My add-ons aren't recognizing that updates are available.
My add-ons aren't recognizing that updates are available. I have automatic updates enabled. I used the 'check for updates' option but the system responds that no updates were found. For example, Last Pass version is 4.34.0.6 is installed, but version 4.35.1.2 is available. uBlock Origin version 1.22.4 is installed, but version 1.23.0 is available. I have deleted and recreated my Firefox profile a couple of times, but that hasn't corrected the problem.This is an ongoing issue on my work PC. I don't have any issues with this on my home PC.
Modified by audiofeed
Chosen solution
Hmm, okay, I've found some more information. Apparently, add-on updates are not trusted if there is a "man in the middle" substituting the signing certificate, even if the MITM is trusted for other purposes.
audiofeed said
1571953452624 addons.update-checker WARN Request failed: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=2&id=support@lastpass.com&version=4.34.0.6&maxAppVersion=null&status=userEnabled&appID={ec8030f7-c20a-464f-9b0e-13a3a9e97384}&appVersion=70.0&appOS=WINNT&appABI=x86_64-msvc&locale=en-US¤tAppVersion=70.0&updateType=97&compatMode=normal - [Exception... "Certificate issuer is not built-in." nsresult: "0x80004004 (NS_ERROR_ABORT)" location: "JS frame :: resource://gre/modules/CertUtils.jsm :: checkCert :: line 182" data: no]
I don't know whether your IT would make an exception to proxying for *.addons.mozilla.org; that would be convenient.
If not, this might work, but exposes you to some risk of unofficial update installs:
(0) Select and copy this new preference name
extensions.update.requireBuiltInCerts
(1) In a new tab, type about:config in the address bar and press Enter/Return. Click the button accepting the risk.
(2) In the search box above the list, type ext*upd and pause while the list is filtered
(3) Right-click in a blank part of the list and choose New > Boolean
(4) As the preference name, paste extensions.update.requireBuiltInCerts and click OK
(5) As the preference value, select false and click OK
I don't know whether that will take effect the next time you select Check for Updates or only after restarting the browser. However, I think that relax the special requirement for extension updates so if the proxy is trusted for other kinds of requests, it will be trusted for these as well.
You can toggle this preference back to true between extension checks to restore the default behavior.
Read this answer in context 👍 1All Replies (7)
If you send a version check for uBlock Origin, you should get back a little JSON file indicating the new version. Do you get that or is it blocked?
Here's what it gave me:
{"addons": {"uBlock0@raymondhill.net": {"updates": [{"version": "1.23.0", "update_link": "https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.23.0-an+fx.xpi?filehash=sha256%3Ab72c8bf1038d18e2d8badd0accd20f9d6938efe2f45303e99aaab189a66dbbc1", "applications": {"gecko": {"strict_min_version": "55.0"}}, "update_hash": "sha256:b72c8bf1038d18e2d8badd0accd20f9d6938efe2f45303e99aaab189a66dbbc1", "update_info_url": "https://addons.mozilla.org/versions/updateInfo/4884220/%APP_LOCALE%/"}]}}}
That looks good! So at least Firefox ability to find that information isn't blocked on your system. The breakdown must be either that it doesn't request it or that it doesn't do anything with the information.
To check whether the request is being sent, you can try Firefox's Browser Console. You can open the separate Browser Console window using either:
- "3-bar" menu button > Web Developer > Browser Console
- (menu bar) Tools > Web Developer > Browser Console
- (Windows) Ctrl+Shift+j
Click the trash can icon at the upper left to clear the window, then make sure the XHR filter is turned on (see attached screenshot).
Switch back over to your main window, Add-ons page, and try Check for Updates.
Then switch back over to the Browser Console window. Did Firefox log any XHR requests related to that action?
More info on the Browser Console: https://developer.mozilla.org/docs/Tools/Browser_Console
The log is below. The issue appears to be tied to the certificate for the Zscaler security software my organization uses. Any thoughts on a remedy? Thank you for your assistance!
XHRGEThttps://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=2&id=uBlock0@raymondhill.net&version=1.22.4&maxAppVersion=null&status=userEnabled&appID={ec8030f7-c20a-464f-9b0e-13a3a9e97384}&appVersion=70.0&appOS=WINNT&appABI=x86_64-msvc&locale=en-US¤tAppVersion=70.0&updateType=97&compatMode=normal [HTTP/1.1 200 OK 150ms]
XHRGEThttps://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=2&id={f73df109-8fb4-453e-8373-f59e61ca4da3}&version=0.8.5&maxAppVersion=undefined&status=userEnabled&appID={ec8030f7-c20a-464f-9b0e-13a3a9e97384}&appVersion=70.0&appOS=WINNT&appABI=x86_64-msvc&locale=en-US¤tAppVersion=70.0&updateType=97&compatMode=normal [HTTP/1.1 200 OK 148ms]
XHRGEThttps://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=2&id=support@lastpass.com&version=4.34.0.6&maxAppVersion=null&status=userEnabled&appID={ec8030f7-c20a-464f-9b0e-13a3a9e97384}&appVersion=70.0&appOS=WINNT&appABI=x86_64-msvc&locale=en-US¤tAppVersion=70.0&updateType=97&compatMode=normal [HTTP/1.1 200 OK 128ms]
XHRGEThttps://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=2&id=https-everywhere@eff.org&version=2019.6.27&maxAppVersion=null&status=userEnabled&appID={ec8030f7-c20a-464f-9b0e-13a3a9e97384}&appVersion=70.0&appOS=WINNT&appABI=x86_64-msvc&locale=en-US¤tAppVersion=70.0&updateType=97&compatMode=normal [HTTP/1.1 200 OK 130ms]
XHRGEThttps://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=2&id=@testpilot-containers&version=6.1.1&maxAppVersion=null&status=userEnabled&appID={ec8030f7-c20a-464f-9b0e-13a3a9e97384}&appVersion=70.0&appOS=WINNT&appABI=x86_64-msvc&locale=en-US¤tAppVersion=70.0&updateType=97&compatMode=normal [HTTP/1.1 200 OK 155ms]
XHRGEThttps://aus5.mozilla.org/update/3/GMP/70.0/20191016161957/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%2010.0.0.0.18362.418%20(x64)/default/default/update.xml [HTTP/1.1 200 OK 75ms]
XHRGEThttps://aus5.mozilla.org/update/3/GMP/70.0/20191016161957/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%2010.0.0.0.18362.418%20(x64)/default/default/update.xml [HTTP/1.1 200 OK 74ms]
Expected certificate attribute 'issuerName' value incorrect, expected: 'CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US', got: 'CN="Zscaler Intermediate Root CA (zscloud.net) (t) ",OU=Zscaler Inc.,O=Zscaler Inc.,ST=California,C=US'. CertUtils.jsm:117 Expected certificate attribute 'issuerName' value incorrect, expected: 'CN=thawte SSL CA - G2,O="thawte, Inc.",C=US', got: 'CN="Zscaler Intermediate Root CA (zscloud.net) (t) ",OU=Zscaler Inc.,O=Zscaler Inc.,ST=California,C=US'. CertUtils.jsm:117 Certificate checks failed. See previous errors for details. CertUtils.jsm:120 1571953452587 addons.productaddons ERROR Request failed certificate checks: [Exception... "Certificate checks failed. See previous errors for details." nsresult: "0x80070057 (NS_ERROR_ILLEGAL_VALUE)" location: "JS frame :: resource://gre/modules/CertUtils.jsm :: validateCert :: line 121" data: no] Log.jsm:723 Expected certificate attribute 'issuerName' value incorrect, expected: 'CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US', got: 'CN="Zscaler Intermediate Root CA (zscloud.net) (t) ",OU=Zscaler Inc.,O=Zscaler Inc.,ST=California,C=US'. CertUtils.jsm:117 Expected certificate attribute 'issuerName' value incorrect, expected: 'CN=thawte SSL CA - G2,O="thawte, Inc.",C=US', got: 'CN="Zscaler Intermediate Root CA (zscloud.net) (t) ",OU=Zscaler Inc.,O=Zscaler Inc.,ST=California,C=US'. CertUtils.jsm:117 Certificate checks failed. See previous errors for details. CertUtils.jsm:120 1571953452590 addons.productaddons ERROR Request failed certificate checks: [Exception... "Certificate checks failed. See previous errors for details." nsresult: "0x80070057 (NS_ERROR_ILLEGAL_VALUE)" location: "JS frame :: resource://gre/modules/CertUtils.jsm :: validateCert :: line 121" data: no] Log.jsm:723 1571953452624 addons.update-checker WARN Request failed: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=2&id=support@lastpass.com&version=4.34.0.6&maxAppVersion=null&status=userEnabled&appID={ec8030f7-c20a-464f-9b0e-13a3a9e97384}&appVersion=70.0&appOS=WINNT&appABI=x86_64-msvc&locale=en-US¤tAppVersion=70.0&updateType=97&compatMode=normal - [Exception... "Certificate issuer is not built-in." nsresult: "0x80004004 (NS_ERROR_ABORT)" location: "JS frame :: resource://gre/modules/CertUtils.jsm :: checkCert :: line 182" data: no] 1571953452627 addons.update-checker WARN Request failed: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=2&id=https-everywhere@eff.org&version=2019.6.27&maxAppVersion=null&status=userEnabled&appID={ec8030f7-c20a-464f-9b0e-13a3a9e97384}&appVersion=70.0&appOS=WINNT&appABI=x86_64-msvc&locale=en-US¤tAppVersion=70.0&updateType=97&compatMode=normal - [Exception... "Certificate issuer is not built-in." nsresult: "0x80004004 (NS_ERROR_ABORT)" location: "JS frame :: resource://gre/modules/CertUtils.jsm :: checkCert :: line 182" data: no] 1571953452643 addons.update-checker WARN Request failed: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=2&id=uBlock0@raymondhill.net&version=1.22.4&maxAppVersion=null&status=userEnabled&appID={ec8030f7-c20a-464f-9b0e-13a3a9e97384}&appVersion=70.0&appOS=WINNT&appABI=x86_64-msvc&locale=en-US¤tAppVersion=70.0&updateType=97&compatMode=normal - [Exception... "Certificate issuer is not built-in." nsresult: "0x80004004 (NS_ERROR_ABORT)" location: "JS frame :: resource://gre/modules/CertUtils.jsm :: checkCert :: line 182" data: no] 1571953452645 addons.update-checker WARN Request failed: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=2&id={f73df109-8fb4-453e-8373-f59e61ca4da3}&version=0.8.5&maxAppVersion=undefined&status=userEnabled&appID={ec8030f7-c20a-464f-9b0e-13a3a9e97384}&appVersion=70.0&appOS=WINNT&appABI=x86_64-msvc&locale=en-US¤tAppVersion=70.0&updateType=97&compatMode=normal - [Exception... "Certificate issuer is not built-in." nsresult: "0x80004004 (NS_ERROR_ABORT)" location: "JS frame :: resource://gre/modules/CertUtils.jsm :: checkCert :: line 182" data: no] 1571953452691 addons.update-checker WARN Request failed: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=2&id=@testpilot-containers&version=6.1.1&maxAppVersion=null&status=userEnabled&appID={ec8030f7-c20a-464f-9b0e-13a3a9e97384}&appVersion=70.0&appOS=WINNT&appABI=x86_64-msvc&locale=en-US¤tAppVersion=70.0&updateType=97&compatMode=normal - [Exception... "Certificate issuer is not built-in." nsresult: "0x80004004 (NS_ERROR_ABORT)" location: "JS frame :: resource://gre/modules/CertUtils.jsm :: checkCert :: line 182" data: no] XHRGEThttp://detectportal.firefox.com/success.txt [HTTP/1.1 200 OK 69ms]
Chosen Solution
Hmm, okay, I've found some more information. Apparently, add-on updates are not trusted if there is a "man in the middle" substituting the signing certificate, even if the MITM is trusted for other purposes.
audiofeed said
1571953452624 addons.update-checker WARN Request failed: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=2&id=support@lastpass.com&version=4.34.0.6&maxAppVersion=null&status=userEnabled&appID={ec8030f7-c20a-464f-9b0e-13a3a9e97384}&appVersion=70.0&appOS=WINNT&appABI=x86_64-msvc&locale=en-US¤tAppVersion=70.0&updateType=97&compatMode=normal - [Exception... "Certificate issuer is not built-in." nsresult: "0x80004004 (NS_ERROR_ABORT)" location: "JS frame :: resource://gre/modules/CertUtils.jsm :: checkCert :: line 182" data: no]
I don't know whether your IT would make an exception to proxying for *.addons.mozilla.org; that would be convenient.
If not, this might work, but exposes you to some risk of unofficial update installs:
(0) Select and copy this new preference name
extensions.update.requireBuiltInCerts
(1) In a new tab, type about:config in the address bar and press Enter/Return. Click the button accepting the risk.
(2) In the search box above the list, type ext*upd and pause while the list is filtered
(3) Right-click in a blank part of the list and choose New > Boolean
(4) As the preference name, paste extensions.update.requireBuiltInCerts and click OK
(5) As the preference value, select false and click OK
I don't know whether that will take effect the next time you select Check for Updates or only after restarting the browser. However, I think that relax the special requirement for extension updates so if the proxy is trusted for other kinds of requests, it will be trusted for these as well.
You can toggle this preference back to true between extension checks to restore the default behavior.
Adding the Boolean worked, thank you!
Check for new versions of your add-ons
Click on the menu button to expand the menu panel. Click Add-ons. The Add-ons Manager page will open. Click on the Add-ons Manager page and select Check for Updates. ... Click the "Restart now to complete installation" link if prompted.