Firefox 66.0.4 with add-on signing fix release on its way

Martin Brinkmann
May 5, 2019
Updated • May 8, 2019
Firefox
|
81

Mozilla released Firefox 66.0.4 to the Stable channel of the web browser; the new version fixes the add-on deactivation and signing issue in the browser.

Firefox users with installed add-ons experienced a frustrating and at the same time strange issue on May 4, 2019: Firefox would not load any add-ons and notify users that installed add-ons could not be enabled because they could not be verified by the browser.

The issue affected all browser extensions regardless of rating or freshness. Even Mozilla's own add-ons for Firefox were affected.

The disabling happened just a day after Mozilla revealed that it would go after extension policy violations more actively. Some users assumed that this was the reason for the disabling of extensions. Turned out, it was not.

The issue was caused by an expired certificate. Firefox could not verify extensions anymore because of the expiration, and the only recourse of the browser in that case is to disable all extensions that cannot be verified.

firefox add-ons disabled

Problem was, the issue did not affect just one or two extensions that somehow got their certificates messed up, it affected all of them.

Mozilla started to distribute a hot fix to some Firefox channels, Firefox Stable, Beta and Nightly, but that required that users had Shield Studies activated. Not all wanted that because of privacy implications.

Others distributed Mozilla's fix on third-party sites so that anyone could install it and resolve the issue.

Update: Mozilla just released Firefox 66.0.5 which makes "further improvements to re-enable web extensions" for users, specifically those with master passwords set.

Firefox 66.0.4

Mozilla started to work on Firefox 66.0.4 and updates for other versions of Firefox at the same time. The new release is now available officially for download and distribution via Firefox's automatic update system.

Head over to this address https://www.mozilla.org/en-US/firefox/all/ and download the update to your system.

The release notes have just one entry: "Repaired certificate chain to re-enable web extensions that had been disabled"

The update should resolve the issue for Stable channel users and Android users who also get the update.

Note: Firefox may display a message on start that one or more add-ons have been disabled. This happens if the intermediate patch was installed in the browser.

Only the hotfix-update-xpi-intermediate extension should be listed under unsupported. All other extensions should be listed under Extensions.

hotfix-update-xpi-intermediate

The hotfix extension is no longer needed as the issue is resolved in the updated version of Firefox.

Now Read: What Mozilla needs to do after the incident.

Summary
Firefox 66.0.4: add-on signing fix
Article Name
Firefox 66.0.4: add-on signing fix
Description
Mozilla plans to release Firefox 66.0.4 to the Stable channel of the web browser soon; the new version fixes the add-on deactivation and signing issue in the browser.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. hhck said on May 14, 2019 at 7:23 am
    Reply

    https://github.com/mozilla-mobile/fenix/blob/master/docs/mma.md

    >Mozilla wants to engage with users more. MMA is the project for this purpose. When a user performs a certain UI action (or set of UI actions), she will see a prompt and have a chance to interact with it. For example, if a user uses Firefox 10 times a week, but Firefox is not her default browser, we’ll prompt the user the next time when she launches our app, and guide her to set us as default browser.
    >Mozilla is using a third party framework called “Leanplum” in order to achieve this. Leanplum is a San Francisco company, founded in 2012. We put their SDK in our codebase via Carthage.

    This is all you need to know about mozilla.

  2. Tom Hawack said on May 8, 2019 at 12:46 pm
    Reply

    Firefox 66.0.5 has just been released, available at:
    Mozilla Firefox release directory AT https://ftp.mozilla.org/pub/firefox/releases/

    May help those still facing disabled extensions.

  3. EP said on May 8, 2019 at 3:54 am
    Reply

    Firefox version 66.0.5 just came out today May 7. those who have not updated to 66.0.4 can skip that and update to 66.0.5 instead

  4. I want my addons said on May 7, 2019 at 10:15 pm
    Reply

    Is there some way to prevent that Firefox disable the addons without updating? I need it for an old version in Windows Vista. I have a backup but becomes unusable every time I restore it.

    1. AnorKnee Merce said on May 8, 2019 at 11:25 am
      Reply

      Only FF 47 or earlier does not have add-on signing enforced by Mozilla and if enabled by default, it can be disabled(“xpinstall.signatures.required” = false). Only FF 48 ESR or later has add-on signing enabled by default but can be disabled = not fully enforced.

      Try applying the above reddit fix for FF 56 Stable Release or earlier.

      Try the Maxthon browser, which still supports Win XP/Vista.

  5. proteus said on May 7, 2019 at 1:58 pm
    Reply

    I installed this new update and it didn’t work for me, not a single plugin was fixed, all are disabled.

  6. Kevin McDonald said on May 7, 2019 at 7:12 am
    Reply

    Well, I’m about to make a lot of people happy with this info. I was researching this today as I’m using FF 56.0.2 and found the solution on this Reddit thread. Leave it to an end user to do the job the professionals either failed or refused to due. It worked for me on 3 different machines. Go to this link and follow the instructions detailed:

    https://www.reddit.com/r/firefox/comments/bkspmk/addons_fix_for_5602_older/

    1. T J said on May 8, 2019 at 11:10 am
      Reply

      @ Kevin McDonald

      Thank you for this link :))

      I installed the fix and all my addons (legacy) are working !!

      No more yellow warning banners AND I can update the addons.
      I have made sure that xpinstall.signatures.required is set to false in about:config.

    2. Yoav said on May 7, 2019 at 8:53 am
      Reply

      Thank you. The fix (which is actually from velvetbug) worked for me on FF 56.0.1 and on FF 52, and it is pretty easy to do – about 5 minutes for each browser.

      1. Anonymous said on May 7, 2019 at 9:31 am
        Reply

        Glad it worked for you. After finding it and seeing it worked so well, I spent an hour going to any site discussing the issue and posting this issue for all those who still use a legacy version of Firefox.

  7. leyton 1800 said on May 6, 2019 at 7:26 pm
    Reply

    so i got to have a version of firefox i dont want cos they mucked up ..pathetic

  8. Anonymous said on May 6, 2019 at 5:13 pm
    Reply

    Looks like same issue with all languages.
    red warning tex: “Language Pack could not be verified for use in Firefox and has been disabled”

  9. Intelligencia said on May 6, 2019 at 3:43 pm
    Reply

    Hi Everyone and a Big Shout Out to Ghacks.net and its founder (with his co-writer)!
    (Give a Donation if you can to keep said website Up and Running Forever!!!)

    If I had not come to this site and found out about the Firefox Add-On (s) snafu I would have panicked; removed Mozilla Firefox Forever and made another browser as my default!
    . . . BUT I LOVE Firefox and would have hated to see it go from my Life.

    My Wonderful Firefox Add-On (s) are back ON and I am Dancing – – Nude!
    LOL!

    Anyway, I wanted to say that Of All my Extensions Only DISCONNECT was not Disconnected … Hmm … and am wondering why???

    Does anyone know the reason DISCONNECT was Not affected?

    Thank YOU, Mr. Brinkmann and the rest of the Ghacks.net Crew!

    i

    1. AnorKnee Merce said on May 6, 2019 at 5:01 pm
      Reply

      “”” FAQ

      Which add-on types will need to be signed?
      Only extensions (type 2 in install.rdf)–this includes WebExtensions. Themes, dictionaries, language packs, and plugins don’t need to be signed. “””

      https://wiki.mozilla.org/Add-ons/Extension_Signing

  10. Anonymous said on May 6, 2019 at 3:26 pm
    Reply

    FFox wants to censor addons because some of them interfere with spying on people. Now FFox turns into Crome browser.

  11. Dave said on May 6, 2019 at 3:16 pm
    Reply

    I smell bullshit.

    Problem hit me, I did a browser refresh (in about:support) then reinstalled all my extenstions and other customizations and it’s worked fine ever since.

  12. pHROZEN gHOST said on May 6, 2019 at 3:12 pm
    Reply

    I used Firefox since it was version 0.97. I loved it.
    But, this latest fiasco was the last straw.
    I’m tired of having to struggle with a broken browser.

    Yesterday I pulled Firefox from my PC.

  13. joninio said on May 6, 2019 at 2:28 pm
    Reply

    Too late – hit this problem last night on my wife’s laptop. Downloaded Opera and made it the default browser. Sorted.

    1. akg said on May 6, 2019 at 4:15 pm
      Reply

      u have other option as well,but u wanna sell your data,then use opera,but take a look at this .
      https://restoreprivacy.com/secure-browser/

      1. joninio said on May 7, 2019 at 10:15 pm
        Reply

        Thanks akg – I have Brave on my machine, for when I’m getting paranoid ;)

  14. ULBoom said on May 6, 2019 at 2:26 pm
    Reply

    Fix for ESR is out.

    Menu>Help>About Firefox>Check for Updates

    Will be applied automatically. I got a “partial update cannot be applied, full update will be applied” message so that’s what was done. No issues, no config mods reset with update.

    Note that “xpinstall.signatures.required” state remained “false”, as I had changed it to fix the problem. Default is “true” and I reset it.

    Add ons all work correctly, no yellow verification banners.

    The version here is 60.6.2, the latest, with fix:

    https://www.mozilla.org/en-US/firefox/organizations/all/

    Your link may be for a different locale.

  15. Belga said on May 6, 2019 at 1:10 pm
    Reply

    “Only the hotfix-update-xpi-intermediate extension should be listed under unsupported. All other extensions should be listed under Extensions.”
    It’s not the case for me.
    I guess it has become useless and can be deleted ?!
    Thank you Martin.

    1. Martin Brinkmann said on May 6, 2019 at 1:20 pm
      Reply

      Probably. If the add-ons work, all is fine.

  16. Radical Dreamer said on May 6, 2019 at 12:55 pm
    Reply

    Sorry, but this is the biggest Firefox flop ever.
    After so many years with Firefox, I’ve switched to Vivaldi.

  17. user17843 said on May 6, 2019 at 12:15 pm
    Reply

    Summary on monday morning:

    – Instead of directly pushing the XPI file immedietaly via mozilla.org, firefox snippets, pocket, r/firefox, discourse and news outlets, they even told users not to download it. Why?

    – Seriosuly, what a better way would there than to use snippets to deliver a download link?

    – Their study fix failed for a large numbers of users.. “some users are reporting that their extensions remain disabled with both studies active”.. Some anti-virus software flagged the study as malware and prevented the download

    – Google trends shows a large number of users may still be affected: https://trends.google.de/trends/explore?date=now%207-d&q=firefox

    – Still no update for Beta, Nightly and Dev users (> 2 million users)

    – Still no update for pre 60 ESR users

    – Comments on moz blog have been “temporarily disabled” – which probably means, they have been indefinitely disabled (https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/)

    – Silence on mozilla.org or blog.mozilla.org. The only channel that kept people up to date is the obscure https://twitter.com/mozamo

    – All search settings of extensions have been reset, probably resulting in massive revenue loss for DDG, Startpage, Qwant et al.

    – 2 million Tor Browser users potentially exposed via JS, tracking and remote server connections. https://metrics.torproject.org/userstats-relay-country.html

    – xpi.signing can not be disabled by release and beta users due to ominous security reasons

    – Not all extensions have been affected – why is that? Does that mean there is a fundamental flaw in the signing process?

    – After tens of thousands of users rightfully voiced their situation, there are still parts of the comunity that condemn the voice of the majority of users: https://reddit.com/r/firefox/comments/bl6dil/i_love_firefox_but_im_starting_to_dislike_the/

    – Lets see if the fix arrived quickly enough for offices and work places around the world to not notice on monday morning.

  18. Tom Hawack said on May 6, 2019 at 11:28 am
    Reply

    I’ve just noticed a strange issue with Firefox 66.0.4.

    When this 66.0.4 version was made available I’ve downloaded it and performed as always a clean install.

    When a profile exists a new Firefox install does not remove/modify existing files, or at least not cert9.db

    I visited AMO and was surprised to notice that no extension could be installed (Mozilla stating the extension was “corrupt”).

    I closed Firefox, removed the cert9.db file in my profile, restarted Firefox : same issue.

    I closed Firefox, created a new profile, started Firefox with that profile, tested installing an extension from AMO : no problem.

    I backed-up the new profile’s cert9.db, closed Firefox, removed the new profile, pasted the cert9.db I had just backed-up into my ‘old’ (default) profile, started Firefox, tested installing an extension from AMO and no more corrupted file issue.

    When cert9.db is deleted from a profile, restarting Firefox creates a new cert9.db file.
    In that case, as I understand it because experiencing it, the new cert9.db is not the same as the one created with a new profile : that leaves me stunned.

    So, if you encounter the same issue as me, you now know how I managed to resolve it.

    1. John said on May 8, 2019 at 12:50 am
      Reply

      @Tom I have been following your posts for many years in here. Thanks for the great contributions. I am a long time follower of Pants, too, over on Github. I am having the same problem you discussed. I thought of exactly what you did, tried it, and it didn’t work. I was sure it would. When I found this post I was happy to see someone else had tried this, but it didn’t work for me. I am just completely stuck.

      Here’s what I have tried so far. I did the hotfix and it didn’t work (downloaded from googleapis, no studies turned on, as this comp is offline). It showed up in the about:support as enabled, but not on the extensions page (even under legacy), as I have seen posted in many places. I did updates and clean installs with my current profile left where it was, and none worked. I did hotfixes and then updates, again no go. I did what you did, tried a clean install with no existing profile present and then tried adding a test addon from file, like uBlockO, and it worked fine.

      I went to look at the Authority certificates, and with the clean install and no existing profile right there was the needed certificate signingca1, under Mozilla. I checked all other updates or installs, ones with an existing profile, and none had this. I tried deleting out the cert9.db (as well as doing this while also deleting the key4.db), and replacing with the cut and pasted cert9.db (with and without the cut and pasted key4.db), and no go. I also tried a clean install with an existing profile, but with cert9.db already deleted (and also another test with cert9.db and key4.db pre-deleted), and no deal.The cert was not visible under Authority in the Firefox cert manager in any test except the clean install with no existing profile. So I can see why it won’t work.

      I also exported the cert from the clean install and saved it. It is a .crt format cert which I can open and look at. I then redid a clean install with my existing profile, both with and without cert9.db initially present, and tried to import the cert. It seemed to work, but it’s not there when I look. I tried multiple times and it won’t take. This is just a nightmare. I had read somewhere why don’t they just provide the cert so people can import it, problem solved. Well, for me, it won’t work. At least not via this approach using the FF cert manager.

      An odd thing I saw is that if I just delete the cert9.db and then start FF, it does not regenerate. Neither does the key4.db. I thought they were regenerated on startup of FF. Let me add that all this was done on a test comp that is offline. I am not sure if for some reason the comp must be online when all this is done. It didn’t need to be online for the clean install/no profile to work and have the cert. Any suggestions you can provide as to what else I can try would be greatly appreciated. And anyone else reading this that has an idea, please comment. Our entire household has been without addons for four days now, and I’m the one taking the heat for that…

      1. Tom Hawack said on May 8, 2019 at 11:55 am
        Reply

        @John, I’m not a geek nor even an advanced user as you know so I may only share what I would do should I face the problem you endure (and i know how painful it is).

        Firefox 66.0.5 has just been released, available at:
        Mozilla Firefox release directory AT https://ftp.mozilla.org/pub/firefox/releases/

        If your issues persist with Firefox 66.0.5 then this is what I’d do:

        1- Backup your current profile’s data you wish to keep :
        More info at https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data

        Bookmarks, Downloads and Browsing History: places.sqlite file
        Passwords: key4.db and logins.json
        Site-specific preferences: permissions.sqlite and content-prefs.sqlite
        Search engines: search.json.mozlz4
        Personal dictionary: persdict.dat
        Cookies: cookies.sqlite file.

        2- With Firefox’s Profile Manager, create a new profile :
        [Installed Firefox folder]\firefox.exe -ProfileManager
        Easy way : copy your Firefox link to your desktop, rename it FF-ProfileManager, edit it by adding -ProfileManage to the targer.

        3- Paste the backed-up files above mentioned into your newly created profile

        4- With the Profile Manager again, delete your old profile.

        You’ll have to re-install your extensions, hope you don’t have too many of them.
        That should make it. I think of this radical approach considering you’ve tried everything as mention it.

        Let me know if it’s ok.

      2. John said on May 8, 2019 at 6:42 am
        Reply

        Firefox just released 66.0.5, and this one works for me. I had to disable, then re-enable the extensions to get them to show the icons across the top, but otherwise all seems to be working well.

  19. Dave said on May 6, 2019 at 10:35 am
    Reply

    after manually fixing the extension json file after a while the same problem occurred. So now I have disabled write permissions to the file, I will see how long in survives this way

  20. AnorKnee Merce said on May 6, 2019 at 9:18 am
    Reply

    This “disaster” sounds like a sinister plot by Mozilla Corp to force users of Firefox 56, FF 52 ESR and FF forks(eg Palemoon and Waterfox) who had remained with XUL add-ons and rejected the web-extensions in FF 57 Quantum, to move to FF 66.0.4 or FF 60.6.2 ESR.

    Seems, M$ has also been using Windows Update to degrade Win 7/8.1, in order to force the users onto Win 10 = Mozilla is copying the sneaky and dirty tactics of M$.?

    1. Silver said on May 6, 2019 at 8:51 pm
      Reply

      @AnorKnee Merce
      What the hell? You are coming up with some conspiracy shit about Mozilla’s sinister plan to force users of Waterfox and other forks to use Firefox. Then now you’re saying that forks are useless and Firefox is the best one to use. And then finally, you went all political. WTF?

    2. ULBoom said on May 6, 2019 at 2:34 pm
      Reply

      That’s an awful lot of effort with a significant risk for defection by users already frustrated by the junk FF has been adding lately. Certs get missed by sites occasionally but FF really blew this one.

      Just a guess but I’d expect those using the xul versions would mostly not be using web extensions and probably weren’t affected.

    3. Ascrod said on May 6, 2019 at 1:35 pm
      Reply

      Waterfox, Pale Moon, and other forks were not affected by this issue because those browsers do not require installed add-ons to be signed by AMO.

      1. AnorKnee Merce said on May 6, 2019 at 4:53 pm
        Reply

        @ Ascrod

        https://www.howtogeek.com/335712/update-why-you-shouldnt-use-waterfox-pale-moon-or-basilisk/ – Feb 22, 2018

        Wrt the major desktop browsers, ie Chrome, Firefox and Edge/IE, it’s mostly user-choice of the least evil browser. Using forks is pointless. To me, Firefox is less evil than Chrome and Edge/IE.
        ……. Similarly, wrt the major US parties, ie Republican and Democrat, it’s mostly US-voter-choice of the less evil party. Voting for a 3rd-party is pointless. To me, the R is less evil than the D.

      2. John Fenderson said on May 6, 2019 at 7:06 pm
        Reply

        @AnorKnee Merce: “Using forks is pointless”

        It’s not pointless at all when the forks are the best browser available for your use case.

    4. Silver said on May 6, 2019 at 10:48 am
      Reply

      Uuhhh… no.

      I’ve been using Waterfox the past couple days with no issues whatsoever. It’s not affecting us at all. So definitely not some sinister plot by Mozilla overlords to force users to newer versions of FF. As boring as it sounds, it’s simply Mozilla being stupid.

  21. Radical Dreamer said on May 6, 2019 at 8:48 am
    Reply

    Bad just got worse.
    I just got the 6MB update and all my extensions are working again. I somewhat satisfied that after 3 days (!!!) without extensions, things are back to normal again.

    Yet, right after getting the update, I’m now getting this message on all website and I can’t use the Firefox anymore:

    Secure Connection Failed
    An error occurred during a connection to
    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

    Is someone at Mozilla trying to make us dump Firefox on purpose?
    I’m not happy. Not happy at all.

  22. Ruud said on May 6, 2019 at 8:40 am
    Reply

    In my case, after installing the updated version, add-ons were still disabled.
    After changing system time to May 3rd, I got them back and a message that the hotfix should be removed.
    After that I changed system time back to today and everything is back to normal!

  23. Vrai said on May 6, 2019 at 4:15 am
    Reply

    Mozilla Firefox – The Windows 10 of web browsers.

    1. Yuliya said on May 6, 2019 at 9:21 am
      Reply

      Underneath the consumer versions of Windows 10 there is actually a good OS, almost unchanged since Windows 7. And you can get just that by using one of the LTSB/C releases.
      Underneath Firefox there is nothing of value left nowadays. Everything good about that browser was thrown away after the v52 was released and completely forgotten with the absolute shitfest that is Firefox v57 “Quantum”. I don’t even know why they named it this way, maybe trying to appeal to the uneducated and/or ignorant, which is what they seem to want as their userbase nowadays anyway – easier to exploit, for money, I guess.

    2. Mark said on May 6, 2019 at 7:53 am
      Reply

      They are Janus of web browsers- two-faced, trying to appeal to advertising companies, Google etc. for revenue and bullshit users that they care deeply about privacy. Sorry, you bastards, it does not work that way. Choose one or the other. What we need is Mozilla to be deprecated/gone, and a new truly privacy-focused organization to build a web browsers thay works for us, not advertisers. And we need to support it be paying real money for it.
      What Mozilla need to do, is to die.
      A new Phoenix needs to rise.

  24. Sebas said on May 6, 2019 at 3:22 am
    Reply

    The stable version of 66.0.4 just got through here when checking for updates. Dutch language version.

  25. Sebas said on May 6, 2019 at 3:12 am
    Reply

    You did a terrific job here Martin, ceaselessly covering the news as it unfolded about this epic fail of Firefox, even in the weekend.

    One question, although there has already be written about it, but to me is still not clear: re-and disabling the studies. Does it leave traces in the Firefox profile?

  26. Tao said on May 6, 2019 at 2:48 am
    Reply

    Cool.
    66.0.4 6mo update fixes the add-on prob for me.
    Didn’t use tricks, just wait for update and use my backup browser Chrome for 2days with no prob and now i’m back on Firefox.
    Firefox is my default because of pure fidelity and satisfaction since the first version.
    Firefox or Chrome, in the end they are both good.

  27. Paulito said on May 6, 2019 at 2:48 am
    Reply

    I upgraded to 66.0.4 and all the extensions are working but.. the ‘HTTPS Everywhere’ will not update. Tried updating HTTP Everywhere from the FF Add-ons Manager and it showed “There was an error downloading HTTPS Everywhere. Try again” Tried again got the same error.
    So I went to the website (eff.org) and tried to install the add-on from there. No luck, got a message “The add-on downloaded from this site could not be installed because it appears to be corrupt.”
    Anyone else having a similar issue since this FF F-up..?? If anyone else has this add-on could you give it a try? Maybe this is an issue with the EFF.org download? Thanks!

    1. Wolfie0827 said on May 6, 2019 at 3:39 pm
      Reply

      Had the issue with HTTPS on the eff.org site. Uninstalled HTTPS everywhere then reinstalled from mozilla’s addon site and it went well.

      I think that a piece of code that is not updated in the ne version (possibly even removed from the new virsion) may be causing issues like this for some.

  28. VioletMoon said on May 6, 2019 at 2:22 am
    Reply

    Hmmm . . . sort of wondering about all of this because yesterday I downloaded and successfully installed the Developer build 67 b16 [or so] and had no problems with add-ons after copying the latest profile over to the new profile. I use the Aris FX custom CSS material.

    Now, out of curiosity, I installed Nightly 68 which runs like a charm and extensions all work fine with no red or yellow type indicating some problem.

    Simple solution; however, it tells me something more is going on with 66.04. Why would later builds, untested by the general public, work fine while earlier builds are having problems.

    Wondering about Firefox Focus problems?

    Anyway, what should Mozilla do now?

    As I user, I’m committed to a relationship with Mozilla–it’s a relationship that has lasted a long time. I didn’t lose any bookmarks or add-ons. There aren’t any problems on two of the computers I use daily; my security wasn’t really in jeopardy. Thanks to Ghacks and Martin, I was able to figure out a quick route that worked for me and kept me computing all day. Mozilla admitted there was an error and explained what it was.

    The relationship remains stable for me. Whatever the problem, I don’t bail out on a long term relationship for minor annoyances. Those who are thinking of doing so or already have done so long ago, too bad to lose your company, but that’s not really how relationships and the “real world” work.

    1. ULBoom said on May 6, 2019 at 3:31 pm
      Reply

      Sometimes when the grass seems greener, it’s a dye job; let it grow a bit, then decide.
      :)

    2. ULBoom said on May 6, 2019 at 2:47 pm
      Reply

      Focus works fine for us on different Android versions.

  29. SevenGoj said on May 6, 2019 at 12:30 am
    Reply

    Still not work if user.js have pref:

    user_pref(“security.nocertdb”, true);

    Without this pref you may have strong fingerprint when browsing.

    1. ElasticMan said on May 6, 2019 at 6:01 pm
      Reply

      Yes, the Tor Browser devs have picked up on this and have filed on Bugzilla:
      https://bugzilla.mozilla.org/show_bug.cgi?id=1549344

      Looks like the FF patch might have caused a regression.

  30. TheSagaContinues said on May 6, 2019 at 12:21 am
    Reply
  31. ConcernedUser said on May 6, 2019 at 12:15 am
    Reply

    Martin, Does 66.0.4 contain the Baidu update (baidu-code-update@mozillaonline.com — see extensions.webextensions.uuids) shipped yesterday without notice?

    1. Martin Brinkmann said on May 6, 2019 at 6:44 am
      Reply

      It includes version 2.66 of that, yes, at least on my end. Do you know what it is used for?

      1. ConvernedUser said on May 6, 2019 at 1:54 pm
        Reply

        Thought you would know. Maybe FF includes code from Mozilla China that got fixed that way?

  32. Fliperman said on May 6, 2019 at 12:04 am
    Reply

    Nice quick fix update

  33. clake said on May 5, 2019 at 11:48 pm
    Reply

    Thanks for covering this issue, Martin.
    The esr version on win10 just updated fine on the normal esr channel and works. That one broke down yesterday late in the afternoon.
    The 66.0.4 ver just updated on another win10 box, and seems fine – it was not used yesterday, so wasn’t borkd.

  34. Anonymous said on May 5, 2019 at 11:17 pm
    Reply

    what about FF 56? i not fix will be availaible, i move from FF away

  35. Haakon said on May 5, 2019 at 10:59 pm
    Reply

    Well, I stayed with the “studies” workaround for that time being in my Firefox PortableApps 66.0.3. I replaced that profile with the one from my May 3rd backup and did the 66.0.4 update.

    All is back to normal. Life is Good!

  36. Art Peaslee said on May 5, 2019 at 10:54 pm
    Reply

    I’m using an earlier version of Firefox. Lost Privacy Possum, UMatrix, and Text Multicopy. I suppose that by upgrading to v.66.0.4, I will also have to live with all the other “changes” made along the way?

    Also, not sure if I buy Firefox’s explanation that “the issue was caused by an expired certificate” (i.e., a single certificate), so “the only recourse of the browser in that case is to disable all extensions . . . .” BTW: Not a FF hater. I have always used FF, and Netscape before that. However, some of the latest stunts have caused me to question that loyalty.

    Great job Martin! IMHO you are the leader on this issue.

  37. BacktoFF said on May 5, 2019 at 10:19 pm
    Reply

    Thank you, Martin. What a relief. After squealing and barking against the moon, removing FF from my system to never use it again, guess what, I am back w/FF. I tried to use Vivaldi as my default browser but ended up ditching it. Too unwieldy circumstantial to use. The fast shot I took with removing FF turned out to be an overly hasty decision.

    Mozilla should pay you !! You kept up the information about their desaster and offered solutions (also provided by some appreciated posters). Mozille/Firefox itself failed miserably with keeping the users informed and updated. They should be deeply ashamed, but in their narcissistic world something like this cannot exist. I am being hard on them because they deserved it. For all the crap they have pulled and for all the crap they will pull in the future. Again, thanks Martin for doing a job that should be done by the responsible party.

    1. gazoo said on May 6, 2019 at 12:22 am
      Reply

      @BacktoFF

      > Mozille/Firefox itself failed miserably with keeping the users informed and updated. They should be deeply ashamed, but in their narcissistic world something like this cannot exist. I am being hard on them because they deserved it.

      This is a core reason for my reaction too. Even as I write this, if you go to Mozilla’s add-on homepage, there isn’t a word about this issue. I also get emails from Mozilla which are essentially puff PR (Public Relation) pieces about how important their mission is and how vital their users are… not a single email from them regarding this.

      So much negative reaction could have been segued into a stronger “community” if Mozilla simply said: “Oops… We’re sorry. Working very hard to fix this. Thank you for your understanding and support.”

      It would have helped in regards to their previous “missteps” – instead of responding only when there’s a strong enough backlash. There’s a lot to be said about transparency (when it’s needed the most) and a little humility.

      I agree: Martin’s work here has been amazing at keeping us informed and (unfortunately?) helping us vent:-)

  38. Robert G. said on May 5, 2019 at 9:54 pm
    Reply
  39. kanade96 said on May 5, 2019 at 9:47 pm
    Reply

    I don’t think it’s a good idea to allow people to download off FTP considering how serious the current problem is. I feel like it’s best to wait for the ‘stable’ release of 66.0.4 though, God knows when they’ll be releasing them.
    Also, even with the update, it seems like some extensions are still disabled. I can confirm that HTTPS Everywhere, Dark Reader and Cookie Autodelete are not working.

  40. kristoff said on May 5, 2019 at 9:39 pm
    Reply

    Thanks Martin. What is the difference between the EME-free versions and the regular versions?

    1. Iron Heart said on May 5, 2019 at 9:57 pm
      Reply

      The EME-free version lacks the DRM plug-in. You need the DRM plug-in for content like Amazon Prime video, Netflix etc.

    2. Martin Brinkmann said on May 5, 2019 at 9:48 pm
      Reply

      EME stands for Encrypted Media Extensions, and that particular version of Firefox comes without. It is used by certain commercial streaming sites to protect media streams. If you use this version, you cannot use these sites.

      1. kristoff said on May 5, 2019 at 11:19 pm
        Reply

        Thanks. When someone downloads Firefox for the first time directly from Mozilla website, are they given the EME or non-EME version?

      2. Martin Brinkmann said on May 6, 2019 at 6:46 am
        Reply

        You always download the version with EME supported from Mozilla’s Firefox download site.

  41. Shiva said on May 5, 2019 at 9:19 pm
    Reply

    All’s well that ends well.
    05/04 (after launch): the issue appears
    05/04 (middle afternoon): solved it with T.H.’s suggestion
    05/05 (five minutes ago): disabled the trick in userchrome and installed the 66.0.4 update

    I’m thinking that I spent more time to read or write comments rather than surfing without extensions :-)

    1. Tom Hawack said on May 5, 2019 at 11:34 pm
      Reply

      Well, you know what? I sort of feel better.
      If it’s been as tough to repair the issue as it’s been to endure it, the guys at Mozilla must have spent a hard week-end and repaired in less than 48 hours. Light is back.

    2. Anonymous said on May 5, 2019 at 10:09 pm
      Reply

      me too I didn’t experience of the armaggaddon therefore everything and everyone in the world must be as well :)

  42. ULBoom said on May 5, 2019 at 9:07 pm
    Reply

    Thanks for keeping up with this Martin, very good work, especially over a weekend!

    Regardless of Mozilla’s brain lapse, they’re doing a good job mitigating the damage: quick fix, permanent fix, version update. Maybe they’ll slow down a little now…

  43. Iron Heart said on May 5, 2019 at 8:38 pm
    Reply

    So, what about Firefox 60 ESR?

    1. ULBoom said on May 6, 2019 at 2:37 pm
      Reply

      It’s been updated, works fine, just open About Firefox, Check for Updates or go to the ESR site, the latest version is there, 60.6.2.

      I had to install the entire program but no config mods were reset. I did make
      xpinstall.signatures.required true again.

    2. ilev said on May 6, 2019 at 8:47 am
      Reply

      My copy of Portable Firefox 60.6.1esr got the .xpi fix.
      Add-on are working fine.

    3. ULBoom said on May 5, 2019 at 9:12 pm
      Reply

      My question, too. For now, the

      xpinstall.signatures.required false

      switch works. Only two of my extensions still have the yellow warning banner.

      Here’s the fixit blog:

      https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/

      1. Klaas Vaak said on May 6, 2019 at 12:17 pm
        Reply

        And from 1 of the comments on that page:

        Why not just post a link to the fix that can be installed WITHOUT enabling Studies? This sounds like a clever plan to get more people to share their data via Studies…

        The fix in question can be installed by clicking this link [1]. It’s signed by Mozilla.

        Thanks to user gpm at Hacker News, who posted this tip [2].

        [1] https://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate%40mozilla.com-1.0.2-signed.xpi
        [2] https://news.ycombinator.com/item?id=19826903

  44. lallino said on May 5, 2019 at 8:17 pm
    Reply

    the stable version is available on the posted link

    1. Ponytail villain said on May 5, 2019 at 9:08 pm
      Reply

      Mozilla FTP site is there for testing purposes ONLY, nothing from the ftp site is stable or final.

      Straight from the horse’s mouth: https://www.reddit.com/r/firefox/comments/7s7jq5/a_word_of_warning_about_new_versions/

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.