Expired certificate causing Firefox to disable all extensions

dgz

Supreme [H]ardness
Joined
Feb 15, 2010
Messages
5,838
No, there hasn't been an update to the browser itself. The problem seem to be somewhere on Mozilla's back-end, and apparently affects all add-ons.

Everything was working fine when I went to sleep 7 hours ago. Then I woke up and boom: the web is working normally. I've been browsing with NoScript for nearly a decade so the difference is very noticeable to me. Browsing with JS enabled is a pain: ads, popups, notifications and stuff. It's wrong.

For the time being I'd recommend typing about:config in the address bar, searching for "javascript.enabled" and toggling the option to false.

Alternatively, it may be possible to temporarily disable the signature check until the people across the Atlantic wake up and fix the issue.
 

amdfan25

2[H]4U
Joined
May 24, 2005
Messages
3,903
Yea, what a mess this has become.

I was able to disable the signature check on my PC. On FF for Android, not so much.
 

Azrak

[H]ard|Gawd
Joined
Oct 4, 2015
Messages
1,090
Noscript is still working for me, but I have had the browser open for a few days. Does the certificate only get read during FF startup?
 

Nobu

[H]F Junkie
Joined
Jun 7, 2007
Messages
8,843
No, there hasn't been an update to the browser itself. The problem seem to be somewhere on Mozilla's back-end, and apparently affects all add-ons.

Everything was working fine when I went to sleep 7 hours ago. Then I woke up and boom: the web is working normally. I've been browsing with NoScript for nearly a decade so the difference is very noticeable to me. Browsing with JS enabled is a pain: ads, popups, notifications and stuff. It's wrong.

For the time being I'd recommend typing about:config in the address bar, searching for "javascript.enabled" and toggling the option to false.

Alternatively, it may be possible to temporarily disable the signature check until the people across the Atlantic wake up and fix the issue.
If you're going to disable signature check, I'd also disable automatic update for extensions so nothing malicious get installed.
 

Dead Parrot

2[H]4U
Joined
Mar 4, 2013
Messages
2,831
Did not work for me

According to some comments on /., the xpinstall.signatures.required fix only works on ESR and test versions. Normal releases needed a different fix. Turns out I have an ESR.

Hopefully the fix in the post above works for all releases.
 

Fremunaln

Limp Gawd
Joined
May 3, 2019
Messages
189
Joined
Apr 22, 2011
Messages
819
Studies as in "Allow Firefox to send technical and interaction data to Mozilla"
Really need that user data i guess

"Bug" my ass, just like everyone else now; bye-bye firefox. Uninstalled.

Firefox has always been a trash browser, security was being traded for compatibility and performance, which I was okay with before but not no' mo'.
 
Last edited:

RanceJustice

Supreme [H]ardness
Joined
Jun 9, 2003
Messages
6,350
The issue is resolved within hours, even on weekends. Some were worried that nothing would be done until at least Monday/Tuesday at the earliest, but Mozilla called back whomever necessary to fix the issue ASAP. This isn't a major deal. Firefox is still the best browser around and an issue like this once in a blue moon isn't going to cause me to go off to the data-sucking depths of Chrome/ium and its clones.

The issue was caused due to increased security - of a cert was no longer valid, it would disable the extension because it couldn't be sure of its trustworthiness. There are MULTIPLE work arounds - if you're on an ESR, Alpha, Beta, or Developer Edition there's a simple about:config toggle that disables signature enforcement. This is reasonable on tech savvy branches, but I can understand why it isn't in standard Release choosing security over a rare like this. However, even the standard Release version has another work around where you can basically install anything you need as a "temporary" add-on/extension. As of Saturday morning there was an auto-pushed insta fix as a "Study", so those that have Studies enabled will get it ASAP and for 99% of people their browser will function the same after a reboot. There will also be a more comprehensive fix than this workaround in the following days, and the Study will be deprecated and automatically disabled.

I know everyone got a few hours of seeing the Internet the way it "really is", without uBlock Origin and all our custom extension tech, but I don't see any reason to freak out at Firefox as if it was some sort of travesty.
 

Derangel

Fully [H]
Joined
Jan 31, 2008
Messages
20,094
"Bug" my ass, just like everyone else now; bye-bye firefox. Uninstalled.

Firefox has always been a trash browser, security was being traded for compatibility and performance, which I was okay with before but not no' mo'.

Shit happens with certs sometimes. Mozilla isn't remotely the first company to have a cert expire and cause issues. About ten years ago, Epic has a cert expire and it rendered Gears of War on PC completely unplayable until they were able to roll out a patch. Studies are under data collection because they're labeled as "experimental" or "in-development" items that are rolled out to people that fit the requirements to test them. If they're enabled you get the fix right away. If not, you get it probably next week when more people are in the office to deal with it.
 

Zarathustra[H]

Extremely [H]
Joined
Oct 29, 2000
Messages
35,405
I was just about to say I was unaffected, but then this:

upload_2019-5-4_15-40-13.png


I guess it just takes a little while for it to check the servers and disable them.
 

Zarathustra[H]

Extremely [H]
Joined
Oct 29, 2000
Messages
35,405
If you're going to disable signature check, I'd also disable automatic update for extensions so nothing malicious get installed.

I wouldn't disable the security check at all. It's a really bad idea.

Just be patient. They'll fix it. The extensions aren't really that crucial in the short term anyway.
 

Zarathustra[H]

Extremely [H]
Joined
Oct 29, 2000
Messages
35,405
"Bug" my ass, just like everyone else now; bye-bye firefox. Uninstalled.

Firefox has always been a trash browser, security was being traded for compatibility and performance, which I was okay with before but not no' mo'.

I recently switched back to Firefox after using chrome for like a decade, and becoming more and more disillusioned with Google.

Firefox has some issues, but you can get around them by disabling things in the advanced settings.

I'm not aware of any better browser out there right now.

Firefox is not perfect, but it seems to be the least bad.
 

jegbus

Weaksauce
Joined
Nov 23, 2016
Messages
64
My issue seemed to get resolved almost by itself. This morning I was removing cookie autodelete and reinstalling, after doing it with that one, all other extensions worked without any other interventions.
 

Zarathustra[H]

Extremely [H]
Joined
Oct 29, 2000
Messages
35,405
Joined
Feb 3, 2016
Messages
339
It looks like studies only has to be turned on temporarily for it to fix the expired certificate issue. I had this issue, so I turned on studies, restarted my browser, the issue was fixed, so I turned studies back off. And all my extensions are still working after 4-5 additional restarts (checking to see if the extensions were still working). YMMV
 

Miah

n00b
Joined
Nov 21, 2013
Messages
41
It looks like studies only has to be turned on temporarily for it to fix the expired certificate issue. I had this issue, so I turned on studies, restarted my browser, the issue was fixed, so I turned studies back off. And all my extensions are still working after 4-5 additional restarts (checking to see if the extensions were still working). YMMV

Yep, enabled studies, rebooted FF a couple times & I'm good to go again so all settings unchecked & back to the pr0....business as usual.
 

Mega6

2[H]4U
Joined
Aug 13, 2017
Messages
3,578
This fixed all my extensions: firefox 66.0.3 (64-bit) windows build

1) enable the studies
2) set about:config
Turn app.shield.optoutstudies.enabled to true (if false)
Turn app.normandy.run_interval_seconds to 1
3) restart browser
--> 4) check addons and proceed when enabled
5) reset about:config vars above to default
6) unchecked "Allow Firefox to send technical and interaction data to Mozilla"
7) restart browser

thanks for the heads up on this op.

courtesy noscript site info

https://outgoing.prod.mozaws.net/v1...8d586c8e4184/https://tinyurl.com/moz-ext-cert


fix below (fixes all addons):

Mozilla accidentally broke add-ons signing,
Some hours ago they said they were testing a fix, but it doesn't seem to be deployed yet.

https://forums.informaction.com/viewtopic.php?p=100053#p100053
At this moment the safest browsing option (other than using the Tor Browser with this work-around) seems TEMPORARILY switching to Chromium and installing https://chrome.google.com/webstore/deta ... cbfeoakpjm
Not exactly the same, but as a silver lining, more cross-browser beta testers won't hurt.

[UPDATES 1 & 2]
Mozilla is now deploying the hotfix.
If you're the typical NoScript user, you probably have Firefox Preferences>Privacy & Security>Allow Firefox to install and run studies disabled, but it's currently (temporarily) required for the hotfix to work.

If you're a Tor Browser user, you cannot enable Studies (for obvious reasons), but you can still opt-out extensions signing (until this is properly and generally fixed)

Open about:config
Toggle the value of xpinstall.signatures.required so it becomes false.
Restart the browser.

The above trick (xpinstall.signatures.required=false in about:config) works also on Firefox for Android, which has no hotfix, although I could test it on the Beta only (which is what I'm using on my device, and which therefore never got its extensions disabled).

If you're on Firefox, do the following for the hotfix to immediately apply (it happened to me minutes ago on my main profile):

Open about:config
Turn app.shield.optoutstudies.enabled to true (if false)
Turn app.normandy.run_interval_seconds to 1

As soon as you can see all your add-ons coming back (it should happen right away), reset both preferences.
Otherwise, if the hotfix is already shown in about:studies but still no extensions, either you removed them while trying to fix this (and you need to reinstall them) or that's an instance of this bug.
 
Last edited:

Dion

2[H]4U
Joined
Oct 2, 2004
Messages
3,807
This fixed all my extensions: firefox 66.0.3 (64-bit) windows build

1) enable the studies
2) set about:config
Turn app.shield.optoutstudies.enabled to true (if false)
Turn app.normandy.run_interval_seconds to 1
3) restart browser
--> 4) check addons and proceed when enabled
5) reset about:config vars above to default
6) unchecked "Allow Firefox to send technical and interaction data to Mozilla"
7) restart browser

thanks for the heads up on this op.

courtesy noscript site info

https://outgoing.prod.mozaws.net/v1/cae46a70e91e5438ee79974043843470128d28aeb1f18345c1a38d586c8e4184/https://tinyurl.com/moz-ext-cert


fix below (fixes all addons):

Mozilla accidentally broke add-ons signing,
Some hours ago they said they were testing a fix, but it doesn't seem to be deployed yet.

https://forums.informaction.com/viewtopic.php?p=100053#p100053
At this moment the safest browsing option (other than using the Tor Browser with this work-around) seems TEMPORARILY switching to Chromium and installing https://chrome.google.com/webstore/deta ... cbfeoakpjm
Not exactly the same, but as a silver lining, more cross-browser beta testers won't hurt.

[UPDATES 1 & 2]
Mozilla is now deploying the hotfix.
If you're the typical NoScript user, you probably have Firefox Preferences>Privacy & Security>Allow Firefox to install and run studies disabled, but it's currently (temporarily) required for the hotfix to work.

If you're a Tor Browser user, you cannot enable Studies (for obvious reasons), but you can still opt-out extensions signing (until this is properly and generally fixed)

Open about:config
Toggle the value of xpinstall.signatures.required so it becomes false.
Restart the browser.

The above trick (xpinstall.signatures.required=false in about:config) works also on Firefox for Android, which has no hotfix, although I could test it on the Beta only (which is what I'm using on my device, and which therefore never got its extensions disabled).

If you're on Firefox, do the following for the hotfix to immediately apply (it happened to me minutes ago on my main profile):

Open about:config
Turn app.shield.optoutstudies.enabled to true (if false)
Turn app.normandy.run_interval_seconds to 1

As soon as you can see all your add-ons coming back (it should happen right away), reset both preferences.
Otherwise, if the hotfix is already shown in about:studies but still no extensions, either you removed them while trying to fix this (and you need to reinstall them) or that's an instance of this bug.

Mega waste of time.. Just install the addon this studies installs.

https://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate@mozilla.com-1.0.2-signed.xpi

or wait till monday when 66.0.4 drops
 
Joined
Nov 19, 2003
Messages
2,233
Its fixed now, check updates, install HF, reboot FF, done, all addons now enabled as before!

Who is insane enough to release untested update on Friday Night? Why they did that Friday at 7pm FFS is beyond common sense....
 

Mega6

2[H]4U
Joined
Aug 13, 2017
Messages
3,578
Its fixed now, check updates, install HF, reboot FF, done, all addons now enabled as before!

Who is insane enough to release untested update on Friday Night? Why they did that Friday at 7pm FFS is beyond common sense....

I’ve worked in IT for decades..
That’s what developers do. All the time. At the end of the day, end of the month and yes the end of the week.
 

Jim Kim

2[H]4U
Joined
May 24, 2012
Messages
3,921
I’ve worked in IT for decades..
That’s what developers do. All the time. At the end of the day, end of the month and yes the end of the week.
And before lunch.
IT where i used to work installed a cisco firmware update (transparent to the end user or so cisco claimed) and went to lunch.
His lunch was cut short when production ground to a screeching halt.

Never test in production, never test in production, never test in production...

66.0.4 Firefox Release in the wild May 5, 2019,

66.0.04 out now
 

Mega6

2[H]4U
Joined
Aug 13, 2017
Messages
3,578
66.0.4
Firefox Release

May 5, 2019
Version 66.0.4, first offered to Release channel users on May 5, 2019
Fixed

Repaired certificate chain to re-enable web extensions that had been disabled
 

Mega6

2[H]4U
Joined
Aug 13, 2017
Messages
3,578
And before lunch.
IT where i used to work installed a cisco firmware update (transparent to the end user or so cisco claimed) and went to lunch.
His lunch was cut short when production ground to a screeching halt.

Never test in production, never test in production, never test in production...

The infrastructure team at a top 5 bank decided to get even with me by pushing out an iis patch last year that they knew broke servers. Yes all envs: dev, prod, everything.. Destroyed my week and I promptly quit after fixing every web server.

Infrastructure was embarrassed that I figured out a sql Server bottleneck on their crap server so that was their revenge on a contractor. Pretty funny since I was running the middleware and not a Dba. What a dipshit company. No wonder they have been sued for billions.
 
Top