Who could have seen this coming? Oh wait, pretty much everyone who argued against this policy.
Hopefully this will get them to see reason and return the option for users to control their own browser instead of having to rely on Mozilla.
Answers to your questions
Who could have seen this coming? Oh wait, pretty much everyone who argued against this policy.
Hopefully this will get them to see reason and return the option for users to control their own browser instead of having to rely on Mozilla.
^ This. Just… this.
this sounds one one of those vague Facebook posts from a jilted ex
I’m all set up on chrome now. If firefox wants to disable the extension signing, or at least provide a way to easily bypass it in the future then I’m all for switching back, but until then it’s a choice between two browsers that don’t give me a good choice, I’m going to use the faster and more widely supported one.
^
I hope this is a wake-up call to Mozilla. It’s nice to add shiny features, but you need processes in place to keep those things working and running. It is obvious there are managerial problems at Mozilla, because 1. they did not have a process in place in case something happened, which was only a matter of time and 2. they obviously did not have a process in place to stop it from happening because it’s only been a year. They need to scratch their heads and look at the continuity and abilities before implementing features such as these.
Uhm, hi.
Out of the loop.
What happened?
At least they didn’t break their developer edition build with removing that. A download, one symlink of my profile, and setting “xpinstall.signatures.required” false had me back in business. That option is never going to get re-enabled for my profile.
So uh… User control… Nonexistent.
Force X to happen all you want just give me an opt-out button.
why would Mozilla even do this? Like why can’t we choose to allow these “big bag add-ons” our selves at our own risk since they have been working fine for years. Is this a privacy thing? I love my ad block.
and i just moved all my bookmarks to chrome, and put ublock on chrome. so i can still internet. i hope they fix it, but i cant deal with ads.
what kind of idiot does an update like this late on a friday? worst possible time to have an update.
Not even the fact that they fucked up everyone’s addons. They’ve also been totally silent on twitter as well. Extremely unprofessional. A major issue like this they should AT LEAST give us an official “Hey guys, we’re aware and working on it”.
I am not making this up, I literally just switched from chrome to firefox yesterday because of an annoying clipboard bug between `xsel` and chrome. So much for that plan; I’m writing this from Chrome again.
See, in principle I would like to switch from a proprietary browser to a free one. But in practice, every now and then I open up firefox again to see what it’s like and I end up getting burned by a bug like this, or the spinny wheel compositor bug, or some other random thing.
I wish they understood and added this first. They already have a few advanced features hidden, so why not make a power user have to enable this or something in about:config? Seriously, this is actually insane they fucked up this badly.
Even Mozilla’s own add-ons are being disabled. I guess they can’t verify the authenticity of their own add-ons?. It’s the *”we at Mozilla are going to make the internet more secure for you by disabling all your security add-ons”* all over again.
They should just allow us to change the about:config options without switching to nightly.
Seems like most of the firefox “updates” these days take away your ability to do something that used to just come automatically. I still haven’t forgiven them for this stupid new design… remember back when you could decide where you wanted your tabs? Remember Austrailus and the big back button on the end of the address bar?
I wish Mozilla would let Firefox users make decisions instead of forcing us to adhere to what they want to do to protect the masses. Just make more layers to jump through if you have to, I’m fine checking through a few “Are you sure?” shit to get firefox to work how I want
I am a Nightly user, i have been reading these problems with add-ons..but nothing happened in Firefox Nightly at least in my PC. I updated twice.
Firefox: It’s for user security.
User: My add-ons were my security….
hear hear!
Fucking…RIP…Firefox.
Letting a certificate expire is a sign of gross incompetence – but… accidents happen. We know and understand that.
So let us opt-out or override that under conditions like a certificate expiring **JUST LIKE THEY YOU CAN WITH SSL CERTIFICATES**.
There should be the facility for the end user to override the disabling behaviour and yes place a clear and sufficiently alarming warning. Sure, make it permanent while the setting is active.
Instead Mozilla took the stance that **they** are the ultimate source for decisions about software that runs on your computer, with *no way to opt-out*.
That is just plain wrong and this shit show is the proof of the inevitable.
They won’t learn though – instead they’ll take the wrong decision of just putting safeguards in place so the certificate doesn’t expire in future rather than fix the underlying problem of not allowing the end users to control the software that runs on their own machines.
To opt out, open
about:config
in a new tab and set the value of
xpinstall.signatures.required
to
false
I switched to Waterfox back when Firefox first implemented this new addin regime. I had legacy addins that I needed for certain workflows that would be impossible to port to the new more-restrictive addin API, and it just generally felt scummy.
Still had Firefox installed on my tablet, though, since its only a 32 bit system. My main machine’s Waterfox browser is working fine, of course. Seems my commitment to doing the “right thing” paid off.
**They’re now in testing with a fix!!**
https://twitter.com/mozamo
How could they have been this unorganized when it comes to their certs? They are in the business of revoking certificate authorities trust because of mismanagement on their parts and this looks like some pretty big mismanagement. Does it expose users to security risks? I suppose not inherently in the certificate infrastructure but the loss of ad and script blockers does endanger users and raises questions about their management of certificates. One can only imagine the crap Mozilla would give a certificate authority if they allowed one or more critical, widely used root certificates (or intermediaries) to just expire and then scrambled to fix it some many hours after the fact while leaving millions of internet users with a broken experience. Yet they have done just that, breaking their product in a way that I do not believe can be resolved without a browser update. I just fail to see how they didn’t have planning for updating/migrating their certificates routinely before they expire. This is a colossal failure not of a buggy piece of code but of processes and the organization.
It is troubling to say the least given this and the horrible transitions with addons that left a lot of authors feeling burned and caused a lot to just dip out given the inferiority of the chrome style web-addons compared to the old style and the rewriting twice in nearly as many years. It seems really like Mozilla is severely neglecting the biggest draw of their browser or at least one of them in that no one apparently paid enough attention to notice one of the all important certs for them was expiring. That’s the only conclusion one can draw from these consistent problems all centered around the addons.
everyone: what do you say to addons?
mozilla: not today
Dear Mozilla,
My mum, dad and all my old relatives are dead.
Can I PLEASE have control back now…
Regards,
Everyone who grew up in the 80s and later.
#Mint Linux users do not need to use a nightly build to make the temporary fix work.
Open your **about:config** and change **”xpinstall.signatures.required”** to **false**, until the issue is resolved by Mozilla.
This is a good security practice though. These things do happen though and we are all only human. Give them a break. I’m sure they are working as quick as they can to get things sorted out. In the meantime there are workarounds until it gets resolved.
P.S. – I’m sure the guy responsible either already has or will get yelled at pretty good regarding this incident.
It took me more time to get a workaround to enable my adblock than to install another browser. Another of this kind of fuckup and I’ll stop using firefox.
I can use unsigned addons with Waterfox…
deleted ^^^^^^^^^^^^^^^^0.8628 [^^^What ^^^is ^^^this?](https://pastebin.com/FcrFs94k/19053)
I’m so glad they removed the pro/power user feature to disable something we knew was a terrible idea and did not want. But Mozilla knows better than us.
Microsoft would be getting thrashed from every direction if Windows users woke up to their apps failing to launch. Fortunately, Mozilla has legions of OSS apologists to excuse their shitty business practices.
Their claim was that it was to remove malware.
Software that deletes users’ data without their informed consent is malware.
When is Firefox going to remove itself?
I Wold like every Distribution switch to (re)build Firefox not only with alsa enabled but with that switch not to require certification of add-ons.
I am looking for alternative forks of Firefox, they have rendered the internet unbrowsable until its fixed. They have disabled adblockers for hundreds of millions of users for an unknown amount of time. Because they just do not give a fuck about their users. And this will last what, 4-5 days? Nothing will be done until monday for sure.
WTF Mozilla, its been eight hours now? How long does it take to update a bloody certificate….
Yup. Those morons disable working add-ons because certs expire, as if the code has suddenly changed.
It’s been a train wreck since they let brendan eich go. bring him back.
This is what happens when arrogant developers ignore their users. Fucking idiotic and short-sighted – Mozilla needs a swift injection of common sense.
Remember how each new crappy mandatory feature was justified with “You can disable it with an add-on?”
This is what comes of marginalizing people who know better than you, and this is why the defaults should be field-tested, sane and secure. Relegate the half-baked flights of fancy to extensions.
[Posted with Waterfox](https://www.waterfoxproject.org/)
How do we disable this signing garbage?
They are too busy working on trash like Pocket
It feels to me like someone paid them to do it, or managed to weasel in their guy/spy into leading this stupid shit idea.
I was doing fine until my add-ons suddenly cut out and my Version 65 forcibly updated to 66 despite having the box next to “Allow me to choose when to install” clicked. Rollbacks don’t work. Update history tries to claim Apr 11th was when they updated me to 66.
I’m a mountain of salt right now.
Am I the only who doesn’t think this is bad. I saw this post first and I was like “what the hell did some private key leak or something”. So apparently one certificate just *expired*. Which means they simply have to re-sign all extensions.
Instead of complaining think of all the potentially unwanted extensions you may have had found if Firefox did not enforce this policy.
You guys are overreacting.
Aren’t the developers those who screwed it up, by not resigning their addons?
TOR Browser is affected too. This shit could *literally* get somebody fucking killed.
Who fixes it first? Me installing Pale Moon or Mozilla fix the certs.
Just opened Firefox to watch a Twitch video, because they don’t work right with autoplay disabled. Found out Mozilla scored yet another own goal.
Meanwhile in Basilisk, I still have the good versions of Pocket, DownThemAll, Tab Mix Plus, and GreaseMonkey, and I don’t ask anyone for permission to keep using them.
How about a browser that isn’t so ridiculously complicated? Enabling a telemetry tool like ‘Studies’ to receive a new certificate? Really?
Signing addons is one thing but removing an override? Expiring certificates are so depressingly common that it’s plainly foolish to remove an override. Not all end users are idiots y’know. Some want to get things done.
Sometimes it feels like freaking SeaMonkey all over again.
Found this for those that want to avoid studies and get the fixes even faster.
https://www.shysecurity.com/post/20190504-Manually%20Fix%20Firefox%20Addons
https://github.com/NixOS/nixpkgs/issues/60916
https://www.reddit.com/r/firefox/comments/bkjnn0/firefox_6604_rc1_is_out_it_fixes_disabled_addons/emhjsxn/
Here’s another from u/FlickFreak
https://www.reddit.com/r/firefox/comments/bklvr1/were_rolling_out_a_fix_for_the_issues_with_addons/emhnr6o/
From u/pm_me_ur_wrasse
If you prefer not to enable “Studies”, the fix can be installed by clicking this link \[1\]. It’s signed by Mozilla.
\[1\] [https://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate%40mozilla.com-1.0.2-signed.xpi](https://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate%40mozilla.com-1.0.2-signed.xpi)
Thanks to user gpm at Hacker News, who posted this tip \[2\].
\[2\] [https://news.ycombinator.com/item?id=19826903](https://news.ycombinator.com/item?id=19826903)
Does anyone have a link to block all firefox ips ?
I’m just gonna use another browser. You screwed up so bad on this one firefox, so bad.
pi-hole it is then
Same day half their users quit for good. I see this as a way to get people to stop using ad blockers this wasnt a mistake probably
This is what happens when companies decides they know whats best for it’s consumers
Goodbye Firefox. It was good while it lasted. Adios and good luck with your future efforts.
Go off sis
This and the fact that they force update checks is why they are looking more and more like a poorman’s version of chrome.
Finally, someone that’s using his brain instead of just being a blind FF fan boy that salutes this “bug”, and approving the fact that FF screwed it up big time. As you all I’m not a Google fan, but one thing they always do great is that when an update happens or a service is about to shut down they inform you upfront, sometimes even 6 months ahead.
How could this problem we said was going to have happen, happen?! OH THE HUGE MANATEE!
Ublock origin disabled on Android. This was literally the top reason I was using Firefox over Chrome. They will be losing users by the hour.
Mozilla peremptorily disabled my password manager, my easy access to favorite sites (new tab), my keystroke protection & my ability to enjoy using Firefox (among other things).
Suddenly, though I had intended to spend my evening completely differently, I found myself scrabbling to put things back together. I hate that!
I read the fixes. I read how often they worked. I gave it a try; then I said, “Fukkit! I’m switching to Chrome. Mozilla does NOT deserve my loyalty!”
Adios, Mozilla. Stick your officious, patronizing changes up your butt. I’ve had enough.
This isn’t the fist time Firefox has disabled many if not all of the addons that I use to make surfing the web almost tolerable.
WHY not let the user decide if the risk is acceptable? rather than be a fascist corporate arsehole-like dictator and force the addons to become useless.
This happens again, Mozilla can count on losing a hell o f a big section of its loyal user base. I’m using Opera now with built-in VPN.
Convince me why I should come back to crippled firefox!
Who needs viruses and malware to cripple your browsing habits. Allow the mighty Firefox fuck it up royally for you for free.
This isn’t the first time this shit has happened….but I will swap to Opera or Chrome i future. This is a fucking joke!