Thread: Add-ons not working due to certificate expiration - FireFox ESR 52.9.0 (32-bit) and older

Every version of Firefox needs a new certificate installed in order to verify extension signatures (unverified extensions are disabled). If your Linux Firefox is from your distribution respository, check with them on when you can expect an update. Mozilla builds a Linux version that updates direct from Mozilla, but there may be some configuration differences.

2 Likes

My computer can’t even run a version higher than 49 (52 ESR had to be kicked out of it because nearly crashed everything), so that’s why I have to use what is now seen as a prehistoric thing (nothing to complain though, I like the old style).
I’m just growing pretty nervous about that laconic statement on Twitter: don’t know what to do, tomorrow I’ll be finally back home and still can’t resolve myself: do I have to take the risk and apply that Reddit trick, or wait for a purely theoretical, but official fix?
Please Mozilla, give us a sign of hope!

2 Likes

I’m in the same boat with v48 for Mac.

3 Likes

Well, seems I was worrying too much. My Desktop version seems not to be affected, but who knows… maybe hasn’t reached its trigger point yet!
In my “app.update.lastUpdateTime.xpi-signature-verification” entry in about:config there’s this number: 1557307120. What does it mean?

Firefox usually will check 24 hours after that time. To convert it to a human-readable time, you can use a site like this: https://www.epochconverter.com/

Currently, the expectation is a Mozilla add-on to install the new certificate that would work on Firefox 52-59. It might work on pre-52 as well, but we don’t know yet.

I think it’ll be 52 through 60 inclusive.

Postscript

For clarity (from a recently added point at Add-ons disabled or failing to install in Firefox | Mozilla Add-ons Blog), with added emphasis:

… For users who cannot update to the latest version of Firefox or Firefox ESR, we plan to distribute an update that automatically applies the fix to versions 52 through 60.

Edge cases that will benefit from an automated fix may include:

  • users who are ‘stuck’ on Firefox ESR 60.6.1 and can not (or will not) enable studies.

This fix will also be available as a user-installable extension. …

Users of Waterfox 56.2.9 may either:

  1. await promotion of the extension by Mozilla; or
  2. await an update to the application from Waterfox Project.
1 Like

Hi there, folks. We’ve been working on a fix for Firefox v. 52/56. The patch has been written and is currently in testing. Since it’s been quite some time since these versions were supported, it’s been a little bit more complicated – and taken a lot more time – to develop this fix.

A fix has been made for Firefox v. 60. If you are able to, please check for an updated dot release, which should address the issue. If you are at a company where an IT department manages which version you are on, please kindly ask them to deploy the updated version 60.

1 Like

Thanks for the update, it is greatly appriciated

1 Like

Thanks,

Firefox ESR 52.0 through Firefox 56.0.2 inclusive, yes? From what I see in Bugzilla, I assume so.

(I’m aware of one case where managed installations of ESR 52.x are probably not the latest e.g. ESR 52.9. I imagine that use cases requiring 53–55 are vanishingly rare.)

In Technical Details on the Recent Firefox Add-on Outage - Mozilla Hacks - the Web developer blog (2019-05-09), Eric Rescorla makes the following observation:

  • Users of very old builds of Firefox which the Studies system can’t reach.

We can’t really do anything about the last group …

For end users reading that technical post, it may help if Eric or a colleague can clarify (there) which versions of Firefox fell below the Studies threshold.

In the meantime I posted a comment (awaiting moderation) drawing attention to your 52/56 comment above.

Reading https://wiki.mozilla.org/Release_Management/Calendar#Past_branch_dates alongside the December 2016 part of the history at the foot of Firefox/Shield - MozillaWiki, I assume that shield landed (2016-12-21) in Firefox 51.

Via Add-ons disabled or failing to install in Firefox | Mozilla Add-ons Blog (2019-05-04, updated):

– and for anyone who’s curious about Normandy, which is sometimes associated with studies:

Can anyone update on current status of the 52-59 fix? ETA, and will it just be applied without us doing anything, suddenly add-ons will work again? Thanks.

Update: it’s still being worked on. There’s no further news, else you would’ve seen news in this forum, on the blog, on Twitter etc. There’s to my knowledge no ETA, it’ll be made available whenever it’s ready and possibly try to apply automatically (but that could also depend on your settings).

1 Like

If by settings you mean set to auto-update in the background, it would seem nobody in the 52-59 group will have settings set that way, or else they would no longer be on 52-59 anymore.

Users on Win XP/Vista could. However I think the distribution would be tied to a pref only exposed in about:config, but I’m not sure.

1 Like

I have my settings on Auto update, and I am on 52.9.0 (32-bit) because my system CANT new the newer FF soo…yeah

I see your point. For those of us who could but don’t to prevent it, auto-update wouldn’t work, if that’s going to be the method.

I just wish they would post more regular status updates… they ignored even mentioning our situation for several days, and now I’m left wondering if they’re taking the weekend off without finishing our fix, or what. Anything at all would be welcome.

Trying to find a solution to that is part of the hold-up on automatic distribution!!

As a workaround, the extensions are expected to be posted on the Add-ons site or another Mozilla site.

At this point, the extensions are baked but still in QA. If you want to be a volunteer tester, you can go to the following bug, scan down a bit to the Attachments section, and install the extension for your version. Please report back on whether it works or not.

1 Like

Thank you. Now I just have to decide if I want to risk being a guinea-pig or wait for the official release.

Installing an official add-on that does the trick from the Mozilla site I think would be welcomed by most of us, even if work continues to be done on figuring how to automate it. Hopefully soon. This has caused cascading issues, and I just don’t get a sense of urgency now, 7 days out (or clear and frequent communication).

1 Like

Based on my limited experience with earlier pre-release versions of the extension: I might describe the pre-releases at https://bugzilla.mozilla.org/show_bug.cgi?id=1550793#module-attachments-title as almost entirely risk-free.

Hints

To the best of my knowledge:

  • if the Certificate Manager window is open before you add the extension, then the list of certificate authorities (CAs) will not visibly update (to include Mozilla’s CA) until after you close then reopen the window
  • if addition of the extension has the required effect, then you may safely remove the extension; Mozilla’s CA will remain.

Certainly:

I can not imagine a problem with containers, or themes, arising from addition of a Mozilla-provided hot-fix extension. It is, however, the type of risk that might be forgotten whilst over-focusing on something else (imagine: deleting or distrusting the CA whilst aiming to make an issue reproducible) so please, take care.

Back up and restore information in Firefox profiles | Firefox Help

52.9.0 - have applied hotfix 1548973(1550793) - have set xpinstall.signatures.required back to true.
All ok even after restart…

1 Like