Thread: Add-ons not working due to certificate expiration - FireFox ESR 52.9.0 (32-bit) and older

(Sethchan211) #1

basicly the same as Thread: Add-ons not working due to certificate expiration except for those who are still on older versions of FF such as myself

Also for those who have not heard yet heres a twitter link reaguarding a fix for older version https://twitter.com/mozamo/status/1124698401046577153

2 Likes
Replacement for Classic Theme Restorer Addon? Desperately needed!
Thread: Add-ons not working due to certificate expiration
(Indigon) #2

Thanks. I’m on 54.0.1 (but not ESR), and I posted earlier wondering they haven’t even mentioned older versions.

Will the tweet about “older than 64” go back to **non-**ESR 54? Why are they being so silent, and now cryptic? Are there any FF versions that they don’t plan on fixing at all?

They broke it, they need to fix it, I don’t care whether a version is otherwise unsupported or not. This is not “extended support”, it’s fixing what they broke!

Why can’t someone from Mozilla take 30 seconds and answer this in full here, so we don’t have to try to parse some belated tweet? It’s been over two days now!

2 Likes
(Smayer97) #3

Yes, please specifically address older versions too, e.g v48

Interesting that NOT all add-ons were disabled…

2 Likes
(Indigon) #4

I keep looking at that Twitter exchange, and it’s not clear at all. First they say “56 is unsupported and we don’t anticipate providing a patch”. If not a patch, then something else, or nothing at all? Then, after protest “spoke too soon, discussing patching ESR 52” – huh? He asked about non- ESR 56, how does ESR 52 figure into that!? So again, he specifically asks what about non-ESR 56.0.2, and gets another cryptic reply: “Plan is to push an update to update versions older than 64…”. So, what is an “update version”, and how much older than 64?

Why, when clearly the plea is for a fix for all non-ESR versions of any age, can’t they just address that directly?

This was a massive failure of coding and certificate management in the first place, but they’re making it worse by not having someone out front that can provide clear and complete information, rather than developers tweeting half-baked, poorly phrased insider shorthand.

I shouldn’t have to try to learn the subtleties of the entire release history and all its branches, then read between the lines of random Mozilla-issued snippets, just to get some reassurance that a fix for my older install is coming soon, so that I know what steps to take. It’s like The Riddler is doing their damage control:

–
Hans Vader-Musterman: will this patch work for firefox 56.0.2 (64bit) too?

Mozilla Add-ons: No, and as Firefox 56 is currently unsupported we do not anticipate providing a patch for it.

Hans Vader-Musterman: if i DOWNGRADE to any firefox version higher than 56.0.2, i will LOOSE all-in-one gestures, i’ll loose classic theme restorer, i’ll loose status-4-evar and so on, that’s %%%ing UNACCEPTABLE!!!

Mozilla Add-ons: Sorry, I spoke too soon: there is currently discussion about patching ESR 52, I’ll provide an update as that continues.

Hans Vader-Musterman: as firefox 56.0.2 is not esr, will this update work for this version too?

Mozilla Add-ons: The current plan is to push an update to update versions older than 64, but the current ETA is sometime Monday.

(Graham Perrin) #5

Preamble

First and foremost, from https://github.com/mozilla/addons/issues/1013#issuecomment-489634395 (the conclusion of a pinned issue, recently closed):

Please do not use unofficial workarounds from untrusted sources! They can have unintended or untested side-effects or could make things even worse. (Some already have, actually.)

From the same issue:

Just wondering if a fix for firefox developer version has been released. I’m on version 67.0b16 (64-bit) .

I’m here following my closure of this:

Availability of a certificate file from Mozilla

Advice from Mozilla will be appreciated.

Folks, please allow some time for dusts to settle. I should not expect advice immediately.

Availability of certificate files from elsewhere

If you plan to import a file from a source other than Mozilla, you must:

  • satisfy yourself that the file is trustworthy.

For the end result of an import of version 3 of Mozilla’s signingca1.addons.mozilla.org certificate:

If phrases such as SHA-256 mean nothing to you, I recommend awaiting advice from Mozilla.

Known sources

Possibly the best known, at this time:

– captured in the Internet Archive Wayback Machine at https://web.archive.org/web/20190506065543/https://www.velvetbug.com/benb/icfix/

Hint: using the Wayback Machine capture, to preview the VelvetBug page, may help to keep the VelvetBug server responding quickly for users who choose to trust the VelvetBug-provided icfix.pem file.

Reddit discussion of the VelvetBug approach:

(Tom) #6

I am also on 56.0.2 and even though the “Study” to apply patch has completed, still no add-ons. What’s the problem?? Why not creat a new certificate that works?? UNACCEPTABLE Mozilla!!!

1 Like
(Indigon) #7

That is the odd thing… even beyond letting the cert expire, why aren’t things designed so that next time the cert is checked, it sees the new date on it, and re-enables add-ons, so no intervention is even necessary?

And I’m still waiting on any announcement on what they plan to do for us on pre-Quantum non-ESR versions… remember, this isn’t “support”, it’s repairing damage done. We’re owed that. The silence is deafening, and unacceptable.

Tempted to try the hack described above, but it seems like enough people on Reddit have had problems with that, that it’s not worth the risk of making things worse. It does show though, that Mozilla could fix it easily if they wanted, just pack that fix into something a little more user-friendly.

(Tom) #8

In my case, I don’t think the hotfix applied through this “Study” thing actually worked. It was supposed to install a correct certificate, I think. But checking certificated, there isn’t one from Mozilla that I could find.

(Indigon) #9

For those who may not have seen yet, around 1:30 PM PDT today (May 6), the Add-ons twitter account acknowledged “ongoing discussions”. Not to look a gift horse in the mouth, but that should have been acknowledged on Day 1, along with a sincere promise to not rest until all versions, supported and otherwise, were fixed…

Mozilla Add-ons ‏ @ mozamo 4 hours ago
For folks running unsupported versions of Firefox (<ESR 60): discussions about fixes are ongoing. We’ll update once we have more information.

(jscher2000) #10

The hotfix extension doesn’t work on 56 according to most people.

You need that certificate, one way or another. It’s just a question of how you will end up getting it, how patient you are, and how trusting/risk averse you are.

1 Like
(Graham Perrin) #11

Those types of comment – from people who perceive words from Mozilla to be silence – are space-wasting.

(Indigon) #12

You’re entitled to your own opinion, but not your own facts.
The fact is, until this afternoon, they hadn’t addressed the issue of older and unsupported versions. We heard about 66, and ESR, and Android, but nothing about the oldest unsupported versions. So yes, there was silence on that subject.

The initial response Friday was as badly handled as the coding for the certificate.
Yes, apologize, but also assure everyone that they will repair their damage.
It would have taken negligible effort to note from the start that older unsupported versions would indeed be addressed. And, in fact, even this afternoon’s tweet wasn’t really assurance, just confirmation of discussions.

Your entire reply to me was space-wasting.

(Martin Giger) #13

I don’t think it would have been negligible effort to assert if and how the fix could be ported to earlier releases. The focus of most of the weekend was to get users on stable, supported releases fixed. Everything else came second. As soon as that was done and sorted, talks about this started.

1 Like
(Indigon) #14

“If”?! Nonsense. See the very hack posted by a user to Reddit, above. It’s just updating the certificate, it’s not rocket science – they knew it was technically possible.

As far as priorities, I fully understand it would come last as far as actual time invested in the solution. But even that was no guarantee, if they arbitrarily decided in the end not to fix “unsupported” versions, even though this isn’t really a support issue. The fact that they were promising ESR and Android fixes even before they could get to working those, but not the legacy unsupported versions, was a statement by omission.

And not everyone at Mozilla is a developer on the front lines of the fix. If they have the time for twitter apologies on Day 1, then they have the time to assure that everyone, even on unsupported versions, will be made whole again. Even after people were asking repeatedly, they refused to even acknowledge, all weekend. Even now, all we get is a note about discussions, no promise. Bad PR, bad damage control.

(Juraj Masiar) #15

For those that needs to get to their disabled add-ons now - the work-around with temporary loaded add-ons works even on ESR 52:

1 Like
(R7al75) #16

Plugins work from Microsoft Windows OS platform.
But do not work through Linux OS platform

(jscher2000) #17

Every version of Firefox needs a new certificate installed in order to verify extension signatures (unverified extensions are disabled). If your Linux Firefox is from your distribution respository, check with them on when you can expect an update. Mozilla builds a Linux version that updates direct from Mozilla, but there may be some configuration differences.

2 Likes
(Claudia07822002) #18

My computer can’t even run a version higher than 49 (52 ESR had to be kicked out of it because nearly crashed everything), so that’s why I have to use what is now seen as a prehistoric thing (nothing to complain though, I like the old style).
I’m just growing pretty nervous about that laconic statement on Twitter: don’t know what to do, tomorrow I’ll be finally back home and still can’t resolve myself: do I have to take the risk and apply that Reddit trick, or wait for a purely theoretical, but official fix?
Please Mozilla, give us a sign of hope!

2 Likes
(Smayer97) #19

I’m in the same boat with v48 for Mac.

3 Likes
(Claudia07822002) #20

Well, seems I was worrying too much. My Desktop version seems not to be affected, but who knows… maybe hasn’t reached its trigger point yet!
In my “app.update.lastUpdateTime.xpi-signature-verification” entry in about:config there’s this number: 1557307120. What does it mean?