So fixed the certificate expiration issue that disabled all your extensions. All you have to do to get the fix is to check:

✅ Allow Firefox to send technical and interaction data to Mozilla

✅ Allow Firefox to install and run studies


(Don’t forget to turn these off right after your extensions show up again. I restarted the browser but not sure if that’s necessary.)

@amolith Thanks for the heads up. It’s done now but I’ll post the link to your toot on birdsite also.

@aral @amolith Way for the paranoid, if you don't want to blindly trust the link:

Go to:

(Normandy is the system used by Mozilla to push "studies" to Firefox)

there, search "Update XPI signing intermediate" and you find the addonUrl parameter with the link to the XPI

@aral @amolith The whole breakage thing is probably clever way to get people enable studies 😉

@vellamo @aral
I hope you don't mind but I embedded this toot on my site. If you want me to remove it, say the word and I'll be happy to.

@aral The worst thing is they banned the member who posted XPI link citing CPG violation when all he used were some strong words like "spy shit". If anyone goes by the recommended way they will be enabling "studies" 👎

@pavi @aral I feel the way Mozilla should've done this is to offer that update package with a big green download button on their main page and then just referred to it in all media until they get normal release out 🤔

@Wondering Yeah that would be the ideal case, but they want people to sign up for "studies"! How many people will have the patience to turn it back off again. And what is to not guarantee data leaks during that time? 😒

@aral @chpietsch
It's live on the homepage right now.

I guarantee it looks like crap because I rushed and threw some HTML together 😂

@amolith @aral

lol from mozilla to google

must be a joke or a hidden camera

@herve_02 @amolith He just hosted a copy on his own server. I believe the correct response is “thank you” :)

@aral @amolith
thank you ? is his own server ? waou i'm impressed

@herve_02 @amolith No, the link I helpfully included in my reply to you and which you could find on this thread is. But, yeah, good luck with that attitude. And goodbye.

@aral @amolith

one extension installed from somewhere and nothing change...

yes thank you is the what to say.

i have the impression of getting back on windows 15 years ago.

you are not responsible. I'm just have to find a new browser and that sucks.

debian should have never stop maintaining iceweasel.

@aral @amolith

in about:config set xpinstall.signatures.required to false - restart

nothing to install.

you can say thank you

you are welcome

@miosety @aral
The three links at the bottom of my toot have more information. Just scroll to the top

@amolith @aral Thank you for that hot fix! Nothing worked at all until I applied it. Indeed I couldn't even connect to even my internal web servers.

They will spy on every data they want ?

quit firefox is the solution

@aral Sadly, that's not built in to the OpenBSD package, so I had to install the .xpi hotfix manually. Everything works, but Mozilla has left a nasty scar on me.

@aral thanks for posting about this ; I had noticed the problem and was concerned, but thought it would resolve itself. Their decision to use User Studies as a way to fix things seems rather bizarre doesn't it?

@aral xpinstall.signatures.required to false is enough.

@aral Just setting xpinstall.signatures.required to false in about:config worked for me

@swedneck Assuming you know what you’re doing (and won’t be installing any new extensions and have turned auto updates off until you implement a proper fix) but this isn’t a good suggestion for everyday folks (it creates a security hole).

My stupid Firefox has been fine until 5 minutes ago. Now it is showing my extensions ok but it will not load ANY web page including my internal servers! Wow was this a major mess up!

@aral Thank you. It's hard to know exactly what is going on, but on a machine where those settings were already present, it seemed that merely going in and out of settings to look for them was enough to get things working.

On another machine, where they were disabled, they appeared a few seconds after quitting settings.

So no restart (and logging into up to 10 tabs requiring 2FA) required. Thankfully.

@aral: Can I uncheck them again once my addons are working again?

Sign in to participate in the conversation
Aral’s Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!