Mozilla releases Add-on to fix signing issue in older Firefox versions
Mozilla released the Firefox add-on Disabled Add-on Fix for Firefox 47 - 56 yesterday, and Disabled Add-on Fix for Firefox 61 to 65, and Disabled Add-on Fix 57 to 60 on May 14, 2019, which resolve the add-on signing issue in older versions of the Firefox web browser when installed.
On May 3, 2019, Firefox users began to notice that something was not right. Installed add-ons were disabled by the web browser and there was no way to enable them again or install new extensions in the browser.
Firefox uses an add-on signing system to verify browser extensions. The system uses certificates to verify the legitimacy of add-ons, and one of the certificates used for that expired on that day. The expiration caused verification to fail for all add-ons.
Mozilla used various methods to get the situation under control. It used the browser's Shield system to distribute an emergency fix and released new Firefox versions that fixed it as well.
The fixes did not help users who ran older versions of the Firefox web browser or some third-party browsers based on Firefox code. Mozilla promised that it would release patches for older Firefox versions as well even though these are no longer supported by the company.
Disabled Add-on Fix for Firefox 47 - 56 is the result of that promise, or at least part of it as it fixes the add-on signing issue in Firefox 52 to 56. Disabled Add-on Fix for Firefox 61 - 65 addresses the issue in Firefox 61 to 65, and Disabled Add-on Fix for Firefox 57 - 60 in Firefox 57 to 60.
All that is required is to install the browser extension in Firefox to fix the issue. The extension installs a new certificate and enables extensions and themes again that were disabled.
The add-on can be installed in Waterfox versions affected by the issue as well to patch the issue in the third-party browser.
The released add-on is unique on Mozilla AMO as it is the only extension on the entire site that is not compatible with Firefox Quantum. Mozilla purged all classic extensions from the official add-ons repository some months ago.
Mozilla promised that it would releases fixes for Firefox versions 47 to 65. It revealed plans to release a browser extension for Firefox 61 to 65, and an update for Firefox 47 to 60. The extensions fix the issue for all pre-Quantum versions of the Firefox web browser prior to Firefox 57 starting with Firefox 47 and all post-quantum versions up to version 65.
Now You: What is your take on Mozilla's handling of the situation?
Ooops! Mozilla f’d us twice with.
All links above for disabled-add-on-fix are dead.
On two Win7Pro X64 machines running FF ver 56.0 & 56.0.2 I had to reboot the PC to get FF to load ANY web page after installing the fix. Thought FF was bricked but ol’ reliable system reboot saved the day!
On another machine using ver 54.0.1 it worked instantly to fix disabled exts.
Good on them for actually patching the old versions. However too little too late. They forced me to find an alternative browser in the interim and I’ve actually taken a likeing to it over FF. As they have not fixed the underlying issue that has caused many to stay on old versions I see no reason to go back.
Martin –
Can you update information in your article about extension “Disabled Add-on Fix for Firefox 47 – 56” (previous name: “Disabled Add-on Fix for Firefox 52 – 56”) which can be found here: https://addons.mozilla.org/en-US/firefox/addon/disabled-add-on-fix-52-56/
Done!
Great! Check also 1st and the last paragraphs, they also need to be updated :)
All done! Thank you!
*** NOTE ***
In case you missed the link in the article, the “Disabled Add-on Fix for Firefox 52 – 56” can be found at:
https://addons.mozilla.org/en-US/firefox/addon/disabled-add-on-fix-52-56/
*** COMMENT ***
In addition to the current stable releases of several browsers, I have a registered install of 32-bit Firefox ESR 52.9.0 with a full complement of legacy extensions, and a portable install of Tor Browser 7.5.6 (based on Firefox ESR 52.9.0) with a handful of extra legacy extensions — “just in case.”
As soon as I read about the extension-disabling fiasco, I deliberately refrained from launching my two “registered-install” Firefoxes, both current and legacy, until a clear solution had transpired. Accordingly, those installs never got borked in the first place, and I didn’t compound the borking by trying out interim solutions in them. The update Mozilla released for current Firefox and the add-on hotfix they released for legacy Firefox seem to have done the trick. (So far. Knock on wood.)
However, I *did* try a variety of interim solutions on the Firefox-family browser I use least, my legacy Tor Browser. None of those solutions worked, and by the time I was through, Mozilla’s add-on hotfix didn’t work, either. Since it was a portable install, I just replaced the borked folder with a pristine backup copy and applied the add-on hotfix to that. It seems to have done the trick there, as well. (So far. Knock on wood.)
I’m still using the Wan Lunar Browser Whose Name Shall Not Be Mentioned* ;-) as my default, primary browser and current stable Waterfox as a fallback, both with full complements of legacy-class extensions. Neither of them had ever had the problem in the first place.
*For first-time visitors to the comments section of almost any article where Firefox forks are discussed, the browser I’m talking about is “Pale Moon.” Now that I’ve said it, tell your children to leave the room. NOW! Before it’s too late!
Thank-you for the article. Where do I find the fix? I do not find it in the article. Please help. Thank-you.
https://addons.mozilla.org/firefox/downloads/file/2710565/hotfix_for_firefox_bug_1548973_armagaddon_20_mitigation-1.1.2.xpi
Just installed the fix and it seems to be working great (FF 56). Even got back an oldie that hasn’t worked for a couple of years.
I guess good work for Mozilla to bother to fix this in a legacy browser release. Considering they killed off so many users by breaking extensions with their signing BS anyway. I guess I can’t blame users for sticking to what works or moving on to Waterfox or PaleMoon. Seeing that all of this stems from incompetence of not keeping track of things like important certificate dates. Its the least Mozilla and Firefox team could do.
It worked for a few houirs: ADBP disabled again……
Thank you for constant efforts.
I’m still running 56.02. (64-Bit) portable as a main browser bc several important add-ons. This version is shown in “About Field” as in config:about.
But Mozilla’s Add-on Page tells: “This add-on requires a newer version of Firefox (at least version 52.0a1). You are using Firefox 50.0.” and won’t let me install.
Found file at source text, downloaded and installed without any problem. Works now and add-on can be deleted.
“https://addons.mozilla.org/firefox/downloads/file/2710565/hotfix_for_firefox_bug_1548973_armagaddon_20_mitigation-1.1.2.xpi”
Nevertheless: Anybody got an idea about recognicing wrong version number? Help would be appreciated.
at a guess: because you are spoofing your UA with privacy.resistFingerprinting
You were right: switch true=v56, switch false=v50.0. Good to know as I had several newer versions, I was able to install now. Imagine shoulder stripes upgraded.
Thank you.
The fix is called Waterfox. It has extension signing disabled by default.
https://www.waterfox.net/
“The fix is called Waterfox. It has extension signing disabled by default.”
It depends on your installed add-ons. I needed the certificate to be able to update No-Script Suite Lite.
or maybe even better Iceweasel.
https://sourceforge.net/projects/libportable/files/Iceweasel/Stable/
@Gabriele
Thank you, I checked Iceweasel and it seems that this is most tolerable version of Firefox (Quantum) I have ever seen.
Yes, i use it from a long time, and no problems so far
Disabled Add-on Fix for Firefox versions <52:
https://www.reddit.com/r/firefox/comments/bkspmk/addons_fix_for_5602_older/
@ Robert Ab
+1
I downloaded the fix from Reddit nine days ago and it worked perfectly on 52.9.
If the Dev who extracted the fix (from the Mozilla normandy fix) and released it with FULL instructions on implementation, why has Mozilla used an ADDON. Why is an addon necessary ?
What else is in the addon ? No, I’m not wearing a tin foil hat.