Firstly, as always, r/Firefox is not run by or affiliated with Mozilla. I do not work for Mozilla, and I am posting this thread entirely based on my own personal understanding of what's going on.
**This is NOT an official Mozilla response.** Nonetheless, I hope it's helpful.
# What's going on?
A few hours ago a security certificate that Mozilla used to sign Firefox add-ons expired. What this means is that every add-on signed by that certificate, which seems to be nearly all of them, will now be automatically disabled by Firefox as security measure.
In simpler terms, Firefox doesn't trust any add-ons right now.
**Update:** Fix rolling out!
Please see the Mozilla blog post below for more information about what happened, and the Firefox support article for help resolving the issue if you're still affected.
## Mozilla Blog: [Update Regarding Add-ons in Firefox](https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/)
## Firefox Support article: [Add-ons disabled or fail to install on Firefox](https://support.mozilla.org/kb/add-ons-disabled-or-fail-to-install-firefox)
# Workarounds
u/littlepmac from Mozilla Support has posted [a short comment thread](https://www.reddit.com/r/firefox/comments/bkhtv8/heres_whats_going_on_with_your_addons_being/emhtf2f/) about the problems with the workarounds floating around this sub.
>Hey all,
>Support just posted [an article](https://support.mozilla.org/en-US/kb/add-ons-disabled-or-fail-to-install-firefox?redirectlocale=en-US&redirectslug=add-ons-failing-install-firefox) for this issue. It will be updated as new updates or fixes are rolled out.
>Tl:dr: The fix will be automatically applied to desktop users in the background within the next few hours unless you have the Studies system disabled. Please see the article for enabling the studies system if you want the fix immediately.
>As of 8:13am PST, there is no fix available for Android. The team is working on it.
>>Update: **Disabled addons** will not lose your data.
>>**Please don't Delete** your add-ons as an attempt to fix as this will cause a loss of your data.
>>>There are a number of work-arounds being discussed in the community. ***These are not recommended as they may conflict with fixes we are deploying.*** We’ll let you know when further updates are available that we recommend, and appreciate your patience.
If you have previously disabled signature enforcement, you should reverse this. Navigate to `about:config`, search for `xpinstall.signatures.required` and set it back to **true**.
Firefox I thought we were past this. I’m not *mad*, I’m just *dissapointed.*
Thank you for sharing. I thought I was going absolutely bonkers. On the bright side, this was an interesting fire drill – I’m surprised at how smoothly nearly all of my addons were deactivated on-the-fly.
same thing in Firefox Android 66.0.2 for all add-ons: “The add-on downloaded from [addons.mozilla.org](https://addons.mozilla.org) could not be installed because it appears to be corrupt.” “This add-on could not be verified by Firefox.”
Mine are working fine? Is it specific add-ons not working?
I appreciate the post! I’m gonna give it some time and see if they can fix this. I’m just gonna avoid the internet for the time being and go play games. I refuse to watch ads. I will not sit through an ad, I don’t care how short it is, I’m closing the window.
If this isn’t fixed by tomorrow I’m changing to a different FireFox build if necessary.
Yeah, I think I’m just gonna use Chrome until they fix this.
This workaround only works for add-ons but doesn’t works for the themes. I just tried and couldn’t install any theme (including my own I created long ago) that was listed ont the mozilla add-ons website.
Every site will wonder why their ad revenue shot up on this day…
Is there a workaround for the Android version ? There’s Nightly alright, but no way to copy my profile…
Solved: this works on Android FF:
xpinstall.signatures.required
As a browser extension developer, I really dislike the idea of yet more people running dev/nightly builds of a browser willy nilly (in this case, as a workaround to a temporary bug)
We get so many support requests from people who don’t even realize/remember that they are on Chrome Canary or Firefox Nightly – which we cannot feasibly support in addition to the other variety of browsers just on their stable channels – it can get super frustrating.
I really hope folks can just be patient… or at least remember to go back to Firefox stable when this blows over.
Workarounds nifty.. the xpinstall works with standard Ubuntu install.
Now Firefox folks need to explain why there wasn’t some sort of alarm going off at least a week ago about the impending certificate expiry… someone leave the company and the calendar entry got deleted? 🙂
(Edit: Now that Mozilla have released their studies workaround, I temporarily enabled studies to allow that workaround to install, disabled studies again, and then reversed the about:config xpinstall signature verification override. Yes, I use the Ubuntu repository provided install of Firefox Quantum)
Another procedure to re-enable your add-ons according to [this post on the Mozilla bug tracker](https://bugzilla.mozilla.org/show_bug.cgi?id=1549017):
1. Go to about:support in the URL bar.
2. Open your profile directory.
3. Open extensions.json in your preferred editor.
4. Replace all “appDisabled”:true with “appDisabled”:false
5. Replace all “signedState”:-1 with “signedState”:2
6. Save the file.
7. Restart Firefox.
8. Go to about:addons in the URL bar.
9. Disable then enable each add-on to get it working again.
I’ve also had luck setting my system time back a day, re-enabling by add-ons and switching the time back to normal.
Helpful info: Firefox checks the certificates once a day. Every computer seems to have a different time. At that time, it will disable your add-ons again if you use these methods.
EDIT: easier way: [https://www.reddit.com/r/firefox/comments/bkhzjy/temp\_fix\_for\_the\_armagaddon\_20\_for\_regular/](https://www.reddit.com/r/firefox/comments/bkhzjy/temp_fix_for_the_armagaddon_20_for_regular/)
I’m going to have to send the UBlock guys a thank you once this gets fixed. Now that I’m forced to surf the web raw, I’m shocked at the sheer amount of ads and popups it was blocking.
How is it taking so long if this is just a security certificate expiring? It’s not hard to get a new certificate and put it in place. So, either Mozilla is truly incompetent or something more is going on here.
I’m utterly confused. If the certificate simply expired, why is it taking so long to fix and why are there no updates? This is really amateurish. I feel like all the great work that Firefox has done is being further squandered with each passing minute. There’s absolutely no justification for no update in five hours.
Lol, what a tremendous clusterfuck.
Holy shit the internet is awful without ublock.
My add-ons appear to have been working throughout this whole thing?
Hi All, the `xpinstall.signatures.required = false` work around also works for Firefox ESR 60. ([Mozilla Docs](https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Distribution_options/Add-ons_in_the_enterprise#Signed_versus_unsigned_extensions))
I generally use ESR instead of release builds because it is less buggy and also that’s what the Debian folks recommend.
The Australis update was horrible enough, but this is completely unacceptable.
Several of my add-ons are for security and privacy purposes. I need them enabled at ALL times. It should be very easy in the normal version of Firefox for the user to override something like this. Automatic disabling because of certificate expiration is a terrible idea. If someone wants to use an add-on with an expired certificate, let them. They should accept the risk that creates, either way.
The disgusting changes to the GUI, the increased gobbling of RAM as time goes on, and now add-ons being disabled because of this garbage. Going back to Pale Moon is looking ever more tempting.
Why does Mozzilla feel the need to ruin something.
this was the first time i saw an ad on youtube in months. i cant believe some people live like this. also my darkmode filter being disabled is quite inconvenient. i know complaining wont do anything right now, but i’m still quite annoyed currently
I only want to know why is taking them so long to get a new working certificate? is that hard to set a new expiry date? o.o
This couldn’t hit me at a worse time. I was browsing a bunch of “international” site and shit is popping off all over my screen. This shit feel like 1999, the dark ages of internet {shudder}.
I deleted all my add-ons and attempted to download them again, I fucked up
A solution I found that has worked for me:
1. Set `devtools.chrome.enabled` to **true** if it isn’t already.
2. Use Ctrl-Shift-J to open the browser console.
3. Paste the following code into the console and hit enter: [https://pastebin.com/eWyna0DM](https://pastebin.com/eWyna0DM)
4. Your extensions should re-enable themselves.
The code isn’t mine and I don’t know who wrote it, but it doesn’t look like it does anything malicious and it’s been working for me so far.
OMG YouTube ads….. Kill me now….
What I want to know is how an organization like Mozilla *let a certificate expire*, especially one *this bloody important.* No sysadmin worth their salt would let this happen.
I thought *my* Firefox lost its damn mind and removed all of the broken add-ons, thinking I could re-install and fix this. Mistakes were made.
Noob question, why this issue can’t be solved on Mozilla side by simply renewing the said expired “security certificate”?
Thank you.
Thinking about it. This reminds me of something similar that happened to Windows Update on Windows 7 PCs back in December, 2017. Their certificate expired and we were unable to download updates till they fixed it.
My doubt now is, how is that they forget when their certificates are going to expire? I mean shouldn’t they have the expiry date present so they can work on the new certificate in advance to have it ready before the current one expires? I mean, that would be the normal thing if you ask me.
It makes me sad that this happened. The last thing needed is more angry users migrating to ~~corporat~~ chrome.
Having said that, I am grateful to the users sharing workarounds who have made this a minor hiccup in my day.
I hope they rollback reviews before this occurred once its fixed, i can see a lot of poor devs getting reviewbombed because of this. Ublock origin is getting blasted in the reviews right now.
Looks like here is the version they are considering with the fix, if someone needs it immediately for some reason: https://hg.mozilla.org/mozilla-unified/rev/FIREFOX_66_0_4_BUILD1
Anyway, this reminds me of how everyone said forcing addon signing (removing the ability to disable it) was a terrible idea. How right they were – not only limiting user choice, but now apparently disabling millions of users’ addons at once with nothing they can do. Hopefully Mozilla learns something from this mistake.
Fortunately for me, I build my own Firefox. It’s pretty easy to do, and lets you do things like not enforce addon signing, removing Pocket from the build completely, and other advantages.
Interestingly, unless I’m misreading the patch, it looks like they’re faking the date sent to the signature verification function, instead of updating the certificate. Odd approach, I wonder if it could have some side effects.
Everything Mozilla has done in the past two years or so has pissed me off.
What will be the next update?
**Firefox team:**
Yes.
Is this really stupid “we forgot about expiration of our cert” kind of mistake? It’s not like I’ve never had that happen in my work, but given Mozilla’s profile, I’d think they have processes to prevent this in place…
#Mint Linux users do not need to use a nightly build to make the temporary fix work.
Open your **about:config** and change **”xpinstall.signatures.required”** to **false**, until the issue is resolved by Mozilla.
So, here’s what just happened to me:
I use AdBlock to turn off advertisements on YouTube to play a playlist of ASMR videos overnight, every night, to help me sleep.
This is the **_ONLY_** technique that has helped me with my chronic, PTSD-induced insomnia. Drugs did not work. Behaviour therapy did not work. Just … listening to these specific ASMR / soothing music videos.
I **_just_** got woken up in the middle of my night by my computer blasting a loud, jarring, upbeat, audio-compressed-to-maximum-blast advertisement for something I will **_NEVER_** use.
The extension that manages the passwords I save, has been disabled.
The browser extensions I use to assist me in moderating Reddit, have been disabled. (Not that I’m moderating Reddit right now)
Facebook Container, an extension I use to enforce keeping my Personally Identifiable Information out of the reach of Facebook, has been disabled.
Several extensions that I use to network with other people in a distributed web of trust for social safety, have been disabled.
This is a complete disaster. I’m supposed to be spending time with my family tomorrow, after having gone through a HUGE amount of time and trouble to get a full night’s sleep.
Instead, I’m wide awake, shaking from having the equivalent of a car horn blasted in my ear, watching my computer do things that I did not instruct it to do, immediately suspecting that my computer’s been hijacked by malware.
Firefox, **_WHAT_**
This?
This was a dagger of dragonglass shoved into the chest of every one of billions of users.
This is …
this is a disaster.
—————
Thank you to the moderators running this forum, for having been on top of this.
Oh, fuck everything about this.
I appreciate this post, but so far, nothing has worked for me.
And people wonder how Chrome took over the world. Fucking clown car over there.
**Edit:**
This worked for me.
https://www.reddit.com/r/firefox/comments/bkhzjy/temp_fix_for_the_armagaddon_20_for_regular/
# Fixed….
Just Now….I Got Them Back… Oh Thnkz GOD…
Oh right, I thought they did this on purpose. the message you get in firefox implies this is something to do with their new api, then I realised this was a much older version. Well, if it’s a cock up no worries. Shit happens. I was all about leaving firefox ten minutes ago when I thought they did this on purpose lol. *cools self righteous indignation*
In all honesty, this isn’t funny anymore. It’s been about 12 hours now. Browsing *anything* without uBlock is scary!
And back to Waterfox!
Mozilla addons Twitter says it is fixed, rolling out fixes now. https://twitter.com/mozamo/status/1124627930301255680?s=19
For most users, I believe that all you have to do now is to restart Firefox. That gets the update via the “studies” feature which is on by default. If you then put *about:studies* in the address bar, you should see “hotfix-reset-xpi-verification-timestamp”.
(If any of the mods are watching the new posts here, can this detail be added to the OP?)
There is a hotfix available via Firefox Studies: Under the “Data protection & Security tab in Settings, enable Firefox to run studies. This way, the devs are able to install modifications to your installation. This is normally used to test new features, but is also good for quick bugfixing, as shown here 😉
To get the fix do the following.
In Firefox options click on the privacy & security tab and scroll down all the way till you find the section Firefox Data Collection and Use. There click on the checkbox to enable Allow Firefox to send technical and interaction data to Mozilla and then click the checkbox to enable Allow Firefox to install and run studies.
After that just wait and when you see your add-ons back enabled, you can disable both options again 🙂
I got my add-ons and theme up and running again. Well, the theme is not precisely that it is already on the add-ons website, but on the version I deleted on my own Developer hub on the add-ons site, before doing that I did download a copy that was already verified and signed, so it was just drag the xpi file to the firefox window and it installed 🙂
It will be a temporary thing for me while the re-uploaded theme gets verified and signed again 🙂
To re-enable the firefox addons, opt-in to Firefox studies via Tools -> Options -> Privacy and Security -> Allow firefox to run and install studies. This fixes the issue until a general fix is in place.
They’re back!
Looks like Mozilla is silently fixing this issue via a **backdoor** to your preferences called “Normandy” that I had no clue about: [https://news.ycombinator.com/item?id=19823701](https://news.ycombinator.com/item?id=19823701)
This option is buried in the Privacy and Security menu in Preferences/Options. It’s called “Allow Firefox to install and run studies”. It’s enabled by DEFAULT. What. the. fuck.
If your add-ons are not back on, just download the hotfix manually from here!
Brought all mine back after installing.
[HotFix from Mozilla](https://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate%40mozilla.com-1.0.2-signed.xpi)
Disabling signature enforcement (xpinstall.signatures.required = false) doesn’t work, the script someone posted didn’t work, enabling Firefox Studies doesn’t work, nothing works.
Fuck this garbage.
This is what happens when the devs are too busy working on bloatware like Pocket.
*Still* waiting on a solution.
Was just checking this thread to try to understand what was happening with firefox and all addons came back working as intended. Seems like they may have done something about it.
Fix available: https://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate%40mozilla.com-1.0.2-signed.xpi
Download the linked xpi and install by dragging into your Firefox window. All add-ons should immediately be re-enabled.
[Source](https://news.ycombinator.com/item?id=19825921)
Thanks,
> … All your add-ons should automatically re-enable.
For some use cases, not all.
I should **not** expect *automatic* enabling of add-ons that were *manually* disabled before the bug – true?
Firefox has announced a fix coming.
`We rolled out a hotfix that re-enables affected add-ons. The fix will be automatically applied in the background within the next few hours. For more details, please check out the update at` [`https://discourse.mozilla.org/t/certificate-issue-causing-add-ons-to-be-disabled-or-fail-to-install/39047/14`](https://discourse.mozilla.org/t/certificate-issue-causing-add-ons-to-be-disabled-or-fail-to-install/39047/14)
source:[https://support.mozilla.org/en-US/kb/firefox-add-technology-modernizing?as=u&utm\_source=inproduct](https://support.mozilla.org/en-US/kb/firefox-add-technology-modernizing?as=u&utm_source=inproduct)
EDIT: Blog post from Mozilla on using allowing studies to fix the problem. [https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/](https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/)
Gonna use this as an opportunity to test Brave.
This should have been resolved by now – not sure whats taking so long to roll out an update.
Any estimation when this issue will be fixed? None of the posted workarounds work for me.
Whatever I do, Firefox refuses to load any add-ons whatsoever.
Hey all,
Support just posted [an article](https://support.mozilla.org/en-US/kb/add-ons-disabled-or-fail-to-install-firefox?redirectlocale=en-US&redirectslug=add-ons-failing-install-firefox) for this issue. It will be updated as new updates or fixes are rolled out.
Tl:dr: The fix will be automatically applied to desktop users in the background within the next few hours unless you have the Studies system disabled. Please see the article for enabling the studies system if you want the fix immediately.
As of 8:13am PST, there is no fix available for Android. The team is working on it.
New day, new challenge: Find a new good browser…
https://old.reddit.com/r/firefox/comments/bkjnn0/firefox_6604_rc1_is_out_it_fixes_disabled_addons/emhjsxn/
“Fix available for 66.0.3: https://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate%40mozilla.com-1.0.2-signed.xpi
Download the linked xpi and install by dragging into your Firefox window. All add-ons should immediately be re-enabled and does not require installation of the RC version.”
Anyone else here who doesn’t have any problems with their add-ons at all?
My add-ons (1Password X, uBlock Origin, HTTPS Everywhere and Adobe Acrobat) are running just fine. I’m using Firefox 66.0.3 64-bit on Windows 10.
You can install the hotfix yourself instead of waiting for it: [https://news.ycombinator.com/item?id=19826903](https://news.ycombinator.com/item?id=19826903)
>use the semi-official fix of clicking on this link and letting it install: [https://storage.googleapis.com/moz-fx-normandy-prod-addons/e…](https://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate%40mozilla.com-1.0.2-signed.xpi)
>
>This is the fix Mozilla has published to be installed via shield studies, but skipping the shield studies part. You can be sure it’s not malicious because it is signed by Mozilla… and if your browser installed unsigned extensions you wouldn’t be looking for this solution in the first place.
Installed this: https://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate%40mozilla.com-1.0.2-signed.xpi
and all my addons are back. Found here: https://news.ycombinator.com/item?id=19826903
Not responsible for above script, but it worked for me.
As i am still running 56 (mostly bc of Classic Theme Restorer) i don’t even have the studies thing. Does this mean i’m fucked?! Because if so, i’m done with Firefox. This is a fucking joke
Want to fix this without enabling Studies?
\- Download and install [https://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate%40mozilla.com-1.0.2-signed.xpi](https://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate%40mozilla.com-1.0.2-signed.xpi)
\- \`about:config\` and set \`app.update.lastUpdateTime.xpi-signature-verification\` to \`1556945257\`
As per [https://normandy.cdn.mozilla.net/api/v1/recipe/signed/](https://normandy.cdn.mozilla.net/api/v1/recipe/signed/)
absolute fucking garbage, forced updates and overriding user control ruins the day yet again
everytime with this garbage
TIL the importance of uBlock.. please fix it in Android as soon as possible
We take so many things for granted. Clean water, fresh air, websites that don’t have 100 fucking ads on them, air conditioning
Fuck this bullshit where you have to turn on telemetry to get a broken feature fixed. That’s not how you fix software.
My addons are still disabled.
Studies are activated and I dont understand other solutions.