X
Tap here to go to the mobile version of the site.

منتدى الدعم

Will the disabling of add-ons be fixed, or is it the new way?

Posted

I'll stick around if this is just a glitch but if this is the new policy, I'll be cutting my losses and moving on. In particular UBlock Origin, NoScript, Cookie AutoDelete, HTTPS Everywhere (seriously?).

I'll stick around if this is just a glitch but if this is the new policy, I'll be cutting my losses and moving on. In particular UBlock Origin, NoScript, Cookie AutoDelete, HTTPS Everywhere (seriously?).
Quote

Additional System Details

Installed Plug-ins

  • Shockwave Flash 32.0 r0

Application

  • User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:66.0) Gecko/20100101 Firefox/66.0

More Information

jscher2000
  • Top 10 Contributor
8583 solutions 70216 answers

The Add-ons team is working on a fix for this. I don't know whether that will involve running an add-on update or something else. We're all hoping to learn soon.

The Add-ons team is working on a fix for this. I don't know whether that will involve running an add-on update or something else. We're all hoping to learn soon.
Was this helpful to you? 0
Quote

Question owner

Thanks for the reply. I'll hold tight then. That's a relief I must say.

Thanks for the reply. I'll hold tight then. That's a relief I must say.
Was this helpful to you?
Quote
jscher2000
  • Top 10 Contributor
8583 solutions 70216 answers

As an update, it looks like a certificate used to sign many popular extensions expired. (The verification process checks that certificate.)

I don't know how soon re-signed versions of those extensions will become available, or whether another workaround will be discovered. We are all hoping to learn more soon.

As an update, it looks like a certificate used to sign many popular extensions expired. (The verification process checks that certificate.) I don't know how soon re-signed versions of those extensions will become available, or whether another workaround will be discovered. We are all hoping to learn more soon.
Was this helpful to you? 0
Quote
creigsmith 0 solutions 6 answers

Helpful Reply

Which certificate is it? Can the expiration be overridden in the FireFox list of certificate authorities? When a new certificate authority is issued, does that mean that every add-on developer must re-sign their add-ons? You see the problem here -- many add-on developers have moved on, and are nowhere around to re-sign, or may take weeks or months to re-sign. Meanwhile, the ONLY REASON to use FireFox in the first place is gone. No more add-ons to ensure security. Might as well switch to Chrome. This is only going to reoccur the next time the certificate expires. You should have seen this coming when version 57 required signatures. Not a bad thing, but this implementation is worthless. If the certificate was valid when the add-on was signed, the add-on should still be good even if the certificate authority has expired. Otherwise, every add-on automatically become disabled every xxx years no matter what. Add-ons are usually created for free, and are not supported forever and ever, but provide essential features. Unless Mozilla takes over the support of all these add-ons or the features they provide (which in a few cases, it has), FireFox by itself, without the add-ons, looks very shabby compared to Chrome.

Which certificate is it? Can the expiration be overridden in the FireFox list of certificate authorities? When a new certificate authority is issued, does that mean that every add-on developer must re-sign their add-ons? You see the problem here -- many add-on developers have moved on, and are nowhere around to re-sign, or may take weeks or months to re-sign. Meanwhile, the ONLY REASON to use FireFox in the first place is gone. No more add-ons to ensure security. Might as well switch to Chrome. This is only going to reoccur the next time the certificate expires. You should have seen this coming when version 57 required signatures. Not a bad thing, but this implementation is worthless. If the certificate was valid when the add-on was signed, the add-on should still be good even if the certificate authority has expired. Otherwise, every add-on automatically become disabled every xxx years no matter what. Add-ons are usually created for free, and are not supported forever and ever, but provide essential features. Unless Mozilla takes over the support of all these add-ons or the features they provide (which in a few cases, it has), FireFox by itself, without the add-ons, looks very shabby compared to Chrome.

Modified by creigsmith

Was this helpful to you? 1
Quote
jscher2000
  • Top 10 Contributor
8583 solutions 70216 answers

Hi creigsmith, signatures were required starting in Firefox 48.

I believe all add-ons hosted on the Mozilla Add-ons site can be re-signed without the authors having to do anything; it happened once before (lots of .1's or -1's were added to the version numbers).

I don't know the answers to your other questions.

Hi creigsmith, signatures were required starting in Firefox 48. I believe all add-ons hosted on the Mozilla Add-ons site can be re-signed without the authors having to do anything; it happened once before (lots of .1's or -1's were added to the version numbers). I don't know the answers to your other questions.
Was this helpful to you? 0
Quote
jscher2000
  • Top 10 Contributor
8583 solutions 70216 answers

UPDATE for those not reading the dozens of other threads:

The Add-ons team is working on a fix for this. Official updates are expected to be posted here:

https://discourse.mozilla.org/t/certificate-issue-causing-add-ons-to-be-disabled-or-fail-to-install/39047

Workarounds that I have not tested myself include:

(1) Set your system clock back one day (for example, if your date is May 3, set to May 2; if your date is May 4, set to May 3).

You might have to reinstall extensions after that, or maybe Firefox will detect the difference at your next shut down/restart. Changing the date may have other consequences, so I understand this option isn't ideal.

(2) Use a pre-release version of Firefox that lets you bypass extension verification, this can be a lot of work to fine-tune

More info: https://www.reddit.com/r/firefox/comments/bkhtv8/heres_whats_going_on_with_your_addons_being/

(3) Run a XUL script that triggers internal commands within Firefox to force-verify the add-ons

Safety undetermined: https://www.reddit.com/r/firefox/comments/bkhzjy/temp_fix_for_the_armagaddon_20_for_regular/

(Added screenshots for this one from my testing)

''UPDATE for those not reading the dozens of other threads:'' The Add-ons team is working on a fix for this. Official updates are expected to be posted here: https://discourse.mozilla.org/t/certificate-issue-causing-add-ons-to-be-disabled-or-fail-to-install/39047 Workarounds that I have not tested myself include: (1) Set your system clock back one day (for example, if your date is May 3, set to May 2; if your date is May 4, set to May 3). You might have to reinstall extensions after that, or maybe Firefox will detect the difference at your next shut down/restart. Changing the date may have other consequences, so I understand this option isn't ideal. (2) Use a pre-release version of Firefox that lets you bypass extension verification, this can be a lot of work to fine-tune More info: https://www.reddit.com/r/firefox/comments/bkhtv8/heres_whats_going_on_with_your_addons_being/ (3) Run a XUL script that triggers internal commands within Firefox to force-verify the add-ons Safety undetermined: https://www.reddit.com/r/firefox/comments/bkhzjy/temp_fix_for_the_armagaddon_20_for_regular/ ''(Added screenshots for this one from my testing)''

Modified by jscher2000

Was this helpful to you? 0
Quote
اطرح سؤالا

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.