So, eventually, I managed to get Mozilla’s hotfix applied. As it turns out, if you have an antivirus package with SSL interception, the hotfix might get intercepted before it can be applied. In my case, disabling that was probably a good thing, as Kaspersky apparently uses a hillariously insecure cert for its man-in-the-middling and thus not only breaks this update, but also is useless and a genuine security risk.
As it turns out, the hotfix was pushed through Firefox’s “Studies” mechanism, which requires browser data collection to be turned on. I also, once I had disabled SSL Interception, had to go into about:config, and set app.normandy.first_run to True, then restart, in order to force the check. So this cert expiry/hotfix scenario has been nothing but a fiasco. Don’t let your certs expire people!
