Firefox's Armag-addon Forces Plugins to Disable Themselves
A faulty security certificate forced many users of Mozilla's Firefox browser to operate without their beloved plugins installed to the browser. Mozilla itself acknowledged the problem occurred three years ago under similar circumstances. ZDNet noted that while the problem didn't affect all users of the company's browser, it drew ire from users on multiple social media platforms. While it's not an occurrence that is likely to happen often, users that depend on plugins for functionality were left out in the cold while Mozilla found ways to fix the issue.
Temporary Fixes on Social Sites
The first few temporary resolutions to the problem came from Reddit users with some background in debugging. The first fix was only viable in the nightly build of Firefox, which saw users setting their xpinstall.signatures.require to false within their browser settings. GHacks mentions this fix as a potential solution but only for users with the nightly build and the Android build of Firefox. Another temporary resolution mentions that a user could go to about:debugging, then select the box for enabling add-on debugging. From there a user could load their plugins from C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\.default\extensions. The only downside to this particular fix was that a user had to leave their browser open indefinitely to keep their plugins loaded.
Reliving the Past
As we mentioned before, Mozilla was well aware that a similar situation had happened before in the past. It's unfortunate that the company didn't remember to renew its intermediate security certificates on time, but the impact on users was widespread and preventable. The fact that it was due to poor scheduling makes a poor case for Mozilla's dedication to their customer base. Going forward the suggestion should be taken to heart to have an additional backup security certificate in the event of an unexpected expiry.
The Risk of Temporary Fixes
Mozilla's Discourse post regarding the matter mentions that these temporary fixes may be detrimental to users actually getting the approved repairs from Mozilla themselves. Eventually, a hotfix was released which the company rolled out through its optional Studies system. It requires users to have the Studies system enabled on their browser to allow the patch fixing. Tech Crunch notes that the Add-on outage lasted as much as a day for some users, with many of them deciding to use temporary fixes to maintain the functionality of their browser the way they liked it.
What Caused the Collapse of the Add-on System?
While most places vaguely mention the expiration of a security certificate as the reason why Firefox stopped being functional, that doesn't explain the entire process behind the failure. Under the hood, Mozilla's plugins all require a signed certificate to be activated. In this unfortunate circumstance, an intermediate certificate that add-ons used for verification expired at an inopportune time, causing all the plugins that depended on them to show up as unverifiable in the add-on browser. The plan was to utilize the Studies system to apply a hotfix to browsers that would re-enable the disabled plugins, using a new intermediary signature to verify them.
Not The End of the Road
While at present most users have full functionality of their browsers back, Ars Technica notes that some users reported that they still didn't have full functionality after they turned on their Studies option to receive the hotfix. Compounded with that were the reports that Android users and Firefox ESR were still to be patched as of May 5th. For these users, having access to the fixes that provide a temporary solution will have to suffice until Mozilla gets around to pushing out updates for them. Users of the browser may see this as a minor hiccup that comes from using Mozilla's software, or they may see it as an invitation to switch to another browser. In the world of customized web development, Brainbox is among the best options available to small entrepreneurs and personal users alike.