Itpa webheader

Mozilla's mea culpa for breaking Firefox


By Dylan Bushell-Embling
Tuesday, 14 May, 2019


Mozilla's mea culpa for breaking Firefox

Mozilla has issued an apology for the issue with its Firefox web browser which broke existing add-ons from working and prevented new ones from being installed.

The incident, which occurred earlier this month, has been traced to the expiration of a digital certificate used to sign add-ons. Mozilla CTO Eric Rescorla shared details of the gaffe in a blog post.

The expired certificate acted as an intermediate certificate for the digital signing process used to verify new add-ons or ensure add-ons loaded into Firefox are legitimate.

This meant that the vast majority of the more than 15,000 Firefox add-ons that are available stopped working, and the browser rejected attempts to install new add-ons due to the expired certificate. The effect was delayed because Firefox only checks add-ons about every 24 hours, and the time of these checks is different for each user.

Once Mozilla became aware of the issue, the company initially temporarily disabled signing of new add-ons, and pushed a hotfix designed to suppress re-validating the signatures on add-ons, in an attempt to prevent disruption for users who had not re-validated yet and encountered the issue.

As a more long-term solution, Mozilla developed a new certificate with the same subject name and public key as the old certificate, and then set about developing and pushing an update to Firefox to install the new certificate and force the browser to re-verify every add-on.

“We strive to make Firefox a great experience. Last weekend we failed, and we’re sorry,” new Mozilla Head of Engineering Joe Hildebrand said.

“You deserve a full accounting, but we didn’t want to wait until that process was complete to tell you what we knew so far. We let you down and what happened might have shaken your confidence in us a bit, but we hope that you’ll give us a chance to earn it back.”

Image credit: ©stock.adobe.com/au/Mila Gligoric

Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.

Related News

Privacy and compliance — ITPA Breakfast Briefing

Don't miss ITPA's inaugural Breakfast Briefing, North Sydney, 14 August, where you'll...

Call for submissions — linux.conf.au 2020

linux.conf.au 2020 organisers have issued an invitation to IT professionals for proposals for...

Microsoft backtracks on plan to rescind IUR

Microsoft has reversed course on planned changes to its partner incentive program which would see...


  • All content Copyright © 2019 Westwick-Farrow Pty Ltd