alternative is not being able to trust anything, and I think that would be a much bigger problem for all of us. The only way to continue to use outdated software indefinitely would be to disable security checks, and that's got much broader repercussions than one thing not working, so it's not something that could ever be responsibly recommended. Using an outdated web browser on the internet is unsafe, period.
0 -
Actually, outdated versions of Firefox are vulnerable to numerous known security issues, and the "legacy" add-ons themselves were a security risk because there was no mechanism to restrict their privileges: they could read or modify the data used by another extension or any file accessible to the user running Firefox, rather than running in the browser's sandbox. That's why they're gone now. Hope that helps clear things up. :)
0
