Today, many popular add-ons for Firefox have stopped working due to certificate issues.
Hello, dear Khabrovites!
I want to warn you right away that this is my first publication, so I ask you to immediately notify me of all problems, typos, and more.
In the morning, as usual, I turned on the laptop and started leisurely surfing in my favorite Firefox (release 66.0.3 x64). Suddenly, the morning ceased to be languid - at one awesome moment a message popped up saying that some add-ons could not be checked and were disabled. "Wonderful!" I thought and climbed into the add-ons control panel.
And ... what I saw there, I was somewhat shocked, as it were, to put it mildly. All addons are disabled. HTTPS Everywhere, NoScript, uBlock Origin, FVD SpeedDial, and a few add-ons that until now have worked without any problems are marked as obsolete.
The first reaction was, oddly enough, the thought of a la housewife: “Virus!”. However, common sense prevailed, and the first thing I tried was to restart the browser. Useless. I tried reinstalling the addons - I got a concise “Download failed. Please check your connection ”from the add-on manager when trying to install at least something. “Aha!” - I told myself and realized that the problem, apparently, was not mine .
Having contacted my colleagues, I found out that they also have the same problems with the browser. Quick googling revealed a fresh bug report in Bugzilla , a small thread on Reddit, and such news . As it turned out, from today (05/04/2019) extensions that have not received verification from Mozilla under their new rules, which should have been introduced since June, stopped working as "unsigned." As it turned out, there were problems with the certificate on the side of Mozilla, which signed the extension, it expired.
What caused such a massive failure - some kind of bug on the side of Mozilla, or the decision to “preventively” block popular add-ons to force their re-verification according to updated rules - is still unclear. It is clear that this problem will affect a huge number of users - after all, Firefox is appreciated, first of all, for add-ons, so what consequences the current failure will have is not clear. But let us leave these thoughts to analysts and couch specialists, and I, as a loyal user, are primarily interested in when they fix my add-ons. There is no answer to this question yet; hope this happens as soon as possible. So far, the problem is in the status of "confirmed", but not fixed.
So far, a transition to "nightly" assemblies is proposed as a crutch, where you can disable add-on verification, or somemanipulations with the user profile (personally, unfortunately, it did not help me personally).
Thanks to all who read for your attention!
UPD :For all browser users, the add-ons turned out to be blocked due to the expiration of the certificate lifetime used to generate digital signatures. As a workaround for renewing access to add-ons for Linux users, you can disable digital signature verification by setting the "xpinstall.signatures.required" variable to "false" in about: config. This method for stable and beta releases works only on Linux, for Windows and macOS such manipulation is possible only in nightly builds and in the version for developers (Developer Edition). Alternatively, you can also change the value of the system clock to the time until the certificate expires . Thanks for the addition of rsashka !
UPD2: added a poll (it’s not clear why I didn’t think of doing it right away) to see how the problem of
UPD3 is widespread : Thanks to AnatoliyTkachev for the link to instructions on how to work around the problem. For myself, I solved the problem in a way with a script, as requiring the least gestures.
UPD4 : developers wrote that they developed a workaround
I want to warn you right away that this is my first publication, so I ask you to immediately notify me of all problems, typos, and more.
In the morning, as usual, I turned on the laptop and started leisurely surfing in my favorite Firefox (release 66.0.3 x64). Suddenly, the morning ceased to be languid - at one awesome moment a message popped up saying that some add-ons could not be checked and were disabled. "Wonderful!" I thought and climbed into the add-ons control panel.
And ... what I saw there, I was somewhat shocked, as it were, to put it mildly. All addons are disabled. HTTPS Everywhere, NoScript, uBlock Origin, FVD SpeedDial, and a few add-ons that until now have worked without any problems are marked as obsolete.
The first reaction was, oddly enough, the thought of a la housewife: “Virus!”. However, common sense prevailed, and the first thing I tried was to restart the browser. Useless. I tried reinstalling the addons - I got a concise “Download failed. Please check your connection ”from the add-on manager when trying to install at least something. “Aha!” - I told myself and realized that the problem, apparently, was not mine .
Having contacted my colleagues, I found out that they also have the same problems with the browser. Quick googling revealed a fresh bug report in Bugzilla , a small thread on Reddit, and such news . As it turned out, from today (05/04/2019) extensions that have not received verification from Mozilla under their new rules, which should have been introduced since June, stopped working as "unsigned." As it turned out, there were problems with the certificate on the side of Mozilla, which signed the extension, it expired.
What caused such a massive failure - some kind of bug on the side of Mozilla, or the decision to “preventively” block popular add-ons to force their re-verification according to updated rules - is still unclear. It is clear that this problem will affect a huge number of users - after all, Firefox is appreciated, first of all, for add-ons, so what consequences the current failure will have is not clear. But let us leave these thoughts to analysts and couch specialists, and I, as a loyal user, are primarily interested in when they fix my add-ons. There is no answer to this question yet; hope this happens as soon as possible. So far, the problem is in the status of "confirmed", but not fixed.
So far, a transition to "nightly" assemblies is proposed as a crutch, where you can disable add-on verification, or somemanipulations with the user profile (personally, unfortunately, it did not help me personally).
Thanks to all who read for your attention!
UPD :For all browser users, the add-ons turned out to be blocked due to the expiration of the certificate lifetime used to generate digital signatures. As a workaround for renewing access to add-ons for Linux users, you can disable digital signature verification by setting the "xpinstall.signatures.required" variable to "false" in about: config. This method for stable and beta releases works only on Linux, for Windows and macOS such manipulation is possible only in nightly builds and in the version for developers (Developer Edition). Alternatively, you can also change the value of the system clock to the time until the certificate expires . Thanks for the addition of rsashka !
UPD2: added a poll (it’s not clear why I didn’t think of doing it right away) to see how the problem of
UPD3 is widespread : Thanks to AnatoliyTkachev for the link to instructions on how to work around the problem. For myself, I solved the problem in a way with a script, as requiring the least gestures.
UPD4 : developers wrote that they developed a workaround
Only registered users can participate in the survey. Please come in.
Having problems with Firefox extensions?
- 62.7% Yes, Firefox Quantum, release version 788
- 4.3% Yes, Firefox Quantum, Night / Development 55
- 7.8% Yes, Firefox for Mobile OS 99
- 7.2% Yes, Firefox ESR 91
- 3.2% Yes, Firefox-based browser (PaleMoon, Waterfox, Tor Browser etc.) 41
- 25.4% No 320