Hacker News new | past | comments | ask | show | jobs | submit login

Can't they remove it via a software update? I know they've removed add-one before.



From the blog article, note the last sentence in the quote below:

"Some other disinfection tools will remove Superfish from Windows, but not from Firefox. In order to ensure that these users are not vulnerable, we are deploying a hotfix today that detects whether Superfish has been removed, and if so, removes the Superfish root from Firefox. We do not remove the root certificate if the Superfish software is still installed, since that would prevent the user from accessing any HTTPS websites."


It's added as a root certificate in Windows, not directly in Firefox, so a bit different.


Firefox uses its own certificate store through its bundled NSS libraries, which was also targeted.


Thanks, my mistake, I think it would make sense to remove automatically in the case.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: