Will the disabling of add-ons be fixed, or is it the new way?
I'll stick around if this is just a glitch but if this is the new policy, I'll be cutting my losses and moving on. In particular UBlock Origin, NoScript, Cookie AutoDelete, HTTPS Everywhere (seriously?).
Additional System Details
- Shockwave Flash 32.0 r0
- User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:66.0) Gecko/20100101 Firefox/66.0
The Add-ons team is working on a fix for this. I don't know whether that will involve running an add-on update or something else. We're all hoping to learn soon.
Thanks for the reply. I'll hold tight then. That's a relief I must say.
As an update, it looks like a certificate used to sign many popular extensions expired. (The verification process checks that certificate.)
I don't know how soon re-signed versions of those extensions will become available, or whether another workaround will be discovered. We are all hoping to learn more soon.
Which certificate is it? Can the expiration be overridden in the FireFox list of certificate authorities? When a new certificate authority is issued, does that mean that every add-on developer must re-sign their add-ons? You see the problem here -- many add-on developers have moved on, and are nowhere around to re-sign, or may take weeks or months to re-sign. Meanwhile, the ONLY REASON to use FireFox in the first place is gone. No more add-ons to ensure security. Might as well switch to Chrome. This is only going to reoccur the next time the certificate expires. You should have seen this coming when version 57 required signatures. Not a bad thing, but this implementation is worthless. If the certificate was valid when the add-on was signed, the add-on should still be good even if the certificate authority has expired. Otherwise, every add-on automatically become disabled every xxx years no matter what. Add-ons are usually created for free, and are not supported forever and ever, but provide essential features. Unless Mozilla takes over the support of all these add-ons or the features they provide (which in a few cases, it has), FireFox by itself, without the add-ons, looks very shabby compared to Chrome.
Modified by creigsmith
Hi creigsmith, signatures were required starting in Firefox 48.
I believe all add-ons hosted on the Mozilla Add-ons site can be re-signed without the authors having to do anything; it happened once before (lots of .1's or -1's were added to the version numbers).
I don't know the answers to your other questions.
UPDATE for those not reading the dozens of other threads:
The Add-ons team is working on a fix for this. Official updates are expected to be posted here:
Workarounds that I have not tested myself include:
(1) Set your system clock back one day (for example, if your date is May 3, set to May 2; if your date is May 4, set to May 3).
You might have to reinstall extensions after that, or maybe Firefox will detect the difference at your next shut down/restart. Changing the date may have other consequences, so I understand this option isn't ideal.
(2) Use a pre-release version of Firefox that lets you bypass extension verification, this can be a lot of work to fine-tune
(3) Run a XUL script that triggers internal commands within Firefox to force-verify the add-ons
(Added screenshots for this one from my testing)
Modified by jscher2000