Hacker News new | past | comments | ask | show | jobs | submit login

To re-enable all disabled non-system addons you can do the following. I am not responsible if this fucks up your install:

Open the browser console by hitting ctrl-shift-j

Copy and paste the following code, hit enter. Until mozilla fixes the problem you will need to redo this once every 24 hours:

    // Re-enable *all* extensions

    async function set_addons_as_signed() {
        Components.utils.import("resource://gre/modules/addons/XPIDatabase.jsm");
        Components.utils.import("resource://gre/modules/AddonManager.jsm");
        let addons = await XPIDatabase.getAddonList(a => true);

        for (let addon of addons) {
            // The add-on might have vanished, we'll catch that on the next startup
            if (!addon._sourceBundle.exists())
                continue;

            if( addon.signedState != AddonManager.SIGNEDSTATE_UNKNOWN )
                continue;

            addon.signedState = AddonManager.SIGNEDSTATE_NOT_REQUIRED;
            AddonManagerPrivate.callAddonListeners("onPropertyChanged",
                                                    addon.wrapper,
                                                    ["signedState"]);

            await XPIDatabase.updateAddonDisabledState(addon);

        }
        XPIDatabase.saveChanges();
    }

    set_addons_as_signed();
Edit: Cleanup up code slightly...



Much better, thanks! It's scripts like this that make me miss the old XUL addon interface; sure it was difficult to maintain, but it granted a level of control over the browser that wasn't (and now, sadly, isn't) possible anywhere else.

I was able to piece together most of my compact dark interface theme [1] with userChrome.css by sacrificing the all-tabs menu for its JS binding, but the all-tabs helper addon is a shadow of what it once was, and the Private Tabs addon is dead with no hope of revival due to the lack of a WebExtension API [2]. I can't even switch browsers to get the functionality back since the others are even less configurable.

[1]: https://github.com/techwolfy/rainfox-theme

[2]: https://bugzilla.mozilla.org/show_bug.cgi?id=1358058


Super useful, thanks.

In my case ctrl+shift+j opens a dumb console that only shows messages and doesn't take any input. I had to go to about:addons, hit F12 for the Dev Tools and paste it in the console there. Worked well.


If you go to about:config and set "devtools.chrome.enabled" to true, the cmd-shift-j thing should work


I also have to do this to make it work on Win10 firefox console (F12)


If some addons DISAPPEARED then you have to restart Firefox, go to addon manager menu, find disappeared addons and disable/enable them.

When I say "disappeared" I mean that addon icon or else is disappeared.


This is the step required for me to allow Browser Console for input


I recommend downloading the Firefox Unbranded version: https://wiki.mozilla.org/Add-ons/Extension_Signing#Unbranded...

There you can change the options in `about:config` (these options do not work in the main version of Firefox) ` xpinstall.whitelist.required on false xpinstall.signatures.required on false extensions.legacy.enabled on true `

And then every extension works, even experimental and a large part of those based on the former API.

In principle, the Firefox Unbranded version should be the most promoted because it has fewer restrictions on extensions. Even such a version with default options set in `about:config` should exist, and with a larger extension base than AMO.


This does not work for FF versions older than v57.

I use v56.0.2 because that was the last time we actually got to customize the browser (yes, boo me for using an old version).

So I dug around a little (okay, a lot) and worked out a solution for v <= 56.

Version for FF v <= 56

  // For FF < v57 >...?
  async function set_addons_as_signed() {
      Components.utils.import("resource://gre/modules/addons/XPIProvider.jsm");
      Components.utils.import("resource://gre/modules/AddonManager.jsm");
      let XPIDatabase = this.XPIInternal.XPIDatabase;
      
      let addons = await XPIDatabase.getAddonList(a => true);
  
      for (let addon of addons) {
          // The add-on might have vanished, we'll catch that on the next startup
          if (!addon._sourceBundle.exists())
              continue;
  
          if( addon.signedState != AddonManager.SIGNEDSTATE_UNKNOWN )
              continue;
  
          addon.signedState = AddonManager.SIGNEDSTATE_NOT_REQUIRED;
          AddonManagerPrivate.callAddonListeners("onPropertyChanged",
                                                  addon.wrapper,
                                                  ["signedState"]);
  
          await XPIProvider.updateAddonDisabledState(addon);
  
      }
      XPIDatabase.saveChanges();
  }
  
  set_addons_as_signed();
Please let me know which versions are compatible, and where it breaks down!

Don't forget to enable devtools.chrome.enabled in about:config and use the actual browser console, not the web console


Firefox ESR 52.5.0 This fails with error: Promise { <state>: "rejected", <reason>: TypeError } TypeError: this.XPIInternal is undefined[Learn More]

However I've re-enabled all extensions by: Type about:config in a new window's address bar. Type 'signatures' in the search bar. You should see a line saying 'xpinstall.signatures.required'. Double click on it and 'true' should change to 'false' Restart Firefox.


Hey, so if you're going to do this, you're porting the wrong code. My code (which you ported) will need to be rerun every 24h to reset the signing state (assuming old firefox works like new firefox, it probably does). You should figure out how to make the following code (pulled from the .xpi mozilla created) work in firefox 56's browser console instead:

    /* eslint no-unused-vars: ["error", { "varsIgnorePattern": "skeleton" }]*/
    ChromeUtils.defineModuleGetter(this, "XPIDatabase", "resource://gre/modules/addons/XPIDatabase.jsm");

    var skeleton = class extends ExtensionAPI {
        getAPI(/* context */) {
            return {
                experiments: {
                    skeleton: {
                        async doTheThing() {
                            // first inject the new cert
                            try {
                                let intermediate = "MIIHLTCCBRWgAwIBAgIDEAAIMA0GCSqGSIb3DQEBDAUAMH0xCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3ppbGxhIEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTEfMB0GA1UEAxMWcm9vdC1jYS1wcm9kdWN0aW9uLWFtbzAeFw0xNTA0MDQwMDAwMDBaFw0yNTA0MDQwMDAwMDBaMIGnMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTTW96aWxsYSBDb3Jwb3JhdGlvbjEvMC0GA1UECxMmTW96aWxsYSBBTU8gUHJvZHVjdGlvbiBTaWduaW5nIFNlcnZpY2UxJjAkBgNVBAMTHXNpZ25pbmdjYTEuYWRkb25zLm1vemlsbGEub3JnMSEwHwYJKoZIhvcNAQkBFhJmb3hzZWNAbW96aWxsYS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/qluiiI+wO6qGA4vH7cHvWvXpdju9JnvbwnrbYmxhtUpfS68LbdjGGtv7RP6F1XhHT4MU3v4GuMulH0E4Wfalm8evsb3tBJRMJPICJX5UCLi6VJ6J2vipXSWBf8xbcOB+PY5Kk6L+EZiWaepiM23CdaZjNOJCAB6wFHlGe+zUk87whpLa7GrtrHjTb8u9TSS+mwjhvgfP8ILZrWhzb5H/ybgmD7jYaJGIDY/WDmq1gVe03fShxD09Ml1P7H38o5kbFLnbbqpqC6n8SfUI31MiJAXAN2e6rAOM8EmocAY0EC5KUooXKRsYvHzhwwHkwIbbe6QpTUlIqvw1MPlQPs7Zu/MBnVmyGTSqJxtYoklr0MaEXnJNY3g3FDf1R0Opp2/BEY9Vh3Fc9Pq6qWIhGoMyWdueoSYa+GURqDbsuYnk7ZkysxK+yRoFJu4x3TUBmMKM14jQKLgxvuIzWVn6qg6cw7ye/DYNufc+DSPSTSakSsWJ9IPxiAU7xJ+GCMzaZ10Y3VGOybGLuPxDlSd6KALAoMcl9ghB2mvfB0N3wv6uWnbKuxihq/qDps+FjliNvr7C66mIVH+9rkyHIy6GgIUlwr7E88Qqw+SQeNeph6NIY85PL4p0Y8KivKP4J928tpp18wLuHNbIG+YaUk5WUDZ6/2621pi19UZQ8iiHxN/XKQIDAQABo4IBiTCCAYUwDAYDVR0TBAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwMwHQYDVR0OBBYEFBY++xz/DCuT+JsV1y2jwuZ4YdztMIGoBgNVHSMEgaAwgZ2AFLO86lh0q+FueCqyq5wjHqhjLJe3oYGBpH8wfTELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE01vemlsbGEgQ29ycG9yYXRpb24xLzAtBgNVBAsTJk1vemlsbGEgQU1PIFByb2R1Y3Rpb24gU2lnbmluZyBTZXJ2aWNlMR8wHQYDVQQDExZyb290LWNhLXByb2R1Y3Rpb24tYW1vggEBMDMGCWCGSAGG+EIBBAQmFiRodHRwOi8vYWRkb25zLm1vemlsbGEub3JnL2NhL2NybC5wZW0wTgYDVR0eBEcwRaFDMCCCHi5jb250ZW50LXNpZ25hdHVyZS5tb3ppbGxhLm9yZzAfgh1jb250ZW50LXNpZ25hdHVyZS5tb3ppbGxhLm9yZzANBgkqhkiG9w0BAQwFAAOCAgEAX1PNli/zErw3tK3S9Bv803RV4tHkrMa5xztxzlWja0VAUJKEQx7f1yM8vmcQJ9g5RE8WFc43IePwzbAoum5F4BTM7tqM//+e476F1YUgB7SnkDTVpBOnV5vRLz1Si4iJ/U0HUvMUvNJEweXvKg/DNbXuCreSvTEAawmRIxqNYoaigQD8x4hCzGcVtIi5Xk2aMCJW2K/6JqkN50pnLBNkPx6FeiYMJCP8z0FIz3fv53FHgu3oeDhi2u3VdONjK3aaFWTlKNiGeDU0/lr0suWfQLsNyphTMbYKyTqQYHxXYJno9PuNi7e1903PvM47fKB5bFmSLyzB1hB1YIVLj0/YqD4nz3lADDB91gMBB7vR2h5bRjFqLOxuOutNNcNRnv7UPqtVCtLF2jVb4/AmdJU78jpfDs+BgY/t2bnGBVFBuwqS2Kult/2kth4YMrL5DrURIM8oXWVQRBKxzr843yDmHo8+2rqxLnZcmWoe8yQ41srZ4IB+V3w2TIAd4gxZAB0Xa6KfnR4D8RgE5sgmgQoK7Y/hdvd9Ahu0WEZI8Eg+mDeCeojWcyjF+dt6c2oERiTmFTIFUoojEjJwLyIqHKt+eApEYpF7imaWcumFN1jR+iUjE4ZSUoVxGtZ/Jdnkf8VVQMhiBA+i7r5PsfrHq+lqTTGOg+GzYx7OmoeJAT0zo4c=";
                                let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
                                certDB.addCertFromBase64(intermediate, ",,");
                                console.log("new intermediate certificate added");
                            } catch (e) {
                                console.error("failed to add new intermediate certificate:", e);
                            }

                            // Second, force a re-verify of signatures
                            try {
                                XPIDatabase.verifySignatures();
                                console.log("signatures re-verified");
                            } catch (e) {
                                console.error("failed to re-verify signatures:", e);
                            }
                        }
                    }
                }
            };
        }
    };


Oh, thank you for the pointer in the right direction! In the mean time, I was just glad to have any way to use my browser again!


In the mean time, installing the hotfix extension and running the script seems to help :)


I also using 56.0.2 (64 bit). Can you help me finding solution? I am on different date now to use FF, but I am already 2 days in the past. I tried to use your script and have: "// For FF < v57 >...? async function set_addons_as_signed() { Components.utils.import("resource://gre/modules/addons/XPIProvider.jsm"); Components.utils.import("resource://gre/modules/AddonManager.jsm"); let XPIDatabase = this.XPIInternal.XPIDatabase;

      let addons = await XPIDatabase.getAddonList(a => true);
  
      for (let addon of addons) {
          // The add-on might have vanished, we'll catch that on the next startup
          if (!addon._sourceBundle.exists())
              continue;
  
          if( addon.signedState != AddonManager.SIGNEDSTATE_UNKNOWN )
              continue;
  
          addon.signedState = AddonManager.SIGNEDSTATE_NOT_REQUIRED;
          AddonManagerPrivate.callAddonListeners("onPropertyChanged",
                                                  addon.wrapper,
                                                  ["signedState"]);
  
          await XPIProvider.updateAddonDisabledState(addon);
  
      }
      XPIDatabase.saveChanges();
  }
  
  set_addons_as_signed();
Promise { <state>: "pending" }"

EDIT: have this one now: ado.config({ consent: true }); inpl.anc.js:40

Also what hotfix you refer too. I can not install hotfix-update-xpi-intermediate@mozilla.com-1.0.2-signed.xpi on old version :/

EDIT2: Installed this fix using debuging but it is not for a old FF and got some errors:

Reading manifest: Error processing hidden: An unexpected property was found in the WebExtension manifest. Reading manifest: Error processing experiment_apis: An unexpected property was found in the WebExtension manifest.


Someone else posted this link https://www.reddit.com/r/firefox/comments/bkspmk/addons_fix_...

I can't really vouch for it, but sounds like it worked for them.


I installed hotfix-update-xpi-intermediate@mozilla.com-1.0.2-signed.xpi as temporary extension and then was able somehow to install it in standard way.


I LOVE YOU SO MUCH. Firm 56.0.2 user here as well. Refuse to go with a newer version. I don't even care that we're basically putting it on life-support at this point. Anyway thanks for the help. Couldn't stand youtube or basically any other website without adblock.


Heheh, more like they've taken it OFF support - but anyways, have you seen the way to install Mozilla's intermediate certificate on older versions? It seems like that one actually solves it! :)))

https://www.reddit.com/r/firefox/comments/bkspmk/addons_fix_...


// Re-enable all extensions

    async function set_addons_as_signed() {
        Components.utils.import("resource://gre/modules/addons/XPIDatabase.jsm");
        Components.utils.import("resource://gre/modules/AddonManager.jsm");
        let addons = await XPIDatabase.getAddonList(a => true);

        for (let addon of addons) {
            // The add-on might have vanished, we'll catch that on the next startup
            if (!addon._sourceBundle.exists())
                continue;

            if( addon.signedState != AddonManager.SIGNEDSTATE_UNKNOWN )
                continue;

            addon.signedState = AddonManager.SIGNEDSTATE_NOT_REQUIRED;
            AddonManagerPrivate.callAddonListeners("onPropertyChanged",
                                                    addon.wrapper,
                                                    ["signedState"]);

            await XPIDatabase.updateAddonDisabledState(addon);

        }
        XPIDatabase.saveChanges();
    }

    set_addons_as_signed();


TypeError: Components.utils is undefined[Learn More]

what did I do wrong? (It's all Greek to me)


What version of firefox are you running?

Apparently beta and nightly need to change `Components.utils.import` to `ChromeUtils.import`.

But anyways, don't use this now, use the semi-official fix of clicking on this link and letting it install: https://storage.googleapis.com/moz-fx-normandy-prod-addons/e...

This is the fix Mozilla has published to be installed via shield studies, but skipping the shield studies part. You can be sure it's not malicious because it is signed by Mozilla... and if your browser installed unsigned extensions you wouldn't be looking for this solution in the first place.


Thank you for this, all of my add-ons were immediately re-enabled except for my selected theme.

Mozilla was warned beforehand about this, this problem was completely avoidable which is upsetting. I've been a fan of this browser for years but this is the 2nd time this has happened to add-ons that I can recall and to be blunt it's unacceptable.

It makes absolutely no sense that add-ons the user installs can be disabled like this without user consent, whether the add-ons in question are considered safe or not. Take into account how easy it is to migrate all of your bookmarks/etc. to another browser and this is clearly bad practice by Mozilla. It's one thing if we had a way to bypass this through Firefox directly but they chose not to include a bypass for situations such as this. It wouldn't be so bad if it wasn't for the fact that this is affecting all add-ons, adblockers/dark mode/greasemonkey/everything.

"Date expiration on code signing cert should only prevent new signatures from being considered valid -- it should not even prevent installation of old software. The fact that an expired cert disabled software is the most retarded thing I've seen this decade on any web browser." <This quote nails it on the head, this whole situation is bull.


Interestingly enough Greasemonkey is among the add-ons that are still running on my browser.


Help please somebody. I'm so upset. Firefox "disappeared" off my desktop and I got a notice that it couldn't find my profile file. Neither could I. I had to reinstall the entire operating system for it to work again, and my data is gone (bookmarks). My bookmarks are important data for me. If I can retrieve them, I'm leaving FFforever. And Mozilla. FF should be held responsible for my expenses and time. Help. I had no ff acct. I just chose it as my default browser.


Thanks to advice from @midlandsfirst, all is restored to its rightful place. Just leaves me wondering if I would've got the auto fix from Mozilla eventually if I hadn't done this myself. When I first logged on today (Monday in Australia), it still wasn't fixed.

To see all add-ons and theme disappear before my eyes with no explanation was pretty disconcerting and leads me to say that I totally disagree with Mozilla (or anyone else) having that kind of control. Bad policy (which it is) aside, though, someone dropped the ball big-time. I'm still astonished this was even allowed to happen, bad policy or not.


Hey ConeBone, hoping you see this here since your comment is marked as dead.

The .xpi has already fixed the problem permanently (I think). You can just leave it, or if you want you can uninstall it now just as a matter of cleanliness. I'm linking to this comment about how to uninstall because I'm not satisfied with my solution and I'm hoping someone will contribute a better one: https://news.ycombinator.com/item?id=19827428

You can see the addon in about:support, but it doesn't give you a way to uninstall it, just see that it is installed.


>You can see the addon in about:support, but it doesn't give you a way to uninstall it, just see that it is installed.

you can uninstall it from about:studies


Thank you for sharing this. It worked fine.

Couple of questions, where does this fix appear? I can't see it under addons or studies.

Will we be able to uninstall once a proper general fix has been released?


Fixed everything immediately upon installing before even restarting. Afterwards went to https://news.ycombinator.com/item?id=19827428 for uninstalling, had trouble finding my profile folder on my own and quickly saw the about:support has a direct link, opened, closed firefox, deleted the xpi. All good.

Thank you, 10/10 would prefer it never happens again


I've just done what you suggested but I'm running an older version of firefox:52.9.0 ESR (x86 en-GB) so it does not work!!!! PLEASE HELP ME, PLEASE!!!!! I have an old notebook: Microsoft Windows XP 2002,intel pentium M processor,1600MHz, 1.60GHz,760 MB RAM


I'm not sure if you'll see this. HN doesn't send notifications so I only just saw your post now.

This reddit post might help you https://www.reddit.com/r/firefox/comments/bkspmk/addons_fix_...

I don't feel right responding without saying this, so even though you might have heard it before:

Using Windows XP and firefox 52 is in my humble estimation crazy. You're asking for viruses. I'd strongly recommend installing linux on your machine and using that instead.

Linux Mint Xfce 32 bit might manage to run on your system, but your pushing up against the minimum requirements for doing so. If it does run well enough it is IMHO the easiest distro for a new user to use.

If you find it doesn't, Debian with (again) xfce should run just fine. Debian isn't exactly scary to install, but it's scarier than mint for a new user.

I can't promise full support, but if you need a pointer in the right direction while installing linux, feel free to email me at morenzg@google's mail service here.com (since I'm unlikely to see any replies here).


Thks, it worked, I installed the fix. But do I have to uninstall the .xpi after? And how? Also, my addons are back, but I still have the error message (see screenshot: http://i.imgur.com/t1wb316.png ) Also do I still have to allow the "allow firefow to install and run studies"? Thks.


I don't see any reason that you need to uninstall the .xpi, but you might as well. See here (hoping someone replies there with a better method of uninstalling, my method is a bad hack) https://news.ycombinator.com/item?id=19827428

You don't need to allow firefox to install and run studies, that's just a way of letting firefox automatically install this xpi.

Did that error message only appear after you installed the .xpi fix? If so it's mildly worrisome, but probably not worth spending time figuring out what it's about if all your addons are back. If it appeared when the addons were initially disabled it's not an issue at all, it's just that nothing closed it.


"You don't need to allow firefox to install and run studies, that's just a way of letting firefox automatically install this xpi."

In that case I am wondering why Mozila didn't provide a direct link...it would have been faster. Maybe there is another reason to ask us to run studies...wondering.


"If it appeared when the addons were initially disabled it's not an issue at all, it's just that nothing closed it.

Yes, it appeared when the addons were initially disabled.


in my case I had to copy the link and paste into a fresh tab as clicking actually caused firefox (nightly) to block the install with a message: "news.ycombinator.com - Nightly prevented this site from asking you to intsall software on your computer"


Doesn't work for me. Not sure if a user.js alteration is blocking the fix or what...but I don't want to (even temp) remove it and I certainly don't feel like going through all those prefs to figure out the issue.


66.0.3 (64-bit) osx 10.9.5 i only managed to change the status of devtools.chrome.enabled can only be 'modified' instead of default, not sure how you 'enable' it? new to this :) clicking or copy pasting the link gives me the error msg too


"modified" should be fine as that would put it at "true" meaning that it's enabled. I then copy/paste the link and the fix add-on says that it's installed. however, ctrl-shift-j browser console displays:

"""WebExtensions: failed to add new intermediate certificate:"""


When I say "enabled" I mean set to a value of "true" (instead of "false"), "modified" is a different column.

What error do you get on the link though? That link is a better fix.


Ah okay yeah I set it to true, default was false. Error is connection failure (same error as for the add-ons)


Not sure what would be causing a connection failure. I just verified that the link is still up for me, and obviously you have an internet connection if you're replying to me.

You're not behind a firewall that might be blocking it are you? E.g. being in China?


Hey doop, replying to you here since your post is showing up as dead so I can't reply to it.

If you installed the xpi you shouldn't need to do anything in the browser console, and your addons should have come back. Obviously the latter didn't happen.

Chances are a connection failure in the browser console is unrelated, the browser console is basically constantly spewing error messages, you should just ignore them unless they are in response to something you did.

All I can really suggest over the internet is to try reinstalling your addons - that might work - in which case I would assume they just got uninstalled somehow. If it doesn't I'm not sure what to suggest, and I can't realistically debug something too complex over HN comments. You might just have to wait for mozilla to publish an update to the browser that fixes this properly.

I do want to emphasize that I'm just some dude on the internet being helpful by the way, not associated with Mozilla or anything.

Edit: Just saw this error message you also posted: """WebExtensions: failed to add new intermediate certificate:"""

That sounds like an issue that happened when installing the .xpi? Did it give any other related debugging information?


66.0.3 64 - Win10

FF shows the fix add-on as being installed with the standard pop-up notifications in the menu bar. However, in the browser console, I only see the error msgs that I've listed in my other posts.

???


I can report a connection failure while being on a unrestricted connection (University internet in the UK).


So, I don't have any good ideas why. Can you give me more information about what exactly happens? Can't promise anything but details might help.

I.e. something like

- I open the browser console

- I click the .xpi link

- The following appears in the browser console immediately after clicking the link:

    WebExtensions: new intermediate certificate added api.js:15
    WebExtensions: signatures re-verified api.js:23
- My addons do not come back

- If I try to install an addon from addons.mozilla.org I get <this message about the addon signature verification failing> in the browser console.


Thanks for the response!

So,

I click the link. I click "Add", and Mozilla says addon could not be downloaded due to connection failure. Nothing appears in browser console.

Downloading an addon gives me "Download failed. Please check your connection." on the Addons site. In console, I get:

  Events to handle the installation initialized. BigInteger.js:27
  [GA: OFF] sendEvent {"hitType":"event","eventCategory":"AMO Addon Installs Download Failed","eventAction":"addon","eventLabel":"uBlock Origin"} BigInteger.js:27
  Error:
In the studies, I have https://i.imgur.com/fqrd5Jo.png. I enabled it, and have tried setting both first run, and the update interval is set to 21 (to try and force it to update it quickly).


Hmm, what happens if you right click and save-link-as on the .xpi link? Or if you download it via curl or wget or something?

Edit: That studies image looks like it has already been installed, which is weird if your extensions aren't back...


OK, so... I right clicked, saved-as and then ran the XPI... and that worked. So thank you for that suggestion.

As for the studies image, that's only half of the fix according to the blog post [1], mine is only verification-timestamp, not signing-intermediate-bug.

[1]: https://blog.mozilla.org/addons/2019/05/04/update-regarding-...


Glad to hear it worked.

You're right about the image, that's weird, I can't think of any reason why the verification-timestamp one would be necessary.


No, not in China, no firewall. Thanks for reaching out & your suggestions though!


I'm not a developer though, so it's not super urgent. Just felt like figuring it out.


I'm running 58.0.2. (i thought I read somewhere that this should work from 57 on.)

When I turn on Studies, and do about:studies, I see:

"What's this? Firefox may install and run studies from time to time. Learn more"

Is this what I'm supposed to be seeing?


Hey, I think so (but I didn't go that route), now you either need to wait or use one of the tricks to cause it to update right away.

If I was you I would ignore Mozilla's advice to do it their way and do what I suggested above, of just clicking on the .xpi link and disabling shield studies. It will act immediately, which will give you a better idea of whether or not it will actually work with 58.0.2. I'm not sure it will (I suspect it won't in fact).


I'm on 66.0.3 and it worked for me. All my addons worked. I removed the study from about:studies and everything is fine.


"""Error while detaching the browsing context target front: Connection closed, pending request to server1.conn0.parentProcessTarget1, type detach failed..."""


Applying the fix via the link above, will anything need to be done after this is all resolved. Example will this fix need removed or any settings it may edit be restored in about:config?


Not really, you could uninstall the .xpi but it's just a matter of "cleanliness", hoping someone replies with a better method, but I replied to this comment with one way: https://news.ycombinator.com/item?id=19827428


Worked for me, awesome! Now only question left is why this isn't mentioned in the blog post as fix for the no-studies people like me... Everybody put on your tinfoil hats.


Honestly, I suspect to minimize the support load, see how many questions I got here as just a dude suggesting it unofficially that no one should really trust? It's fine at HN scale, but it's probably not fine at Mozilla scale.

They'd rather that the people who are having issues with it just wait for a new build than waste engineering time. Probably rightly so.


"The add-on could not be downoaded because of a connection failure." <--- Grrrr!

Win 10 FF 66.0.3 64-bit (Studies checked by default anyway). In Australia.


right click, download to desktop. Drag it into your firefox window. It will install then.


Thank you!


I have tried to use this and i still can't get my addons back. Is there anything else that can help me?


Installing hotfix-update-xpi-intermediate@mozilla.com-1.0.2-signed.xpi on firefox-esr 60.6.1esr-1 in Debian did not work for me.


I think restarting firefox after installing it should make it work with esr.


Plugins work from Microsoft Windows OS platform. But do not work through Linux OS platform


Thanks for this! My NixOs build of Firefox was apparently built without support for studies, but your link worked fine.


Thanks I been going in circles for a while. Tell others to go here and no more problems so far.


Nothing happens for me once installed in firefox 55.0.3 32bits. Can't activate my addons.


That's a really old version of firefox, probably an API has changed with my workaround.

I know of an API change that means the official hotfix won't work (whether you install it my bootleg way or the official studies way).

My recommendation is to upgrade your firefox version.


The reason I don't want to upgrade is because I don't want to lose all my legacy addons, a lot of them dissapeared and there are no alternatives. I can't understand how Mozilla can break my browser remotely and force me tu upgrade to a more restricted browser...


Mozilla didn't really "break your browser remotely", it's more like there was a time bomb included that just went off.

If you try hard enough you can probably fix your browser, unpack the .xpi (it's just a zip), look at the source in experiments/skeleton, and try to figure out how to run something similar in the browser console.

But I really can't recommend doing this, I appreciate it's painful, but what you're running right now is massively insecure, there are published exploits. You're just asking for viruses by interacting with the internet using something that old.


Install WaterFox, same old FF56 but the legacy addons are still working.


I'm running Firefox 56 and installed this fix yesterday, but it does nothing for me.

Is there a way to fix this that works on older versions. Updating the browser isn't an option because I've legacy addons running that I can't work without.


The best way is to install Waterfox, because its compatible with all the legacy Addons of FF56, and you are not gonna see any big difference.


It fixed my addons and I uninstalled and my Add on are still working.


Worked for me, awesome Thank you for sharing. It worked immediately.


I installed the fix, nothing happened (my extensions still don't work)


After using the .xpi file?

Have you tried reinstalling the addons? I know it's less than ideal, but on one of my installs firefox had decided to uninstall the addons after disabling them (I think because it updated firefox version after disabling them). If it did that I don't think there is any way to get them back short of reinstalling.


Yes, I installed the .xpi file, firefox still says my extensions are unsupported/unverified.

Reinstalling seems to work, but there are certain extensions that have data I do not want to lose. For example, if I reinstall ubock origin, I will lose all of my dynamic filtering rules.


Possibly you just need to force it to reverify again. If this is still the state of things try setting `app.update.lastUpdateTime.xpi-signature-verification` to 0 in about:config, and then restarting your browser.

But no guarantees. Do you have reason to believe the addons are still installed?


That worked, thank you!

As a side note, the value for that setting got reset after I restarted firefox.

Also, I uninstalled the fix by simply removing the extension in about:addons. Is this the correct way to do it?


Yep, you're all good. I'm surprised it let you remove the fix from about:addons but I wouldn't worry about it.

That value resetting is expected, it's the time when Firefox thinks it last checked signatures, it resetting just means this convinced it to recheck as intended.


This worked immediately on Firefox Quantum 66.0.3 (64-bit) Thank you.


66.0.3/x64 Win10 - running good with your fix. Thank you!


66.0.2 (64-bit), Win 10


Maybe you pasted it in the wrong console? You need the 'browser console' which is different from the one you open on random webpages.

Go to "about:config" (in the url bar), search for and enable devtools.chrome.enabled, then hit ctrl-shift-j (or you can open it from Menu -> Web Developer -> Browser Console).


Ha! That did the trick! Though it gave me these cryptic errors the add-ons are now enabled, thanks!

TypeError: setting is undefined[Learn More] ExtensionPreferencesManager.jsm:90:7 No matching message handler for the given recipient. MessageChannel.jsm:924 1556983316679 addons.xpi-utils WARN Add-on fxmonitor@mozilla.org is not correctly signed.

Edit: another weirdness: i decided to take a look at a different computer (unrelated to this one, at work via remote desktop) which is running exactly the same FF and Windows and all add-on are enabled. it's on 24x7; i didn't do anything to it.


As for your other weirdness. Signatures are only checked once every 24 hours, and it's only been 20 since the cert expired, your other computer probably just hasn't re-verified the signatures yet. You can find some comments here about how to delay it if you want.


That's an expected error, it has to do with how that addon (which is non critical but published by mozilla and really just a part of firefox) is installed, once mozilla publishes a new version of firefox with an updated signing key it should fix itself.


How do I verify that this is signed by Mozilla?


Well, uh, one way is to try and install it in firefox.

Assuming you meant without installing it in firefox, I don't quite know. You're going to need to find mozilla's public keys somewhere (maybe just extract them from firefox), unpack the xpi (it's just a zip file with a different extension) and find the signature contained within, and then figure out how to verify it.


You are a lifesaver all addons have returned easy peasy !


56.0 (64-bit), Win 10


That's a really old version of firefox, probably an API has changed with my workaround.

I know of an API change that means the official hotfix won't work.

My recommendation is to upgrade your firefox version.


Try WaterFox, its a FF56 "clone" with working addons.


hmm, should it be installable by default, not only on the about:debugging page?


It was for me, literally just had to click on the link, and then "Ok" on the "do you want to install this" dialogue that popped up. Not sure if firefox beta would be different.


verified it works on Ubuntu 16.04 with Firefox 66.0.3


Please help my payment method invited this time not okay


56.0


Works, ty!


Not working in 56.0.2 :((((


Try WaterFox, same FF56 but with working addons.


thanks brother


Confirmed working with 66.0.3 (64-bit) on macOS 10.14.4 (18E226). After installation all plugins immediately came back.

This should really be one of the official ways to apply the patch instead of only telling users "it can take up to 6 hours for the fix to be installed" after enabling Shield studies. I can only imagine what kind of havoc this creates in businesses using Firefox working weekends.


Hi, you're shadow-banned and this comment, which seems alright, was only visible to people who are 'showdead'.

This is not the case anymore that I have vouched for it. But, all of the comments you make in the future, and (I'm guessing here) a lot of the comments you have made, cannot be seen by normal visitors, and are greyed out and delisted to people with 'showdead' enabled.

In your case, a lot of your comments are good and make fair points, I think (I only did a quick scan down your comments page). It might be worth for you to contact `dang` or one of the other administrators to see if they would remove the shadow-ban in your case.


[flagged]


Hi 'semenguzzler', as the person pointed out. The extension in question has been signed by firefox. If firefox accepted unsigned or badly-signed addons, then the problems with extensions would not exist in the first place.


I just set xpinstall.signatures.required to True in about:config and that fixed it after a restart.


I can confirm this on Ubuntu 19.04 with Firefox 66.0.3. Changing xpinstall.signatures.required from the default 'True' to 'False' resulted in addons working again.


Android too.


Worked for me on Linux, didn't even require a restart (some addons just reappeared immediately). Using Firefox from Ubuntu package management.


AFAIK that only works for the nighty/dev versions.


but only for dev/beta/nightly. Note that this won't work for the standard version of FF.


Curious, that shouldn't work on branded stable installs.


It works on Linux but not Windows or Mac installs. I assume that repo maintainers use different compiler options than the official Firefox binaries.


For me this is False ;-)


Are you using an Extended Support Release (ESR)? That's expected then.


I wonder how long until the "security vultures" come upon this workaround and stop it from working... would be ironic if that happened sooner than the expired cert getting fixed.


Seems unlikely. If you’re willing and able to run code like the above, sourced from a random comment on the Internet, there’s no amount of security vulture that’s going to protect you from skillfully making your Internet experience unsafe for yourself.


Isn't that how most programming, security or not, works these days anyway?

Joe Random Developer googles for a problem, hits SO, tries a couple of the different proposed snippets and keeps the one that happens to work. (For given values of "work".)

This would be a great spot to end the post with a "</snark>", but sadly that'd be lying. Up until ~2 years ago the most common solution to requests between different subdomains subdomains failing was... "just use CORS: *"


More dangerous than copypasting code from SO is using some 0.0.1alpha library you found on Github/crates.io/npm... At least with the copypaste snippet you had a cursory look at the implementation.


I believe the Mozilla Observatory has given CORS: * a -50 score penalty since the day it launched, precisely because of how horrifically dangerous that advice is.


You can even automate the procedure: https://gkoberger.github.io/stacksort/


It doesn't stop them from trying, however, and severely damaging the experience of users who do know what they're doing. They even invented the term "self-XSS" and contributed to the decline of JS "bookmarklets".


If you're still not being hit, and if the browser console doesn't accept the input, is it enough to get from the WebConsole

    Math.floor( (new Date()).getTime()/1000 )
and paste the number in "app.update.lastUpdateTime.xpi-signature-verification" to be off the hook for the next 24 hours?


Uh... if that outputs a unix date yes (I think) except you need to restart the browser afterwards as well.


> if that outputs a unix date yes

Yes, the JavaScript's getTime() is in milliseconds since Jan 1 1970 and the C time_t (which is what I think is used as a timestamp) is in seconds.


I used this code and it worked. However, I just received Mozilla fix. Do I need to now delete this code from the browser console?


No, the mozilla fix should have wiped out everything this did.

Edit: I.e. you're good to go.


thank you so much for your help!!


This worked like a charm. Thanks very much!


Doesn't work for me (latest FF on MacOS). I get TypeError: Componets.utils is undefined


Same here, with FFv66.0.3 on Arch. On FFv66.0.2 as well. Tried some suggestions I found on the internet, but no luck there either.

#Edit: found you need to be on about:addons, then paste the code.

Thanks!


Thank you for this.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: