Create patches for add-on signing intermediate certificate dot release
Categories
(Toolkit :: General, defect, P1)
Tracking
()
People
(Reporter: mgoodwin, Assigned: robwu)
References
Details
(Whiteboard: cert2019)
Attachments
(3 files, 1 obsolete file)
Reporter | ||
Updated•5 years ago
|
Reporter | ||
Comment 1•5 years ago
|
||
Reporter | ||
Comment 2•5 years ago
|
||
Not actually r?keeler - but tooling wants a reviewer in the commit message...
Updated•5 years ago
|
Updated•5 years ago
|
Comment hidden (off-topic) |
Updated•5 years ago
|
Reporter | ||
Comment 5•5 years ago
|
||
Depends on D29940
Updated•5 years ago
|
Updated•5 years ago
|
Updated•5 years ago
|
Updated•5 years ago
|
Comment 6•5 years ago
|
||
![]() |
||
Updated•5 years ago
|
Assignee | ||
Comment 7•5 years ago
|
||
For ESR60
Assignee | ||
Comment 8•5 years ago
|
||
The patch in comment 7 is for ESR60. It is nearly identical to the previous patch, and I verified it on Linux - see https://phabricator.services.mozilla.com/D29947#879074
Updated•5 years ago
|
Updated•5 years ago
|
Updated•5 years ago
|
Comment 9•5 years ago
|
||
Release note added as:
Repaired certificate chain to re-enable web extensions that had been disabled
If we end up with a new blog post at the time of the release we can change the link to point to it.
Updated•5 years ago
|
Updated•5 years ago
|
Assignee | ||
Comment 10•5 years ago
|
||
Updated•5 years ago
|
Updated•5 years ago
|
Updated•5 years ago
|
Assignee | ||
Comment 12•5 years ago
|
||
Comment 13•5 years ago
|
||
uplift |
The patch from ESR landed earlier today: https://hg.mozilla.org/releases/mozilla-esr60/rev/bfd165fd51ec90777db01c21e3b727328a5ea1a3
Comment 14•5 years ago
|
||
uplift |
The patch for beta landed just now: https://hg.mozilla.org/releases/mozilla-beta/rev/be8cd9575508ce1a95b971ccbfe3a7ceec59bc0b
We're holding off on landing on mozilla-central, for now.
Comment 15•5 years ago
|
||
uplift |
(In reply to Liz Henry (:lizzard) (use needinfo) from comment #13)
The patch from ESR landed earlier today: https://hg.mozilla.org/releases/mozilla-esr60/rev/bfd165fd51ec90777db01c21e3b727328a5ea1a3
This was to the 60.6.2 relbranch. I've also pushed it to default for 60.7 as well:
https://hg.mozilla.org/releases/mozilla-esr60/rev/537700ea54aaceda64e1e5395085e536e1c9d3e3
This was also pushed to release for 66.0.4 earlier:
https://hg.mozilla.org/releases/mozilla-release/rev/848b15028562c6757748070f637e0e4f0bbb5f65
Comment 16•5 years ago
|
||
Pushed by aswan@mozilla.com: https://hg.mozilla.org/mozilla-central/rev/023dd959512e Add intermediate certificate r=kmag a=lizzard CLOSED TREE
Updated•5 years ago
|
![]() |
||
Updated•5 years ago
|
![]() |
||
Comment 17•5 years ago
•
|
||
I can verify that installing today's Firefox Nightly for Android (2019-05-05) from [1] reenabled all extensions.
On desktop Firefox Nightly (2019-05-05 Linux, Build ID 20190505092607), all AddOns remain enabled after manually deleting the hotfix-update-xpi-signing-intermediate-bug-1548973
study and resetting app.update.lastUpdateTime.xpi-signature-verification
.
[1] https://www.mozilla.org/en-US/firefox/android/nightly/all/
Edit: now also verified with https://archive.mozilla.org/pub/mobile/candidates/66.0.4-candidates/build3/android-api-16/multi/
![]() |
||
Comment 18•5 years ago
|
||
I just verified this using [1] and [2]:
- Creating a new
testprofile/prefs.js
that only contains the lineuser_pref("app.shield.optoutstudies.enabled", false);
- Start with
$ ./firefox --profile testprofile --new-instance
- Verify that
about:studies
is empty - Install any extension from a.m.o
- WFM
[1] https://archive.mozilla.org/pub/firefox/releases/66.0.4/
[2] https://archive.mozilla.org/pub/firefox/releases/60.6.2esr/
Comment 19•5 years ago
|
||
I'm confused. Is this fix supposed to also work on 66.0.4 for Windows 10 desktop? If so, it's not working on either of my two desktops. I've just downloaded and installed 66.0.4 from Firefox Help->About Firefox. Restarted Firefox to complete the install. No joy. Addons that were previously (since yesterday morning for me) flagged as "not verified for use in Firefox" and are still disabled. I even tried removing one (FoxClocks), and reinstalling it. The download failed with a note to check my connection. Nothing wrong with my connection. Streaming audio on another tab continues to stream.
https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/comment-page-6/#comments indicates this release should have solved this issue. What am I missing?
Thanks,
Tim
Comment 20•5 years ago
|
||
(In reply to Tim Johnson from comment #19)
I'm confused. Is this fix supposed to also work on 66.0.4 for Windows 10 desktop? If so, it's not working on either of my two desktops. I've just downloaded and installed 66.0.4 from Firefox Help->About Firefox. Restarted Firefox to complete the install. No joy. Addons that were previously (since yesterday morning for me) flagged as "not verified for use in Firefox" and are still disabled. I even tried removing one (FoxClocks), and reinstalling it. The download failed with a note to check my connection. Nothing wrong with my connection. Streaming audio on another tab continues to stream.
https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/comment-page-6/#comments indicates this release should have solved this issue. What am I missing?
Could you check if the extensions.signer.hotfixed pref is set for you? Wondering if certDB.addCertFromBase64 is failing, in which case the pref wouldn't have gotten set (I see it set to true locally on 66.0.4).
Comment 21•5 years ago
|
||
(In reply to Brian Grinstead [:bgrins] from comment #20)
(In reply to Tim Johnson from comment #19)
https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/comment-page-6/#comments indicates this release should have solved this issue. What am I missing?
Could you check if the extensions.signer.hotfixed pref is set for you? Wondering if certDB.addCertFromBase64 is failing, in which case the pref wouldn't have gotten set (I see it set to true locally on 66.0.4).
Tim, could you check one more thing as well? If you open about:preferences#privacy -> View Certificates -> Authorities -> Mozilla Corporation do you see signingca1.addons.mozilla.org
with SHA-256 Fingerprint="B0:F7:0C:5C:36:3B:59:9B:B8:40:78:A4:35:F8:7E:F4:B8:FB:30:E5:84:18:2E:11:AD:FC:7B:07:AF:02:AE:82"?
Comment 22•5 years ago
|
||
Brian, I assume extensions.signer.hotfixed is in about:config. The closest entry is extensions.hotfix.lastVersion.
Re your second question, there is no entry for Mozilla Corporation. I have an entry for Microsec Ltd, and MSIT Machine Auth CA 2.
Comment 23•5 years ago
|
||
¡Hola Tim!
What are the Serial Number and Fingerprints for the TLS certificate of https://addons.mozilla.org/ please?
¡Gracias!
Alex
Comment 24•5 years ago
|
||
(In reply to Tim Johnson from comment #22)
Brian, I assume extensions.signer.hotfixed is in about:config. The closest entry is extensions.hotfix.lastVersion.
Re your second question, there is no entry for Mozilla Corporation. I have an entry for Microsec Ltd, and MSIT Machine Auth CA 2.
You are correct about extensions.signer.hotfixed being in about:config. The fact that this isn't showing up makes me think you must be hitting an exception at this line: https://hg.mozilla.org/releases/mozilla-release/rev/848b15028562c6757748070f637e0e4f0bbb5f65#l1.25.
Could you check your Browser Console (Ctrl+Shift+J) after restarting the browser and see if you can find the "failed to add new intermediate certificate" error? It will show Log.jsm as the source. If you see that, could you paste that full error message in here? Thanks in advance.
Comment 25•5 years ago
|
||
(In reply to alex_mayorga from comment #23)
¡Hola Tim!
What are the Serial Number and Fingerprints for the TLS certificate of https://addons.mozilla.org/ please?
¡Gracias!
Alex
Hi Alex. If you can tell me how to get that info, I will gladly provide it. I didn't see anything like what you're asking in the Certificate Manager.
Comment 26•5 years ago
|
||
(In reply to Brian Grinstead [:bgrins] from comment #24)
(In reply to Tim Johnson from comment #22)
Brian, I assume extensions.signer.hotfixed is in about:config. The closest entry is extensions.hotfix.lastVersion.
Re your second question, there is no entry for Mozilla Corporation. I have an entry for Microsec Ltd, and MSIT Machine Auth CA 2.You are correct about extensions.signer.hotfixed being in about:config. The fact that this isn't showing up makes me think you must be hitting an exception at this line: https://hg.mozilla.org/releases/mozilla-release/rev/848b15028562c6757748070f637e0e4f0bbb5f65#l1.25.
Could you check your Browser Console (Ctrl+Shift+J) after restarting the browser and see if you can find the "failed to add new intermediate certificate" error? It will show Log.jsm as the source. If you see that, could you paste that full error message in here? Thanks in advance.
Brain, here's the whole Browser Console output. It's not long.
1557097728294 addons.xpi ERROR failed to add new intermediate certificate:: [Exception... "Component returned failure code: 0x805a1f65 [nsIX509CertDB.addCertFromBase64]" nsresult: "0x805a1f65 (<unknown>)" location: "JS frame :: resource://gre/modules/addons/XPIProvider.jsm :: addMissingIntermediateCertificate :: line 1896" data: no] Stack trace: addMissingIntermediateCertificate()@resource://gre/modules/addons/XPIProvider.jsm:1896
startup()@resource://gre/modules/addons/XPIProvider.jsm:2144
callProvider()@resource://gre/modules/AddonManager.jsm:203
_startProvider()@resource://gre/modules/AddonManager.jsm:652
startup()@resource://gre/modules/AddonManager.jsm:805
startup()@resource://gre/modules/AddonManager.jsm:2775
observe()@jar:file:///C:/Program%20Files/Mozilla%20Firefox/omni.ja!/components/addonManager.js:66 Log.jsm:679
append resource://gre/modules/Log.jsm:679
log resource://gre/modules/Log.jsm:360
error resource://gre/modules/Log.jsm:368
addMissingIntermediateCertificate resource://gre/modules/addons/XPIProvider.jsm:1899
startup resource://gre/modules/addons/XPIProvider.jsm:2144
callProvider resource://gre/modules/AddonManager.jsm:203
_startProvider resource://gre/modules/AddonManager.jsm:652
startup resource://gre/modules/AddonManager.jsm:805
startup resource://gre/modules/AddonManager.jsm:2775
observe jar:file:///C:/Program Files/Mozilla Firefox/omni.ja!/components/addonManager.js:66
WebExtensions: failed to add new intermediate certificate:
Exception { name: "", message: "Component returned failure code: 0x805a1f65 [nsIX509CertDB.addCertFromBase64]", result: 2153389925, filename: "jar:file:///C:/Users/tajkkj/AppData/Roaming/Mozilla/Firefox/Profiles/kufxng75.default/extensions/hotfix-update-xpi-intermediate@mozilla.com.xpi!/experiments/skeleton/api.js", lineNumber: 14, columnNumber: 0, data: null, stack: "doTheThing@jar:file:///C:/Users/tajkkj/AppData/Roaming/Mozilla/Firefox/Profiles/kufxng75.default/extensions/hotfix-update-xpi-intermediate@mozilla.com.xpi!/experiments/skeleton/api.js:14:15\ncall/result</<@resource://gre/modules/ExtensionParent.jsm:950:49\nwithPendingBrowser@resource://gre/modules/ExtensionParent.jsm:604:26\ncall/result<@resource://gre/modules/ExtensionParent.jsm:949:16\nwithTiming@resource://gre/modules/ExtensionParent.jsm:916:14\ncall@resource://gre/modules/ExtensionParent.jsm:948:20\n", location: XPCWrappedNative_NoHelper }
api.js:17
WebExtensions: signatures re-verified api.js:23
1557097730606 addons.xpi-utils WARN disabling legacy extension {9BAE5926-8513-417d-8E47-774955A7C60D}
1557097730613 addons.xpi-utils WARN disabling legacy extension {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
1557097730616 addons.xpi-utils WARN disabling legacy extension {19EB90DC-A456-458b-8AAC-616D91AAFCE1}
1557097730624 addons.xpi-utils WARN disabling legacy extension compatibility@addons.mozilla.org
1557097730653 addons.xpi-utils WARN disabling legacy extension {dc572301-7619-498c-a57d-39143191b318}
1557097730668 addons.xpi-utils WARN disabling legacy extension CSTBB@NArisT2_Noia4dev
1557097730727 addons.xpi-utils WARN disabling legacy extension ClassicThemeRestorer@ArisT2Noia4dev
1557097730736 addons.xpi-utils WARN Add-on {b14f4076-e80d-4baa-8c7d-8c65dfd2519c} is not correctly signed.
1557097730741 addons.xpi-utils WARN Add-on pdfsam_enhanced5_conv@pdfsam.com is not correctly signed.
1557097730744 addons.xpi-utils WARN Add-on Tab-Session-Manager@sienori is not correctly signed.
1557097730747 addons.xpi-utils WARN Add-on https-everywhere-eff@eff.org is not correctly signed.
1557097730751 addons.xpi-utils WARN Add-on donottrackplus@abine.com is not correctly signed.
1557097730758 addons.xpi-utils WARN Add-on support@lastpass.com is not correctly signed.
Key event not available on some keyboard layouts: key=“i” modifiers=“accel,alt,shift” id=“key_browserToolbox” browser.xul
Assignee | ||
Comment 27•5 years ago
•
|
||
(In reply to Tim Johnson from comment #25)
(In reply to alex_mayorga from comment #23)
What are the Serial Number and Fingerprints for the TLS certificate of https://addons.mozilla.org/ please?
Hi Alex. If you can tell me how to get that info, I will gladly provide it. I didn't see anything like what you're asking in the Certificate Manager.
- Click on the green slot at the left of the location bar (of https://addons.mozilla.org ).
- Click on the
>
at the right of the "Connection" bar. - Click on "More information" at the bottom of the panel.
- Click on the "View certificate" button
- The serial number and fingerprints are now visible.
You can try to copy the information, or take a screenshot and share it.
Thanks!
Updated•5 years ago
|
Comment 28•5 years ago
|
||
(In reply to Tim Johnson from comment #26)
(In reply to Brian Grinstead [:bgrins] from comment #24)
(In reply to Tim Johnson from comment #22)
Brian, I assume extensions.signer.hotfixed is in about:config. The closest entry is extensions.hotfix.lastVersion.
Re your second question, there is no entry for Mozilla Corporation. I have an entry for Microsec Ltd, and MSIT Machine Auth CA 2.You are correct about extensions.signer.hotfixed being in about:config. The fact that this isn't showing up makes me think you must be hitting an exception at this line: https://hg.mozilla.org/releases/mozilla-release/rev/848b15028562c6757748070f637e0e4f0bbb5f65#l1.25.
Could you check your Browser Console (Ctrl+Shift+J) after restarting the browser and see if you can find the "failed to add new intermediate certificate" error? It will show Log.jsm as the source. If you see that, could you paste that full error message in here? Thanks in advance.
Brain, here's the whole Browser Console output. It's not long.
1557097728294 addons.xpi ERROR failed to add new intermediate certificate:: [Exception... "Component returned failure code: 0x805a1f65 [nsIX509CertDB.addCertFromBase64]" nsresult: "0x805a1f65 (<unknown>)" location: "JS frame :: resource://gre/modules/addons/XPIProvider.jsm :: addMissingIntermediateCertificate :: line 1896" data: no] Stack trace: addMissingIntermediateCertificate()@resource://gre/modules/addons/XPIProvider.jsm:1896
...
Thanks so much Tim. I'm going to forward this to some people who should be able to help track down that error result. Two more things that would be helpful to narrow down further, if you could:
- Do you have antivirus software installed?
- Could you check with a brand new profile on 66.0.4 and see if you can install addons from there?
Comment 29•5 years ago
|
||
The error code for that message is SEC_ERROR_TOKEN_NOT_LOGGED_IN, which Dana suggests probably means that a master password is enabled and not logged in. Do you have a master password set?
Comment 30•5 years ago
|
||
Moved needinfos to https://bugzilla.mozilla.org/show_bug.cgi?id=1549249#c1
Comment 31•5 years ago
|
||
Hi Tim, just to keep things clear: the pending questions for you are in Comment 27, Comment 28, and Comment 29.
Comment 32•5 years ago
|
||
(In reply to alex_mayorga from comment #23)
¡Hola Tim!
What are the Serial Number and Fingerprints for the TLS certificate of https://addons.mozilla.org/ please?
¡Gracias!
Alex
Alex, thanks for the tip. I should have known that. The serial number is 02:B3:82:58:A3:02:4B:3D:91:0E:DB:57:E7:D2:20:BD
and the fingerprints are
SHA-256 3B:E1:FA:98:FA:68:FD:C3:8D:3F:75:57:09:47:AE:63:1E:58:C1:B9:9A:0B:5E:AC:80:00:89:FE:78:D7:D6:61
SHA-1 52:10:EA:69:8E:B7:4E:F1:D6:4C:EE:4C:CA:CE:F0:52:31:E3:0B:2E
Comment 33•5 years ago
|
||
(In reply to Kris Maglione [:kmag] from comment #29)
The error code for that message is SEC_ERROR_TOKEN_NOT_LOGGED_IN, which Dana suggests probably means that a master password is enabled and not logged in. Do you have a master password set?
Yes, I do have a master password set, but I have "Ask to save logins and passwords for websites" unchecked. I haven't used that feature in a long time since I now use a password manager for that purpose.
Assignee | ||
Comment 34•5 years ago
|
||
The AMO certificate has the expected values. Based on your report, we found a potential cause in bug 1549249.
A work-around is known, and documented at https://support.mozilla.org/en-US/kb/add-ons-disabled-or-fail-to-install-firefox#w_master-password
Could you give that a try and report whether it fixes your issue?
Comment 35•5 years ago
|
||
(In reply to Brian Grinstead [:bgrins] from comment #28)
(In reply to Tim Johnson from comment #26)
(In reply to Brian Grinstead [:bgrins] from comment #24)
(In reply to Tim Johnson from comment #22)
Brian, I assume extensions.signer.hotfixed is in about:config. The closest entry is extensions.hotfix.lastVersion.
Re your second question, there is no entry for Mozilla Corporation. I have an entry for Microsec Ltd, and MSIT Machine Auth CA 2.You are correct about extensions.signer.hotfixed being in about:config. The fact that this isn't showing up makes me think you must be hitting an exception at this line: https://hg.mozilla.org/releases/mozilla-release/rev/848b15028562c6757748070f637e0e4f0bbb5f65#l1.25.
Could you check your Browser Console (Ctrl+Shift+J) after restarting the browser and see if you can find the "failed to add new intermediate certificate" error? It will show Log.jsm as the source. If you see that, could you paste that full error message in here? Thanks in advance.
Brain, here's the whole Browser Console output. It's not long.
1557097728294 addons.xpi ERROR failed to add new intermediate certificate:: [Exception... "Component returned failure code: 0x805a1f65 [nsIX509CertDB.addCertFromBase64]" nsresult: "0x805a1f65 (<unknown>)" location: "JS frame :: resource://gre/modules/addons/XPIProvider.jsm :: addMissingIntermediateCertificate :: line 1896" data: no] Stack trace: addMissingIntermediateCertificate()@resource://gre/modules/addons/XPIProvider.jsm:1896
...Thanks so much Tim. I'm going to forward this to some people who should be able to help track down that error result. Two more things that would be helpful to narrow down further, if you could:
- Do you have antivirus software installed?
- Could you check with a brand new profile on 66.0.4 and see if you can install addons from there?
Brian, I have Nod32 from ESET as my antivirus program. I tried a new profile, and I successfully installed the FoxClocks addon.
From Kris's question about master password set, I wonder if I log in if everything will start working age. Stand-by.
Comment 36•5 years ago
|
||
(In reply to Tim Johnson from comment #35)
(In reply to Brian Grinstead [:bgrins] from comment #28)
(In reply to Tim Johnson from comment #26)
(In reply to Brian Grinstead [:bgrins] from comment #24)
(In reply to Tim Johnson from comment #22)
Brian, I assume extensions.signer.hotfixed is in about:config. The closest entry is extensions.hotfix.lastVersion.
Re your second question, there is no entry for Mozilla Corporation. I have an entry for Microsec Ltd, and MSIT Machine Auth CA 2.You are correct about extensions.signer.hotfixed being in about:config. The fact that this isn't showing up makes me think you must be hitting an exception at this line: https://hg.mozilla.org/releases/mozilla-release/rev/848b15028562c6757748070f637e0e4f0bbb5f65#l1.25.
Could you check your Browser Console (Ctrl+Shift+J) after restarting the browser and see if you can find the "failed to add new intermediate certificate" error? It will show Log.jsm as the source. If you see that, could you paste that full error message in here? Thanks in advance.
Brain, here's the whole Browser Console output. It's not long.
1557097728294 addons.xpi ERROR failed to add new intermediate certificate:: [Exception... "Component returned failure code: 0x805a1f65 [nsIX509CertDB.addCertFromBase64]" nsresult: "0x805a1f65 (<unknown>)" location: "JS frame :: resource://gre/modules/addons/XPIProvider.jsm :: addMissingIntermediateCertificate :: line 1896" data: no] Stack trace: addMissingIntermediateCertificate()@resource://gre/modules/addons/XPIProvider.jsm:1896
...Thanks so much Tim. I'm going to forward this to some people who should be able to help track down that error result. Two more things that would be helpful to narrow down further, if you could:
- Do you have antivirus software installed?
- Could you check with a brand new profile on 66.0.4 and see if you can install addons from there?
Brian, I have Nod32 from ESET as my antivirus program. I tried a new profile, and I successfully installed the FoxClocks addon.
From Kris's question about master password set, I wonder if I log in if everything will start working age. Stand-by.
I switched back to my original profile, logged in, and I'm still not seeing any change in behavior. I.e., addons still disabled.
Comment 37•5 years ago
|
||
I grabbed the Browser Console log again right after opening Firefox with original profile, and not logging in. This is what it now shows (Addons still disabled):
Loading failed for the <script> with source “moz-extension://31f4650b-4bf6-454c-ad62-b0f225a11d0d/background.js”. _generated_background_page.html:5:1
Loading failed for the <script> with source “moz-extension://2302012f-cd5e-40d2-8790-294757a40514/background.js”. _generated_background_page.html:5:1
Loading failed for the <script> with source “moz-extension://e556d76f-bfed-4b70-bf29-e705f11e5bd8/injections.js”. _generated_background_page.html:5:1
Loading failed for the <script> with source “moz-extension://e556d76f-bfed-4b70-bf29-e705f11e5bd8/ua_overrides.js”. _generated_background_page.html:6:1
Loading failed for the <script> with source “moz-extension://96bd9e5d-282e-486d-ab0d-201515ad5259/build/buildSettings.js”. _generated_background_page.html:5:1
Loading failed for the <script> with source “moz-extension://96bd9e5d-282e-486d-ab0d-201515ad5259/background/startBackground.js”. _generated_background_page.html:6:1
Key event not available on some keyboard layouts: key=“i” modifiers=“accel,alt,shift” id=“key_browserToolbox” browser.xul
Comment 38•5 years ago
•
|
||
I did try to add the FoxClocks addon to my original profile. FoxClocks did install, but the locations to monitor did not populate, so there are no locations to select for display.
UPDATE: Installing and enabling FoxClocks seems to have blocked all traffic on all tabs. Removing FoxClocks restores traffic flow.
Also, I have removed the master password, and I'm still not getting the addons restored.
Comment 39•5 years ago
|
||
(In reply to Tim Johnson from comment #38)
I did try to add the FoxClocks addon to my original profile. FoxClocks did install, but the locations to monitor did not populate, so there are no locations to select for display.
The fact that it installed at all makes me think the workaround you tried in Comment 36 may have worked, at least to get past this certificate problem (but sounds like there's a new one around FoxClocks not working at runtime). I'd like to confirm if that's true - can you tell me if your other addons in about:addons are also showing up as enabled in your original profile (in addition to FoxClocks)?
Also, just confirming that for Comment 36 you followed these steps: https://support.mozilla.org/en-US/kb/add-ons-disabled-or-fail-to-install-firefox#w_master-password, including restarting Firefox in step 4.
Comment 40•5 years ago
•
|
||
(In reply to Brian Grinstead [:bgrins] from comment #39)
(In reply to Tim Johnson from comment #38)
I did try to add the FoxClocks addon to my original profile. FoxClocks did install, but the locations to monitor did not populate, so there are no locations to select for display.
The fact that it installed at all makes me think the workaround you tried in Comment 36 may have worked, at least to get past this certificate problem (but sounds like there's a new one around FoxClocks not working at runtime). I'd like to confirm if that's true - can you tell me if your other addons in about:addons are also showing up as enabled in your original profile (in addition to FoxClocks)?
Also, just confirming that for Comment 36 you followed these steps: https://support.mozilla.org/en-US/kb/add-ons-disabled-or-fail-to-install-firefox#w_master-password, including restarting Firefox in step 4.
Brian, The other addons are still marked as disabled, and show as legacy addons.
And, yes I've removed the master password, and restarted Firefox; actually restarted several times now.
And I'm on Windows 10 v1809 OS Build 177763.437
Comment 41•5 years ago
|
||
Tim, sorry to hear that it's still not working for you. After all that's changed since Comment 20, I'd like to check if the extensions.signer.hotfixed pref is visible for you in about:config. That'd be the easiest way to confirm if the certificate got installed. If it's not there, could you if confirm you are seeing the same error message in the Browser Console you did earlier? This one, specifically:
1557097728294 addons.xpi ERROR failed to add new intermediate certificate:: [Exception... "Component returned failure code: 0x805a1f65 [nsIX509CertDB.addCertFromBase64]" nsresult: "0x805a1f65 (<unknown>)" location: "JS frame :: resource://gre/modules/addons/XPIProvider.jsm :: addMissingIntermediateCertificate :: line 1896" data: no] Stack trace: addMissingIntermediateCertificate()@resource://gre/modules/addons/XPIProvider.jsm:1896
If the pref is set, then it's possible you'll need to follow this workaround to re-enable the addons: https://support.mozilla.org/en-US/kb/add-ons-disabled-or-fail-to-install-firefox#w_add-ons-appearing-as-unsupported-or-disappeared-from-your-aboutaddons-page.
Comment 42•5 years ago
|
||
(In reply to Brian Grinstead [:bgrins] from comment #41)
Tim, sorry to hear that it's still not working for you. After all that's changed since Comment 20, I'd like to check if the extensions.signer.hotfixed pref is visible for you in about:config. That'd be the easiest way to confirm if the certificate got installed. If it's not there, could you if confirm you are seeing the same error message in the Browser Console you did earlier? This one, specifically:
1557097728294 addons.xpi ERROR failed to add new intermediate certificate:: [Exception... "Component returned failure code: 0x805a1f65 [nsIX509CertDB.addCertFromBase64]" nsresult: "0x805a1f65 (<unknown>)" location: "JS frame :: resource://gre/modules/addons/XPIProvider.jsm :: addMissingIntermediateCertificate :: line 1896" data: no] Stack trace: addMissingIntermediateCertificate()@resource://gre/modules/addons/XPIProvider.jsm:1896
If the pref is set, then it's possible you'll need to follow this workaround to re-enable the addons: https://support.mozilla.org/en-US/kb/add-ons-disabled-or-fail-to-install-firefox#w_add-ons-appearing-as-unsupported-or-disappeared-from-your-aboutaddons-page.
Yes, this pref is set: extensions.signer.hotfixed;true
I have one addon, ColorfulTabs, which is working. All the rest are under the legacy category, and I'm not able to enable them. Each one says find a replacement. Some I've configured, and if I remove and re-add, I'll have to restore the configurations, which I have no way of knowing what those configuration settings are at this point.
I just removed LastPass, and re-added it. That one does not require any configuration, and it's working. I also removed and re-added FoxClocks. This time, it found the locations I'd been monitoring before this bug, and it's now working. And, more importantly, traffic on all tabs appears to flow normally now.
Do you think if I remove and re-add my other legacy addons, their configurations will remain what I had?
Comment 43•5 years ago
|
||
Brian, here's an interesting, and somewhat confusing, data point. On my other computer, which also has the same Firefox profile as the one I normally use (the computer which I've been reporting about I've only had since Feb 2, 2019, and it's profile was copied from my older computer), I removed the master password, restarted Firefox, and all add-ons were re-enabled and seem to be working properly. Weird, huh?
Comment 44•5 years ago
|
||
(In reply to Tim Johnson from comment #42)
Yes, this pref is set: extensions.signer.hotfixed;true
I have one addon, ColorfulTabs, which is working. All the rest are under the legacy category, and I'm not able to enable them. Each one says find a replacement. Some I've configured, and if I remove and re-add, I'll have to restore the configurations, which I have no way of knowing what those configuration settings are at this point.
I just removed LastPass, and re-added it. That one does not require any configuration, and it's working. I also removed and re-added FoxClocks. This time, it found the locations I'd been monitoring before this bug, and it's now working. And, more importantly, traffic on all tabs appears to flow normally now.
That's great, glad things are starting to work for you again! Sounds like you must have hit both the Master Password issue and the secondary "unsupported" issue at the same time.
Do you think if I remove and re-add my other legacy addons, their configurations will remain what I had?
Based on all of our analysis that led to the workaround at https://support.mozilla.org/en-US/kb/add-ons-disabled-or-fail-to-install-firefox#w_add-ons-appearing-as-unsupported-or-disappeared-from-your-aboutaddons-page, yes your addon data should remain. That said, you could make a temporary backup of the profile just in case (it sounds like you already have a working backup in Comment 43 that probably contains all your data so you could skip this if you are comfortable with it).
Comment 45•5 years ago
|
||
(In reply to Brian Grinstead [:bgrins] from comment #44)
(In reply to Tim Johnson from comment #42)
Yes, this pref is set: extensions.signer.hotfixed;true
I have one addon, ColorfulTabs, which is working. All the rest are under the legacy category, and I'm not able to enable them. Each one says find a replacement. Some I've configured, and if I remove and re-add, I'll have to restore the configurations, which I have no way of knowing what those configuration settings are at this point.
I just removed LastPass, and re-added it. That one does not require any configuration, and it's working. I also removed and re-added FoxClocks. This time, it found the locations I'd been monitoring before this bug, and it's now working. And, more importantly, traffic on all tabs appears to flow normally now.
That's great, glad things are starting to work for you again! Sounds like you must have hit both the Master Password issue and the secondary "unsupported" issue at the same time.
Do you think if I remove and re-add my other legacy addons, their configurations will remain what I had?
Based on all of our analysis that led to the workaround at https://support.mozilla.org/en-US/kb/add-ons-disabled-or-fail-to-install-firefox#w_add-ons-appearing-as-unsupported-or-disappeared-from-your-aboutaddons-page, yes your addon data should remain. That said, you could make a temporary backup of the profile just in case (it sounds like you already have a working backup in Comment 43 that probably contains all your data so you could skip this if you are comfortable with it).
Thanks, Brian, for all your help. I believe I've got all addons working again on both of my computers. I hope all related issues are soon fixed for everyone. I've been with Firefox since the days when Netscape couldn't provide a fix for a banking account issue I had. When I learned Firefox used the same base code, I switched, submitting my problem to Bugzilla, and started installing the nightly builds to test the fix when it arrived shortly afterward. It's been my goto browser ever since. Tab handling is so much better than Chrome.
Updated•5 years ago
|
Comment 47•4 years ago
|
||
Please specify a root cause for this bug. See :tmaity for more information.
Assignee | ||
Comment 48•4 years ago
|
||
Root Cause - Communication issues.
This bug is part of bug 1548973. The results of the RCA are available at:
Description
•