Itpa webheader

Mozilla's mea culpa for breaking Firefox


By Dylan Bushell-Embling
Tuesday, 14 May, 2019


Mozilla's mea culpa for breaking Firefox

Mozilla has issued an apology for the issue with its Firefox web browser which broke existing add-ons from working and prevented new ones from being installed.

The incident, which occurred earlier this month, has been traced to the expiration of a digital certificate used to sign add-ons. Mozilla CTO Eric Rescorla shared details of the gaffe in a blog post.

The expired certificate acted as an intermediate certificate for the digital signing process used to verify new add-ons or ensure add-ons loaded into Firefox are legitimate.

This meant that the vast majority of the more than 15,000 Firefox add-ons that are available stopped working, and the browser rejected attempts to install new add-ons due to the expired certificate. The effect was delayed because Firefox only checks add-ons about every 24 hours, and the time of these checks is different for each user.

Once Mozilla became aware of the issue, the company initially temporarily disabled signing of new add-ons, and pushed a hotfix designed to suppress re-validating the signatures on add-ons, in an attempt to prevent disruption for users who had not re-validated yet and encountered the issue.

As a more long-term solution, Mozilla developed a new certificate with the same subject name and public key as the old certificate, and then set about developing and pushing an update to Firefox to install the new certificate and force the browser to re-verify every add-on.

“We strive to make Firefox a great experience. Last weekend we failed, and we’re sorry,” new Mozilla Head of Engineering Joe Hildebrand said.

“You deserve a full accounting, but we didn’t want to wait until that process was complete to tell you what we knew so far. We let you down and what happened might have shaken your confidence in us a bit, but we hope that you’ll give us a chance to earn it back.”

Image credit: ©stock.adobe.com/au/Mila Gligoric

Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.

Related News

Microsoft names next Windows 10 feature update

The company has released the Windows 10 Insider Preview Build 19033 in both the fast and slow...

Regulators rebuke iiNet, Telstra, Optus

Regulators have taken enforcement action against iiNet, Telstra and Optus for breaching their...

ASX100 firms vulnerable to email security risks

86% of ASX100 companies aren't implementing email security best practices, leaving them...


  • All content Copyright © 2019 Westwick-Farrow Pty Ltd