Today, many popular add-ons for Firefox have stopped working due to certificate issues.
Hello, dear habrovchane!
I just want to warn you that this is my first publication, so I ask you to immediately notify about all the problems I noticed, typos and so on.
In the morning, as usual, I turned on the laptop and began to slowly surf in my favorite Firefox (release 66.0.3 x64). Suddenly, the morning stopped being languid - in one non-red moment a message popped up saying that some add-ons could not be checked and were turned off. "Wonderful!" I thought, and climbed into the add-on control panel.
')
And ... what I saw there, I was somewhat shocked, as it were, softer to say. Disabled all addons. HTTPS Everywhere, NoScript, uBlock Origin, FVD SpeedDial and a few more addons that have worked without problems have been marked as outdated.
The first reaction was, oddly enough, the thought a la housewife: "Virus!". However, common sense took over, and first of all I tried to restart the browser. Useless. I tried to reinstall add-ons - got a concise “Download failed. Please check your connection ”from the add-ons manager when trying to install at least something. “Aha!” I said to myself and realized that the problem was apparently not mine .
Having contacted colleagues, I learned that they have the same problems with the browser. Fast googling gave out a fresh bug report in Bugzilla , a small thread on Reddit and just such news . As it turned out, today (May 4, 2019) extensions that did not receive verification from Mozilla according to their new rules , which were supposed to be introduced from June, stopped working as “unsigned”. As it turned out, there were problems with the certificate on the side of Mozilla, which signed the extension, it expired.
What caused such a massive failure - some kind of bug on the side of Mozilla, or the decision to "proactively" block popular add-ons to force their re-verification by the updated rules - is unclear. It is clear that this problem will affect a huge number of users - after all, Firefox is appreciated, first of all, for add-ons, so it’s not clear what the consequences of this crash will be. But let us leave these thoughts to analysts and divan experts, and I, as a dedicated user, are primarily interested in when my additions are repaired. There is no answer to this question yet; I hope this happens as soon as possible. While the problem is in the status of "confirmed", but not fixed.
So far, a transition to “nightly” assemblies is offered as a crutch, where you can turn off add-on checking or some user profile manipulations (personally, unfortunately, did not help me).
Thanks to all who read for your attention!
UPD : All users of the browser add-ons were blocked due to the expiration of the certificate used to generate digital signatures. As a workaround for renewing access to add-ons for Linux users, you can disable digital signature verification by setting the xpinstall.signatures.required variable to about: config to “false”. This method for stable and beta releases only works on Linux, for Windows and macOS, such manipulation is possible only in nightly builds and in the version for developers (Developer Edition). Alternatively, you can also change the value of the system clock to the time before the certificate expires . Thanks for the rsashka addition!
UPD2 : added a poll (it’s not clear why I didn’t guess to do it right away) to see how widespread the problem is
UPD3 : Thanks to AnatoliyTkachev for the link to workaround instructions . For myself, I solved the problem in a way with the script, as requiring the least gestures.
UPD4 : the developers wrote that they had developed a temporary solution
I just want to warn you that this is my first publication, so I ask you to immediately notify about all the problems I noticed, typos and so on.
In the morning, as usual, I turned on the laptop and began to slowly surf in my favorite Firefox (release 66.0.3 x64). Suddenly, the morning stopped being languid - in one non-red moment a message popped up saying that some add-ons could not be checked and were turned off. "Wonderful!" I thought, and climbed into the add-on control panel.
')
And ... what I saw there, I was somewhat shocked, as it were, softer to say. Disabled all addons. HTTPS Everywhere, NoScript, uBlock Origin, FVD SpeedDial and a few more addons that have worked without problems have been marked as outdated.
The first reaction was, oddly enough, the thought a la housewife: "Virus!". However, common sense took over, and first of all I tried to restart the browser. Useless. I tried to reinstall add-ons - got a concise “Download failed. Please check your connection ”from the add-ons manager when trying to install at least something. “Aha!” I said to myself and realized that the problem was apparently not mine .
Having contacted colleagues, I learned that they have the same problems with the browser. Fast googling gave out a fresh bug report in Bugzilla , a small thread on Reddit and just such news . As it turned out, today (May 4, 2019) extensions that did not receive verification from Mozilla according to their new rules , which were supposed to be introduced from June, stopped working as “unsigned”. As it turned out, there were problems with the certificate on the side of Mozilla, which signed the extension, it expired.
What caused such a massive failure - some kind of bug on the side of Mozilla, or the decision to "proactively" block popular add-ons to force their re-verification by the updated rules - is unclear. It is clear that this problem will affect a huge number of users - after all, Firefox is appreciated, first of all, for add-ons, so it’s not clear what the consequences of this crash will be. But let us leave these thoughts to analysts and divan experts, and I, as a dedicated user, are primarily interested in when my additions are repaired. There is no answer to this question yet; I hope this happens as soon as possible. While the problem is in the status of "confirmed", but not fixed.
So far, a transition to “nightly” assemblies is offered as a crutch, where you can turn off add-on checking or some user profile manipulations (personally, unfortunately, did not help me).
Thanks to all who read for your attention!
UPD : All users of the browser add-ons were blocked due to the expiration of the certificate used to generate digital signatures. As a workaround for renewing access to add-ons for Linux users, you can disable digital signature verification by setting the xpinstall.signatures.required variable to about: config to “false”. This method for stable and beta releases only works on Linux, for Windows and macOS, such manipulation is possible only in nightly builds and in the version for developers (Developer Edition). Alternatively, you can also change the value of the system clock to the time before the certificate expires . Thanks for the rsashka addition!
UPD2 : added a poll (it’s not clear why I didn’t guess to do it right away) to see how widespread the problem is
UPD3 : Thanks to AnatoliyTkachev for the link to workaround instructions . For myself, I solved the problem in a way with the script, as requiring the least gestures.
UPD4 : the developers wrote that they had developed a temporary solution
Source: https://habr.com/ru/post/450478/
All Articles