Articles by Eric Rescorla
We've been conducting an ongoing post-mortem on the add-ons outage that occurred earlier this year. There was a lot more digging to do than we expected. In addition to this updated high-level overview, we've also published our findings in detailed incident and technical reports that are now available.
Recently, Firefox had an incident in which most add-ons stopped working. This was due to an error on our end: we let one of the certificates used to sign add-ons expire which had the effect of disabling the vast majority of add-ons. Now that we’ve fixed the problem for most users and most people’s add-ons are restored, I wanted to walk through the details of what happened, why, and how we repaired it.
Building a browser is hard; building a good browser inevitably requires gathering a lot of data to make sure that things that work in the lab works in the field. But as soon as you gather data, you have to make sure you protect user privacy. We’re always looking at ways to improve the security of our data collection, and lately we’ve been experimenting with a really cool technique called Prio.