|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
.Kurt Buff on the http://www.patchmanagement.org list reports that all of the Firefox add ins are disabled due to the expiration of an intermediary cert: http
[See the full post at: Patch Lady – Firefox add ins disabled due to cert prob]
Susan Bradley Patch Lady/Prudent patcher
Of course. No way I’m using firefox without an adblocker so I’ll use chrome until this is fixed.
Status updates here: https://twitter.com/mozamo (addons.mozilla.org)
Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge
Some are able to disable the certificate check (in FF nighly builds) – but that’s not recommended.
https://borncity.com/win/2019/05/04/firefox-expired-certificate-disables-addons-may-4-2019/
One reader suggested also anonother temporary fix:
https://www.borncity.com/blog/2019/05/04/firefox-bug-deaktiviert-alle-extensions/#comment-71243
The best thing is: Be patient and wait – or use another browser. I always have a bunch of portable browsers on my Windows systems.
Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author
https://www.borncity.com/win/
As a user who have used Firefox for a long time, and witness how Firefox changed for the worse (in my opinion) due to things like dismantling of the old extension system (which contain very useful extensions like Classic Theme Restorer) and removal of options/features from the UI etc., I am increasingly disillusioned by Firefox. About the only thing that keeps me with Firefox is the NoScript extension. If NoScript died with the old extension system like Classic Theme Restorer, I would have dropped Firefox for good.
Imagine my anger then when I opened Firefox today (MacOS Sierra / High Sierra / Mojave and Windows 7) and was told along the lines of “some of your extensions cannot be verified and have been disabled”, which included NoScript. I searched and finally found out it was a problem on Mozilla’s end due to an expired certificate and not my fault.
Since I am using the ESR version, I can get along by setting xpinstall.signatures.required in about:config to false for the time being and the “disabled” addons are working again. Actually this setting allows installation of “unsigned” addons which is why the addons are “disabled”, as due to the expired signing certficate those extensions are now considered “unsigned”. Allowing installation of “unsigned” addons is supposedly not good but if this is the only way to get them working now then I will do it.
Judging from the reactions online it seems to me that this problem is quite widespread and affects a large number of users. How can Mozilla allow this to happen? Are they this incompetent? Are they trying to drive me away from Firefox for good?
Hope for the best. Prepare for the worst.
Fixes have arrived via Firefox 66.0.4 and Firefox ESR 60.6.2 for this problem.
I was using Firefox ESR 60.6.1 (since updated to 60.6.2) on Windows 8.1 / MacOS High Sierra / MacOS Mojave, and Firefox ESR 52.9.0 on Windows 7 / MacOS Sierra, all with NoScript, and in the case of 52.9.0, Classic Theme Restorer, so I watch whether a fix will be provided for older versions of Firefox by Mozilla, and so far, none are forthcoming.
I have done my own little investigation into how to fix this problem on Firefox ESR 52.9.0, and so far :
(1) Setting xpinstall.signatures.required to false in about:config works to restore the disabled addons, but you will be presented with a message along the lines of “… cannot be verified. Proceed with caution.” in the addon page. This method apparently only works on ESR / Developer / Nightly versions but not the stable version.
(2) This method also works to disable Firefox’s addon signing requirement and restore the disabled addons. It works on both ESR and stable versions of Firefox (non-Quantum). It was recommended by the author of Classic Theme Restorer, who still releases newer versions of it for browsers without the signing requirement (e.g. Waterfox), for people who still wants to use the addon on Firefox 52-56.
(3) Someone extracted the signing certificate used in the “Normandy” hotfix and presented a method of incorporating the certificate into Firefox 56 and below. I tested this using a virtual machine running Windows 7 and Firefox ESR 52.9.0, and it also seems to work to restore the disabled addons.
I use (2) myself at this time. It works so far, and no “Proceed with caution.” messages will be displayed in the addon page. I know the addons I use are safe (They are either the signed versions of the addons or, in the case of Classic Theme Restorer, directly downloaded from the author’s page on GitHub.), and I much prefer the addon page not warning me about “Proceed with caution” messages.
I still consider Mozilla’s blunder to be unacceptable. I think I will have to consider other alternatives and start testing them soon. Having used Firefox from the Windows 9x days, I never thought I will have to contemplate abandoning it, even after Mozilla killed the old extension system, but here I am.
Hope for the best. Prepare for the worst.
See this thread for more details.
Quoth Kirsty:
From @martinbrinkmann on ghacks.net:
Your Firefox extensions are all disabled? That’s a bug!
by Martin Brinkmann | May 04, 2019
Solution
Nightly, Dev and Android users may be able to disable signing of extensions; some users reported that this resolved the issue temporarily on their end. You need to set the preference xpinstall.signatures.required to false on about:config to disable signing. You could change the system date to the previous day to resolve it temporarily as well, but that can lead to other issues.The issue can only be resolved on Mozilla’s end. The organization needs to renew the certificate or create a new one to resolve the issue. I’d expect Mozilla to do that soon as the issue is widespread and affecting lots of Firefox users.
Users should not remove affected extensions from their installations; the issue will resolve itself once Mozilla fixes it.
As of 5 am Central (US) time, I received one notice in Firefox but, in clicking through, was told that there were no affected add-ins.
I must say that it’s rather ridiculously moronic thing to allow such issue to surface. It’s literally following the steps of other similar misdemeanours widely reported in recent months. What’s going on in the software industry?
What were they thinking? Is there anybody in charge of this mess any more?
As per the other user above comments: really worrying sign of things to come: If Firefox fails, then…
See also Günter Born‘s Firefox: Expired certificate disables addons (May 4, 2019)
and Lawrence Abram‘s Firefox Addons Being Disabled Due to an Expired Certificate
According to a bugzilla bug report, an intermediate signing certificate used to sign Mozilla addons expired on 5/4/19 at midnight UTC. As Mozilla addons have to be signed in order to be used in Firefox, once a computer reached that time the browser automatically disabled the addons.
Update….Running fine last night. Got up this morning and everything is broke. I enabled Run Studies in options and it went back to normal. Disabled Run Studies and it’s still okay.
Studies is the temporary fix recommended by Mozilla though:
10:50 a.m. UTC / 03:50 a.m. PDT: We rolled-out a fix for release, beta and nightly users on Desktop. The fix will be automatically applied in the background within the next few hours, you don’t need to take active steps.
In order to be able to provide this fix on short notice, we are using the Studies system. You can check if you have studies enabled by going to Firefox Preferences -> Privacy & Security -> Allow Firefox to install and run studies.
You can disable studies again after your add-ons have been re-enabled.
We are working on a general fix that doesn’t need to rely on this and will keep you updated.
Although it should be enabled by default:
To provide this fix on short notice, we are using the Studies system. This system is enabled by default, and no action is needed unless Studies have been disabled.
https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/
Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge
@Imacri In ESR versions you can switch off signing by going to about:config (type this in the address bar) and then search for the key “xpinstall.signatures.required”. Set this key to false and then the extensions should work again. Changing this key stops checking the signature of an extension and thus the expired certificate. You are somewhat more at risk with this setting, but as long as you do not add any new extensions this cannot harm you, because the extensions that were installed already had a proper signature before the certificate expired. After Mozilla has fixed this issue, remember to set “xpinstall.signatures.required” back to true.
BTW: I just read on the Mozilla blog that the studies solution does not work for ESR. They are working on another solution for ESR. For now, switching off signing is the best (and quickest) thing one can do.
ASRock Beebox J3160 - Win7 Ultimate x64
Asus VivoPC VC62B - Win7 Ultimate x64
Dell Latitude E6430 - Win7 Ultimate x64, Win10 Pro 22H2 x64 (multiboot)
Dell Latitude XT3 - Win7 Ultimate x86
Asus H170 Pro Gaming - Win10 Pro 22H2 x64
It may take up to six hours for the Study to be applied to Firefox. To check if the fix has been applied, you can enter “about:studies” in the location bar. If the fix is in the active, you’ll see “hotfix-update-xpi-signing-intermediate-bug-1548973” in either the Active studies or Completed studies.
You may also see “hotfix-reset-xpi-verification-timestamp-1548973” listed, which is part of the fix and may be in the Active studies or Completed studies section(s).
https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/
Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge
Thanks b
I’ve seen those studies for over an hour now, but still no addons working.
I’ve also restarted Firefox a number of times but my addons are still marked as disabled.
Is the fact I’m in the UK anything to do with it, or is it just my selection of addons?
Dell Inspiron 7580 i7 16GB Win 10 pro 22H2 (19045.3208), Microsoft 365 Version 2307 (16626.20068)
My addons are back.
Hello again Woody, I am the OP 1146817 of AVG. Firefox has had an episode of a faux pas with a certificate that is expiring. They too will fix the problem behind the scenes with a channel they use to do experiments…???
Mozilla issues Firefox fix after expired certificate disabled all add-ons
May 4, 2019 8:22 AM
https://venturebeat.com/2019/05/04/mozilla-issues-firefox-fix-after-expired-certificate-disabled-all-add-ons/
“Mozilla is using Studies — a system through which the company tries out new features and ideas before they are released to all Firefox users — to automatically roll out a fix without the user having to do anything else.”
“Options >> Privacy & Security >> Allow Firefox to install and run studies…”
Why is everything a secret behind our backs? Why isn’t there a download site to get these fixes on their sites?
Thank you for being the curmudgeon that you are and thank you for ASKWOODY.com
Hi All, more information. From the Mozilla Bug Report:
c borghi, Comment 29
“As far as I can tell, the XPI mentioned in the NixOS fix injects the correct intermediate certificate in Firefox. I extracted the DER from the XPI and imported it in my Firefox ESR certificate store. Now addons can be installed again, and they work.
I believe that by publishing that certificate at some trusted url (owned by Mozilla) and telling ESR users how to import it would solve the problem for many people, without waiting for studies and the like.”
https://bugzilla.mozilla.org/show_bug.cgi?id=1549078
This is what I am saying, and why Woody gets annoyed with AVG and other developers that want to fix you secretly and usually allow more telemetry. Put up a web page with the fix for admins to download.
Why is everything a secret behind our backs? Why isn’t there a download site to get these fixes on their sites?
I got a notice in Firefox about this fix.
But my add-ons were deleted !
Turned Studies off- don’t want my extensions/add-ons deleted as you reported. Possible Mozilla Studies fix worse than orinial problem. Well, will have to use Chrome for extensions now.
Turned Studies off- don’t want my extensions/add-ons deleted as you reported. Possible Mozilla Studies fix worse than orinial problem. Well, will have to use Chrome for extensions now.
I am using Portable Firefox Version 60.6.1esr (64-bit). There is no ‘Allow Firefox to install and run studies…’ and auto updates disabled , yet the xpi has been installed.
I’m using ESR 60.6.1 x64 and my extensions/add-ons all seem to be working as of this moment.
Got the error this morning. Confirmed that it was on Mozilla’s end.
Started Chrome, and then set it as my default browser. Up and running again, with browser extensions.
Now patiently waiting for Mozilla to clean this up. 🙂
…or maybe just the nudge I needed to make the switch to Chrome.
Windows 10 Pro 22H2
I’ve rebooted FF several times since this occurred, I still have this showing.
If it isn’t resolved soon I will do the “xpinstall.signatures.required to FALSE” edit.
Edit: As of 4PM EST the “fix” xpinstall.signatures = false, hasn’t worked for me.
My extensions are back.
The advice in the main post is to go to Firefox Preferences > Privacy & Security and allow Studies.
I’m running Windows 7 and Firefox version 66.0.3, which is automatically updated, and I find no such place. I do find this:
Tools > Options > Privacy & Security > Firefox Data Collection and Use
which has a check box to allow Studies. I plan on un-checking that box as soon as this is over. Apart from Firefox’s unusual use of this method to correct their screwup, the only argument I can see for allowing Firefox to study my machine is somehow, some day, it might benefit me, but that requires a level of trust in unaccountable organizations that I don’t have these days.
Update: Firefox must have been waiting for me to check the box, because upon Exit and Re-Open, my add-ons are back.
https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/
All but one of my extensions got disabled yesterday evening just as this whole mess started. Some while ago I had created a policies.json file for Firefox that blocked studies as an administrative policy, so I renamed it policies.json.temp, then set studies to “on” in Firefox’s options page. Restarted Firefox. All 16 missing extensions were immediately up and running. Sooo glad I didn’t jump the gun and attempt to delete/reinstall my extensions…
Next, turned off studies,renamed the policies file back to policies.json, restarted Firefox and viola, I’m good to go.
Edit: as originally reported
Win10 Pro x64 22H2, Win10 Home 22H2, Linux Mint + a cat with 'tortitude'.
Good to read your add-ons are working 🙂
Credit where credit is due, thanks for drawing this issue to our attention in your original topic Steve S, deserved better recognition IMO
Addon issue appeared on almost all my devices using Firefox. (even for those not currently connected to the internet – didn’t see much point in fixing those).
This evening, once I re-enabled the Privacy and Security Studies option, closed and re-opened firefox, the issue with addons was immediately fixed. As “b” indicated in a post above, checking about:studies should show if the hotfix was applied. For those not wishing to leave the studies option enabled, you can re-disable the Privacy and Security Studies option immediately after the hotfix is applied. Those with the default Studies setting already enabled (checked), should hopefully mostly all be fixed soon.
For my older ESR (unsupported) versions of Firefox that do not have a studies option, changing the setting in about:config from xpinstall.signatures = true to xpinstall.signatures = false worked for me. However I view this as only a temporary fix. If a more permanent fix is not forthcoming, will upgrade Firefox.
The above hotfix (screenshot in Microfix’s post) does not work for ESR versions. Until a separate fix for ESR has been distributed (Mozilla is working on this) you will need to keep “xpinstall.signatures.required” set on False.
ASRock Beebox J3160 - Win7 Ultimate x64
Asus VivoPC VC62B - Win7 Ultimate x64
Dell Latitude E6430 - Win7 Ultimate x64, Win10 Pro 22H2 x64 (multiboot)
Dell Latitude XT3 - Win7 Ultimate x86
Asus H170 Pro Gaming - Win10 Pro 22H2 x64
The above hotfix (screenshot in Microfix’s post) does not work for ESR versions. Until a separate fix for ESR has been distributed (Mozilla is working on this) you will need to keep “xpinstall.signatures.required” set on False.
really!
For those who didn’t get the fix .xpi you can download and install (just drag & drop) from :
For those who didn’t get the fix .xpi you can download and install (just drag & drop) from :
Worked for me when the “studies” didn’t. But FF blocked my efforts at first..go figure.
Worked for me when the “studies” didn’t. But FF blocked my efforts at first..go figure.
This reaffirms all FF browsers are not set up alike. I experienced just the opposite. Having tried xpi=false, which failed after 6 hours to produce the desired results, I reluctantly enabled ‘studies’. That solution worked. I can’t say how long it took, but icons were back this morn. I disabled ‘studies’ and restarted FF, there is peace in my browsing once again.
FF blocked the ‘hotfix’ download and was happy enough to alert me to what fine browser security I had. /sarcasm
To be honest, I had forgotten what online life was like without an ad-blocker running.
One computer had Studies on by default and picked up the fix and all add-ons restored.
2nd computer had Studies turned off by default, I turned it on and waited 12 hrs. and nothing happened- Firefox, or Google blocked the hot fix page, so I got it with Chrome and it worked.
Deleting your extensions and re-installing them without the hot fix does nothing but make a lot of extra work.
Lost all confidence in Mozilla- had to use Chrome to acces my extensions and passwords.
Speaking of a lot of work, this website is so SLOW it takes way too long to use.
Well, now…”let me tell you a story about a man named Jed, a poor country fella barely kept his family fed…”
Er, not so much. More like a chicken with it’s head cut-off when the sky begins to fall (AKA add-ons (security add-ons!) disappear!
I shoulda read the entire postings before going into turtle mode (and then setting fire to all the grasses nearby).
In searching for an answer to my missing add-ons, I followed the “help” from the Mozilla site, I deleted all of them (Ghostery, NoScript, Privacy Badger, HTTPS Ev, and Adblock Plus and then I came to Woody’s for insight. And read these posts.
Sigh. Did the “studies” thing, then went back (I’d tried to re-download them all and been stopped twice); and decided to close and reset FF.
An hour or so later I relit the fire and discovered I could now re-download and install said earlier miscreant add-ons.
Thanks y’all for letting me understand just what happened. And next time, I’m gonna read everything y’all say first.
Probably.
jimzdoats
The above hotfix (screenshot in Microfix’s post) does not work for ESR versions.
Yes, it did on my Portable 60.6.1esr
See the links in this post
From the blog: “Please note: The fix does not apply to Firefox ESR or Firefox for Android. We’re working on releasing a fix for both, and will provide updates here and on social media.” & “Clarified that the Studies fix applies only to Desktop users of Firefox distributed by Mozilla. Firefox ESR, Firefox for Android, and some versions of Firefox included with Linux distributions will require separate updates. (May 4, 12:03 EDT)”
There also was a tweet stating that ESR was not yet covered.
ASRock Beebox J3160 - Win7 Ultimate x64
Asus VivoPC VC62B - Win7 Ultimate x64
Dell Latitude E6430 - Win7 Ultimate x64, Win10 Pro 22H2 x64 (multiboot)
Dell Latitude XT3 - Win7 Ultimate x86
Asus H170 Pro Gaming - Win10 Pro 22H2 x64
The explanation given by Mozilla (expiration of a cert) doesn’t make sense to me.
Here’s my understanding of how signing works:
I “sign” something by encrypting the document’s hash with my private key. Only I have that, so only I can perform that function. I can only do it during the life of the certificate – once it expires I’m no longer able to sign with it.
You “validate” the signature by decrypting the encrypted hash with the public key embedded in my certificate. Anybody can do that, since the certificate and its embedded key are public. Then you compute your own hash of the document and compare the two hashes. It is a necessary capability of this process that the validation be available for many years after the certificate expires. For instance, it may be used to sign a loan agreement with a 40 year life.
How does that process match up with Mozilla’s explanation? The expiration of a cert should only mean that it can no longer sign new addins. Its ability to validate already-signed addins should be unaffected.
What am I missing?
Edit to remove HTML. Please use the “Text” tab in the entry box when you copy/paste.
Had a problem – the Studies fix did not work for me.
I turned Studies off and on, and ended up with te two relevant studies marked as Complete.
A little oogling led me to https://bugzilla.mozilla.org/show_bug.cgi?id=1549017, and then a little reading gave the instructions on how to change extensions.json to replicate the Studies changes:
Note Well
Hotfixing prefs to work around this issue may leave your browser in a state that
conflicts with fixes applied by patches Firefox developers apply to release, beta,
nightly and ESR channels and could leave the browser in a unusable state.
Full Procedure:
1. Go to about:support in the URL bar.
2. Open your profile directory.
3. Open extensions.json in your preferred editor.
4. Replace all “appDisabled”:true with “appDisabled”:false.
5. Replace all “signedState”:-1 with “signedState”:2.
6. Save the file.
7. Restart Firefox.
8. Go to about:addons in the URL bar.
9. Disable then enable each addon to get it working again.
It worked for me. (Kept a safe copy of the json file too!)
Dell Inspiron 7580 i7 16GB Win 10 pro 22H2 (19045.3208), Microsoft 365 Version 2307 (16626.20068)
Thank you for doing that! 🙂 🙂
“Run studies” was checked by default; add-ons were restored. I don’t have more than a half dozen add-ons. Running FF 66.0.3, Win 7 Pro x64 SP1
I launched Firefox 66.0.3 today on Linux Mint, and all extensions appeared to be fine there.
Unlike Firefox 66.0.3 on my Windows 10, which is still borked…
Windows 10 Pro 22H2
Heads up: Firefox 66.0.4 (which includes a proper fix to the whole mess) is not available yet at
https://www.mozilla.org/en-US/firefox/all/
(as I write this, the release notes
https://www.mozilla.org/en-US/firefox/66.0.4/releasenotes
are still being prepared) but impatient users may already find it at
https://ftp.mozilla.org/pub/firefox/releases/66.0.4/
Firefox 66.0.4 is available now, but I’m not even gonna bother for a couple more days.
My backup browser is in play now, without any issues. 🙂
So there is no way I’ll install a “hurry-up” rushed partial patch. I’ll just wait for the dust to settle, and a complete and fully tested fix is posted.
Windows 10 Pro 22H2
Reflection from Brinkmann with comments: https://www.ghacks.net/2019/05/05/what-mozilla-needs-to-do-now-after-cert-add-on-disabling-disaster/
I have had FF 66.0.4 since yesterday and no, I still don’t have Adblock Plus back. Worse, when I tried to install it from FF, I get a “the connection failed” message from FF.
Same when I tried getting a different add blocker.
So it is starting to look to me, at this point, as if the FF people are very determined not to allow add blockers in FF, without coming up and saying so. I wonder why.
Anyone else has got this or some other add blocker back when installing 66.0.4, or have a different take on this?
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
what an embarassing “bad cert” bug Mozilla had to fix this weekend for Firefox.
the Firefox 67 betas were also affected as well, addons like ublock origin & noscript were suddenly disabled in the FF67 beta I had on some of my PCs – had to download and install the newest FF67 beta (b17) to get the problem fixed and re-install those addons that were suddenly blocked.
also noted in the Noscript forum about Firefox suddenly deactivating Noscript:
https://forums.informaction.com/viewtopic.php?p=100053#p100053
Well… this is past weird: I had install 66.0.4 yesterday, and that did not brought back, as already explained, Adblock Plus and also did not let me re-install it or install other add blockers.
But just minutes ago, I got notice from FF that there was a new update waiting to be installed.
I decided to humor Mozilla and bite, so to speak. And what do you know? The new update installed, and it was… 66.0.4!!! And the ad blocker is back!!!
If anyone understands what happened here, please, let me know.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV
Hello Oscar, we have chatted in the past. I have seen similar with this recent “Firefox Fiasco” of trying a fix this issue or even using the newest version of ESR and it didn’t correct the issue. Then, maybe a try 2nd time later and it is fixed. Sounds like your install did not fully take. But why not? How can 66.0.4 be installed then update itself again? Like you said, weird.
Firefox has NOT been very forthcoming in transparency of WHY this happened and being curmudgeons like Woody, we need to ask Mozilla “why not”.
Turn on your menu if it is off, I think it’s in the top left, or maybe a “right click” on the empty top banner, or find customize, or the ALT key will show it. However you get it on, go to Help – Submit feedback and let them know how you feel.
For the FTP site to manually get firefox see: https://ftp.mozilla.org/pub/firefox/releases/66.0.4/
For those tired of the rapid pace of a new Firefox every 5 minutes, look into the Extended releases called ESR. https://ftp.mozilla.org/pub/firefox/releases/60.6.2esr/
Hope this helps someone.
Hello Oscar, You mentioned that you installed 66.0.4 yet it didn’t fix the issue then a few minutes later it had an update, seemingly to 66.0.4. Could you look again at the version. The reason is a new 66.0.5 has come out for dealing with failure issues with the cert fix 66.0.4 had. If you do have 66.0.4, then check for updates or go to the below and get the newer one. Let us know what happens.
For GTP here is the Bug report FYI.
66.0.4 isn’t applying the intermediate certificate for some users (throwing with SEC_ERROR_TOKEN_NOT_LOGGED_IN, possibly antivirus or master password related)
https://bugzilla.mozilla.org/show_bug.cgi?id=1549249
For all, https://ftp.mozilla.org/pub/firefox/releases/66.0.5/
Do not see 60.6.3 ESR yet but it will probably appear soon.
https://ftp.mozilla.org/pub/firefox/releases
Hi Lori:
Yes, FF v66.0.5 fixes a glitch in v66.0.4 that prevented users with master passwords to install the bug fix. See the release notes for FF v66.0.5 for further details.
Once you have updated to FF v66.0.5 (see the support article Update Firefox to the Latest Release for running a manual update check) then it will safe to disable the Shield Studies feature again. Shield Studies should only be enabled for users who want to participate in beta-testing of upcoming Firefox features. As JohnW just noted in reply #1474822, Mozilla’s official blog post Add-ons Disabled or Failing to Install in Firefox was updated yesterday and now states “Users who enabled Studies to receive the temporary fix, and have updated to the permanent fix, can now disable Studies if they desire.”
I don’t use the built-in Firefox Password Manager or Firefox Sync feature so I don’t have a master password set up in Firefox, but please see the section titled Master Password in the Mozilla support article Add-ons Disabled or Fail to Install on Firefox. As far as I know users who install the FF v66.0.5 or FF ESR v60.0.3 updates should not be required to enter or reset their master password. If you are using Firefox Sync to share data like bookmarks, history, add-ons and passwords across multiple devices then my understanding is that, yes, this data could be erased when you reset your master password if you didn’t create a recovery key (see the support article Reset Your Firefox Account Password with Recovery Keys). If the problem persists after you update to FF v66.0.5 the support article Firefox Sync Troubleshooting and Tips has some hints on fixing incorrect name or password errors that might not require a full reset of your master password.
————-
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0
GTP and AusJohn, You two stopped installing new versions of FF after it turned Quantum in version 57. How come you are still getting updates
I might be going cross-eyed at this hour of the day, but I don’t see them say they are getting updates. I read that they were discussing being affected by the issue… Forgive me if I’ve have read what they said incorrectly, but I am apparently not reading what you are.
🙂
As has been mentioned several times, the issues was the result of a certificate expiry. I have not seen any suggestion it was caused by an update.
The issue can only be resolved on Mozilla’s end. The organization needs to renew the certificate or create a new one to resolve the issue. I’d expect Mozilla to do that soon as the issue is widespread and affecting lots of Firefox users.
@martinbrinkmann’s blog linked in that post, above, confirms that it was certificate related, and does not mention it being CAUSED by an update. However, it is being addressed by an update…
Further, from said blog:
All Firefox extensions need to be signed since Firefox 48 and Firefox ESR 52. Firefox will block the installation of extensions with invalid certificates (or none), and that is causing the issue on user systems.
You’re quite correct Kirsty, in my case at least. I’m not getting updates.
Is that not an update?
No, it’s not a software update. It’s the method it checks the certificates used in the add-ons…
Well not a sneaky update if the code to check certificates has always been in the browser.
The function would probably work something like this in pseudo:
Browser startup
Check certificates
Certificates expired?
Yes
Disable extensions
No
Continue normal startup with extensions enabled
Windows 10 Pro 22H2
In my FF 56.0.2 options and settings…
— Before Quantum was released, I had configured FF to check for updates but not to automatically install them.
— After Quantum was released, I additionally configured FF 56 to never check for updates.
I think that these settings are the same as the two config settings which I highlighted in bold in my previous post. The upshot is that I had FF configured to never check for any kind of updates, and that I had further configured FF via config settings to not participate in any of Mozilla’s testing programs.
FF is built to turn off application software with expired certificates
“turn off” – disable
“application software” – browser add-ons/plugins/extensions
🙂
As a semi- ignorant user of FF (Win7) I am outraged that Moz managed to eff this up. But then, I’m also outraged by most things in today’s world. Incompetency seems to be a very low hurdle for many, many companies. Given the vitriol about the current FF management I can understand their scurrying around to try and fix things in an invisible way.
Not approving, just understanding.
If you want to toss FF over this – good for you. If, like me you are not hunting for a new browser then that is another story.
Offering a dozen or so alternatives is a fine thing for discussion. I’ve rarely noted people trying to front for Win 10 as a solution to a Win 7 problem…unless they’ve already done so.
Mostly just a lot of folks trying to offer a change by the many FF spinoffs.
Most (and I am one of them) don’t want to change from FF unless someone comes along with a replacement that only requires a log-out from FF, and a sign-up for The New Fartfox!
We are casual users, many who have learned enough to fiddle and prang things in order to keep our digital lives in synch with our own, real lives.
I’m still doing W7 updates per Woody’s, although I did it the hard way before that became available. On top of that, I’ve been fighting my way through updates since W 3.0…although I did have an Atari rig that kept my games alive while Bill was effing things up until he made a useful PC interface available for the masses.
Skipping who exactly was responsible for that, I’ve been using Windows since. Further skipping the war of Windows vs. everything else, I’m extremely unhappy with the next bloviation that requires ownership by Winders of the users.
So, let’s consider the alternative for semi-capable Win7 & users and think about how to move into the next opportunity for simple Web access for the routing access to the (dare I say) Net that comes along with some relatively safe data controls.
In other words, at the age of 65 I don’t want to be required to learn an entire new system of [edited for language] just in order to go online and check my favorite sites/posts/woody.
If anyone finds that to be a problem, then the problem is fair game for consideration…of facts, data and relevant discussion. If that requires further discussion, well then you know how to start it.
jimzdoats
Mozilla just slipped behind our back Baidu search (about:support – Firefox Features) into every Firefox version regardless of location.
https://bugzilla.mozilla.org/show_bug.cgi?id=1541316
p.s I just downloaded Firefox portable 60.6.2esr. No Baidu search.
Oscar, you have a good post there and I do remember the Babel addon. I would like to say from my remembering of the situation that it was not the actual Mozilla site that had that program but the other download sites of the world that bundled it with the Firefox download.
This is one of the reasons “signed addons” were introduced in Firefox 48.
If I am wrong with my remembering then please correct me and give more examples. Almost all of my downloading of Firefox is done with the FTP site and only the file is there without bundling.
https://ftp.mozilla.org/pub/firefox/releases/
Thank you Oscar.
Alex you will not like this.
comment 62
https://bugzilla.mozilla.org/show_bug.cgi?id=1549604
“So Baidu Search Update prevent this hotfix (and all other system add-ons) from installing.”
They are working on it.
Oh my! Can somebody please, please, let us regular users know what this all means? I don’t even know what Baidu (yes, I’ve heard the term) means when it comes to actually using a current version of FF. Even more so, what does this have to do with the [mess] that FF made with it’s current versions regarding (expired) signed certs?
Please.
jimzdoats
Here’s some information on the Baidu Search update. Apparently it comes into play only if you use the Baidu search instead of Google, Yahoo, or whatever.
https://www.ghacks.net/2019/05/07/about-baidu-search-update-in-firefox/
I apologize if this is political…however, I’ve heard the following.
Firefox and Google have had an issue with Gab’s Dissenter (the add on that allows you to comment on sites that either censor or disable comments). Both Firefox and Google took the app off their app stores, and disabled new installs of the app.
In response, Gab offered instructions on how to manually install the app on Firefox. As a response, Firefox disabled Dissenter in their new updates. They also came up with a new security policy that prohibited closed source code for extensions, which is the more likely reason (vs the cert) that the older extensions (many of which aren’t actively supported) are broken. All of this seemed to happen around the same time, which is suspicious.
What browser you use is your choice, and I don’t have an issue with Firefox trying to make their browser more secure. However, the rush to do this has pretty much soured me on Mozilla, and I’m using alternative Browsers (Brave, Vivaldi, Chrominum, Pale Moon and Waterfox), where the developers so far are much more friendly than Mozilla has been lately.
If Mozilla cares more about politics than putting out a good browser, then I have no time for them. Firefox has gotten worst over time, IMO…it was great because of the extensions, not because of it being bloated and crashing.
Johnf that is a good observation you have. If you find any evidence it would be good to post the sites referencing that here. I was a Firefox Beta tester for 10 years. I finally got tired of the seeming lack of caring of the end user and the new path they were taking. I did see feedback (from Help-Submit Feedback) in some bug reports but one had to complain loudly. Your comment, “Firefox has gotten worst over time, IMO…” is the way I feel. It seems in recent years that developers are all children and are only at Mozilla about a year. These Children Programmers don’t have a strong background in programming and try new ideas that were previously unsuccessful years ago. I am holding with an old version of Firefox and will have to look for another browser one day such as those you have mentioned. I hope Firefox will be up front and make a fix for others to download.
Link to Tim Pool’s comment on this on Youtube (Did banning gabs dissenter just backfire on Mozilla?):
https://www.youtube.com/watch?v=f0Cc8RpqH1g
ZDNET: Mozilla announces ban on Firefox extensions containing obfuscated code
RECLAIMTHENET: Firefox rejects free speech, bans free speech commenting plugin Dissenter from its extensions gallery (updated to include Mozilla’s response explaining why Dissenter was removed from the Firefox extensions gallery.)
Again, I don’t know if the steps Mozilla used to get rid of Dissenter also caused the issues with other addons, but it’s odd that these issues happened around the same time. Also, the fact that Mozilla never properly responded to Gab’s request with specifics on why Dissenter was removed is troubling (Mozilla never backed up their accusations with examples).
The fact they trashed a great percentage of their users addons without proper testing or alerting the developers/users is irresponsible. At this point, I don’t trust Mozilla, and I don’t see the benefit of using it vs other browsers that would outweigh their behavior.
Just my personal opinion, of course.
When the Ublock Origin and video downloader in my FF 66.0.3 was disabled in my main Win 7 machine, I followed the instruction to click the “Allow FF to perform studies” box and within a few hours everything was back to normal and has stayed that way.
Ditto the above for my Linux Mint laptop. It worked like a charm. I gave each some time (about a day) and then unchecked the studies thing. Both are still back to normal and working fine. I don’t understand what all the fuss is about, but that’s me.
Oh my! Can somebody please, please, let us regular users know what this all means
It means the Mozilla is pis** on its users.
Baidu search (Baidu is a huge Chinese company) is a Chinese search engine monitored and censored by the Chinese government. Baidu search for Firefox has been developed by Mozilla China (mozillaonline.com). The fact that Mozilla decided to sneak this search engine stealthy without a notice/acceptance into every Firefox user’s PC is a shame. This is the last of a chain of really bad Mozilla decisions.
Firefox 66.0.5 was released this afternoon. Just updated, and seems to be OK. My extensions are all good! I skipped 66.0.4, as I assumed there would be a quick follow-up.
The latest update to the Mozilla Add-ons Blog: Updates – Last Updated: 17:37 EDT May 7 2019
https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/
Windows 10 Pro 22H2
also Firefox versions 67.0 beta 18 and 60.6.3 ESR were released as well along with version 66.0.5.
that “Firefox add ins disabled due to cert problem” is nearly as bad as that Windows 10 Pro Activation bug in November 2018. it’s THAT bad, woody & Susan
Further to James Bond 007’s post <here> I found a relatively straightforward method for manually importing the updated certificate into FF ESR v52.9.0 (the legacy version for Win XP and Vista) that was posted today in the Firefox forum thread “Add-ons disabled” problem in Firefox 52.9.0 ESR (32-bit) for Windows XP by Forum Moderator philipp. I tested this evening with my own FF ESR v52.9.0 to confirm this works.
If you previously implemented the temporary workaround and changed xpinstall.signatures.required to FALSE in about:config, remember to change this setting back to TRUE after importing the updated certificate. My understanding that this is a permanent fix but this procedure will have to be repeated if you re-install / refresh your FF ESR v52.9.0 browser at some point in the future.
————-
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0
Mozilla made this statement in a recent blog post:
“We’re continuing to work on a fix for older versions of Firefox, and will update this post and on social media as we have more information. (May 8, 11:51 EDT)”
https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/
Windows 10 Pro 22H2
Update: At 1:00 pm today, Thur May 9, I again got the message that some of my add-ons has been disabled in Firefox 56.0.2, after all the steps I had taken the previous 3 days to fix the issue.
So, today I used steps outlined by imacri in This Post to install the temporary (?) Mozilla certificate.
This worked and after a slight delay, all my add-ons were working again (without having to copy an edited version of “extensions.json” back to the profiles folder.)
Now I again wait to see if this lasts beyond 1:00 pm tomorrow.
Further to James Bond 007’s post <here> I found a relatively straightforward method for manually importing the updated certificate into FF ESR v52.9.0 (the legacy version for Win XP and Vista) that was posted today in the Firefox forum thread “Add-ons disabled” problem in Firefox 52.9.0 ESR (32-bit) for Windows XP by Forum Moderator philipp. I tested this evening with my own FF ESR v52.9.0 to confirm this works.
- Download the updated certificate addons-public-intermediate.crt from https://hg.mozilla.org/releases/mozilla-release/raw-file/tip/security/apps/addons-public-intermediate.crt.
- In Firefox, go to Tools | Options | Advanced | Certificates | View Certificates, click Import, and select the downloaded addons-public-intermediate.crt file. Click OK in the pop-up dialog box (i.e., do not check any check boxes). You will see a new certificate listed for Mozilla Corporation named signingca1.addons.mozilla.org (see attached image).
- Enter the advanced configuration settings (type about:config in the address bar) and search for app.update.lastUpdateTime.xpi-signature-verification. Right-click this setting and choose Reset from the context menu.
- Re-start Firefox.
If you previously implemented the temporary workaround and changed xpinstall.signatures.required to FALSE in about:config, remember to change this setting back to TRUE after importing the updated certificate. My understanding that this is a permanent fix but this procedure will have to be repeated if you re-install / refresh your FF ESR v52.9.0 browser at some point in the future.
————-
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0
Well, that worked with FF 48.0.2. Thanks!
Updates – Last Updated: 19:28 EDT May 8 2019
We’ve released Firefox 66.0.5 for Desktop and Android, and Firefox ESR 60.6.3, which include the permanent fix for re-enabling add-ons that were disabled starting on May 3rd. The initial, temporary fix that was deployed May 4th through the Studies system is replaced by these updates, and we recommend updating as soon as possible. Users who enabled Studies to receive the temporary fix, and have updated to the permanent fix, can now disable Studies if they desire.
For users who cannot update to the latest version of Firefox or Firefox ESR, we plan to distribute an update that automatically applies the fix to versions 52 through 60. This fix will also be available as a user-installable extension. For anyone still experiencing issues in versions 61 through 65, we plan to distribute a fix through a user-installable extension. These extensions will not require users to enable Studies, and we’ll provide an update when they are available. (May 8. 19:28 EDT)
https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/
Windows 10 Pro 22H2
Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge
To users of older Firefox.
Bug 1550793
publish armagadd-on 2.0 hotfixes on AMO for self-install
https://bugzilla.mozilla.org/show_bug.cgi?id=1550793
“Firefox 52 through 60 inclusive will need a legacy hotfix – Firefox 61 through 65 inclusive will get the WebExtension version”
Hello All, Please notice that there are now 3 styles of Certification fixes available from Bug 1550793. It appears to be having ongoing improvements.
Legacy hotfix for Firefox 52 through 56 (signed)
Hotfix for Firefox 57 through 61 (signed)
Hotfix for Firefox 62 through 65 (signed)
A poster there asked if it was already installed, does anything else needs to be done and there was not an answer at that time. So we will have to occasionally check that Bug report.
Also note that an official bug fix has now been released for Firefox ESR v52.9.0 for users who have not manually imported the updated certificate.
The Mozilla blog Add-ons Disabled or Failing to Install in Firefox was updated today (12:51 EST May 13, 2019) and now states that an extension has been posted on the official Mozilla AMO store at https://addons.mozilla.org/en-US/firefox/addon/disabled-add-on-fix-52-56/ that should automatically “re-enable extensions that were disabled on May 3, 2019 for Firefox versions 52 – 56“.
————-
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0
EDIT: Please view post in TEXT tab before posting, remove unnecessary HTML TY
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
