So, apparently, an expired certification has disabled all add-ons in Firefox. To whoever is wondering why you’re suddenly seeing ads in your browser today, now you know!
I’ve mitigated this by allowing google to use me as a vessel to their pile of data.
long live the pile!
Oh yes indeed. This is a historically bad screwup. Isn’t it exciting to witness history? The twitter thread is … interesting.
A fix is now available; if you have “Allow Firefox to install and run studies” enabled, you may even have it already.
https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/
Not noted on that page: you still have to go to Tools -> Addons and click “Disable” and then “Enable” again for each addon. A rather significant omission.
And apparently it could take up to six hours after re-enabling it for the correct “study” to appear. I wonder why they don’t just use the update mechanism that they already have.
Is this a universal thing because i’m on 66.0.3 (release channel) and didn’t have this issue when i started using firefox about 2 hours ago, i don’t have studies activated either. I agree it’s a massive fuck up though, firefox is already struggling for users as it is without this nonsense.
ETA: Oh, it’s timezone dependent isn’t it? I’m in GMT which means i may see this come midnight tonight.
I’m loyal to firefox. Its noscript extension doesn’t have anything similar in any other browser
I followed this reddit thread advice for a temporary work-around.
The most notable thing about this for me was being dumped into the web without an adblocker at utter random…
Ye gods i had gotten complacent a little… Have seen it on PC’s i’m fixing for family/friends many times (and often then you have a mech HDD and a cluttered-by-junk browser in the mix), but rarely do i see an apples-to-apples comparison of the exact same device hours apart with and without an adblocker… Sheesh…
The initial fixes suggested didn’t work for me, installing firefox nightly did…
Now have to work out how best to change from the bleeding-edge FF version back to stable version with minimal impact
Problem occured for me turning on my PC this evening (i estimate 9pm gmt?) and found all extensions disabled. (ie. ARGH ADVERTS EVERYWHERE )
Just about to sign off and try my laptop, which hasn’t been on in a day…
interested what’ll happen on there… Will it pick up the bug or fix it before it happens?
As expected, possibly due to the timezone change, my firefox is affected too. Now i’m using pale moon for the time being. God damn it, mozilla!
ETA: Ok, so… you have to enable telemetry and studies to get the temporary fix? Yeah… no, i’ll wait for the version update. What this is doing to firefox’s dwindling user share i can only guess.
To be fair this is the first major issue i’ve encountered on FF ever. And as issues go, while it’s a rather idiotic admin error of allowing a cert to expire, as errors go that isn’t a terrible one IMHO… And the fixes seem quick on the ground if you google them.
So i’ll give them a little slack for this
Maybe a little but i still feel the damage is already done with some very very irate people letting everyone know just how mad they are and they’re not gonna take it anymore!
You only have to enable studies for a minute or two. All the addons will re enable once the study loads in after restarting the browser. Once that’s done you can disable studies and telemetry again.
Slightly off-topic, but I have a friend who keeps trying to recommend Gab Dissenter browser to me, and I don’t exactly know how to tell him to fuck off with his trumpian browser I don’t want.
If you’re lucky your addons will start working immediately but you may have to wait hours for the hotfix according to their blog. I’ve seen many comments on twitter and askwoody confirming this and for some the fix doesn’t work at all. The latest update is saying there is still no permanent fix ready to be rolled out so this must be driving so many people away from firefox which would be a shame. I find it bizarre an expired cert should affect the addons the user has already installed.
In addition to Firefox for Windows, I use Firefox for Android and Firefox ESR, and the studies-based temporary hack fix doesn’t even apply to those. So I’m stuck for a while. Like everyone else who’s been complaining, I’m also bothered by how much extra garbage I see on-line yesterday and today. It seems crazy to me that so many people put up with all that junk all the time. The ad networks are probably major drivers of broadband upgrades at this point.
But on the other hand. The mechanism that went haywire was intended to block malicious add-ons. Not too many years ago, many of us would have dismissed that as a paranoid concern, but today, I think most of us are likely to accept that’s a real possibility. The Firefox team was right to include that mechanism and hey, it works! That’s sort of good news! It was a management problem that allowed the cert to expire.
I am certainly inconvenienced but Firefox still works, I can still do whatever (trivial) research and planning I was doing last week.
I pay for Google Music and as part of that deal, YouTube is ad-free for me. I won’t tell you that I’m thrilled by the idea of shelling out small payments to a zillion separate organizations as an alternative to an advertising-dominated culture, but – something like that probably is the most realistic alternative to an advertising-dominated culture. I wish it were practical to spread the few dollars I can afford around more.
So, eventually, I managed to get Mozilla’s hotfix applied. As it turns out, if you have an antivirus package with SSL interception, the hotfix might get intercepted before it can be applied. In my case, disabling that was probably a good thing, as Kaspersky apparently uses a hillariously insecure cert for its man-in-the-middling and thus not only breaks this update, but also is useless and a genuine security risk.
As it turns out, the hotfix was pushed through Firefox’s “Studies” mechanism, which requires browser data collection to be turned on. I also, once I had disabled SSL Interception, had to go into about:config, and set app.normandy.first_run to True, then restart, in order to force the check. So this cert expiry/hotfix scenario has been nothing but a fiasco. Don’t let your certs expire people!
On a final note, browsing the Internet without ad blocking is, frankly, shocking. After years of using uBlock Origin, the un-ad-filtered Internet is essentially unusable. Youtube ads are amazingly bad, and several of the webpages I tried to visit had page redirecters that tried to redirect me to all sorts of shady horseshit. If this isn’t a case for legislatively banning advertising on the Internet, I don’t know what is.
Apparently, firefox 66.0.4 is in the pipeline and shortly to be officially released though there’s a link on ghacks if you want to risk installing a pre-release version.