[German]Firefox users are currently suffer from a fat bug. The browser disables since May 4, 2019 suddenly extensions (Addons). Background is an expired certificate. Update: Mozilla has just released a fix that will be rolled out in the coming hours (see article end).
Error: Addons suddenly no longer usable
German blog reader Guido B. already contacted me this morning by mail and shared his observations (thanks for that):
I was badly surprised when I just opened my FF and saw my addons disabled. According to a message from FF my extensions are probably not compatible anymore? ?
FF Version: 66.0.3 (64-Bit)
My installed extensions: uBlock Origin ….
For some entries there is a message like this::
Skip Redirect CANNOT BE INSTALLED AND WAS NOT DEAKTIIVERT
Guido writes that he uninstall and reinstall Firefox. But that didn’t help. If he tries to download and install one of the addons e.g. uBlock Origin now, the message “Download failed. Please check your connection” occurs – see the red bar in the following (German) screenshot.
Also my German blog post Firefox 66.0.3 freigegeben got some user comments, reporting this bug (thanks to all for the feedback). On Bleeping Computer this forum post deals with the bug – and in the social network Mewe.com I recognize the message this morning. Here is a screenshot of an addon status page in FF.
(Disabled addons, Source: Bleeping Computer forum)
So something serious must have happened – and I didn’t recognize, that Firefox has been updated this night.
It’s a bug: A certificate is expired
Some hours ago there was an entry All All extensions disabled due to expiration of intermediate signing cert on Bugzilla with a rather banal explanation. A certificate simply expired.
Steps to reproduce:
Wait until it’s past midnight on 2019-05-04 UTC.
All addons got disabled due not having valid signature.
If the signature was due to expire, it should have been renewed weeks ago. Not all extensions were disabled. Fakespot and Google Scholar Button were left in their disabled state.
Going backwards in time allows installation from AMO but do not remove the unsupported mark from the add ons already installed.
Martin Brinkmann points this out on Ghacks.net (I noticed the post on Mewe.com), and at the same time provides an explanation. All Firefox extensions must be signed since Firefox 48 and Firefox ESR 52. Firefox blocks the installation of extensions with invalid or missing certificates.
Since Mozilla’s certificate has expired, this now causes problems in the clients. On reddit.com there is a mega thread on the topic. Currently, users can probably do little – unless they work with Nightly Builds, where the certificate check can be turned off, as Martin Brinkmann writes.
I found this reddit thread where a user suggest to use about:config to go to settings an set xpinstall.signatures.required to false. But my understanding ist, that this only helps in Firefox nightly builds.
According to this reddit thread all we can do: Wait and be patient. Mozilla’s developers are working on a fix.
So sorry for the issue we’re having with add-ons right now!
We’re working hard to fix it and will keep you updated.
— Firefox (@firefox) 4. Mai 2019
Catalin Cimpanu points out to ZDNet.com that this will affect all Firefox users. A short test in my Firefox 66.0.3 portable confirms that I cannot install uBlock Origin.
Tor also affected – partly
Catalin Cimpanu also explicitly names the Tor browser – but I’d like to differentiate a bit after a test. If I call the Tor browser, the standard addons there will work according to my observations (otherwise I would have noticed that this morning).
If I try to install a new addon in the Firefox of the Tor bundle, I get this message:
Some German users send me comments, that their Tor 8.0.8 ‘just refused to accept addons in Linux’, so we only can be patient and wait. Mozilla has set up a status page – but I got 429 Too Many Requests. But I managed to get the page one time displayed. Current status (4.5.2018: 10:15): The Mozilla developers are currently testing a fix, but have deactivated the code signing until the test is successfully completed.
A temporary solution has been posted by one of my blog readers here.
Addendum: Mozilla has provided a fix
Mozilla just announced a fix for the certificate issue that will be automatically distributed to Firefox clients in the next few hours. Here is the tweet.
We rolled out a hotfix that re-enables affected add-ons. The fix will be automatically applied in the background within the next few hours.
For more details, please check out the update at https://t.co/G5ypnckjdM
— Mozilla Add-ons (@mozamo) 4. Mai 2019