A security vulnerability that affected both the Firefox and Tor browsers had a highly unusual characteristic that caused it to threaten users only during temporary windows of time that could last anywhere from two days to more than a month. The bug was scheduled to reappear for a few days in November and for five weeks in December and January. While the windows were open, the browsers failed to enforce a security measure known as certificate pinning when automatically installing NoScript and certain other browser extensions. Such an attack was only viable at certain periods when Mozilla-supplied “pins” expired.”]

