1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Expired certificate broke all Firefox add-ons

By Bubbajim ยท 22 replies
May 5, 2019
Post New Reply
  1. You would think that a company whose main product is a browser would know a thing or two about security certificates. But yesterday, Firefox users with any add-on installed found their beloved browser had reverted to its 'vanilla' form, as an expired security certificate meant all add-ons couldn't be verified and thus were disabled.

    Confused users headed to the Firefox subreddit and Mozilla's own 'bugzilla' forums where confirmation was given of the problem. It transpired that an intermediate signing certificate had expired, which is pivotal to the verification process for extensions and add-ons. In a statement to Engadget, Mozilla's Product Lead, Kev Needham, said "we know what the issue is and are working hard to restore add-on functionality to Firefox as soon as possible."

    This is particularly embarassing for Mozilla, not least because it's not the first time this has happened. The same thing happened about three years ago but apparently Mozilla didn't learn from their mistake. Certificates such as this are pretty straightforward to renew, so it's a terrible oversight on their part.

    To their credit nonetheless, they have leapt into action to tried and resolve the situation immediately. Mozilla have been updating their customers via their Twitter, and Saturday morning confirmed they had identified the problem and gave assurances that a hotfix was about to be deployed. As of writing, the behind-the-scenes hotfix should be working so no updates will be needed on users' side.

    Permalink to story.

  2. bluetooth fairy

    bluetooth fairy TS Booster Posts: 70   +53

    Mobile version suffered the same issue and they didn't manage to fix it still.

    ".. all add-ons couldn't be verified and thus were disabled"
    A new add-on can't be added to the browser as well, Firefox says "it appears to be corrupt".

    But I noticed that it's now ok to browse the web without uBlockOrigin active, thanx to "Tracking protection" feature. Either it worked worse earlier, or I just haven't found inappropriate content today.

    PS Firefox for Android, ver 67.0b16 (latest beta)
  3. MaXtor

    MaXtor TS Maniac Posts: 245   +187

    For me it was a nice reminder of how terrible the internet is with ads.
  4. dualkelly

    dualkelly TS Booster Posts: 70   +52

    I was surprised with just how many damn ads there were!!!
    jtveg, mizkitty, Dimitrios and 3 others like this.
  5. m4a4

    m4a4 TS Evangelist Posts: 1,401   +967

    Hmmm... seems like I wasn't affected by it on Friday/Saturday.
  6. jobeard

    jobeard TS Ambassador Posts: 12,753   +1,490

    The issue is more prolific than just addons. If ANY required certificate is "invalid, expired or missing", then SSL connections start to fail and in most cases, you can't access websites via HTTPS.

    I had a case of missing a CA ROOT update and it took some time to diagnose the cause and then to find the CERT update that resolved it.
  7. rickst35

    rickst35 TS Rookie

    Mozilla Devs need to get with the program, 'Users in control of their own computers'. The FIX should not be merely a new Cert - it should also include an about:config option which presents a UI change, allowing users to ignore an "Expired, Missing, or Invalid" Certification and force-enable of a "questionable" Add-On which was disabled for this reason.

    This was too much "Management Control" of end users from the Organization - an Organization which didn't even notice that it's own 'Required' Certificate was scheduled to die very soon, until it happened and thousands of user complaints started coming in. Mozilla, you're acting Shabby.
    jtveg likes this.
  8. jobeard

    jobeard TS Ambassador Posts: 12,753   +1,490

    Sadly this discloses a total lack of understanding on how Certs work and would break the validity of the Certificate Chain.

    It might be possible to design a new authentication protocol with this feature, but every implementation on the Internet would need to be changed, not just Mozilla (who carelessly stumbled into the issue which all SSL users are exposed to).
    rickst35 likes this.
  9. ghostf1re

    ghostf1re TS Maniac Posts: 370   +234

    Well I was affected by this and none of my addons work. They are all saying to install an alternative because they cannot be verified. I tried to force an update, but there was none. I guess I'll just use Chrome then.
  10. rickst35

    rickst35 TS Rookie

    With respect - I think that you misunderstood me (and I do know how Certs work.) I would not "make something entirely new" - I am simply suggesting that that Mozilla introduce, into Firefox, the kind of alternative which they already provide for browsing web Sites, claiming to be SSL but providing invalid or expired Certs. (That current pop-up is "Get me Out of Here .... Proceed Anyway", with an option to store the excpeption permanently.) Upon "managing" inactivated add-ons with Invalid Certificates, a similar pop-up would appear.

    It's not much different than accepting a self-signed Cert which didn't present a valid chain of trust - which Computer Professionals (like me) do pretty frequently, on "test" boxes and "test" Apps
    Last edited: May 5, 2019
    jtveg, orondf and Adorerai like this.
  11. nismo91

    nismo91 TS Evangelist Posts: 987   +65

    Yesterday I was surprised when I saw an ads on youtube. I don't even see ads on my phone's youtube with vanced. tried installing the ESR, and some addons worked. then today solved it by installing back release version and going into the studies settings.

    couldn't even understand how manually installing the xpi didn't work. it said the addons were corrupted. I have to temporary load some addons before the fix. I'm not turning my clock back!

    it's truly a shame. I won't even be using firefox if it wasn't for the add-ons. heck I might even use edge. the very thing that kept this browser alive. neglected. never going to use it on my phone. ever.

    P.S. I'm using nochromo for my android phone. blocks most ads without any config.
    Dimitrios likes this.
  12. Dimitrios

    Dimitrios TS Guru Posts: 392   +264

    Same here I couldn't stand all of the freakin ads. It was so bad even the commercials on YOUTUBE were crazy. There was a damn reason why I gave up tv few years ago and relied on the internet. I just hate force fed garbage even politics, ads, commercials etc..... My blood was boiling and I gave up and didn't use the internet for a full day or so. Maybe it's because I have some sort of OCD or ADHD but I swore out loud with all the annoying clutter of ads. The internet felt like a cheap flea market flooded with ads designed by kids.

    I just fixed it now and I'm happy again.
    Last edited: May 6, 2019
    MaXtor likes this.
  13. Dimitrios

    Dimitrios TS Guru Posts: 392   +264

    I agree on every word, thanks for saving the time for me to type that same comment. :)
  14. Nobina

    Nobina TS Evangelist Posts: 1,843   +1,351

    Yesterday I saw all my addons were rekt and I heard in advance this might happen. Heard of Waterfox which is some fork of it apparently and it works pretty well for a second browser. Never installing Firefox again.
  15. Bubbajim

    Bubbajim TechSpot Staff Topic Starter Posts: 638   +614

    Woah, woah, woah - let's not do anything too hasty
    jtveg, astralcyborg and Dimitrios like this.
  16. noel24

    noel24 TS Evangelist Posts: 501   +428

    I've lost one and a half day now. I've tried everything I could find for FF 56.0.2, then tried Waterfox - still nothing. My work laptop with Win 10 and Quantum FF fixed itself on morning reboot. I got a feeling Mozilla may actually accidentally found out they can force people off forks and old, unsupported versions, but for Me if I won't get my old addons to work, It will be something else alltogether. Chrome probably, because of better support by addon developers. I give them time by tomorrow evening. F*ck!
  17. noel24

    noel24 TS Evangelist Posts: 501   +428

    Zorak and Dimitrios like this.
  18. EEatGDL

    EEatGDL TS Evangelist Posts: 660   +333

    Haha, that's exactly how I found Adblock and other extensions were disabled.
    MaXtor likes this.
  19. Darth Shiv

    Darth Shiv TS Evangelist Posts: 1,952   +575

    I wasn't game to try the web in general without the extensions working!
    MaXtor and Dimitrios like this.
  20. jobeard

    jobeard TS Ambassador Posts: 12,753   +1,490

    Good. You might see then that the short fix would be to ensure that the Cert renewal is attended to in a timely manner and never overlooked again. This would save R&D resources and avoid a needless release of the product.
  21. plplplpl

    plplplpl TS Member

    Took me a bit of digging to find it, but this worked for me:

    Type "about:config" in the address bar.
    Accept the CMA *risk* disclaimer.
    Scroll down to "xpinstall.signatures.required"
    Double click on it so the value changes to "false"
    Boo-Yah, your extensions are restored.

    Curses be unto Mozilla for such a ball drop.
  22. lazer

    lazer TS Addict Posts: 233   +54

    I had an older version of FF that had great add ons. All of a sudden nothing worked. Tried updating, still nothing. So I began using Chrome as my default.

    I see FF still sucks.....
  23. Dimitrios

    Dimitrios TS Guru Posts: 392   +264

    Turn on that setting " STUDIES" worked for me like 2 days ago.

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...