by Martin Brinkmann on May 05, 2019 in Firefox – Last Update: May 05, 2019 – 16 comments
Firefox users worldwide experienced something in the past couple of days that should never have happened; users with installed add-ons noticed that all of their installed browser extensions were disabled suddenly in the browser.
Firefox notified users that add-ons could not be verified and were disabled as a consequence. Mozilla introduced a security concepts called add-on signing in Firefox 48. The system required the signing of browser extensions so that they could be installed in Firefox.
Extensions without certificate or working certificate can’t be installed in Firefox; while there are some options to bypass the requirement, loading add-ons temporarily or disabling the signing requirement in development versions of Firefox, it is enforced on the stable channel.
What Mozilla needs to do
The very first thing is obvious: the issue needs to be fixed for all users involved. Mozilla distributes a patch via the Shield service to Firefox Stable, Dev and Nightly. The organization revealed that Firefox ESR and Android versions need separate fixes.
Mozilla should be very transparent about the issue and explain why it happened, and how the organization plans to avoid similar issues in the future. In particular, users would probably like to know how such a critical issue could happen in first place.
Going forward, Mozilla needs to change the system to make sure that something like this never happens again. Obviously, if you are working with certificates, you need to make sure that they renew in time.
Better, in my opinion, is an updated system that never blocks or disables extensions installed by the user unless they are blacklisted by Mozilla. In other words: a certificate issue, especially one where the error is caused on Mozilla’s side of things, should never lead to users losing access to their extensions.
Mozilla could implement a system that bypasses certificate checks on the user’s request if certificates cannot be verified for whatever reason. A prompt stating that “extension could not be certified, do you want to continue running it” would give the user control over the situation and avoid another PR disaster.
While that would mean giving users back some control over the extensions that they run on their devices, it would ensure that users could keep on using installed browser extensions even if certificates cannot be checked.
Now you: How should Mozilla react in your opinion?