In context: Root certificates are an essential element for modern browser security. They protect users by verifying signed web pages, extensions, and other types of content. However, developers must update root certificates constantly; otherwise, the root of the trust chain breaks, and everything goes down the drain.
Mozilla is reminding Firefox users that a necessary root certificate expires soon and that older browser versions could become a security and usability nightmare in a few months. Starting March 14, 2025, Firefox versions older than 128 (ESR 115.13) containing the expired certificate will likely cause "significant" issues with add-ons, content signing, and streaming of DRM-protected media.
Failing to update Firefox before next March means losing features relying on remote functionality. Many installed add-ons will become disabled, and other systems that require content verification could also break. The issue affects Firefox editions for Android and Windows operating systems, including Windows, macOS, and Linux. Those with iPhone or iPad versions of Firefox should be okay.
Mozilla's FAQs explain that a root certificate authenticates browser content as trusted. When a certificate expires, Firefox cannot verify content anymore. The newest versions of Firefox and other Mozilla software using the same root-of-trust model include a new root certificate that will prevent the expiration issue in March 2025.
Mozilla is likely trying to prevent the chaos experienced by Firefox users in 2019 when an expired certificate suddenly borked many instances of the open-source browser. Today's Firefox market share is much lower than five years ago, but we're still talking about millions of users potentially becoming vulnerable to the expiration issue.
Some add-on developers have expressed concern over how Mozilla is managing the problem. One developer said Firefox should clearly state what could happen on all the affected platforms. Otherwise, disgruntled users could direct their complaints directly to add-on programmers. One-star review bombing campaigns after the certificate expires could also be part of the deal.
Mozilla advises users to update to Firefox 128 on each device with the browser installed, which is the best practice to avoid this and other issues. The latest release always provides significant performance improvements and important security fixes. Mozilla released Firefox 128 and ESR 115.13 on July 9, 2024, so there have been minor incremental updates since then. The most current version is Firefox 131.0.3.
Mozilla advises Firefox users to update if they want browser add-ons to keep working
