Some Firefox users started to notice that installed browser extensions were all disabled in the web browser suddenly. Extensions would display "could not be verified for use in Firefox and has been disabled" messages in the add-ons manager of the browser. Firefox would display "One or more installed add-ons cannot be verified and have been disabled" at the top as a notification next to that.
Affected extensions include LastPass, Ghostery, Download Manager (S3), Dark Mode, Honey, uBlock Origin, Greasemonkey, NoScript, and others.
Update 3: Mozilla published an add-on for users of Firefox 47-65 that fixes the add-on signing issue.
Update 2: Mozilla released Firefox 66.0.4 and Firefox 66.0.5 to address the issue on the desktop and for Android. The company plans to release updates for older versions of Firefox as well.
Update: Mozilla started to roll out a fix for Release, Beta, and Nightly versions of Firefox. The fix uses Mozilla Studies, and you need to make sure that this is enabled to get it. Mozilla notes that you may disable Studies again after the fix is applied and add-ons have been re-enabled. You need to make sure that "Allow Firefox to install and run studies" is checked on about:preferences#privacy.
Solutions that may work in the meantime:
Only options provided were to find a replacement and to remove the extension in question; this left affected users puzzled. Was this some kind of preemptive strike against policy violation extensions? Mozilla did announce that it would enforce policies more strictly.
The answer is no. Turns out, the issue is caused by a bug. If you read carefully, you notice that verification is the issue. A new thread on Bugzilla suggests that this has something to do with extension signing.
Firefox marked addons due signing as unsupported, but doesn't allow re-downloads from AMO → All extensions disabled due to expiration of intermediate signing cert.
All Firefox extensions need to be signed since Firefox 48 and Firefox ESR 52. Firefox will block the installation of extensions with invalid certificates (or none), and that is causing the issue on user systems.
Related issues have been reported: some users cannot install extensions from Mozilla's official Add-ons repository. Users get "Download failed. Please check your connection" errors when they attempt to download any extension from the official repository.
Nightly, Dev and Android users may be able to disable signing of extensions; some users reported that this resolved the issue temporarily on their end. You need to set the preference xpinstall.signatures.required to false on about:config to disable signing. You could change the system date to the previous day to resolve it temporarily as well, but that can lead to other issues.
The issue can only be resolved on Mozilla's end. The organization needs to renew the certificate or create a new one to resolve the issue. I'd expect Mozilla to do that soon as the issue is widespread and affecting lots of Firefox users.
Users should not remove affected extensions from their installations; the issue will resolve itself once Mozilla fixes it.Advertisement
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.