Package: firefox-esr
Version: 115.15.0esr-1
Severity: normal
X-Debbugs-Cc: [email protected]
Dear Maintainer,
I have a system that I have been upgrading over several Debian releases. Today
I reviewed the certificate authorities in Firefox and I saw that there are a
bunch of certificates installed in the "Software Security Device". In
particular the ones from thawte, Inc. caught my attention since I thought those
ones where revoked at some point.
My impression is that after firefox gets updated and a certificate authority
is no longer in the "builtin Object Token", the user configuration still keeps
the removed certificates from the system. In fact I inspected cert9.db and the
query "select id, a3 from nssPublic ;" gave a list of such old certificates
together with other certificates that I manually added.
Maybe the bug was there at some point and since then my cert9.db still
contains those. I cannot really confirm whether the behaviour persists in
newest versions of Firefox. What is certain is that the upgrade of the Firefox
packages over the years has leaked that those certificates from the system
configuration to the user one and persist now there.
-- Package-specific info:
-- Extensions information
Name: Add-ons Search Detection
Location: /usr/lib/firefox-esr/browser/omni.ja
Status: enabled
Name: Amazon.co.uk
Location: /usr/lib/firefox-esr/browser/omni.ja
Status: enabled
Name: Amazon.com
Location: /usr/lib/firefox-esr/browser/omni.ja
Status: enabled
Name: Bing
Location: /usr/lib/firefox-esr/browser/omni.ja
Status: enabled
Name: Bookmark Highlighter
Location: ${PROFILE_EXTENSIONS}/[email protected]
Status: enabled
Name: Dark theme
Location: /usr/lib/firefox-esr/browser/omni.ja
Status: user-disabled
Name: DuckDuckGo
Location: /usr/lib/firefox-esr/browser/omni.ja
Status: enabled
Name: Firefox Alpenglow theme
Location: /usr/lib/firefox-esr/browser/omni.ja
Status: user-disabled
Name: Firefox Screenshots
Location: /usr/lib/firefox-esr/browser/features/[email protected]
Status: enabled
Name: floccus bookmarks sync
Location: ${PROFILE_EXTENSIONS}/[email protected]
Status: enabled
Name: Form Autofill
Location: /usr/lib/firefox-esr/browser/features/[email protected]
Status: enabled
Name: Ghostery Tracker & Ad Blocker - Privacy AdBlock
Location: ${PROFILE_EXTENSIONS}/[email protected]
Status: enabled
Name: Google
-- Addons package information
-- System Information:
Debian Release: trixie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.10.6-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages firefox-esr depends on:
ii debianutils 5.20
ii fontconfig 2.15.0-1.1
ii libasound2t64 1.2.12-1
ii libatk1.0-0t64 2.53.1-2
ii libc6 2.40-2
ii libcairo-gobject2 1.18.2-1
ii libcairo2 1.18.2-1
ii libdbus-1-3 1.14.10-4+b1
ii libdbus-glib-1-2 0.112-3+b2
ii libevent-2.1-7t64 2.1.12-stable-10
ii libffi8 3.4.6-1
ii libfontconfig1 2.15.0-1.1
ii libfreetype6 2.13.3+dfsg-1
ii libgcc-s1 14.2.0-3
ii libgdk-pixbuf-2.0-0 2.42.12+dfsg-1
ii libglib2.0-0t64 2.82.0-1
ii libgtk-3-0t64 3.24.43-3
ii libnspr4 2:4.35-1.1+b1
ii libnss3 2:3.103-1
ii libpango-1.0-0 1.54.0+ds-2
ii libstdc++6 14.2.0-3
ii libvpx9 1.14.1-1
ii libx11-6 2:1.8.7-1+b1
ii libx11-xcb1 2:1.8.7-1+b1
ii libxcb-shm0 1.17.0-2
ii libxcb1 1.17.0-2
ii libxcomposite1 1:0.4.5-1+b1
ii libxdamage1 1:1.1.6-1+b1
ii libxext6 2:1.3.4-1+b1
ii libxfixes3 1:6.0.0-2+b1
ii libxrandr2 2:1.5.4-1
ii libxtst6 2:1.2.3-1.1+b1
ii procps 2:4.0.4-5
ii zlib1g 1:1.3.dfsg+really1.3.1-1
Versions of packages firefox-esr recommends:
ii libavcodec-extra57 7:3.2.14-1~deb9u1
ii libavcodec-extra58 [libavcodec58] 7:4.3.6-0+deb11u1
ii libavcodec-extra59 [libavcodec59] 7:5.1.5-0+deb12u1
ii libavcodec-extra60 [libavcodec60] 7:6.1.1-5+b1
Versions of packages firefox-esr suggests:
ii fonts-lmodern 2.005-1
pn fonts-stix | otf-stix <none>
ii libcanberra0 0.30-17
ii libgssapi-krb5-2 1.21.3-3
ii pulseaudio 16.1+dfsg1-5.1
-- no debconf information
