Closed ghost closed 13 years ago
I need to look into it further, but I think Mozilla have pinned one of their certificates into firefox (in later releases) for the auto update. As a such the convergence local CA signed cert doesn't match and it throws the someone is trying to "trick you into accepting an insecure update" error.
I suppose we could just pass through the encrypted data for the auto update domains in this case.
@ewanm89 If you can confirm that's true, then I agree that's a totally reasonable fix.
Yes, it's in about:config under app.update keys. Specifically, app.update.cert.requireBuiltIn set to true, and app.update.certs having a list of valid certs it checks against. We should moan at Mozilla for not having full fingerprint in there, unless they are actually storing it in NSS somewhere.
Now, mine has it registered to use aus3.mozilla.org for the update server, you all got the same (app.update.url)?
Can this be closed now?
Yeah, this is fixed in 8e5af24ae9ae4b25caf31469e557f9ccca0951fb
was that pushed out the convergence 0.05?
If convergence was enabled, Firefox 6.0.1 will report this version as the last one. If you disable convergence, Firefox will upgrade to 6.0.2.