Your Firefox extensions are all disabled? That's a bug!

[harlan4096]

Some Firefox users started to notice that installed browser extensions were all disabled in the web browser suddenly. Extensions would display "could not be verified for use in Firefox and has been disabled" messages in the add-ons manager of the browser. Firefox would display "One or more installed add-ons cannot be verified and have been disabled" at the top as a notification next to that.

Affected extensions include LastPass, Ghostery, Download Manager (S3), Dark Mode, Honey, uBlock Origin, Greasemonkey, NoScript, and others.

Update 2: Mozilla is about to release Firefox 66.0.4 that addresses the issue on the desktop and for Android. End

Update: Mozilla started to roll out a fix for Release, Beta, and Nightly versions of Firefox. The fix uses Mozilla Studies, and you need to make sure that this is enabled to get it. Mozilla notes that you may disable Studies again after the fix is applied and add-ons have been re-enabled. You need to make sure that "Allow Firefox to install and run studies" is checked on about:preferences#privacy.

Solutions that may work in the meantime:

* Editing extensions.json
* Editing user.js
* Installing Firefox 66.0.4 Update (note it is not release, release candidate only)
* Loading Temporary Extensions

End

Only options provided were to find a replacement and to remove the extension in question; this left affected users puzzled. Was this some kind of preemptive strike against policy violation extensions? Mozilla did announce that it would enforce policies more strictly.

The answer is no. Turns out, the issue is caused by a bug. If you read carefully, you notice that verification is the issue. A new thread on Bugzilla suggests that this has something to do with extension signing.

Firefox marked addons due signing as unsupported, but doesn't allow re-downloads from AMO → All extensions disabled due to expiration of intermediate signing cert.

All Firefox extensions need to be signed since Firefox 48 and Firefox ESR 52. Firefox will block the installation of extensions with invalid certificates (or none), and that is causing the issue on user systems.

Related issues have been reported: some users cannot install extensions from Mozilla's official Add-ons repository. Users get "Download failed. Please check your connection" errors when they attempt to download any extension from the official repository.

Solution

Nightly, Dev and Android users may be able to disable signing of extensions; some users reported that this resolved the issue temporarily on their end. You need to set the preference xpinstall.signatures.required to false on about:config to disable signing. You could change the system date to the previous day to resolve it temporarily as well, but that can lead to other issues.

The issue can only be resolved on Mozilla's end. The organization needs to renew the certificate or create a new one to resolve the issue. I'd expect Mozilla to do that soon as the issue is widespread and affecting lots of Firefox users.

Users should not remove affected extensions from their installations; the issue will resolve itself once Mozilla fixes it.

Continue Reading

[harlan4096]

Additional info: https://www.ghacks.net/2019/05/05/what-m...-disaster/

[harlan4096]

Mozilla released Firefox 66.0.4 to the Stable channel of the web browser; the new version fixes the add-on deactivation and signing issue in the browser.

Firefox users with installed add-ons experienced a frustrating and at the same time strange issue on May 4, 2019: Firefox would not load any add-ons and notify users that installed add-ons could not be enabled because they could not be verified by the browser.

The issue affected all browser extensions regardless of rating or freshness. Even Mozilla's own add-ons for Firefox were affected.

The disabling happened just a day after Mozilla revealed that it would go after extension policy violations more actively. Some users assumed that this was the reason for the disabling of extensions. Turned out, it was not.

The issue was caused by an expired certificate. Firefox could not verify extensions anymore because of the expiration, and the only recourse of the browser in that case is to disable all extensions that cannot be verified.

Problem was, the issue did not affect just one or two extensions that somehow got their certificates messed up, it affected all of them.

Mozilla started to distribute a hot fix to some Firefox channels, Firefox Stable, Beta and Nightly, but that required that users had Shield Studies activated. Not all wanted that because of privacy implications.

Others distributed Mozilla's fix on third-party sites so that anyone could install it and resolve the issue.

Firefox 66.0.4

Mozilla started to work on Firefox 66.0.4 and updates for other versions of Firefox at the same time. The new release is now available officially for download and distribution via Firefox's automatic update system.

Head over to this address https://www.mozilla.org/en-US/firefox/all/ and download the update to your system.

The release notes have just one entry: "Repaired certificate chain to re-enable web extensions that had been disabled"

The update should resolve the issue for Stable channel users and Android users who also get the update.

Note: Firefox may display a message on start that one or more add-ons have been disabled. This happens if the intermediate patch was installed in the browser.

Only the hotfix-update-xpi-intermediate extension should be listed under unsupported. All other extensions should be listed under Extensions.

The hotfix extension is no longer needed as the issue is resolved in the updated version of Firefox.

Continue Reading