News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – Firefox add ins disabled due to cert prob

    Posted on Susan Bradley Comment on the AskWoody Lounge

    Home Forums AskWoody blog Patch Lady – Firefox add ins disabled due to cert prob

    This topic contains 170 replies, has 51 voices, and was last updated by  anonymous 1 week, 4 days ago.

    • Author
      Posts
    • #1270719 Reply

      Susan Bradley
      AskWoody MVP

      Kurt Buff on the http://www.patchmanagement.org list reports that all of the Firefox add ins are disabled due to the expiration of an intermediary cert: http
      [See the full post at: Patch Lady – Firefox add ins disabled due to cert prob]

      Susan Bradley Patch Lady

      10 users thanked author for this post.
    • #1271872 Reply

      Hopper15
      Subscriber

      Of course. No way I’m using firefox without an adblocker so I’ll use chrome until this is fixed.

      1 user thanked author for this post.
    • #1272061 Reply

      b
      AskWoody Plus

      Status updates here: https://twitter.com/mozamo (addons.mozilla.org)

      Knuckle dragger Cannon fodder Chump Daft glutton Idiot Sucker More intrepid Crazy/ignorant Toxic drinker Saluted blockhead "Unwashed mass" (Group ASAP) Win10 v.1903

      1 user thanked author for this post.
    • #1272950 Reply

      anonymous

      Bugzilla page for the certificate error:
      https://bugzilla.mozilla.org/show_bug.cgi?id=1548973

      Moderator’s Note: duplicated information – refer #1268031

    • #1274788 Reply

      anonymous

      Why is Chrome more secure than Firefox without extensions?

      I could say that firefox is much better than Chrome without adblocker…

      1 user thanked author for this post.
      MW
      • #1278728 Reply

        Richard Allen
        Subscriber

        I agree that FF is more secure than Chrome without extensions installed but then how many visitors to this website are not using any addons?

        I’m often testing my content blockers and one thing I noticed over a year ago is that just with FF Content/Tracker Blocking enabled I’m personally yet to see an ad. It’s not at the level of uBO but it works surprisingly well.

        I’m using two FF profiles along with Nightly, I only update addons manually once a month or so, if possible I like to know why an addon is being updated. Majority of addons were updated May 2nd and everything is working fine, so far. 🙂

    • #1276283 Reply

      gborn
      AskWoody_MVP

      Some are able to disable the certificate check (in FF nighly builds) – but that’s not recommended.

      https://borncity.com/win/2019/05/04/firefox-expired-certificate-disables-addons-may-4-2019/

      One reader suggested also anonother temporary fix:

       

      https://www.borncity.com/blog/2019/05/04/firefox-bug-deaktiviert-alle-extensions/#comment-71243

      The best thing is: Be patient and wait – or use another browser. I always have a bunch of portable browsers on my Windows systems.

      1 user thanked author for this post.
    • #1276544 Reply

      Mele20
      Subscriber

      Use Basilisk or Waterfox instead.  They are not affected.  Fx 60.4 ESR says that some extensions cannot be verified for use but does not disable them.  Just says “proceed with caution”.

      I’m not sure why Fx 60.4 ESR has not disabled them as a number of users have reported on the Mozilla Enterprise list-serve.

      • #1289472 Reply

        rick41
        Subscriber

        Same situation here with 60.6.1 esr when I first opened it a few minutes ago.

        EDIT:  Just found that on my second Win7 pc, also with Firefox 60.6.1 esr, those same add-ons have been moved to the Legacy section and disabled.  Then on a third (which hasn’t been used in at least two or three weeks), everything looks and works completely normal (at least so far…).  Odd how the situation would vary between three similarly-configured pc’s.

    • #1276733 Reply

      James Bond 007
      Subscriber

      As a user who have used Firefox for a long time, and witness how Firefox changed for the worse (in my opinion) due to things like dismantling of the old extension system (which contain very useful extensions like Classic Theme Restorer) and removal of options/features from the UI etc., I am increasingly disillusioned by Firefox. About the only thing that keeps me with Firefox is the NoScript extension. If NoScript died with the old extension system like Classic Theme Restorer, I would have dropped Firefox for good.

      Imagine my anger then when I opened Firefox today (MacOS Sierra / High Sierra / Mojave and Windows 7) and was told along the lines of “some of your extensions cannot be verified and have been disabled”, which included NoScript. I searched and finally found out it was a problem on Mozilla’s end due to an expired certificate and not my fault.

      Since I am using the ESR version, I can get along by setting xpinstall.signatures.required in about:config to false for the time being and the “disabled” addons are working again. Actually this setting allows installation of “unsigned” addons which is why the addons are “disabled”, as due to the expired signing certficate those extensions are now considered “unsigned”. Allowing installation of “unsigned” addons is supposedly not good but if this is the only way to get them working now then I will do it.

      Judging from the reactions online it seems to me that this problem is quite widespread and affects a large number of users. How can Mozilla allow this to happen? Are they this incompetent? Are they trying to drive me away from Firefox for good?

      Hope for the best. Prepare for the worst.

      12 users thanked author for this post.
      • #1342241 Reply

        GoneToPlaid
        AskWoody Plus

        I am still using FF 56.0.2 which is configured to disable certain features which allow Javascript Meltdown attacks to be performed, and which is configured to never check for updates for anything. Interestingly, all of my FF plugins have not been affected by this issue.

      • #1405523 Reply

        James Bond 007
        Subscriber

        Fixes have arrived via Firefox 66.0.4 and Firefox ESR 60.6.2 for this problem.

        I was using Firefox ESR 60.6.1 (since updated to 60.6.2) on Windows 8.1 / MacOS High Sierra / MacOS Mojave, and Firefox ESR 52.9.0 on Windows 7 / MacOS Sierra, all with NoScript, and in the case of 52.9.0, Classic Theme Restorer, so I watch whether a fix will be provided for older versions of Firefox by Mozilla, and so far, none are forthcoming.

        I have done my own little investigation into how to fix this problem on Firefox ESR 52.9.0, and so far :

        (1) Setting xpinstall.signatures.required to false in about:config works to restore the disabled addons, but you will be presented with a message along the lines of “… cannot be verified. Proceed with caution.” in the addon page. This method apparently only works on ESR / Developer / Nightly versions but not the stable version.

        (2) This method also works to disable Firefox’s addon signing requirement and restore the disabled addons. It works on both ESR and stable versions of Firefox (non-Quantum). It was recommended by the author of Classic Theme Restorer, who still releases newer versions of it for browsers without the signing requirement (e.g. Waterfox), for people who still wants to use the addon on Firefox 52-56.

        (3) Someone extracted the signing certificate used in the “Normandy” hotfix and presented a method of incorporating the certificate into Firefox 56 and below. I tested this using a virtual machine running Windows 7 and Firefox ESR 52.9.0, and it also seems to work to restore the disabled addons.

        I use (2) myself at this time. It works so far, and no “Proceed with caution.” messages will be displayed in the addon page. I know the addons I use are safe (They are either the signed versions of the addons or, in the case of Classic Theme Restorer, directly downloaded from the author’s page on GitHub.), and I much prefer the addon page not warning me about “Proceed with caution” messages.

        I still consider Mozilla’s blunder to be unacceptable. I think I will have to consider other alternatives and start testing them soon. Having used Firefox from the Windows 9x days, I never thought I will have to contemplate abandoning it, even after Mozilla killed the old extension system, but here I am.

        Hope for the best. Prepare for the worst.

        2 users thanked author for this post.
    • #1278293 Reply

      woody
      Da Boss

      See this thread for more details.

      Quoth Kirsty:

      From @martinbrinkmann on ghacks.net:

      Your Firefox extensions are all disabled? That’s a bug!
      by Martin Brinkmann | May 04, 2019

      Solution
      Nightly, Dev and Android users may be able to disable signing of extensions; some users reported that this resolved the issue temporarily on their end. You need to set the preference xpinstall.signatures.required to false on about:config to disable signing. You could change the system date to the previous day to resolve it temporarily as well, but that can lead to other issues.

      The issue can only be resolved on Mozilla’s end. The organization needs to renew the certificate or create a new one to resolve the issue. I’d expect Mozilla to do that soon as the issue is widespread and affecting lots of Firefox users.

      Users should not remove affected extensions from their installations; the issue will resolve itself once Mozilla fixes it.

      4 users thanked author for this post.
    • #1278325 Reply

      woody
      Da Boss

      As of 5 am Central (US) time, I received one notice in Firefox but, in clicking through, was told that there were no affected add-ins.

      1 user thanked author for this post.
    • #1278562 Reply

      krzemien
      Subscriber

      I must say that it’s rather ridiculously moronic thing to allow such issue to surface. It’s literally following the steps of other similar misdemeanours widely reported in recent months. What’s going on in the software industry?

      What were they thinking? Is there anybody in charge of this mess any more?

      As per the other user above comments: really worrying sign of things to come: If Firefox fails, then…

      2 users thanked author for this post.
    • #1278591 Reply

      woody
      Da Boss

      See also Günter Born‘s Firefox: Expired certificate disables addons (May 4, 2019)

      and Lawrence Abram‘s Firefox Addons Being Disabled Due to an Expired Certificate

      According to a bugzilla bug report, an intermediate signing certificate used to sign Mozilla addons expired on 5/4/19 at midnight UTC. As Mozilla addons have to be signed in order to be used in Firefox, once a computer reached that time the browser automatically disabled the addons.

      2 users thanked author for this post.
    • #1279011 Reply

      anonymous

      All add-ons are up and working just fine..no problems here.

      • #1281962 Reply

        anonymous

        Update….Running fine last night. Got up this morning and everything is broke. I enabled Run Studies in options and it went back to normal. Disabled Run Studies and it’s still okay.

        1 user thanked author for this post.
    • #1280307 Reply

      anonymous

      does this fix also work on firefox 56.0.2?

    • #1281165 Reply

      lmacri
      Subscriber

      I understand that a temporary fix is being automatically pushed out for FF v66.x users who have Shied Studies enabled (Firefox Preferences -> Privacy & Security -> Allow Firefox to Install and Run Studies) but does anyone know if a bug fix will be released for Win XP and Vista users who must use the legacy FF ESR v52.9.0 (released June 2017)?  I recall reading about these Shield Studies in Aug 2017 (see Catalin Cimpanu’s bleepingcomputer article at https://www.bleepingcomputer.com/news/software/mozilla-testing-new-default-opt-out-setting-for-firefox-telemetry-collection/) but I don’t have a similar setting in my FF ESR v52 browser and don’t know if Options -> Advanced -> Data Choices -> Share Additional Information (i.e. Telemetry) enables Shield Studies by default in my browser – or if a bug fix will eventually be pushed out to FF ESR v52.9.0.  I also can’t see anything at about:config that might enable/disable Shield Studies.
      ————
      32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0

      • #1285099 Reply

        Microfix
        Da Boss

        @lmacri
        As I understand it, this is a certificate issue that needs addressed by Mozilla for their extension/ add-on store. I actually wouldn’t look for fixes other than described by Mozilla, as this may break things once Mozilla gets their act together and sorts it.
        Patience is a big player IMO
        I’d advise to run the browser in a sandbox in the mean time, which doesn’t change pre-configured settings that worked prior to the cert issue.
        Sandboxie works well for a temporary sandbox.
        Remember you’ll need an older version for vista. HTH

        ********** Peng/Wins x86/x64 **********

        - µfix

        • #1285845 Reply

          b
          AskWoody Plus

          Studies is the temporary fix recommended by Mozilla though:

          10:50 a.m. UTC / 03:50 a.m. PDT: We rolled-out a fix for release, beta and nightly users on Desktop. The fix will be automatically applied in the background within the next few hours, you don’t need to take active steps.

          In order to be able to provide this fix on short notice, we are using the Studies system. You can check if you have studies enabled by going to Firefox Preferences -> Privacy & Security -> Allow Firefox to install and run studies.

          You can disable studies again after your add-ons have been re-enabled.

          We are working on a general fix that doesn’t need to rely on this and will keep you updated.

          https://discourse.mozilla.org/t/certificate-issue-causing-add-ons-to-be-disabled-or-fail-to-install/39047

           

          Although it should be enabled by default:

          To provide this fix on short notice, we are using the Studies system. This system is enabled by default, and no action is needed unless Studies have been disabled.

          https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/

           

          Knuckle dragger Cannon fodder Chump Daft glutton Idiot Sucker More intrepid Crazy/ignorant Toxic drinker Saluted blockhead "Unwashed mass" (Group ASAP) Win10 v.1903

          4 users thanked author for this post.
      • #1288683 Reply

        Pim
        AskWoody Plus

        @Imacri In ESR versions you can switch off signing by going to about:config (type this in the address bar) and then search for the key “xpinstall.signatures.required”. Set this key to false and then the extensions should work again. Changing this key stops checking the signature of an extension and thus the expired certificate. You are somewhat more at risk with this setting, but as long as you do not add any new extensions this cannot harm you, because the extensions that were installed already had a proper signature before the certificate expired. After Mozilla has fixed this issue, remember to set “xpinstall.signatures.required” back to true.

        BTW: I just read on the Mozilla blog that the studies solution does not work for ESR. They are working on another solution for ESR. For now, switching off signing is the best (and quickest) thing one can do.

        7 users thanked author for this post.
        • #1289762 Reply

          lmacri
          Subscriber

          Hi Pim:

          Thanks, your suggestion worked.  I’ve temporarily changed xpinstall.signatures.required to FALSE and my Adblock Plus and other extensions are working again in FF v52.9.0 (the legacy version for Win XP and Vista).  Tools | Add-ons | Extensions now shows a warning for Adblock Plus and other extensions (“<extension name> could not be verified for use in Firefox.  Proceed with caution.“) but at least they’re functioning again.

          I’ll post back if Mozilla eventually releases a permanent fix that allows me to re-enable validation of certificate signatures.
          ————
          32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0

    • #1281203 Reply

      anonymous

      Definitely love the armagadd-on-2.0 bug alias… Now, seeing a disturbing trend with things getting severely broken or completely unusable due to trivialities such as an expired certificate, with no way around it.

    • #1283519 Reply

      plodr
      AskWoody Plus

      FF ESR 60.6.1 which is the current version, not FF ESR 60.4 as mentioned above disabled 5 of the 7 addons. Not every addon is affected, though I don’t know enough to say why.

      A list of some of the affected addons is in this thread

      https://bugzilla.mozilla.org/show_bug.cgi?id=1548973

      Got coffee?

    • #1286390 Reply

      barcud
      AskWoody Plus

      I’m on Standard 66.0.3 Firefox and all my addons have been disabled.

      I’ve enables Studies and,  … nothing.

      What is the name of the Study?

      • #1286828 Reply

        b
        AskWoody Plus

        It may take up to six hours for the Study to be applied to Firefox. To check if the fix has been applied, you can enter “about:studies” in the location bar. If the fix is in the active, you’ll see hotfix-update-xpi-signing-intermediate-bug-1548973 in either the Active studies or Completed studies.

        You may also see “hotfix-reset-xpi-verification-timestamp-1548973” listed, which is part of the fix and may be in the Active studies or Completed studies section(s).

        Add-ons disabled or failing to install in Firefox

        Knuckle dragger Cannon fodder Chump Daft glutton Idiot Sucker More intrepid Crazy/ignorant Toxic drinker Saluted blockhead "Unwashed mass" (Group ASAP) Win10 v.1903

        4 users thanked author for this post.
        • #1287104 Reply

          barcud
          AskWoody Plus

          Thanks b

          I’ve seen those studies for over an hour now, but still no addons working.

          I’ve also restarted Firefox a number of times but my addons are still marked as disabled.

          Is the fact I’m in the UK anything to do with it, or is it just my selection of addons?

           

          1 user thanked author for this post.
    • #1286550 Reply

      anonymous

      My addons are back.

      1 user thanked author for this post.
    • #1286984 Reply

      anonymous

      Hello again Woody, I am the OP 1146817 of AVG. Firefox has had an episode of a faux pas with a certificate that is expiring. They too will fix the problem behind the scenes with a channel they use to do experiments…???

      Mozilla issues Firefox fix after expired certificate disabled all add-ons
      May 4, 2019 8:22 AM

      Mozilla issues Firefox fix after expired certificate disabled all add-ons

      “Mozilla is using Studies — a system through which the company tries out new features and ideas before they are released to all Firefox users — to automatically roll out a fix without the user having to do anything else.”
      “Options >> Privacy & Security >> Allow Firefox to install and run studies…”

      Why is everything a secret behind our backs? Why isn’t there a download site to get these fixes on their sites?

      Thank you for being the curmudgeon that you are and thank you for ASKWOODY.com

      1 user thanked author for this post.
      • #1294310 Reply

        anonymous

        Hi All, more information. From the Mozilla Bug Report:

        c borghi, Comment 29

        “As far as I can tell, the XPI mentioned in the NixOS fix injects the correct intermediate certificate in Firefox. I extracted the DER from the XPI and imported it in my Firefox ESR certificate store. Now addons can be installed again, and they work.

        I believe that by publishing that certificate at some trusted url (owned by Mozilla) and telling ESR users how to import it would solve the problem for many people, without waiting for studies and the like.”
        https://bugzilla.mozilla.org/show_bug.cgi?id=1549078

        This is what I am saying, and why Woody gets annoyed with AVG and other developers that want to fix you secretly and usually allow more telemetry. Put up a web page with the fix for admins to download.

        3 users thanked author for this post.
    • #1287592 Reply

      Alex5723
      AskWoody Plus

      Why is everything a secret behind our backs? Why isn’t there a download site to get these fixes on their sites?

      I got a notice in Firefox about this fix.
      But my add-ons were deleted !

      FFfix

      Attachments:
      2 users thanked author for this post.
      • #1288071 Reply

        rontpxz81
        Subscriber

        Turned Studies off- don’t want my extensions/add-ons deleted as you reported.  Possible Mozilla Studies fix worse than orinial problem.  Well, will have to use Chrome for extensions now.

        1 user thanked author for this post.
      • #1288913 Reply

        Pim
        AskWoody Plus

        Perhaps they are listed under Unsupported? (see your screen shot)

    • #1288412 Reply

      rontpxz81
      Subscriber

      According to Mozilla you have to leave Studies on for 6 hours- then many many users who have say it doesn’t work!

      Add-ons disabled or failing to install in Firefox

    • #1288625 Reply

      Alex5723
      AskWoody Plus

      Turned Studies off- don’t want my extensions/add-ons deleted as you reported.  Possible Mozilla Studies fix worse than orinial problem.  Well, will have to use Chrome for extensions now.

      I am using Portable Firefox Version 60.6.1esr (64-bit). There is no ‘Allow Firefox to install and run studies…’ and auto updates disabled , yet the xpi has been installed.

      1 user thanked author for this post.
    • #1289510 Reply

      Purg2
      Subscriber

      Being one of those that doesn’t trust google due to their hoovering up of everything on the internet, I’m not a big fan of chrome.

      Meanwhile this incident has given me the opportunity to try the Brave browser which is said to have decent built-in security features that include adblocking.

      After downloading a portable version at github I’m using it as I type this post.  Went through the settings & made some adjustments & so far so good.

      https://github.com/portapps/brave-portable/releases

      Hopefully add-ons are restored without too much delay.

      Win 8.1 Group B, Linux Dabbler

    • #1289573 Reply

      Tom in Az
      AskWoody Plus

      I’m using ESR 60.6.1 x64 and my extensions/add-ons all seem to be working as of this moment.

      1 user thanked author for this post.
    • #1290514 Reply

      JohnW
      AskWoody Plus

      Got the error this morning. Confirmed that it was on Mozilla’s end.

      Started Chrome, and then set it as my default browser. Up and running again, with browser extensions.

      Now patiently waiting for Mozilla to clean this up. 🙂

      …or maybe just the nudge I needed to make the switch to Chrome.

    • #1290626 Reply

      Geo
      AskWoody Plus

      My Adblocker Ultimate was disabled yesterday by firefox.  It’s up and running today with out me doing anything.  If you have an adblocker don’t delete it.  Let it run it’s course by itself as I did.

      2 users thanked author for this post.
    • #1291277 Reply

      Bluetrix
      AskWoody MVP

      I’ve rebooted FF several times since this occurred, I still have this showing.

      FFblock

      If it isn’t resolved soon I will do the “xpinstall.signatures.required to FALSE” edit.

       

      Edit: As of 4PM EST the “fix” xpinstall.signatures = false, hasn’t worked for me.

      Windows10 Home 1809 | Mint19 on VM

      Attachments:
      2 users thanked author for this post.
      • #1292144 Reply

        rick41
        Subscriber

        Same here on *one* of my three similarly-configured Win 7 pc’s with Firefox 60.6.1 esr.

        But on pc #2, the same add-ons were left enabled and in the “main” add-on page, but with a caution message added, e.g., “Adblock Plus – free ad blocker could not be verified for use with Firefox.  Proceed with caution.”

        On pc #3, everything is working normally with 60.6.1 esr and (mostly) the same add-ons .  There aren’t even any messages of any kind.  (Maybe it will just take awhile for symptoms to show, since this is the first time I’ve fired up #3 in 2 or 3 weeks?)

        Weird that the situation would be different between the three pc’s.  This is all without any kind of action of my part.

      • #1307478 Reply

        OscarCP
        AskWoody Plus

        I have FF installed on Windows 7, Linux Mint and a Mac (macOS 10.14 “Mojave”). Just checked (at half past midnight EDT and, so, already on May the 5th), and the widely used and very effective AdBlock Plus has been deactivated in all three systems’ versions. I’ve also checked if they are up to date: the three of them are.

        Not only has FF deactivated that ad blocker, but when I use the “find a similar add-on” feature in FF, what I get is a list of privacy-related add-ons, but nothing by way of alternative ad blockers. I find this omission quite interesting.

        I have disliked FF ever since it went “Quantum”, and this latest development only confirms and deepens this dislike. As a result, although I have FF installed on three different OS, I don’t use it in any of them (other than once a week or so, to make sure it stays up to date). I use regularly Waterfox and Chrome instead.

        • #1310466 Reply

          Pim
          AskWoody Plus

          What is your experience with Waterfox? I am not too happy with FF Quantum either. I had changed FF so much to  my liking, with various extensions, but I have lost almost all of that. Now I find myself sometimes spending many minutes trying to accomplish what I could have done in the old FF Australis in a couple of seconds. I have downloaded all of my old extensions with the intention of trying them in Waterfox, but the availability of time is the problem. That is also what I dislike about FF Quantum: over the years I have invested much time in making FF perfect for me, but with Quantum that investment has for the most part been destroyed.

          • #1327553 Reply

            OscarCP
            AskWoody Plus

            Pim, My experience with Waterfox has been excellent; I particularly like the privacy policy its developer has adopted from the very start. It is also reasonably free of bloat, user friendly and quick off the mark.

            But it all depends on what you do with a browser, I suppose. I use Waterfox, mostly, to visit regularly a few sites that are about interesting and, or useful things, such as Woody’s, to do Web searches for information and materials (mostly published technical articles) as part of the preliminary research I often need for my work; to either check or find out about things in Wikipedia, to read newspapers on line from here and a few other places around the world of special interest to me, to stream video from Netflix and Amazon, and for little else, really.

          • #1328130 Reply

            OscarCP
            AskWoody Plus

            I just updated FF on the Mac, where add-ons I want to use had been disabled and also blocked from reinstalling, then tried to download and install again Adblock Plus: it did not let me do it.

            Great going, FF!

    • #1293126 Reply

      Hopper15
      Subscriber

      My extensions are back.

      1 user thanked author for this post.
    • #1293148 Reply

      wdburt1
      AskWoody Plus

      The advice in the main post is to go to Firefox Preferences > Privacy & Security and allow Studies.

      I’m running Windows 7 and Firefox version 66.0.3, which is automatically updated, and I find no such place.  I do find this:

      Tools > Options > Privacy & Security > Firefox Data Collection and Use

      which has a check box to allow Studies.  I plan on un-checking that box as soon as this is over.  Apart from Firefox’s unusual use of this method to correct their screwup, the only argument I can see for allowing Firefox to study my machine is somehow, some day, it might benefit me, but that requires a level of trust in unaccountable organizations that I don’t have these days.

      Update: Firefox must have been waiting for me to check the box, because upon Exit and Re-Open, my add-ons are back.

      2 users thanked author for this post.
      • #1296168 Reply

        anonymous

        WOW, this is annoying! Central VA, USA. Was working fine this AM. Around 4 PM my Noscript and Kaspersky extension were disabled. Read the blurb and enabled Studies. Restarted Firefox 66 and so far nothing. Hope this clears up soon!!! Only run minimum scripts for individual website functionality which works fine for me. VERY ANNOYING!!!

        • #1303142 Reply

          anonymous

          OK, after waiting 4 – 5 hours, the correct hotfix and some other “study” finally installed as “active”. Still no Noscript or Kaspersky extension working, even after closing and reopening Firefox. NOT good… 🙁

          Grrr…..

    • #1294723 Reply

      Steve S.
      AskWoody Plus

      Add-ons disabled or failing to install in Firefox

      All but one of my extensions got disabled yesterday evening just as this whole mess started.  Some while ago I had created a policies.json file for Firefox that blocked studies as an administrative policy, so I renamed it policies.json.temp, then set studies to “on” in Firefox’s options page. Restarted Firefox. All 16 missing extensions were immediately up and running. Sooo glad I didn’t jump the gun and attempt to delete/reinstall my extensions…

      Next, turned off studies,renamed the policies file back to policies.json, restarted Firefox and viola, I’m good to go.

      Edit: as originally reported

      Win7 Pro x64 (Group B), Win10 Pro x64 1809, Linux Mint + a cat with 'tortitude'.

      1 user thanked author for this post.
      • #1308538 Reply

        Microfix
        Da Boss

        Good to read your add-ons are working 🙂
        Credit where credit is due, thanks for drawing this issue to our attention in your original topic Steve S, deserved better recognition IMO

        ********** Peng/Wins x86/x64 **********

        - µfix

        2 users thanked author for this post.
    • #1297225 Reply

      Sueska
      AskWoody Plus

      Addon issue appeared on almost all my devices using Firefox. (even for those not currently connected to the internet – didn’t see much point in fixing those).
      This evening, once I re-enabled the Privacy and Security Studies option, closed and re-opened firefox, the issue with addons was immediately fixed.  As “b” indicated in a post above, checking about:studies should show if the hotfix was applied. For those not wishing to leave the studies option enabled, you can re-disable the Privacy and Security Studies option immediately after the hotfix is applied. Those with the default Studies setting already enabled (checked), should hopefully mostly all be fixed soon.

      For my older ESR (unsupported) versions of Firefox that do not have a studies option, changing the setting in about:config from xpinstall.signatures = true to xpinstall.signatures = false worked for me.  However I view this as only a temporary fix. If a more permanent fix is not forthcoming, will upgrade Firefox.

      3 users thanked author for this post.
    • #1299691 Reply

      owburp
      AskWoody Plus

      Poster lukami on the ghacks site posted a direct link to the hotfix if your version of Firefox does not have any option for activating Studies.

      https://www.ghacks.net/2019/05/04/your-firefox-extensions-are-all-disabled-thats-a-bug/#comment-4410182

      If the hotfix has been installed and you’ve been waiting a long time for it to revive your addons, try this trick by Calchung:

      Add-ons disabled or failing to install in Firefox

    • #1307003 Reply

      Microfix
      Da Boss

      Well, with no user intervention whatsoever, all our FF extensions are back to normal 🙂
      Hotfix issued by Mozilla:

      ********** Peng/Wins x86/x64 **********

      - µfix

      2 users thanked author for this post.
      • #1308849 Reply

        AJNorth
        AskWoody Plus

        Thank you, Microfix — and all of the other contributors above; will now reset “xpinstall.signatures.required” back to true.

        Another day, another crisis resolved.

        EDIT:

        On the other hand…  It seems that some of the add-ons continue to have signing issues in FF 52.9 ESR, so will wait a little longer and then try again.

        To quote an old Steve Allen routine from a couple of lifetimes ago, “My doctor told me that I ought to consider getting a pre-frontal lobotomy.  After thinking about it for a minute, I told him that I would much rather have a free bottle in front of me.”

        • #1310249 Reply

          Pim
          AskWoody Plus

          The above hotfix (screenshot in Microfix’s post) does not work for ESR versions. Until a separate fix for ESR has been distributed (Mozilla is working on this) you will need to keep “xpinstall.signatures.required” set on False.

          2 users thanked author for this post.
          • #1310432 Reply

            Microfix
            Da Boss

            The above hotfix (screenshot in Microfix’s post) does not work for ESR versions. Until a separate fix for ESR has been distributed (Mozilla is working on this) you will need to keep “xpinstall.signatures.required” set on False.

            really!

            ********** Peng/Wins x86/x64 **********

            - µfix

            1 user thanked author for this post.
            Pim
            • #1312472 Reply

              Pim
              AskWoody Plus

              This is new. Yesterday I could only get my extensions working again changing the signing check in about:config, even though I could see that the fix was installed as an extension. Today it works with the signing setting on true. Mozilla has contradictory information. In a tweet they state that the fix should also work for ESR, but on their blog they state that the studies solution does not work for ESR. In my ESR 60.6.1 there is no Studies option under Options > Privacy & Security, but if I type about:studies it shows the fix.

      • #1321196 Reply

        anonymous

        Where are you exactly? Turned on “Studies” here around 4 PM EST on 5/4. Nothing whatever happened until ~ 11 PM when

        hotfix-reset-xpi-verification-timestamp-1548973 Complete
        This study sets app.update.lastUpdateTime.xpi-signature-verification to 1556945257 and
        This study sets dom.push.alwaysConnect to true.
        became “Active”.

        Around midnight, the hotfix became “Completed” while the prefflip is still active. Left the browser open overnight and a 10 AM EST nothing more has happened and the other hotfix hasn’t been loaded. This Mozilla blog stresses patience:

        Add-ons disabled or failing to install in Firefox

        Without Noscript running, Firefox 66 is essentially lacking in security and non-functional as many sites have popups which make reading content nigh impossible.

        This has to be a MAJOR hit to Firefox…, and they wonder why their browser share has dropped below 10%. Have ZERO interest in Chrome as I value my privacy. Grrr…

        Edit to remove HTML. Please us the “Text” tab in the entry box when you copy/paste.
        Content may not appear as user intended.

    • #1310069 Reply

      Alex5723
      AskWoody Plus

      For those who didn’t get the fix .xpi you can download and install (just drag & drop) from :

      https://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate%40mozilla.com-1.0.2-signed.xpi

      3 users thanked author for this post.
      • #1318527 Reply

        HiFlyer
        Subscriber

        For those who didn’t get the fix .xpi you can download and install (just drag & drop) from :

        https://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate%40mozilla.com-1.0.2-signed.xpi

        Worked for me when the “studies” didn’t.  But FF blocked my efforts at first..go figure.

        1 user thanked author for this post.
        • #1320288 Reply

          Bluetrix
          AskWoody MVP

          Worked for me when the “studies” didn’t. But FF blocked my efforts at first..go figure.

          This reaffirms all FF browsers are not set up alike. I experienced just the opposite. Having tried xpi=false, which failed after 6 hours to produce the desired results, I reluctantly enabled ‘studies’. That solution worked. I can’t say how long it took, but icons were back this morn. I disabled ‘studies’ and restarted FF, there is peace in my browsing once again.

          FF blocked the ‘hotfix’ download and was happy enough to alert me to what fine browser security I had. /sarcasm

          To be honest, I had forgotten what online life was like without an ad-blocker running.

          Windows10 Home 1809 | Mint19 on VM

          3 users thanked author for this post.
        • #1320395 Reply

          rontpxz81
          Subscriber

          One computer had Studies on by default and picked up the fix and all add-ons restored.

          2nd computer had Studies turned off by default, I turned it on and waited 12 hrs. and nothing happened- Firefox, or Google blocked the hot fix page, so I got it with Chrome and it worked.

          Deleting your extensions and re-installing them without the hot fix does nothing but make a lot of extra work.

          Lost all confidence in Mozilla- had to use Chrome to acces my extensions and passwords.

          Speaking of a lot of work, this website is so SLOW it takes way too long to use.

          1 user thanked author for this post.
    • #1310263 Reply

      Jim VS
      AskWoody Plus

      Well, now…”let me tell you a story about a man named Jed, a poor country fella barely kept his family fed…”

      Er, not so much. More like a chicken with it’s head cut-off when the sky begins to fall (AKA add-ons (security add-ons!) disappear!

      I shoulda read the entire postings before going into turtle mode (and then setting fire to all the grasses nearby).

      In searching for an answer to my missing add-ons, I followed the “help” from the Mozilla site, I deleted all of them (Ghostery, NoScript, Privacy Badger, HTTPS Ev, and Adblock Plus and then I came to Woody’s for insight. And read these posts.

      Sigh. Did the “studies” thing, then went back (I’d tried to re-download them all and been stopped twice); and decided to close and reset FF.

      An hour or so later I relit the fire and discovered I could now re-download and install said earlier miscreant add-ons.

      Thanks y’all for letting me understand just what happened. And next time, I’m gonna read everything y’all say first.

      Probably.

      jimzdoats

      1 user thanked author for this post.
      • #1312693 Reply

        AJNorth
        AskWoody Plus

        Thanks for the download link.

        Unfortunately, after installing the hotfix and resetting “xpinstall.signatures.required” to true, all the affected add-ons were again disabled.  Changing the setting back to false restored their functionality after a re-start (the hotfix has been removed).

    • #1311190 Reply

      Alex5723
      AskWoody Plus

      The above hotfix (screenshot in Microfix’s post) does not work for ESR versions.

      Yes, it did on my Portable 60.6.1esr

      2 users thanked author for this post.
      • #1311807 Reply

        Pim
        AskWoody Plus

        Strange… Mozilla officially states in their blog that it does not work for ESR. Perhaps it did work because you have a portable version. I have also read many posts on other sites stating that in ESR it did not work. I assume those were all installed versions of FF.

        Edit: now it works for me too. See my response to Microfix a bit higher than this post.

        • #1312709 Reply

          Microfix
          Da Boss

          Strange… Mozilla officially states in their blog that it does not work for ESR. Perhaps it did work because you have a portable version. I have also read many posts on other sites stating that in ESR it did not work. I assume those were all installed versions of FF.

          evidence of the aforementioned mozilla statement is where?

          ********** Peng/Wins x86/x64 **********

          - µfix

          • #1313396 Reply

            Pim
            AskWoody Plus

            See the links in this post

            From the blog: “Please note: The fix does not apply to Firefox ESR or Firefox for Android. We’re working on releasing a fix for both, and will provide updates here and on social media.” & “Clarified that the Studies fix applies only to Desktop users of Firefox distributed by Mozilla. Firefox ESR, Firefox for Android, and some versions of Firefox included with Linux distributions will require separate updates. (May 4, 12:03 EDT)”

            There also was a tweet stating that ESR was not yet covered.

            2 users thanked author for this post.
    • #1318716 Reply

      anonymous

      If like me you normally run Firefox (FF) in a Sandboxie sandbox you might be better not temporarily running FF outside a sandbox with the “studies” setting enabled to pick up the Mozilla fix, because you may find that after picking up the fix, FF does not work properly in a Sandboxie sandbox!

      I found that I could not go to sites stored as Bookmarks and I could not search using Startpage in either address or search bars. Basically FF was unusable in Sandboxie.

      I have now manually changed the “about:config > xpinstall.signatures.required” to false (as described in a #post-1289762 above) outside the Sandboxie sandbox and I can now use FF inside the sandbox again (where I’m typing this after reaching this site via its Bookmark).

      Before this unwelcome detour, before changing anything I had found that FF would run in the sandbox for a random time with extensions enabled before FF disabled them. However being in the sandbox it was simple to just close FF down so that the sandbox contents were deleted (how I configure Sandboxie) including the extension disabling, so that I could then restart FF in Sandboxie and the extensions would be enabled for a (different?) random time before the sequence needed to be repeated.

      HTH. Garbo.

      P.S. I now need to write myself a note to remind myself to switch xpinstall.signatures.required back to true again later 🙂

    • #1319638 Reply

      anonymous

      The explanation given by Mozilla (expiration of a cert) doesn’t make sense to me.
      Here’s my understanding of how signing works:
      I “sign” something by encrypting the document’s hash with my private key. Only I have that, so only I can perform that function. I can only do it during the life of the certificate – once it expires I’m no longer able to sign with it.
      You “validate” the signature by decrypting the encrypted hash with the public key embedded in my certificate. Anybody can do that, since the certificate and its embedded key are public. Then you compute your own hash of the document and compare the two hashes. It is a necessary capability of this process that the validation be available for many years after the certificate expires. For instance, it may be used to sign a loan agreement with a 40 year life.
      How does that process match up with Mozilla’s explanation? The expiration of a cert should only mean that it can no longer sign new addins. Its ability to validate already-signed addins should be unaffected.
      What am I missing?

      Edit to remove HTML. Please use the “Text” tab in the entry box when you copy/paste.

      2 users thanked author for this post.
      • #1331409 Reply

        anonymous

        This is a guess as to perhaps how Firefox works: Firefox could be verifying all the certificates in the chain backwards to the root certificate. Therefore the with intermediate certificate having been left to lapse this broke the chain of trust, causing this mass invalidation of add-ons.

    • #1323292 Reply

      barcud
      AskWoody Plus

      Had a problem – the Studies fix did not work for me.

      I turned Studies off and on, and ended up with te two relevant studies marked as Complete.

      A little oogling led me to https://bugzilla.mozilla.org/show_bug.cgi?id=1549017, and then a little reading gave the instructions on how to change extensions.json to replicate the Studies changes:

      Note Well
      Hotfixing prefs to work around this issue may leave your browser in a state that
      conflicts with fixes applied by patches Firefox developers apply to release, beta,
      nightly and ESR channels and could leave the browser in a unusable state.

      Full Procedure:
      1. Go to about:support in the URL bar.
      2. Open your profile directory.
      3. Open extensions.json in your preferred editor.
      4. Replace all “appDisabled”:true with “appDisabled”:false.
      5. Replace all “signedState”:-1 with “signedState”:2.
      6. Save the file.
      7. Restart Firefox.
      8. Go to about:addons in the URL bar.
      9. Disable then enable each addon to get it working again.

      It worked for me. (Kept a safe copy of the json file too!)

      3 users thanked author for this post.
      • #1323519 Reply

        PKCano
        Da Boss

        Thank you for doing that! 🙂 🙂

        1 user thanked author for this post.
      • #1325674 Reply

        anonymous

        That does the trick, but of course it’s absurd that we’re still having to jump through hoops to fix something Mozilla broke and still hasn’t repaired.

    • #1324665 Reply

      anonymous

      This is just absolutely infuriating to me.  Had the prob. Fri PM; Mozilla fixed it yesterday Sat.; turn on PC this morn Sun., got the problem back !!
      …..
      Here’s the *real* answer:  It’s called Vivaldi.

    • #1324774 Reply

      Demeter
      AskWoody Plus

      “Run studies” was checked by default; add-ons were restored. I don’t have more than a half dozen add-ons. Running FF 66.0.3, Win 7 Pro x64 SP1

      1 user thanked author for this post.
    • #1325266 Reply

      deuce120
      AskWoody Plus

      I also had the same problem on Windows 7 x64 running Firefox 66.0.3. Turned on Studies as suggested by numerous sites. Waited a few hours, got the hot-fix, restarted Firefox – no change. Rebooted – no changed. Tried a few suggestions – no joy. Backed up the profile, completely uninstalled Firefox and did a fresh install. I was then able to bring Firefox back to the way I wanted it. Installed the add-ons that I use and imported the bookmarks back. The biggest pain was configuring about:config the I wanted it to be – no autoplay, very little telemetry, a few other tweaks.

      Almost made the jump to Waterfox. It’s now installed as a backup.

    • #1326947 Reply

      JohnW
      AskWoody Plus

      I launched Firefox 66.0.3 today on Linux Mint, and all extensions appeared to be fine there.

      Unlike Firefox 66.0.3 on my Windows 10, which is still borked…

    • #1328730 Reply

      Speccy
      Subscriber

      Heads up: Firefox 66.0.4 (which includes a proper fix to the whole mess) is not available yet at
      https://www.mozilla.org/en-US/firefox/all/
      (as I write this, the release notes
      https://www.mozilla.org/en-US/firefox/66.0.4/releasenotes
      are still being prepared) but impatient users may already find it at
      https://ftp.mozilla.org/pub/firefox/releases/66.0.4/

      2 users thanked author for this post.
    • #1329704 Reply

      Steve
      AskWoody Plus

      Thank you to all the respondents here at AskWoody. This has effected both my OS’ v66.03 Firefox. (Windows® 7 and 8.1)

      Right now, I’m out-&-about on 8.1. When I return to the domicile, then I will implement the signature.required tweak on 7 [temporarily].

      Important links you can use, without all the fluff or sales pitch = https://v.gd/sdr28
    • #1330960 Reply

      anonymous

      After never getting the final bug hotfix, just checked for 66.0.4 in options under updates. hit the button. 25 hours later my extensions are back. Mozilla better not have another snafu like this or their market share will shrink to Safari-size…

    • #1331809 Reply

      JohnW
      AskWoody Plus

      Firefox 66.0.4 is available now, but I’m not even gonna bother for a couple more days.

      My backup browser is in play now, without any issues. 🙂

      So there is no way I’ll install a “hurry-up” rushed partial patch. I’ll just wait for the dust to settle, and a complete and fully tested fix is posted.

    • #1335115 Reply

      Steve S.
      AskWoody Plus

      Just got notification from Firefox and updated to 66.0.4.  All working fine as far as I can tell.

      Win7 Pro x64 (Group B), Win10 Pro x64 1809, Linux Mint + a cat with 'tortitude'.

    • #1337366 Reply

      anonymous

      Reflection from Brinkmann with comments: https://www.ghacks.net/2019/05/05/what-mozilla-needs-to-do-now-after-cert-add-on-disabling-disaster/

      1 user thanked author for this post.
    • #1353531 Reply

      lmacri
      Subscriber

      FF v66.0.4 and FF ESR v60.6.2 have been released to fix this bug, but has anyone heard about the status of an official fix for Firefox ESR v52.9.0 (the unsupported legacy version for Win XP and Vista)?  The “normal” routes for delivering a bug fix can’t be used (FF ESR v52.9.0 does not have a Shield Studies features and Help | About | Check for Updates reports “You cannot perform further updates on this system“) but I’m hoping Mozilla will eventually post a hotfix or revised ESR v52.9.0 installer on their FTP site at https://archive.mozilla.org/pub/firefox/releases/ that Win XP and Vista users can download and install manually for a permanent fix.

      In the mean time the workaround suggested <here> by Pim to enter my configuration settings at about:config and change xpinstall.signatures.required to FALSE still seems to be working – my extensions are currently enabled and functioning normally.
      ————
      32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0

      • #1379450 Reply

        anonymous

        Have an XP workstation with 52.9.0 as well which I haven’t booted up since this fiasco. So you are saying that Mozilla did something to screw up old-style extension on this old ESR version too?!

        • #1397661 Reply

          lmacri
          Subscriber

          That depends on your definition of “old-style”.

          All extensions currently posted on Mozilla’s official AMO store at https://addons.mozilla.org/en-US/firefox/ were developed with the new WebExtensions API.  Many of these extensions are still compatible with FF ESR v52.9.0 [e.g., my Adbolck Plus v3.5.2 (rel. 19-Apr-2019) at https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/] and were disabled by this bug.  The workaround posted by Pim <here> to change the value for xpinstall.signatures.required to false in your advanced configuration settings (about:config) will re-enable those extensions, but you will see the warning “<extension name> could not be verified for use in Firefox.  Proceed with caution.“ when you open the Add-on Manager at Tools | Add-ons | Extensions.

          If you still have one of the old legacy extensions released prior to November 2017 (i.e., developed with XUL/XPCOM or the Add-on SDK that cannot be installed in FF 57 or higher) like Mozilla Archive Format and Add-on Compatibility Reporter that are no longer available on Mozilla’s official AMO then those old legacy extensions were not affected.
          ————-
          32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0

    • #1360601 Reply

      OscarCP
      AskWoody Plus

      I have had FF 66.0.4 since yesterday and no, I still don’t have Adblock Plus back. Worse, when I tried to install it from FF, I get a “the connection failed” message from FF.

      Same when I tried getting a different add blocker.

      So it is starting to look to me, at this point, as if the FF people are very determined not to allow add blockers in FF, without coming up and saying so. I wonder why.

      Anyone else has got this or some other add blocker back when installing 66.0.4, or have a different take on this?

      1 user thanked author for this post.
      • #1360900 Reply

        Microfix
        Da Boss

        @oscarcp did you remove the temporary hotfix in the addons section of firefox?
        If you haven’t remove it and restart FF.

        ********** Peng/Wins x86/x64 **********

        - µfix

      • #1361052 Reply

        Fred
        Subscriber

        I have had FF 66.0.4 since yesterday and no, I still don’t have Adblock Plus back. Worse, when I tried to install it from FF, I get a “the connection failed” message from FF.

        Same when I tried getting a different add blocker.

        So it is starting to look to me, at this point, as if the FF people are very determined not to allow add blockers in FF, without coming up and saying so. I wonder why.

        Anyone else has got this or some other add blocker back when installing 66.0.4, or have a different take on this?

        Tried uBlock Origin already? No problems here with any addon

        • #1362023 Reply

          OscarCP
          AskWoody Plus

          In answer to Microfix: I never applied the hotfix, because I have other browsers that I use, so I decided to wait for the problem to be resolved, as it seems to have been, for other people, at least.

          To Fred: Yes, that was another blocker that FF did not install, with the same message of the connection having failed.

          To PKCano: You are quite right, that was an assumption, as it is clear from the text (“as if)”, not a statement of fact.

          I am glad that the add blockers are back and working for the three of you. They are really good for making life better, and opening some Web pages faster.

      • #1361286 Reply

        PKCano
        Da Boss

        So it is starting to look to me, at this point, as if the FF people are very determined not to allow add blockers in FF, without coming up and saying so. I wonder why.

        I think that’s an assumption.
        I’m running AdBlock Plus and Disconnect in all my FF 66.0.4 and have had no problems. I updated the add-ons this morning.

    • #1361911 Reply

      EP
      AskWoody_MVP

      what an embarassing “bad cert” bug Mozilla had to fix this weekend for Firefox.
      the Firefox 67 betas were also affected as well, addons like ublock origin & noscript were suddenly disabled in the FF67 beta I had on some of my PCs – had to download and install the newest FF67 beta (b17) to get the problem fixed and re-install those addons that were suddenly blocked.

      also noted in the Noscript forum about Firefox suddenly deactivating Noscript:
      https://forums.informaction.com/viewtopic.php?p=100053#p100053

      1 user thanked author for this post.
    • #1370912 Reply

      OscarCP
      AskWoody Plus

      Well… this is past weird: I had install 66.0.4 yesterday, and that did not brought back, as already explained, Adblock Plus and also did not let me re-install it or install other add blockers.

      But just minutes ago, I got notice from FF that there was a new update waiting to be installed.

      I decided to humor Mozilla and bite, so to speak. And what do you know? The new update installed, and it was… 66.0.4!!! And the ad blocker is back!!!

      If anyone understands what happened here, please, let me know.

       

      1 user thanked author for this post.
      • #1388541 Reply

        anonymous

        Hello Oscar, we have chatted in the past. I have seen similar with this recent “Firefox Fiasco” of trying a fix this issue or even using the newest version of ESR and it didn’t correct the issue. Then, maybe a try 2nd time later and it is fixed. Sounds like your install did not fully take. But why not? How can 66.0.4 be installed then update itself again? Like you said, weird.

        Firefox has NOT been very forthcoming in transparency of WHY this happened and being curmudgeons like Woody, we need to ask Mozilla “why not”.

        Turn on your menu if it is off, I think it’s in the top left, or maybe a “right click” on the empty top banner, or find customize, or the ALT key will show it. However you get it on, go to Help – Submit feedback and let them know how you feel.

        For the FTP site to manually get firefox see: https://ftp.mozilla.org/pub/firefox/releases/66.0.4/

        For those tired of the rapid pace of a new Firefox every 5 minutes, look into the Extended releases called ESR. https://ftp.mozilla.org/pub/firefox/releases/60.6.2esr/

        Hope this helps someone.

        1 user thanked author for this post.
      • #1431897 Reply

        anonymous

        Hello Oscar, You mentioned that you installed 66.0.4 yet it didn’t fix the issue then a few minutes later it had an update, seemingly to 66.0.4. Could you look again at the version. The reason is a new 66.0.5 has come out for dealing with failure issues with the cert fix 66.0.4 had. If you do have 66.0.4, then check for updates or go to the below and get the newer one. Let us know what happens.

        For GTP here is the Bug report FYI.
        66.0.4 isn’t applying the intermediate certificate for some users (throwing with SEC_ERROR_TOKEN_NOT_LOGGED_IN, possibly antivirus or master password related)
        https://bugzilla.mozilla.org/show_bug.cgi?id=1549249

        For all, https://ftp.mozilla.org/pub/firefox/releases/66.0.5/

        Do not see 60.6.3 ESR yet but it will probably appear soon.
        https://ftp.mozilla.org/pub/firefox/releases

        1 user thanked author for this post.
        • #1465354 Reply

          Lori
          AskWoody Plus

          I’ve only been using Firefox since January. I didn’t get the problems as early as others did.

          I applied the fix using the scientific studies, which returned my add ins to functionality several hours later. When I installed the Update 66.0.4, which I thought was a permanent fix; the version updated but said it was unable to install the patch. Is Update 66.0.5 supposed to fix the systems that 66.0.4 did not fix? When is it ok to turn off the scientific studies?

          Also, the password I made for my Firefox account doesn’t work. Does this have anything to do with this current problem? I was going to re-set it; but got a warning that the re-set would lose my bookmarks, add ins, settings, etc. Is this so? Thanks!

          • #1475825 Reply

            anonymous

            Hi Lori:

            Yes, FF v66.0.5 fixes a glitch in v66.0.4 that prevented users with master passwords to install the bug fix.  See the release notes for FF v66.0.5 for further details.

            Once you have updated to FF v66.0.5 (see the support article Update Firefox to the Latest Release for running a manual update check) then it will safe to disable the Shield Studies feature again. Shield Studies should only be enabled for users who want to participate in beta-testing of upcoming Firefox features.  As JohnW just noted in reply #1474822, Mozilla’s official blog post Add-ons Disabled or Failing to Install in Firefox was updated yesterday and now states “Users who enabled Studies to receive the temporary fix, and have updated to the permanent fix, can now disable Studies if they desire.”

            I don’t use the built-in Firefox Password Manager or Firefox Sync feature so I don’t have a master password set up in Firefox, but please see the section titled Master Password in the Mozilla support article Add-ons Disabled or Fail to Install on Firefox.  As far as I know users who install the FF v66.0.5 or FF ESR v60.0.3 updates should not be required to enter or reset their master password. If you are using Firefox Sync to share data like bookmarks, history, add-ons and passwords across multiple devices then my understanding is that, yes, this data could be erased when you reset your master password if you didn’t create a recovery key (see the support article Reset Your Firefox Account Password with Recovery Keys).  If the problem persists after you update to FF v66.0.5 the support article Firefox Sync Troubleshooting and Tips has some hints on fixing incorrect name or password errors that might not require a full reset of your master password.
            ————-
            32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0

            1 user thanked author for this post.
            • #1498023 Reply

              Lori
              AskWoody Plus

              Hi anonymous,
              I can’t thank you enough for your help! And the many links, which I’ve bookmarked. When Yahoo d/c email access with IE 11 this past January (Yes, I know I shouldn’t use IE); I put Firefox on one computer and Chrome on the other to see which I liked better. I was leaning towards Firefox as it allows ad-blocking, seems more private and customizable, and doesn’t auto-update. (Thus, the question on when I can ditch scientific studies.) Chrome seems to boost my CPU a lot. But, it’s been a learning curve!

              I don’t know what to make of this recent “mess.” But, I think I could eventually move to Firefox, away from IE. I’ll miss my tool bars, SmartPrint, and I like IE’s format for bookmarks and printing better. I need a “works like IE 11” add in.

              I don’t use the Firefox Password Manager; but I set up a Firefox account for the Sync feature, in case I wanted Firefox on my other pc and Android tablet. I did a backup of the bookmarks and my Profile. I didn’t know about creating a recovery key. So, if I can’t get in to the account, and before I get more invested in Firefox, I’ll make a key.

    • #1381222 Reply

      GoneToPlaid
      AskWoody Plus

      Hi everyone,

      I am still trying to figure out why I wasn’t affected by this issue. I am running FF 56.0.2. The only things in my config which stand out to me are:

      — Under Options >> General >> Firefox Updates, I have “Never check for updates (not recommended)” checked.

      — Under Options >> Privacy and Security, I have “Query OCSP responder servers to confirm the current validity of certificates” checked.

      I run FF several times every single day, and did so throughout this time period, yet I didn’t get hit with this issue. All of my plugins and extensions work fine.

      • #1382533 Reply

        AusJohn
        AskWoody Plus

        You were lucky.

        I have the same setup – FF 56.0.2 with those two options checked, and I was affected.

        Maybe there’s something else in your options, different to mine, that saved you and allowed me to be hit.

        • #1385199 Reply

          GoneToPlaid
          AskWoody Plus

          Here are some possible config settings in my FF 56.0.2 which might have somehow prevented me from being affected:

          app.shield.optoutstudies.enabled is set to false
          app.update.auto is set to false
          app.update.enabled is set to false
          browser.cache.frecency_experiment is set to -1
          browser.cache.frecency_half_life_hours is set to 1
          experiments.activeExperiment is set to false
          experiments.enabled is set to false
          experiments.supported is set to false
          toolkit.telemetry.archive.enabled is set to false

          The two likely config settings are highlighted in bold, above. After a bit of Googling, here is what I came up with (edited for readability):

          App.update.auto
          Background: This preference turns on app.update.mode and allows automatic download and install to take place.
          Possible values and their effects:
          false: ask the user what he wants to do when an update is available.
          true (default): download and install updates automatically, possibly with a warning if incompatible extensions are installed (see app.update.mode).

          App.update.enabled
          Background: This preference determines whether the application will auto-update.
          Possible values and their effects:
          true: Auto-update the application. (Default)
          false: Do not auto-update.
          UI: Firefox.
          Also controlled by: Tools -> Options -> Advanced -> Update -> Automatically check for updates to: -> Firefox

          As you can see from the above, since I have App.update.auto set to false, this apparently disabled checking for whether or not any installed extensions are incompatible. I also have a feeling that App.update.enabled, while not mentioning that it might potentially check whether or not all installed extensions and plugins are compatible, possibly might actually do so. The upshot is that I think that both of these settings, which I had set to false, is what prevented me from being hit by this intermediate expired certificate fiasco.

          • #1386132 Reply

            OscarCP
            AskWoody Plus

            GTP and AusJohn, You two stopped installing new versions of FF after it turned Quantum in version 57. How come you are still getting updates that, I thought, were meant for version 66, the object of this thread and, furthermore, you still have version 56 in your PCs after the update? I don’t doubt for a moment the veracity of your written words, but something in them does not quite fit in my mental scheme of how things are supposed to work. Please, enlighten me, if you’d be so kind.

            • #1386545 Reply

              Kirsty
              Da Boss

              GTP and AusJohn, You two stopped installing new versions of FF after it turned Quantum in version 57. How come you are still getting updates

              I might be going cross-eyed at this hour of the day, but I don’t see them say they are getting updates. I read that they were discussing being affected by the issue… Forgive me if I’ve have read what they said incorrectly, but I am apparently not reading what you are.
              🙂

            • #1386944 Reply

              OscarCP
              AskWoody Plus

              Kirsty, I read it that way, because I have this notion that the problem came with one update and was fixed with another. QED

              Or not? You tell me.

            • #1388296 Reply

              Kirsty
              Da Boss

              As has been mentioned several times, the issues was the result of a certificate expiry. I have not seen any suggestion it was caused by an update.

              The issue can only be resolved on Mozilla’s end. The organization needs to renew the certificate or create a new one to resolve the issue. I’d expect Mozilla to do that soon as the issue is widespread and affecting lots of Firefox users.

              @martinbrinkmann‘s blog linked in that post, above, confirms that it was certificate related, and does not mention it being CAUSED by an update. However, it is being addressed by an update…

              Further, from said blog:

              All Firefox extensions need to be signed since Firefox 48 and Firefox ESR 52. Firefox will block the installation of extensions with invalid certificates (or none), and that is causing the issue on user systems.

              2 users thanked author for this post.
            • #1387392 Reply

              AusJohn
              AskWoody Plus

              You’re quite correct Kirsty, in my case at least. I’m not getting updates.

              1 user thanked author for this post.
            • #1389349 Reply

              OscarCP
              AskWoody Plus

              Well, not an update, but, somehow, Mozilla got into a browser that was not being updated and changed something in it so the applications with bad certificates (or whatever) were deselected in the browser? Sneaky Mozilla!

              But, wait! Is that not an update? Even if it is not one the user willingly installed by his/her own hand? And then a second update the user saw coming and decided to apply changed things again, this time for the better? So: there were no updates but there were two updates? See: that is my problem.

              But I am starting to perceive that this is not just very confusing, but also way above my pay grade, most likely. Glad, all the same, that you got your problem sorted out. Somehow.

            • #1390750 Reply

              Kirsty
              Da Boss

              Is that not an update?

              No, it’s not a software update. It’s the method it checks the certificates used in the add-ons…

              2 users thanked author for this post.
            • #1399601 Reply

              JohnW
              AskWoody Plus

              Well not a sneaky update if the code to check certificates has always been in the browser.

              The function would probably work something like this in pseudo:

              Browser startup

              Check certificates

              Certificates expired?

              Yes

              Disable extensions

              No

              Continue normal startup with extensions enabled

            • #1404103 Reply

              GoneToPlaid
              AskWoody Plus

              In my FF 56.0.2 options and settings…

              — Before Quantum was released, I had configured FF to check for updates but not to automatically install them.

              — After Quantum was released, I additionally configured FF 56 to never check for updates.

              I think that these settings are the same as the two config settings which I highlighted in bold in my previous post. The upshot is that I had FF configured to never check for any kind of updates, and that I had further configured FF via config settings to not participate in any of Mozilla’s testing programs.

              1 user thanked author for this post.
          • #1387623 Reply

            AusJohn
            AskWoody Plus

            On my machine, the most likely FF 56.0.2 settings you mentioned as contributing to your ‘safety’:

            app.shield.optoutstudies.enabled is set to false
            app.update.auto is set to false
            app.update.enabled is set to false

            So maybe it’s one (or more) of the other settings mentioned, but I haven’t had time to check them.

          • #1388374 Reply

            AusJohn
            AskWoody Plus

            Sorry for the break; here’s the remainder of the Preferences that you mentioned, with my settings – for what it’s worth:

            browser.cache.frecency_experiment is set to 3
            browser.cache.frecency_half_life_hours is set to 6
            experiments.activeExperiment is set to false
            experiments.enabled is set to true
            experiments.supported is set to true
            toolkit.telemetry.archive.enabled is set to false

            I’m out of my depth here, so am not able to make any comment about the likelihood or otherwise of the differences being the reason that I was affected, but you weren’t.

      • #1388999 Reply

        anonymous

        Hello GoneToPlaid, I too was not affected. FF52ESR

        I do not have ANY auto updating turned on for Firefox nor its Add-ons. My theory is when one opens Add-ons, or checks for updates it looks to see what it has and checks the certificate, then bang, it happens. Just my thought.

        But, I do have the add-on reporter installed, maybe that was it.
        https://blog.mozilla.org/addons/2016/09/07/help-make-add-ons-multiprocess-compatible-with-add-on-compatibility-reporter/ – It is gone now from Mozilla’s site.

        Further, I did not ever open my add-on section to look and as mentioned above, updates are not sought, I was a “non seeker”.

        Even today, still no issues.

        • #1404958 Reply

          GoneToPlaid
          AskWoody Plus

          Hello GoneToPlaid, I too was not affected. FF52ESR

          I do not have ANY auto updating turned on for Firefox nor its Add-ons. My theory is when one opens Add-ons, or checks for updates it looks to see what it has and checks the certificate, then bang, it happens. Just my thought.

          But, I do have the add-on reporter installed, maybe that was it.
          https://blog.mozilla.org/addons/2016/09/07/help-make-add-ons-multiprocess-compatible-with-add-on-compatibility-reporter/ – It is gone now from Mozilla’s site.

          Further, I did not ever open my add-on section to look and as mentioned above, updates are not sought, I was a “non seeker”.

          Even today, still no issues.

          Yeah, I think that you are right.

          • #1407371 Reply

            OscarCP
            AskWoody Plus

            GTP, I thank you too, for the same reason. I was hoping you were going to explain this, as you are usually wont to do and are good at, rather than to correct, as others are and you are not — and as corrections when I am looking for explanations tend to leave me unenlightened.

            However, you have only answered one half of my question: So, OK, first half-answer goes something like this, in my own interpretation: FF is built to turn off application software with expired certificates, and to do it all by itself, unless the user is savvy to it and knows how to turn that off by digging shoulder deep into the browser.

            But the other half of said question is this: how did it get fixed? Because, according to many accounts here, this happened only after people updated to version 66.0.4. So: for most people, it took updating FF to fix this issue. You also had this problem, but I have not seen (maybe I missed) the command to turn that off in what you have shown here and, nevertheless, did not update FF, because, I assume, you are still are using version 56.

            So: what gives?

            • #1410489 Reply

              Kirsty
              Da Boss

              FF is built to turn off application software with expired certificates

              “turn off” – disable
              “application software” – browser add-ons/plugins/extensions
              🙂

            • #1445232 Reply

              GoneToPlaid
              AskWoody Plus

              Hi Oscar,

              I explained that I was not hit with this problem. Then I theorized that since I had all checking for updates turned off in FF 56.0.2, that this might be why I wasn’t hit with this problem.

              Best regards,

              –GTP

               

              2 users thanked author for this post.
            • #1458395 Reply

              OscarCP
              AskWoody Plus

              GTP: Thanks! Mystery solved: there was never a mystery!

              I missed your point completely.

          • #1555717 Reply

            anonymous

            Hi GTP, I hope your Firefox is still OK. Just wanted to say even now after days, I have not had any issue. It must had been either that Mozilla compatibility reporter or the fact that I have all updating turned OFF in Firefox. Maybe without the update seek, it does not see the expired Cert? If so then this is another win for Woody in the “Turn automatic Updating off” realm and I bet Canadian Tech is laughing too, since he has stopped Windows updating for about 2 years now and has not had any issues.

    • #1386176 Reply

      Jim VS
      AskWoody Plus

      As a semi- ignorant user of FF (Win7) I am outraged that Moz managed to eff this up. But then, I’m also outraged by most things in today’s world. Incompetency seems to be a very low hurdle for many, many companies. Given the vitriol about the current FF management I can understand their scurrying around to try and fix things in an invisible way.

      Not approving, just understanding.

      If you want to toss FF over this – good for you. If, like me you are not hunting for a new browser then that is another story.

      Offering a dozen or so alternatives is a fine thing for discussion. I’ve rarely noted people trying to front for  Win 10 as a solution to a Win 7 problem…unless they’ve already done so.

      Mostly just a lot of folks trying to offer a change by the many FF spinoffs.

      Most (and I am one of them) don’t want to change from FF unless someone comes along with a replacement that only requires a log-out from FF, and a sign-up for The New Fartfox!

      We are casual users, many who have learned enough to fiddle and prang things in order to keep our digital lives in synch with our own, real lives.

      I’m still doing W7 updates per Woody’s, although I did it the hard way before that became available.  On top of that, I’ve been fighting my way through updates since W 3.0…although I did have an Atari rig that kept my games alive while Bill was effing things up until he made a useful PC interface available for the masses.

      Skipping who exactly was responsible for that, I’ve been using Windows since. Further skipping the war of Windows vs. everything else, I’m extremely unhappy with the next bloviation that requires ownership by Winders of the users.

      So, let’s consider the alternative for semi-capable Win7 & users and think about how to move into the next opportunity for simple Web access for the routing access to the (dare I say) Net that comes along with some relatively safe data controls.

      In other words, at the age of 65 I don’t want to be required to learn an entire new system of [edited for language] just in order to go online and check my favorite sites/posts/woody.

      If anyone finds that to be a problem, then the problem is fair game for consideration…of facts, data and relevant discussion. If that requires further discussion, well then you know how to start it.

      jimzdoats

      2 users thanked author for this post.
    • #1389139 Reply

      Alex5723
      AskWoody Plus

      Mozilla just slipped behind our back Baidu search (about:support – Firefox Features) into every Firefox version regardless of location.

      https://bugzilla.mozilla.org/show_bug.cgi?id=1541316

      p.s I just downloaded Firefox portable 60.6.2esr. No Baidu search.

      1 user thanked author for this post.
      • #1406845 Reply

        OscarCP
        AskWoody Plus

        Even back in the day, when FF was the go-to browser of the more enlightened users (i.e., people that did not like Internet Explorer), it did something like that (earning for itself my eternal dislike). It did bring along, in every download for installation from the FF site, a translation service called “Babel” (named after the famous Tower of,  or maybe the “Babel fish” of Hitchiker’s fame) that hijacked the user-chosen home page and put its own in place. It could be disabled by digging through the “About:” commands in the URL field, for those that knew that such thing could be done and how, that was not most of the users on foot like I was at the time. And, even in the face of constant and often irate protests by users (including four-letter word irate) in Mozilla/FF forums, they kept bringing on “Babel” for several years. While brazenly denying that they were doing such a thing. In your face, FF users! seemed to be the general attitude of the FF developers and people in charge. And I am getting now the general impression that it still is.

        • #1478846 Reply

          anonymous

          Oscar, you have a good post there and I do remember the Babel addon. I would like to say from my remembering of the situation that it was not the actual Mozilla site that had that program but the other download sites of the world that bundled it with the Firefox download.

          This is one of the reasons “signed addons” were introduced in Firefox 48.

          If I am wrong with my remembering then please correct me and give more examples. Almost all of my downloading of Firefox is done with the FTP site and only the file is there without bundling.

          https://ftp.mozilla.org/pub/firefox/releases/

          Thank you Oscar.

          1 user thanked author for this post.
          b
      • #1478385 Reply

        anonymous

        Alex you will not like this.

        comment 62
        https://bugzilla.mozilla.org/show_bug.cgi?id=1549604
        “So Baidu Search Update prevent this hotfix (and all other system add-ons) from installing.”

        They are working on it.

        1 user thanked author for this post.
    • #1390376 Reply

      Jim VS
      AskWoody Plus

      Oh my! Can somebody please, please, let us regular users know what this all means?  I don’t even know what Baidu (yes, I’ve heard the term) means when it comes to actually using a current version of FF. Even more so, what does this have to do with the [mess] that FF made with it’s current versions regarding (expired) signed certs?

      Please.

      jimzdoats

      1 user thanked author for this post.
    • #1402832 Reply

      johnf
      Subscriber

      I apologize if this is political…however, I’ve heard the following.

      Firefox and Google have had an issue with Gab’s Dissenter (the add on that allows you to comment on sites that either censor or disable comments). Both Firefox and Google took the app off their app stores, and disabled new installs of the app.

      In response, Gab offered instructions on how to manually install the app on Firefox. As a response, Firefox disabled Dissenter in their new updates. They also came up with a new security policy that prohibited closed source code for extensions, which is the more likely reason (vs the cert) that the older extensions (many of which aren’t actively supported) are broken. All of this seemed to happen around the same time, which is suspicious.

      What browser you use is your choice, and I don’t have an issue with Firefox trying to make their browser more secure. However, the rush to do this has pretty much soured me on Mozilla, and I’m using alternative Browsers (Brave, Vivaldi, Chrominum, Pale Moon and Waterfox), where the developers so far are much more friendly than Mozilla has been lately.

      If Mozilla cares more about politics than putting out a good browser, then I have no time for them. Firefox has gotten worst over time, IMO…it was great because of the extensions, not because of it being bloated and crashing.

      4 users thanked author for this post.
      • #1406123 Reply

        anonymous

        Johnf that is a good observation you have. If you find any evidence it would be good to post the sites referencing that here. I was a Firefox Beta tester for 10 years. I finally got tired of the seeming lack of caring of the end user and the new path they were taking. I did see feedback (from Help-Submit Feedback) in some bug reports but one had to complain loudly. Your comment, “Firefox has gotten worst over time, IMO…” is the way I feel. It seems in recent years that developers are all children and are only at Mozilla about a year. These Children Programmers don’t have a strong background in programming and t