Reverted Legacy Crypto API has been disabled

Published: | Categories: Privacy & Security


The Netscape-derived legacy Crypto API implemented on window.crypto has been disabled, including enableSmartCardEvents and version properties as well as generateCRMFRequest, importUserCertificates, logout and signText methods. These features have never been standardized and therefore will be removed with Firefox 34, while the standard Web Crypto API has been actively implemented. See the MozillaWiki article for details.

Update: Feedbacks on Firefox 33 have revealed that various banks and government agencies are still using this legacy Crypto API, the crypto.signText method in particular. Therefore, Mozilla has decided to bring the API back with Firefox 34 and remove it again in the near future once a substitute Firefox extension is developed. Firefox 33 users can still re-enable the API by setting the dom.unsafe_legacy_crypto.enabled pref to true, and Firefox 31 ESR users are not affected by this change.

Update: The legacy Crypto API has been removed with Firefox 35.