Hello mnalep,

This is (or maybe I should say : was ) caused by an unforeseen technical problem - sorry for the inconvenience ….

Please see :

https://support.mozilla.org/en-US/kb/add-ons-failing-install-firefox

https://discourse.mozilla.org/t/certificate-issue-causing-add-ons-to-be-disabled-or-fail-to-install/39047/

Hi Matt, if you check the first article linked in McCoy's reply, does Firefox 52 have the studies feature so you can get the patch(es), or was that added in a later version?

Hi jscher2000,

I do not have that STUDIES option on FIREFOX 52.9.0

What should I do?

Did FIREFOX on my XP computer stop updating?

mnalep said

I do not have that STUDIES option on FIREFOX 52.9.0

The study installs the following extension. You could see whether it works to do it directly: https://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate%40mozilla.com-1.0.2-signed.xpi

Did FIREFOX on my XP computer stop updating?

Firefox 52 ESR reached its "end of life" last September, and there aren't any more updated versions for Windows XP.

Ref. Firefox has ended support for Windows XP and Vista

OK, well Firefox says it installed that hot fix successfully.

Now what do I do?

Hi Matt, I was able to start testing in Firefox 52 ESR. When I install the hotfix extension, nothing happens, other than showing up on the Extensions panel of the Add-ons page. In the Browser Console, I see this message:

TypeError: browser.experiments is undefined

That means the main command of the extension doesn't run, so it's a dead end.

Next idea:

Overview

(1) Install the certificate the hotfix would have installed (2) Trigger Firefox to re-verify your extensions (3) Wait until it is back to normal

Steps

(1) Install certificate

I extracted the certificate from my Firefox 66 and saved it on my webserver. Obviously if you don't trust me, you should not install it.

Two possible methods: click to download through the certificate installer, or right-click > Save Link As to save a local copy and then import it.

https://www.jeffersonscher.com/sumo/signingca1addonsmozillaorg_20190504.crt

Screenshot #1 shows the download method. Don't check any of the boxes, just click OK.

To import instead:

Go to the Options/Preferences page, Advanced section, Certificates panel, then click Certificate Manager. Make sure the Authorities tab is selected, then click Import. Find the file you downloaded and open it, then you should get the same dialog as in Screenshot #1, don't check any of the boxes, just click OK. Then you should see the new cert in the list in the Certificate Manager, as shown in Screenshot #2.

(2) Clear the time Firefox last re-verified

This will set Firefox up to check much sooner than it otherwise would check.

(A) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.

(B) In the search box above the list, type or paste xpi- and pause while the list is filtered

(C) Right-click the app.update.lastUpdateTime.xpi-signature-verification preference and click Reset on the context menu

Screenshot #3 illustrates the expected result.

(3) Restart Firefox

You can exit Firefox normally, then start it up again. In my tests, it took less than 60 seconds for Firefox to verify my extensions. Screenshot #4 is "before" and Screenshot #5 is "after."

Hopefully that will work for you.

You can run this code in the Browser Console to install the intermediate certificate.

• "3-bar" menu button or Tools -> Web Developer
• https://developer.mozilla.org/en-US/Tools/Browser_Console

You can verify success in the Certificate Manager (Authorities tab) under Mozilla Corporation: signingca1.addons.mozilla.org

try {
  let intermediate = "MIIHLTCCBRWgAwIBAgIDEAAIMA0GCSqGSIb3DQEBDAUAMH0xCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3ppbGxhIEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTEfMB0GA1UEAxMWcm9vdC1jYS1wcm9kdWN0aW9uLWFtbzAeFw0xNTA0MDQwMDAwMDBaFw0yNTA0MDQwMDAwMDBaMIGnMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTTW96aWxsYSBDb3Jwb3JhdGlvbjEvMC0GA1UECxMmTW96aWxsYSBBTU8gUHJvZHVjdGlvbiBTaWduaW5nIFNlcnZpY2UxJjAkBgNVBAMTHXNpZ25pbmdjYTEuYWRkb25zLm1vemlsbGEub3JnMSEwHwYJKoZIhvcNAQkBFhJmb3hzZWNAbW96aWxsYS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/qluiiI+wO6qGA4vH7cHvWvXpdju9JnvbwnrbYmxhtUpfS68LbdjGGtv7RP6F1XhHT4MU3v4GuMulH0E4Wfalm8evsb3tBJRMJPICJX5UCLi6VJ6J2vipXSWBf8xbcOB+PY5Kk6L+EZiWaepiM23CdaZjNOJCAB6wFHlGe+zUk87whpLa7GrtrHjTb8u9TSS+mwjhvgfP8ILZrWhzb5H/ybgmD7jYaJGIDY/WDmq1gVe03fShxD09Ml1P7H38o5kbFLnbbqpqC6n8SfUI31MiJAXAN2e6rAOM8EmocAY0EC5KUooXKRsYvHzhwwHkwIbbe6QpTUlIqvw1MPlQPs7Zu/MBnVmyGTSqJxtYoklr0MaEXnJNY3g3FDf1R0Opp2/BEY9Vh3Fc9Pq6qWIhGoMyWdueoSYa+GURqDbsuYnk7ZkysxK+yRoFJu4x3TUBmMKM14jQKLgxvuIzWVn6qg6cw7ye/DYNufc+DSPSTSakSsWJ9IPxiAU7xJ+GCMzaZ10Y3VGOybGLuPxDlSd6KALAoMcl9ghB2mvfB0N3wv6uWnbKuxihq/qDps+FjliNvr7C66mIVH+9rkyHIy6GgIUlwr7E88Qqw+SQeNeph6NIY85PL4p0Y8KivKP4J928tpp18wLuHNbIG+YaUk5WUDZ6/2621pi19UZQ8iiHxN/XKQIDAQABo4IBiTCCAYUwDAYDVR0TBAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwMwHQYDVR0OBBYEFBY++xz/DCuT+JsV1y2jwuZ4YdztMIGoBgNVHSMEgaAwgZ2AFLO86lh0q+FueCqyq5wjHqhjLJe3oYGBpH8wfTELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE01vemlsbGEgQ29ycG9yYXRpb24xLzAtBgNVBAsTJk1vemlsbGEgQU1PIFByb2R1Y3Rpb24gU2lnbmluZyBTZXJ2aWNlMR8wHQYDVQQDExZyb290LWNhLXByb2R1Y3Rpb24tYW1vggEBMDMGCWCGSAGG+EIBBAQmFiRodHRwOi8vYWRkb25zLm1vemlsbGEub3JnL2NhL2NybC5wZW0wTgYDVR0eBEcwRaFDMCCCHi5jb250ZW50LXNpZ25hdHVyZS5tb3ppbGxhLm9yZzAfgh1jb250ZW50LXNpZ25hdHVyZS5tb3ppbGxhLm9yZzANBgkqhkiG9w0BAQwFAAOCAgEAX1PNli/zErw3tK3S9Bv803RV4tHkrMa5xztxzlWja0VAUJKEQx7f1yM8vmcQJ9g5RE8WFc43IePwzbAoum5F4BTM7tqM//+e476F1YUgB7SnkDTVpBOnV5vRLz1Si4iJ/U0HUvMUvNJEweXvKg/DNbXuCreSvTEAawmRIxqNYoaigQD8x4hCzGcVtIi5Xk2aMCJW2K/6JqkN50pnLBNkPx6FeiYMJCP8z0FIz3fv53FHgu3oeDhi2u3VdONjK3aaFWTlKNiGeDU0/lr0suWfQLsNyphTMbYKyTqQYHxXYJno9PuNi7e1903PvM47fKB5bFmSLyzB1hB1YIVLj0/YqD4nz3lADDB91gMBB7vR2h5bRjFqLOxuOutNNcNRnv7UPqtVCtLF2jVb4/AmdJU78jpfDs+BgY/t2bnGBVFBuwqS2Kult/2kth4YMrL5DrURIM8oXWVQRBKxzr843yDmHo8+2rqxLnZcmWoe8yQ41srZ4IB+V3w2TIAd4gxZAB0Xa6KfnR4D8RgE5sgmgQoK7Y/hdvd9Ahu0WEZI8Eg+mDeCeojWcyjF+dt6c2oERiTmFTIFUoojEjJwLyIqHKt+eApEYpF7imaWcumFN1jR+iUjE4ZSUoVxGtZ/Jdnkf8VVQMhiBA+i7r5PsfrHq+lqTTGOg+GzYx7OmoeJAT0zo4c=";
  let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
  certDB.addCertFromBase64(intermediate, "", "");
  console.log("new intermediate certificate added");
} catch (e) {
  console.error("failed to add new intermediate certificate:", e);
}

This is unbelievable. They all really expect users to jump through these hoops to fix a problem that the developers created with the press of a "send" button? REALLY???

To add insult to injury not one thread I saw addressed the message "could not install the plugin because it's corrupt" which showed up at the same time as the fiasco of adblockers being disabled.

BTW, since many of us deleted their adblockers as soon as it happened and attempted to reload them the "hotfix" is sorta useless with us being unable to download and verify a replacement no?

Hi gnappi, Mozilla is building updated releases. Firefox 66.0.4 is expected later today/tonight, and that will contain the new certificate.

In another thread, your Firefox identified itself as version 55. I am not aware of any intention to release further updates for unsupported earlier releases. You will need to get the new certificate through other means. Hopefully an official download will become available. If not, I already documented what I did.

Since Mozilla Firefox messed my use of ghostery for adblocking on XP, I expect them to fix the problem they created. Else I'll be using another browser like Opera.

firefoxuser1000 said

Since Mozilla Firefox messed my use of ghostery for adblocking on XP, I expect them to fix the problem they created. Else I'll be using another browser like Opera.

Chromium, Chrome and Opera dropped support of the old EOL Windows XP and Vista way back in April 2016 so Opera is not really a good secure option on WinXP.

It was not an issue with any version of Firefox but due to a unfortunate situation of a intermediate certificate used by many extensions that expired.

Firefox 52.9.0esr came out June 26, 2018. However it may be possible that Mozilla may make an exception and provide a update like say 52.9.1esr as a way to help get affected extensions working again.

"Firefox 52.9.0esr came out June 26, 2018. However it may be possible that Mozilla may make an exception and provide a update like say 52.9.1esr as a way to help get affected extensions working again."

That would be good if mozilla fixes the problem they created, like with a 52.9.1esr.

"Firefox 52.9.0esr came out June 26, 2018. However it may be possible that Mozilla may make an exception and provide a update like say 52.9.1esr as a way to help get affected extensions working again."

That would be good if mozilla fixes the problem they created, like with a 52.9.1esr.

I should point out that I do have Win7 and Win10 machines, but have five perfectly functioning XP machines. Using AVG and Spybot and backing up Documents, I've kept the XPs working well. IMO XP is still the most user friendly GUI and I still use it daily on my main machine. MS should have never let it go unsupported: they had a chance to keep it going on a subscription basis, but their greed got in the way. I long for the day when some disgruntled MS employee dumps the XP source code on the net ala wikileaks, and sends MS and Gates into the trash heap of history. XP could be the defacto world's OS, at least for laptops and desk tops. Firefox please keep it going, at least to fix your add-on signage blunder.

This Worked Thank you

(2) Clear the time Firefox last re-verified This will set Firefox up to check much sooner than it otherwise would check. (A) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk. (B) In the search box above the list, type or paste xpi- and pause while the list is filtered (C) Right-click the app.update.lastUpdateTime.xpi-signature-verification preference and click Reset on the context menu Screenshot #3 illustrates the expected result.

(3) Restart Firefox

jscher2000 said

(1) Install the certificate the hotfix would have installed

I followed your posted instructions and my add-ons are back. YAA-HOO ! ! ! ! ! One question, will I need to do this again?

FredMcD said

jscher2000 said

(1) Install the certificate the hotfix would have installed

I followed your posted instructions and my add-ons are back. HAA-HOO ! ! ! ! ! One question, will I need to do this again?

For a legacy version? If cert8.db/cert9.db were to be deleted, or if you use Refresh or otherwise create a new profile, then you would need to install the certificate again.

Thank you, jscher.

jscher2000... Thanks so much. It worked for me, sort of. I'm running FF56.0 on Win10Pro64, and I have two profiles. Your fix worked easily for one profile. When I tried it on the second, the certificate wouldn't install. No error or other messages, it's just not listed after I click on your link, or, try to import the downloaded certificate. No message either about "already installed." Any ideas what might be preventing it from working on my second profile?

Hi wendiwoman2, I cannot think of a reason that a certificate would not import. Could you look for any error messages in the Browser Console?

You can open the separate Browser Console window using either:

• "3-bar" menu button > Web Developer > Browser Console
• (menu bar) Tools > Web Developer > Browser Console
• (Windows) Ctrl+Shift+j

Click the trash can icon at the upper left to clear the window, then switch back over to your main window and try the import again.

Then switch back over to the console window. Did Firefox log any errors related to the action?

More info on the Browser Console: https://developer.mozilla.org/docs/Tools/Browser_Console