Mozilla Rollsout Quick Fix After Firefox Disables Add-Ons

Mozilla Rollsout Quick Fix After Firefox Disables Add-Ons

Mozilla said on Saturday it was rolling out an emergency fix for a bug in its browser infrastructure that disabled add-ons for most users.

The patch is to be automatically applied to general release users, as well as those using beta and nightly builds, the company said.

It said the short-term patch is being sent out to users via a system called Studies that’s generally used for testing experimental features.

Users can ensure the Studies feature is enabled by looking for it under the Privacy & Security section of Firefox’s Preferences menu.

Advertisement

Expired certificate

The bug was caused by an expired certificate used to validate Firefox add-ons, Mozilla developers said in a bug report.

The certificate expired at midnight GMT (1 a.m. BST) on Friday, causing most add-ons to be disabled en masse for nearly all users, developers said.

The browser indicated that the add-ons were unsupported and needed to be updated, but users who tried to download updates were met with an error message.

The real issue was the expired certificate, according to Mozilla.

The only users who weren’t affected were users of Developer or Nightly versions who had disabled the signature requirement for extensions, developers said.

Mozilla initially posted a message on Twitter saying it had become aware of the problem at about 3 a.m. BST on Saturday.

At about noon BST the company said it had readied a fix.

By then social media sites including Twitter and Reddit were flooded with complaints by users whose add-ons had abruptly stopped working.

“We rolled-out a fix for release, beta and nightly users on Desktop,” the company said in a statement.  “The fix will be automatically applied in the background within the next few hours, you don’t need to take active steps.

“We are working on a general fix that doesn’t need to rely on this and will keep you updated.”

Advertisement

Interim fix

While awaiting a fix, some users suggested the problem could be temporarily solved by setting the system’s clock back several hours, although such a step could have side-effects such as putting an incorrect time stamp on emails sent from that system.

Other users pointed out that users can side-step the validation system with the faulty certificate by using Firefox’s debug mode.

The mode allows XPI extension files to be installed directly from the desktop.

XPI files can be downloaded from Mozilla’s add-ons site by right-clicking on the “Install” button.

Developers said on the bug tracking page that not all add-ons were disabled.

But acknowledged that the bug was an embarrassing error on Mozilla’s part.

“If the signature was due to expire, it should have been renewed weeks ago,” wrote one developer.

#cyberthreats

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

back to top

Popular Cyber News

Top Tips to Protect Your Business Against Social Media Mistakes

Top Tips to Protect Your Business Against Social Media Mistakes

11 May, 2019

Don't let social media become the go-to platform for cybercriminals looking to steal sensitive corporate information or ...

Study Shows Extent of Cyber Risk

Study Shows Extent of Cyber Risk

10 May, 2019

A new study shows SMBs face greater security exposure, but large companies still support vulnerable systems as well. ...

How to Secure your Azure Storage accounts

How to Secure your Azure Storage accounts

14 May, 2019

Enterprise data is growing exponentially and becoming more complicated, making it harder to manage, and an even bigger c...

Vodafone is Challenging Huawei Report of Telnet 'Backdoor'

Vodafone is Challenging Huawei Report of Telnet 'Backdoor'

01 May, 2019

Vodafone is challenging a Bloomberg report that security vulnerabilities and backdoors within Huawei networking equipmen...

Malware: Doesn't need to be new to cause serious damage

Malware: Doesn't need to be new to cause serious damage

05 May, 2019

The good news is: The development of new malware exploits has slowed significantly.

Microsoft adds Plug and Play to IoT

Microsoft adds Plug and Play to IoT

03 May, 2019

Microsoft just announced that it wants to add the advantages of Plug and Play, which allows you to plug virtually any pe...

Twitch streamers take action to secure their accounts against hacks

Twitch streamers take action to secure their accounts against hacks

30 April, 2019

Twitch has an account hacking problem.

Over 22 billion IoT devices are out there

Over 22 billion IoT devices are out there

20 May, 2019

Enterprise Internet of Things (IoT) remains the leading segment, accounting for more than half of the market, with mobil...

Lessons learnt from cyber attacks

Lessons learnt from cyber attacks

07 May, 2019

Communication about cyber attacks emerged as another key theme in the panel discussion. The SingHealth data breach under...

Categories

Home Tech Reviews UK

Mobile Tech Reviews UK

×

Sign up to keep in touch!

Be the first to hear th latest Cyber and Tech News straight to your mailbox.

Check out our Privacy Policy & Terms of use
You can unsubscribe from email list at any time