Many Firefox browser addons just suddenly stopped working due to the expiration of a signing certificate

It's looking like a major outage.

Tired of censorship and surveillance?

Defend free speech and individual liberty online. Push back against Big Tech and media gatekeepers. Subscribe to Reclaim The Net.

Firefox users are left frustrated this evening when a bug meant that almost all of their browser add-ons were disabled, including popular extensions such as LastPass, Ghostery, Dark Mode, uBlock Origin, Greasemonkey, NoScript, and many more.

Instead users were left with the following message for each extension: “…could not be verified for use in Firefox and has been disabled”

The bug, that’s still ongoing, it most likely an error involving the expiration of an intermediate signing certificate, as the errors appeared to start kicking in as it became midnight in the GMT time zone.

While it’s down to negligence on Mozilla’s part, Firefox wouldn’t do something like this on purpose, as some have speculated, after reading that Firefox plans to prevent some addons working next month if they contain obfuscated code. This is a genuine bug and was unintended.

Since Firefox 48 and Firefox ESR 52, Firefox extensions need to be signed. Firefox will block the installation of extensions with invalid certificates (or no certificates), and that is causing the widespread issue on user systems.

Other than switching to an alternative browser until it’s fixed, here are some temporary fixes we’ve tested that may work in your instance:

  1. Set the system clock back 24 hours. This has been tested on some installations of Firefox on Windows and Linux but doesn’t appear to work in all instances, based on our limited testing. The idea is to set your computer’s clock back to the time before the certificate was set to expire.
  2. Turn off the requirement for signatures to be signed. Based on our testing, this one works best on Linux. For Windows users, it will most likely only work if you’re using the ESR, Nightly or Developer builds of Firefox. Type: about:config in the address bar and hit enter. Set the option xpinstall.signatures.required to false. Once Mozilla corrects this issue, it’s important to turn put the setting back to true to maintain longterm security.
  3. Side-load the extensions in debugging mode. This fix is longer, and is more for experienced users but will most likely work for everyone. In your address bar enter: about:debugging and check the box “enable add-on debugging”. Go to your Profile folder to find the xpi files for your installed add-ons. (Alternatively you can go to website of the extension and download the extension manually to get access to the xpi file.) On the debugging page, click Load Temporary Add-on and select the xpi file of the extension you want to install. When you close the Firefox browser, this process will most likely need to be done again so it’s a good idea to leave your browser open after loading on the extensions you want to use manually.

Update: Mozilla product manager Kevin Needham supplied us with this statement at around 12 noon Eastern time on May 4th 2019:

Late on Friday May 3rd, we became aware of an issue with Firefox that prevented existing and new add-ons from running or being installed. We are very sorry for the inconvenience caused to people who use Firefox.

Our team has identified and rolled-out a fix for all Firefox Desktop users on Release, Beta and Nightly. The fix will be automatically applied in the background within the next few hours.

Until then, many users are likely to be better off using an alternative browser such as Chrome, Chromium, PaleMoon or Brave until it’s fixed. (*Full disclosure: Brave is a partner of Reclaim The Net).

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net.

Tired of censorship and surveillance?

Defend free speech and individual liberty online. Push back against Big Tech and media gatekeepers. Subscribe to Reclaim The Net.

Read more