FireFox Auto Disabled My Addons and I Can't DL Any Now

labcoattech · 6 May 2019 at 10:24

Thanks, just updated

Fixed

Repaired certificate chain to re-enable web extensions that had been disabled

https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/

Orcvader · 6 May 2019 at 11:10

jpaul said:
ther's a moral though ... disable auto updates on browsers + add-ons, henceforth.

- after having been bitten by firefox and chrome (and windows) I adopted that strategy and will install a newer firefox at a different location,
and continue to use the old one until I have checked out the newer one,
there's a balance of risk, but if you have good hygiene, many of the updates are cosmetic or addressing security issues that wouldn't impact you.

The issue is it wasn't an update that caused an issue, but rather the certificate they used to sign extensions expired. So even those on the legacy v56 (pre Quantum) were affected. The best way would be using the developer version and disable the flag that requires extensions to be signed.

jpaul · 6 May 2019 at 11:48

Orcvader said:
The issue is it wasn't an update that caused an issue, but rather the certificate they used to sign extensions expired. So even those on the legacy v56 (pre Quantum) were affected. The best way would be using the developer version and disable the flag that requires extensions to be signed.

Ok thanks I had not realised,

I run a pre quantum ff without add-on signing as my default, because some of my tab layout add-ons were not yet(!) updated.

I need to check what the limitations are of using the developer version, but, had previously used a hack, when testing newer signed-ffs's (maybe now removed)
where the checking could be blocked by editing the extension itself.

I'm not sure if waterfox which I also have installed is easier to hack.

edit: maybe this doesn't work with newer versions
https://winaero.com/blog/disable-add-on-signature-enforcement-in-firefox-49-and-above/

eggyoke · 6 May 2019 at 13:47

I dont get it, this morning I did the Firefox update and everything went back to normal. I've just come back and booted up my PC and now no addons are working again. Is it just me?

EDIT:
Nvm. I went into addons and disabled and enabled them and they seem to be working now.

Orcvader · 6 May 2019 at 21:10

jpaul said:
edit: maybe this doesn't work with newer versions
https://winaero.com/blog/disable-add-on-signature-enforcement-in-firefox-49-and-above/

For the release and beta channels yes, but for developer and nightly it still works.

Randomface74 · 6 May 2019 at 21:26

I think 3 days for a new certificate is beyond a joke.
Trying Brave browser.

darael · 6 May 2019 at 23:27

billysielu said:
I think 3 days for a new certificate is beyond a joke.
Trying Brave browser.

Microsoft have an entire catalogue of failures, especially when it comes to Windows Updates. That's before anybody mentions Windows ME, Vista or 8. I could have dropped Windows if I wanted to, but I suppose the more 'daring' side of me enjoys the challenge of repairing things that others have broken. But I certainly don't throw the baby out with the bathwater.

labcoattech · 7 May 2019 at 09:58

I'm sure they will put procedures in place to prevent this from happening again.

Unluckyalf · 7 May 2019 at 10:52

You would have though one or more people in Mozilla/Firefox circles would have had a reminder in their calendar to say 'Renew security certificate now or FF will be borked'.

At this stage im guessing that anyone (such as myself) on FF56 or earlier is going to be sol. The fix so far seems to be to update to 66.0.4 which i dont really want to do. None of the questions about older versions on the mozilla blog are getting replies at all

Orcvader · 7 May 2019 at 11:11

Unluckyalf said:
At this stage im guessing that anyone (such as myself) on FF56 or earlier is going to be sol. The fix so far seems to be to update to 66.0.4 which i dont really want to do. None of the questions about older versions on the mozilla blog are getting replies at all

There's some fixes you can try out here: https://www.reddit.com/r/firefox/comments/blkab8/for_folks_running_unsupported_versions_of_firefox/

Alternatively, move to Waterfox as it's still based on FF56 but still receives security updates from later versions.

----------------------------------------

They're planning to write up a statement explaining the situation and why it happened, as well as plans to prevent it from happening again in the future. Will be interesting to see what their excuse is: https://twitter.com/hildjj/status/1125135366510407680

jpaul · 7 May 2019 at 12:55

the arstechnice article suggested there had been a previous similar failure
https://arstechnica.com/information...ug-hotfix-for-some-ready/?comments=1&start=80

but moreover, unless you compile it yourself with the #define to disable certificate check (is it that difficult? just need the right ms library), it seems,
neither the nightly or developer pre-compiled builds w/o the check are available corresponding to specific normal releases, they will be +/- a few code changes.

the ars' article had this comment ... not sure if that guy is compiling FF himself.

What I ended up doing for 60.0.3 ESR, for example, is just permanently disabling the certificate check AND permanently disabling updates on my extensions. Since I know nothing's going to be updating anyway, there's no reason to be doing certificate checks, unless my system is so compromised that something external is messing with my extensions... at which point, it could mess with my browser too.

darael · 7 May 2019 at 22:44

Since 66.0.4, has anybody elses videos stopped playing automatically? This is happening on iPlayer, such as BBC News, but not on Youtube.

Unluckyalf · 8 May 2019 at 04:36

Orcvader said:
There's some fixes you can try out here: https://www.reddit.com/r/firefox/comments/blkab8/for_folks_running_unsupported_versions_of_firefox/

Alternatively, move to Waterfox as it's still based on FF56 but still receives security updates from later versions.

----------------------------------------

They're planning to write up a statement explaining the situation and why it happened, as well as plans to prevent it from happening again in the future. Will be interesting to see what their excuse is: https://twitter.com/hildjj/status/1125135366510407680

Cheers mate. Ill have a look when i get home. If i cant get it fixed then ill have a looky at Waterfox

Orcvader · 8 May 2019 at 09:13

darael said:
Since 66.0.4, has anybody elses videos stopped playing automatically? This is happening on iPlayer, such as BBC News, but not on Youtube.

Press the play icon in the address bar and set "Autoplay sounds" to allow:

LoadsaMoney · 8 May 2019 at 15:11

v66.0.5 released, with with further improvements, to re-enable web extensions.

https://www.mozilla.org/en-US/firef...um=firefox-browser&utm_source=firefox-browser

darael · 8 May 2019 at 22:49

Orcvader said:
Press the play icon in the address bar and set "Autoplay sounds" to allow:

Thanks, that worked!

Edward78 · 11 May 2019 at 06:30

Another possible fix, which appears to work best for Linux users is the following: Type: about:config in the address bar and hit enter. Set the option xpinstall.signatures.required to false

jpaul · 18 May 2019 at 23:45

.. just realised what a load of b******s firefox team are, creating this problem - was it really a cynical attempt to get people off of old versions, for which they provided no 'easy' fix.

visited relations who I'd trained in noscript .... and of course it was now all disabled, and, they had been happily browsing away without realising this,
installed the certificate on their older esr release, and normal service resumed.

Orcvader · 19 May 2019 at 00:08

jpaul said:
.. just realised what a load of b******s firefox team are, creating this problem - was it really a cynical attempt to get people off of old versions, for which they provided no 'easy' fix.

visited relations who I'd trained in noscript .... and of course it was now all disabled, and, they had been happily browsing away without realising this,
installed the certificate on their older esr release, and normal service resumed.

It's not. They've already provided fixes for all the way back to v47: https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/

The fact that they've rolled out a fix all the way back to that shows how serious they are in fixing this.

Unluckyalf · 24 May 2019 at 08:01

jpaul said:
.. just realised what a load of b******s firefox team are, creating this problem - was it really a cynical attempt to get people off of old versions, for which they provided no 'easy' fix.

visited relations who I'd trained in noscript .... and of course it was now all disabled, and, they had been happily browsing away without realising this,
installed the certificate on their older esr release, and normal service resumed.

Well it worked for me. Firefox got me off the old version i was running.....and onto Waterfox which works like a charm (thanks for the heads up Orcvader).

I fired my my Firefox (v56) again the other day and its still rooted... i even left it overnight to see if it just needed time. Firefox lost me as a user over this and im sure im not the only one.