Mozilla Forgot To Renew Certificate, Auto-disabled All Firefox Addons

has released an out-of-cycle for their regular channel Firefox 66 (66.0.4) and Extended Support channel Firefox 60 (60.06.2). This is to address an issue regarding all supported Firefox add-ons rendered disabled as the expired certificate that authenticates them to the browser expired. With the emergency , fixed the broken certificate chain that brought the takedown of affected language packs, web extensions, themes and search engines within the Firefox browser.

“A Firefox release has been pushed version 66.0.4 on Desktop and , and version 60.6.2 for ESR. This release repairs the certificate chain to re-enable web extensions, themes, search engines, and language packs that had been disabled (Bug 1549061). There are remaining that we are actively working to resolve, but we wanted to get this out before Monday to lessen the impact of disabled add-ons before the start of the week,” explained Mozilla’s Kev Needham in the company’s official blog.

The issue of disabled add-ons was due to Mozilla’s negligence of letting the digital certificate it uses for signing extensions to expire last May 4, 2019. Mozilla started using a digital certificate in order to enforce the use of official extensions from https://addons.mozilla.org/en-US//extensions/, as the browser prevents add-ons from outside of the official extension site from being installed to Firefox. Last May 4, as soon as the certificate expired, the browser assumed the add-ons installed by the user on their browsers to be from a 3rd party, hence those were automatically disabled.

Another side effect of the certificate expiration failed to be renewed on time is the https://addons.mozilla.org/en-US/firefox/extensions/ itself cannot be used to download add-ons as expected. All extensions hosted on the site were deemed by Firefox 66.0.3 and Firefox 60.06.1 to be invalid, hence installation was disabled since May 4.

Also Read:  Firefox 67 with anti-fingerprinting technique letterboxing

The quick and dirty hack used by clever users was the use “Firefox Studies” to enable the use of a new digital certificate, hence authenticating the add-ons installed and available for download as genuine. Unfortunately, as “Firefox Studies” is embedded as part of the Mozilla Telemetry system, those privacy-sensitive users who disable telemetry remain to have their add-ons disabled.

All users of Mozilla Firefox need to download their respective patched updates, in order for the browser to have the valid digital certificate for signing add-ons.

You might also like More from author

Comments are closed.