813-999-0631 info@tetratos.com
Firefox add-ons disabled en masse after Mozilla certificate issue

May 4, 2019

Firefox users report having add-ons disabled, being unable to re-activate or (re)-install extensions.

An expired certificate on the Mozilla Add-ons infrastructure is disabling Firefox add-ons for millions of users, and is also preventing users from re-activating or (re-)installing extensions.

The issue doesn’t impact all Firefox users, but it impacted enough to trigger a massive surge of complaints on Twitter, Reddit, and other social media sites.

At the time of writing, the issue is still impacting Firefox users. The browser maker has formally acknowledged the issue in an email to ZDNet, on Twitter, in a status page, and in a bug report.

“We’re sorry that there is currently an issue where existing and new add-ons are failing to run or be installed on Firefox,” a Mozilla spokesperson said. “We know what the issue is and are working hard to restore add-on functionality to Firefox as soon as possible.”

“We’ll continue to provide updates via our Twitter channels. Please bear with us while we get the problem fixed,” the browser maker said.

Users of all Firefox versions, old and new, and Stable and Nightly, are impacted. The issue also impacts the Tor Browser, which supports Firefox add-ons.

For Firefox users that are currently impacted by this bug, an easy workaround would be to visit the about:config section and set xpinstall.signatures.required to false. This disables the extension signing mechanism in Firefox, the system through which the browser verifies that the local extension is one that’s been installed from the central Mozilla Add-ons repository –and for which the signing certificate had expired.

Another possible way to resolve it, as recommended by many Firefox users, would be to turn system clocks before May 4, 12:00am UTC (the date at which the Mozilla certificate expired), but this would also break other apps running locally, and which depend on an accurate system clock.

Today’s outage is happening because all Firefox add-ons are digitally signed since the release of Firefox 48, in the summer of 2016.

This mechanism was introduced to fight off malware distributors that were abusing Firefox add-ons; however, it indirectly centralized all add-ons management operations by tying all extensions to Mozilla’s server infrastructure.

Updated on 9am ET: Mozilla has announced a temporary hotfix for the add-ons signing issue.

“We rolled out a hotfix that re-enables affected add-ons. The fix will be automatically applied in the background within the next few hours,” the company said.

Related Articles

New Microsoft Excel Attack Surfaces

New Microsoft Excel Attack SurfacesResearchers have identified a security hole in Microsoft Office’s Excel spreadsheet program that allows an attacker to trigger a malware attack on remote systems. A feature in Microsoft Office’s Excel spreadsheet program called Power...

Malicious URL attacks using HTTPS surge across the enterprise

Malicious URL attacks using HTTPS surge across the enterpriseCyberattacks launched against the enterprise which makes use of the HTTPS protocol are increasing alongside spoofing and cloud-based threats, new research suggests. According to FireEye's Q1 2019 Email...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter

Get weekly tech updates and immediate alerts when there is a zero-day or security issue!

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Pin It on Pinterest

Share This