Hacker News new | past | comments | ask | show | jobs | submit login

What version of firefox are you running?

Apparently beta and nightly need to change `Components.utils.import` to `ChromeUtils.import`.

But anyways, don't use this now, use the semi-official fix of clicking on this link and letting it install: https://storage.googleapis.com/moz-fx-normandy-prod-addons/e...

This is the fix Mozilla has published to be installed via shield studies, but skipping the shield studies part. You can be sure it's not malicious because it is signed by Mozilla... and if your browser installed unsigned extensions you wouldn't be looking for this solution in the first place.

Thank you for this, all of my add-ons were immediately re-enabled except for my selected theme.

Mozilla was warned beforehand about this, this problem was completely avoidable which is upsetting. I've been a fan of this browser for years but this is the 2nd time this has happened to add-ons that I can recall and to be blunt it's unacceptable.

It makes absolutely no sense that add-ons the user installs can be disabled like this without user consent, whether the add-ons in question are considered safe or not. Take into account how easy it is to migrate all of your bookmarks/etc. to another browser and this is clearly bad practice by Mozilla. It's one thing if we had a way to bypass this through Firefox directly but they chose not to include a bypass for situations such as this. It wouldn't be so bad if it wasn't for the fact that this is affecting all add-ons, adblockers/dark mode/greasemonkey/everything.

"Date expiration on code signing cert should only prevent new signatures from being considered valid -- it should not even prevent installation of old software. The fact that an expired cert disabled software is the most retarded thing I've seen this decade on any web browser." <This quote nails it on the head, this whole situation is bull.

Interestingly enough Greasemonkey is among the add-ons that are still running on my browser.

Help please somebody. I'm so upset. Firefox "disappeared" off my desktop and I got a notice that it couldn't find my profile file. Neither could I. I had to reinstall the entire operating system for it to work again, and my data is gone (bookmarks). My bookmarks are important data for me. If I can retrieve them, I'm leaving FFforever. And Mozilla. FF should be held responsible for my expenses and time. Help. I had no ff acct. I just chose it as my default browser.

Thanks to advice from @midlandsfirst, all is restored to its rightful place. Just leaves me wondering if I would've got the auto fix from Mozilla eventually if I hadn't done this myself. When I first logged on today (Monday in Australia), it still wasn't fixed.

To see all add-ons and theme disappear before my eyes with no explanation was pretty disconcerting and leads me to say that I totally disagree with Mozilla (or anyone else) having that kind of control. Bad policy (which it is) aside, though, someone dropped the ball big-time. I'm still astonished this was even allowed to happen, bad policy or not.

Hey ConeBone, hoping you see this here since your comment is marked as dead.

The .xpi has already fixed the problem permanently (I think). You can just leave it, or if you want you can uninstall it now just as a matter of cleanliness. I'm linking to this comment about how to uninstall because I'm not satisfied with my solution and I'm hoping someone will contribute a better one: https://news.ycombinator.com/item?id=19827428

You can see the addon in about:support, but it doesn't give you a way to uninstall it, just see that it is installed.

>You can see the addon in about:support, but it doesn't give you a way to uninstall it, just see that it is installed.

you can uninstall it from about:studies

Thank you for sharing this. It worked fine.

Couple of questions, where does this fix appear? I can't see it under addons or studies.

Will we be able to uninstall once a proper general fix has been released?

Fixed everything immediately upon installing before even restarting. Afterwards went to https://news.ycombinator.com/item?id=19827428 for uninstalling, had trouble finding my profile folder on my own and quickly saw the about:support has a direct link, opened, closed firefox, deleted the xpi. All good.

Thank you, 10/10 would prefer it never happens again

I've just done what you suggested but I'm running an older version of firefox:52.9.0 ESR (x86 en-GB) so it does not work!!!! PLEASE HELP ME, PLEASE!!!!! I have an old notebook: Microsoft Windows XP 2002,intel pentium M processor,1600MHz, 1.60GHz,760 MB RAM

I'm not sure if you'll see this. HN doesn't send notifications so I only just saw your post now.

This reddit post might help you https://www.reddit.com/r/firefox/comments/bkspmk/addons_fix_...

I don't feel right responding without saying this, so even though you might have heard it before:

Using Windows XP and firefox 52 is in my humble estimation crazy. You're asking for viruses. I'd strongly recommend installing linux on your machine and using that instead.

Linux Mint Xfce 32 bit might manage to run on your system, but your pushing up against the minimum requirements for doing so. If it does run well enough it is IMHO the easiest distro for a new user to use.

If you find it doesn't, Debian with (again) xfce should run just fine. Debian isn't exactly scary to install, but it's scarier than mint for a new user.

I can't promise full support, but if you need a pointer in the right direction while installing linux, feel free to email me at morenzg@google's mail service here.com (since I'm unlikely to see any replies here).

Thks, it worked, I installed the fix. But do I have to uninstall the .xpi after? And how? Also, my addons are back, but I still have the error message (see screenshot: http://i.imgur.com/t1wb316.png ) Also do I still have to allow the "allow firefow to install and run studies"? Thks.

I don't see any reason that you need to uninstall the .xpi, but you might as well. See here (hoping someone replies there with a better method of uninstalling, my method is a bad hack) https://news.ycombinator.com/item?id=19827428

You don't need to allow firefox to install and run studies, that's just a way of letting firefox automatically install this xpi.

Did that error message only appear after you installed the .xpi fix? If so it's mildly worrisome, but probably not worth spending time figuring out what it's about if all your addons are back. If it appeared when the addons were initially disabled it's not an issue at all, it's just that nothing closed it.

"You don't need to allow firefox to install and run studies, that's just a way of letting firefox automatically install this xpi."

In that case I am wondering why Mozila didn't provide a direct link...it would have been faster. Maybe there is another reason to ask us to run studies...wondering.

"If it appeared when the addons were initially disabled it's not an issue at all, it's just that nothing closed it.

Yes, it appeared when the addons were initially disabled.

in my case I had to copy the link and paste into a fresh tab as clicking actually caused firefox (nightly) to block the install with a message: "news.ycombinator.com - Nightly prevented this site from asking you to intsall software on your computer"

Doesn't work for me. Not sure if a user.js alteration is blocking the fix or what...but I don't want to (even temp) remove it and I certainly don't feel like going through all those prefs to figure out the issue.

66.0.3 (64-bit) osx 10.9.5 i only managed to change the status of devtools.chrome.enabled can only be 'modified' instead of default, not sure how you 'enable' it? new to this :) clicking or copy pasting the link gives me the error msg too

"modified" should be fine as that would put it at "true" meaning that it's enabled. I then copy/paste the link and the fix add-on says that it's installed. however, ctrl-shift-j browser console displays:

"""WebExtensions: failed to add new intermediate certificate:"""

When I say "enabled" I mean set to a value of "true" (instead of "false"), "modified" is a different column.

What error do you get on the link though? That link is a better fix.

Ah okay yeah I set it to true, default was false. Error is connection failure (same error as for the add-ons)

Not sure what would be causing a connection failure. I just verified that the link is still up for me, and obviously you have an internet connection if you're replying to me.

You're not behind a firewall that might be blocking it are you? E.g. being in China?

Hey doop, replying to you here since your post is showing up as dead so I can't reply to it.

If you installed the xpi you shouldn't need to do anything in the browser console, and your addons should have come back. Obviously the latter didn't happen.

Chances are a connection failure in the browser console is unrelated, the browser console is basically constantly spewing error messages, you should just ignore them unless they are in response to something you did.

All I can really suggest over the internet is to try reinstalling your addons - that might work - in which case I would assume they just got uninstalled somehow. If it doesn't I'm not sure what to suggest, and I can't realistically debug something too complex over HN comments. You might just have to wait for mozilla to publish an update to the browser that fixes this properly.

I do want to emphasize that I'm just some dude on the internet being helpful by the way, not associated with Mozilla or anything.

Edit: Just saw this error message you also posted: """WebExtensions: failed to add new intermediate certificate:"""

That sounds like an issue that happened when installing the .xpi? Did it give any other related debugging information?

66.0.3 64 - Win10

FF shows the fix add-on as being installed with the standard pop-up notifications in the menu bar. However, in the browser console, I only see the error msgs that I've listed in my other posts.


I can report a connection failure while being on a unrestricted connection (University internet in the UK).

So, I don't have any good ideas why. Can you give me more information about what exactly happens? Can't promise anything but details might help.

I.e. something like

- I open the browser console

- I click the .xpi link

- The following appears in the browser console immediately after clicking the link:

    WebExtensions: new intermediate certificate added api.js:15
    WebExtensions: signatures re-verified api.js:23
- My addons do not come back

- If I try to install an addon from addons.mozilla.org I get <this message about the addon signature verification failing> in the browser console.

Thanks for the response!


I click the link. I click "Add", and Mozilla says addon could not be downloaded due to connection failure. Nothing appears in browser console.

Downloading an addon gives me "Download failed. Please check your connection." on the Addons site. In console, I get:

  Events to handle the installation initialized. BigInteger.js:27
  [GA: OFF] sendEvent {"hitType":"event","eventCategory":"AMO Addon Installs Download Failed","eventAction":"addon","eventLabel":"uBlock Origin"} BigInteger.js:27
In the studies, I have https://i.imgur.com/fqrd5Jo.png. I enabled it, and have tried setting both first run, and the update interval is set to 21 (to try and force it to update it quickly).

Hmm, what happens if you right click and save-link-as on the .xpi link? Or if you download it via curl or wget or something?

Edit: That studies image looks like it has already been installed, which is weird if your extensions aren't back...

OK, so... I right clicked, saved-as and then ran the XPI... and that worked. So thank you for that suggestion.

As for the studies image, that's only half of the fix according to the blog post [1], mine is only verification-timestamp, not signing-intermediate-bug.

[1]: https://blog.mozilla.org/addons/2019/05/04/update-regarding-...

Glad to hear it worked.

You're right about the image, that's weird, I can't think of any reason why the verification-timestamp one would be necessary.

No, not in China, no firewall. Thanks for reaching out & your suggestions though!

I'm not a developer though, so it's not super urgent. Just felt like figuring it out.

I'm running 58.0.2. (i thought I read somewhere that this should work from 57 on.)

When I turn on Studies, and do about:studies, I see:

"What's this? Firefox may install and run studies from time to time. Learn more"

Is this what I'm supposed to be seeing?

Hey, I think so (but I didn't go that route), now you either need to wait or use one of the tricks to cause it to update right away.

If I was you I would ignore Mozilla's advice to do it their way and do what I suggested above, of just clicking on the .xpi link and disabling shield studies. It will act immediately, which will give you a better idea of whether or not it will actually work with 58.0.2. I'm not sure it will (I suspect it won't in fact).

I'm on 66.0.3 and it worked for me. All my addons worked. I removed the study from about:studies and everything is fine.

"""Error while detaching the browsing context target front: Connection closed, pending request to server1.conn0.parentProcessTarget1, type detach failed..."""

Applying the fix via the link above, will anything need to be done after this is all resolved. Example will this fix need removed or any settings it may edit be restored in about:config?

Not really, you could uninstall the .xpi but it's just a matter of "cleanliness", hoping someone replies with a better method, but I replied to this comment with one way: https://news.ycombinator.com/item?id=19827428

Worked for me, awesome! Now only question left is why this isn't mentioned in the blog post as fix for the no-studies people like me... Everybody put on your tinfoil hats.

Honestly, I suspect to minimize the support load, see how many questions I got here as just a dude suggesting it unofficially that no one should really trust? It's fine at HN scale, but it's probably not fine at Mozilla scale.

They'd rather that the people who are having issues with it just wait for a new build than waste engineering time. Probably rightly so.

"The add-on could not be downoaded because of a connection failure." <--- Grrrr!

Win 10 FF 66.0.3 64-bit (Studies checked by default anyway). In Australia.

right click, download to desktop. Drag it into your firefox window. It will install then.

Thank you!

I have tried to use this and i still can't get my addons back. Is there anything else that can help me?

Installing hotfix-update-xpi-intermediate@mozilla.com-1.0.2-signed.xpi on firefox-esr 60.6.1esr-1 in Debian did not work for me.

I think restarting firefox after installing it should make it work with esr.

Plugins work from Microsoft Windows OS platform. But do not work through Linux OS platform

Thanks for this! My NixOs build of Firefox was apparently built without support for studies, but your link worked fine.

Thanks I been going in circles for a while. Tell others to go here and no more problems so far.

Nothing happens for me once installed in firefox 55.0.3 32bits. Can't activate my addons.

That's a really old version of firefox, probably an API has changed with my workaround.

I know of an API change that means the official hotfix won't work (whether you install it my bootleg way or the official studies way).

My recommendation is to upgrade your firefox version.

The reason I don't want to upgrade is because I don't want to lose all my legacy addons, a lot of them dissapeared and there are no alternatives. I can't understand how Mozilla can break my browser remotely and force me tu upgrade to a more restricted browser...

Mozilla didn't really "break your browser remotely", it's more like there was a time bomb included that just went off.

If you try hard enough you can probably fix your browser, unpack the .xpi (it's just a zip), look at the source in experiments/skeleton, and try to figure out how to run something similar in the browser console.

But I really can't recommend doing this, I appreciate it's painful, but what you're running right now is massively insecure, there are published exploits. You're just asking for viruses by interacting with the internet using something that old.

Install WaterFox, same old FF56 but the legacy addons are still working.

I'm running Firefox 56 and installed this fix yesterday, but it does nothing for me.

Is there a way to fix this that works on older versions. Updating the browser isn't an option because I've legacy addons running that I can't work without.

The best way is to install Waterfox, because its compatible with all the legacy Addons of FF56, and you are not gonna see any big difference.

It fixed my addons and I uninstalled and my Add on are still working.

Worked for me, awesome Thank you for sharing. It worked immediately.

I installed the fix, nothing happened (my extensions still don't work)

After using the .xpi file?

Have you tried reinstalling the addons? I know it's less than ideal, but on one of my installs firefox had decided to uninstall the addons after disabling them (I think because it updated firefox version after disabling them). If it did that I don't think there is any way to get them back short of reinstalling.

Yes, I installed the .xpi file, firefox still says my extensions are unsupported/unverified.

Reinstalling seems to work, but there are certain extensions that have data I do not want to lose. For example, if I reinstall ubock origin, I will lose all of my dynamic filtering rules.

Possibly you just need to force it to reverify again. If this is still the state of things try setting `app.update.lastUpdateTime.xpi-signature-verification` to 0 in about:config, and then restarting your browser.

But no guarantees. Do you have reason to believe the addons are still installed?

That worked, thank you!

As a side note, the value for that setting got reset after I restarted firefox.

Also, I uninstalled the fix by simply removing the extension in about:addons. Is this the correct way to do it?

Yep, you're all good. I'm surprised it let you remove the fix from about:addons but I wouldn't worry about it.

That value resetting is expected, it's the time when Firefox thinks it last checked signatures, it resetting just means this convinced it to recheck as intended.

This worked immediately on Firefox Quantum 66.0.3 (64-bit) Thank you.

66.0.3/x64 Win10 - running good with your fix. Thank you!

66.0.2 (64-bit), Win 10

Maybe you pasted it in the wrong console? You need the 'browser console' which is different from the one you open on random webpages.

Go to "about:config" (in the url bar), search for and enable devtools.chrome.enabled, then hit ctrl-shift-j (or you can open it from Menu -> Web Developer -> Browser Console).

Ha! That did the trick! Though it gave me these cryptic errors the add-ons are now enabled, thanks!

TypeError: setting is undefined[Learn More] ExtensionPreferencesManager.jsm:90:7 No matching message handler for the given recipient. MessageChannel.jsm:924 1556983316679 addons.xpi-utils WARN Add-on fxmonitor@mozilla.org is not correctly signed.

Edit: another weirdness: i decided to take a look at a different computer (unrelated to this one, at work via remote desktop) which is running exactly the same FF and Windows and all add-on are enabled. it's on 24x7; i didn't do anything to it.

As for your other weirdness. Signatures are only checked once every 24 hours, and it's only been 20 since the cert expired, your other computer probably just hasn't re-verified the signatures yet. You can find some comments here about how to delay it if you want.

That's an expected error, it has to do with how that addon (which is non critical but published by mozilla and really just a part of firefox) is installed, once mozilla publishes a new version of firefox with an updated signing key it should fix itself.

How do I verify that this is signed by Mozilla?

Well, uh, one way is to try and install it in firefox.

Assuming you meant without installing it in firefox, I don't quite know. You're going to need to find mozilla's public keys somewhere (maybe just extract them from firefox), unpack the xpi (it's just a zip file with a different extension) and find the signature contained within, and then figure out how to verify it.

You are a lifesaver all addons have returned easy peasy !

56.0 (64-bit), Win 10

That's a really old version of firefox, probably an API has changed with my workaround.

I know of an API change that means the official hotfix won't work.

My recommendation is to upgrade your firefox version.

Try WaterFox, its a FF56 "clone" with working addons.

hmm, should it be installable by default, not only on the about:debugging page?

It was for me, literally just had to click on the link, and then "Ok" on the "do you want to install this" dialogue that popped up. Not sure if firefox beta would be different.

verified it works on Ubuntu 16.04 with Firefox 66.0.3

Please help my payment method invited this time not okay


Works, ty!

Not working in 56.0.2 :((((

Try WaterFox, same FF56 but with working addons.

thanks brother

Confirmed working with 66.0.3 (64-bit) on macOS 10.14.4 (18E226). After installation all plugins immediately came back.

This should really be one of the official ways to apply the patch instead of only telling users "it can take up to 6 hours for the fix to be installed" after enabling Shield studies. I can only imagine what kind of havoc this creates in businesses using Firefox working weekends.

Hi, you're shadow-banned and this comment, which seems alright, was only visible to people who are 'showdead'.

This is not the case anymore that I have vouched for it. But, all of the comments you make in the future, and (I'm guessing here) a lot of the comments you have made, cannot be seen by normal visitors, and are greyed out and delisted to people with 'showdead' enabled.

In your case, a lot of your comments are good and make fair points, I think (I only did a quick scan down your comments page). It might be worth for you to contact `dang` or one of the other administrators to see if they would remove the shadow-ban in your case.


Hi 'semenguzzler', as the person pointed out. The extension in question has been signed by firefox. If firefox accepted unsigned or badly-signed addons, then the problems with extensions would not exist in the first place.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact