Mozilla Rolls Out Emergency Fix After Firefox Disables Add-Ons En Masse

SecuritySoftwareWorkspace

A certificate used to validate extensions expired at midnight on Friday, causing most add-ons to immediately stop working

Mozilla said on Saturday it was rolling out an emergency fix for a bug in its browser infrastructure that disabled add-ons for most users.

The patch is to be automatically applied to general release users, as well as those using beta and nightly builds, the company said.

It said the short-term patch is being sent out to users via a system called Studies that’s generally used for testing experimental features.

Users can ensure the Studies feature is enabled by looking for it under the Privacy & Security section of Firefox’s Preferences menu.

Expired certificate

The bug was caused by an expired certificate used to validate Firefox add-ons, Mozilla developers said in a bug report.

The certificate expired at midnight GMT (1 a.m. BST) on Friday, causing most add-ons to be disabled en masse for nearly all users, developers said.

The browser indicated that the add-ons were unsupported and needed to be updated, but users who tried to download updates were met with an error message.

The real issue was the expired certificate, according to Mozilla.

The only users who weren’t affected were users of Developer or Nightly versions who had disabled the signature requirement for extensions, developers said.

Mozilla initially posted a message on Twitter saying it had become aware of the problem at about 3 a.m. BST on Saturday.

At about noon BST the company said it had readied a fix.

By then social media sites including Twitter and Reddit were flooded with complaints by users whose add-ons had abruptly stopped working.

“We rolled-out a fix for release, beta and nightly users on Desktop,” the company said in a statement.  “The fix will be automatically applied in the background within the next few hours, you don’t need to take active steps.

“We are working on a general fix that doesn’t need to rely on this and will keep you updated.”

Interim fix

While awaiting a fix, some users suggested the problem could be temporarily solved by setting the system’s clock back several hours, although such a step could have side-effects such as putting an incorrect time stamp on emails sent from that system.

Other users pointed out that users can side-step the validation system with the faulty certificate by using Firefox’s debug mode.

The mode allows XPI extension files to be installed directly from the desktop.

XPI files can be downloaded from Mozilla’s add-ons site by right-clicking on the “Install” button.

Developers said on the bug tracking page that not all add-ons were disabled.

But acknowledged that the bug was an embarrassing error on Mozilla’s part.

“If the signature was due to expire, it should have been renewed weeks ago,” wrote one developer.

Click to read the authors bio  Click to hide the authors bio