Exactly at midnight on Friday, most users of Mozilla Firefox discovered none of their browser add-ons worked.
As the company rushed to issue a hot-fix over the weekend – which is available right now for desktop and Android users (version 66.0.4) – the havoc was traced back to one, simple thing: an expired certificate.
“Late on Friday May 3, we became aware of an issue with Firefox that prevented existing and new add-ons from running or being installed. We are very sorry for the inconvenience caused to people who use Firefox,” wrote Kev Needham, Product Manager for add-ons at Mozilla.
Confused users flocked to r/Firefox subreddit and Mozilla’s bugtracker tool Bugzilla for answers. But it turned out that the intermediate signing certificate, which is necessary to verify extensions and add-ons, had expired, effectively preventing users from re-enabling or re-installing the add-ons.
Although Mozilla tried to resolve the situation quickly, the en masse disabling of add-ons isn’t a new problem. It happened three years ago too.
Security certificates are how websites are authenticated. They ensure the conversation between the web browser and the destination server stays private and isn’t tampered by malicious actors. It validates you’re actually connecting to the site you want to, not some bogus location instead.
These certificates, issued by central authorities, are not given out forever though. They come with a validity period, which is typically a maximum of two years (or 27 months), after which they need to be renewed again.
Mozilla began enforcing the certification of add-ons and extensions back in August 2016, when it released Firefox 48. Its intention was to stop malware being distributed through its platform. Therefore, Mozilla blocks users from installing add-ons from third-party sources that it hasn’t verified, which is basically what caused this whole mess.
For Firefox, which has prided itself as the privacy conscious alternative to options like Google Chrome and Microsoft Edge, the challenge lies in avoiding such similar issues in the future.
Granted it’s a terrible oversight on part of the company. The issue, although reasonably valid from a security point of view, it shouldn’t cause users to lose access to all their extensions for something that’s Mozilla’s fault.
Let’s hope it’s learnt its lesson and there isn’t a third time.
TNW Conference 2019 is coming, and its Future Generations track explores how emerging technology will help us achieve the 17 sustainable development goals, outlined by the UN. Find out more by clicking here.