Closed Bug 1549078 Opened 5 years ago Closed 5 years ago

Some users indicating both Studies are active, but all extensions are still disabled.

Categories

(Firefox :: Extension Compatibility, defect, P1)

Product:
Firefox
Component:
Extension Compatibility
Type:
defect

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: kev, Unassigned)

References

Details

Attachments

(2 files)

A BST (UK) view of things some time after hotfix-update-xpi-signing-intermediate-bug-1548973 became both active and effective
494.10 KB, image/png
Details
Two instances of Firefox
420.10 KB, image/png
Details

We're seeing multiple users reporting that both Studies are active, including hotfix-update-xpi-signing-intermediate-bug-1548973, and extensions are still disabled. Users are on latest release, and have followed the steps in the add-ons blog post to verify the studies are active. One user has reported success with disabling and renabling their extensions.

Unable to replicate, and seeking help from commenters.

The hotfix does not appear to have worked in my case. My disabled add-ons have not been restored. I have the following Active Studies:
prefflip-push-performance-1491171
hotfix-reset-xpi-verification-timestamp-1548973

Background Conditions: I may be an unusual user…I have a large number of tabs open (over 3000) in 2 browser windows. I use the History-->Restore Previous Session to restore my tabs. Other than that, I do not have anything unusual in my setup and usage.

Would this also cause all search engines except Amazon to be unavailable even though in about:support they are all listed and show status of 'true' ?
Restore defaults is also gray'd out.

(In reply to David Neal from comment #1)

I have the following Active Studies:
prefflip-push-performance-1491171
hotfix-reset-xpi-verification-timestamp-1548973

You don't have the most important one: hotfix-update-xpi-signing-intermediate-bug-1548973

David: Neither of those studies are the needed fix. The needed fix is hotfix-update-xpi-signing-intermediate-bug-1548973. The hotfix that you do have was an effort to buy us time to keep some users' add-ons enabled. It shipped before the fix, and so it makes sense that you only have one. It can take up to six hours to pick up new changes.

Ok. Thanks. As a point of further clarification, I already had the setting "Allow Firefox to install and run studies" on previously. I will wait to see if the hotfix-update-xpi-signing-intermediate-bug-1548973 loads in the next few hours.

Another report of the fix not working. I'm currently on 66.0.3 while some people report being on 66.0.4 but it doesn't seem to be finding anything on my side and I've even tried downloading the firefox installer from the mozilla site and trying that.

about:studies shows

prefflip-push-performance-1491171•Active
hotfix-reset-xpi-verification-timestamp-1548973•Active
hotfix-update-xpi-signing-intermediate-bug-1548973•Active

I'm also seeing only hotfix-update-xpi-intermediate and for some reason Australis-like refresh in URL bar as working in about:debugging but all my other addons still aren't working

"Allow Firefox to install and run studies" will not stay checked for me.

Is this a reasonable way to apply the hotfix?: https://github.com/NixOS/nixpkgs/issues/60916 (without enabling studies)

(In reply to cacilie from comment #8)

Is this a reasonable way to apply the hotfix?: https://github.com/NixOS/nixpkgs/issues/60916 (without enabling studies)

On your own risk, you can download it manually:
hxxps://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate@mozilla.com-1.0.2-signed.xpi

cgemici @6:

  1. Which add-ons do you have that are not working? Maybe we can repro.
  2. Can you try re-starting?
Flags: needinfo?(cgemici)

At the time when I posted my first comment to the blog, for my default profile I found hotfix-update-xpi-signing-intermediate-bug-1548973 active but not effective.

Apparently 7:31 AM (according to the screenshot of the blog), but it wasn't 07:31 in the UK. Reading it alongside shutdown and boot times (in the terminal window to the right) I guess that when I posted the comment, it was 15:31. According to https://www.timeanddate.com/time/zones/pt Pacific Time is eight hours behind Brighton, UK so yeah, 7+8=15 it almost certainly was 15:31 my time when I found that the active hotfix was not yet effective.

(Does the blog use PT? Time zones and ambiguous abbreviations bend my mind.)

After restarting the computer:

  • the hotfix was not only active, it was also effective.

Tier-3, FreeBSD.

grahamperrin@momh167-gjp4-8570p:~ % uname -v
FreeBSD 13.0-CURRENT r346795 GENERIC-NODEBUG 
grahamperrin@momh167-gjp4-8570p:~ % pkg query '%o %v %R' firefox
www/firefox 66.0.3_2,1 FreeBSD
grahamperrin@momh167-gjp4-8570p:~ %

To the left, my default profile. To the right, a titsup profile that I created in connection with bug 1548973.

Are the colour variations significant? The H for active hotfixes has three different colours.

grahamperrin@momh167-gjp4-8570p:~ % firefox -p titsup
console.log: WebExtensions: new intermediate certificate added
console.log: WebExtensions: signatures re-verified
grahamperrin@momh167-gjp4-8570p:~ %

(In reply to sjw from comment #9)

On your own risk, you can download it manually:
hxxps://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate@mozilla.com-1.0.2-signed.xpi

Has not worked.
Windows 10 with 66.0.3 64-bit (with studies temporarily activated but hotfix-update-xpi-signing-intermediate-bug-1548973 still missing).

prefflip-push-performance-1491171
hotfix-reset-xpi-verification-timestamp-1548973

These are the only two Studies I have. I previously had studies enabled before the new study went live.

  1. I've got a lot of addons and if you need it, I can copy them one by one. But they contain addons like lastpass, ublock origin and mozilla's own multi-account containers so I don't think it's just a particular one acting up.

  2. I'd tried restarting the browser quite a few times without any change. Also tried restarting my pc (windows 10) now just in case and that didn't do anything either.

I also just tried seeing what would happen if I changed the profile. I created a new test profile and was able to successfully install ublock origin again. Returning to my current profile, removing the addon and trying to download again gave "Download failed. Please check your connection." So it feels like this might have to do with some particular configuration that I changed at some point.

Flags: needinfo?(cgemici)
*** UPDATE**

I was on 66.0.4 and studies were APPLIED
prefflip-push-performance-1491171•Active
hotfix-reset-xpi-verification-timestamp-1548973•Active
pref-flip-defaultoncookierestrictions-1523780•Complete

https://addons.mozilla.org/en-US/firefox/addon/enhancer-for-youtube/
https://addons.mozilla.org/en-US/firefox/addon/google-shortcuts-all-google-se/
NOT WORKING

But install an older version re-enable the above addons..
google_shortcuts_all_google_services_at_a_glance-19.8.1-an+fx
enhancer_for_youtubetm-2.0.87-fx

.BUT cannot update to latest versions

Rest of past not working add-ons WORKING

Everything BACK TO NORMAL

Are you using any AV or security software?

(In reply to cgemici from comment #15)

  1. I've got a lot of addons and if you need it, I can copy them one by one. But they contain addons like lastpass, ublock origin and mozilla's own multi-account containers so I don't think it's just a particular one acting up.

  2. I'd tried restarting the browser quite a few times without any change. Also tried restarting my pc (windows 10) now just in case and that didn't do anything either.

I also just tried seeing what would happen if I changed the profile. I created a new test profile and was able to successfully install ublock origin again. Returning to my current profile, removing the addon and trying to download again gave "Download failed. Please check your connection." So it feels like this might have to do with some particular configuration that I changed at some point.

(In reply to Kev Needham [:kev] from comment #17)

Are you using any AV or security software?

(In reply to cgemici from comment #15)

  1. I've got a lot of addons and if you need it, I can copy them one by one. But they contain addons like lastpass, ublock origin and mozilla's own multi-account containers so I don't think it's just a particular one acting up.

  2. I'd tried restarting the browser quite a few times without any change. Also tried restarting my pc (windows 10) now just in case and that didn't do anything either.

I also just tried seeing what would happen if I changed the profile. I created a new test profile and was able to successfully install ublock origin again. Returning to my current profile, removing the addon and trying to download again gave "Download failed. Please check your connection." So it feels like this might have to do with some particular configuration that I changed at some point.

Just Windows Security/Defender

First, I'm sorry to have used Google Translator.
I have a profile backup in the distant past.
I tried that profile.
The add-on works normally.
However, only the program was executed.
I did not use it for a long time.

about: studies
prefflip-push-performance-1491171 • Enable
hotfix-reset-xpi-verification-timestamp-1548973 • Enable
hotfix-update-xpi-signing-intermediate-bug-1548973

(In reply to David Neal from comment #1)

The hotfix does not appear to have worked in my case. My disabled add-ons have not been restored. I have the following Active Studies:
prefflip-push-performance-1491171
hotfix-reset-xpi-verification-timestamp-1548973

Background Conditions: I may be an unusual user…I have a large number of tabs open (over 3000) in 2 browser windows. I use the History-->Restore Previous Session to restore my tabs. Other than that, I do not have anything unusual in my setup and usage.

Same for me. Studies applied. Add-ons still blocked.
prefflip-push-performance-1491171•Aktywne (Active)
hotfix-reset-xpi-verification-timestamp-1548973•Zakończone (Finished)
(W wyniku tego badania ustawieniu „app.update.lastUpdateTime.xpi-signature-verification” zostanie nadana wartość „1556945257”.)

Firefox 66.0.3 (64 bit), release, polish language
Just 3 add-ons: Forecastfox, Zotero connector, FoxyProxy Standard.

Can not update add-on when using backup profile.

(In reply to suyeori from comment #19)

First, I'm sorry to have used Google Translator.
I have a profile backup in the distant past.
I tried that profile.
The add-on works normally.
However, only the program was executed.
I did not use it for a long time.

about: studies
prefflip-push-performance-1491171 • Enable
hotfix-reset-xpi-verification-timestamp-1548973 • Enable
hotfix-update-xpi-signing-intermediate-bug-1548973

You will need the hotfix-update-xpi-signing-intermediate-bug-1548973 study.

(In reply to jma from comment #20)

Same for me. Studies applied. Add-ons still blocked.
prefflip-push-performance-1491171•Aktywne (Active)
hotfix-reset-xpi-verification-timestamp-1548973•Zakończone (Finished)
(W wyniku tego badania ustawieniu „app.update.lastUpdateTime.xpi-signature-verification” zostanie nadana wartość „1556945257”.)

Firefox 66.0.3 (64 bit), release, polish language
Just 3 add-ons: Forecastfox, Zotero connector, FoxyProxy Standard.

Its currently 2:00pm EST and I checked I have studies turned on. I checked the active studies and I see the ones that are needed, and yet two on my extensions are not working ...

Neither EBATES Express cash back nor RoboForm Password Manager are working. Both are still in unsupported legacy extensios. I am not sure if your fix is working or not at this point, but those two addons are definitely not working.

I have both hotfix-reset-xpi-verification-timestamp-1548973 and hotfix-update-xpi-signing-intermediate-bug-1548973 active but am unable to save options for NoScript. I tried removing and reinstalling NoScript before finding the blog post about the add-ons issue. I was not able to reinstall NoScript until after the studies were downloaded.

So currently, I have a fresh install of NoScript, and when I go to my Add-Ons page, click the "Options" button for NoScript, and check boxes under "Appearance", close the Firefox tab after waiting a bit, and then return to the NoScript options, all the boxes are cleared again.

Also, where the NoScript logo would usually display, to the right of my Bookmarks icon, there's just a blank spot that turns darker gray when I hover the cursor over it.

(In reply to Noone from comment #23)

… RoboForm Password Manager … unsupported legacy …

Please: which version of the extension appears in that view of things?

Roboform version 8.5.8.11

Ebates express cashback 6.7.1

Hi all,

This is Philip from Ecosia. As you are probably aware most of our users are using Ecosia through our Firefox extension, which was disabled for all users this morning and the search engine reverting back to Google. The extension is successfully re-enabled due to hotfix being rolled out through the studies feature. However we have multiple users reporting that the search engine setting being set to Ecosia is not being reinstated when the extension is re-activated.

Could you please make sure that the search engine setting is restored for all Ecosia firefox extension users asap. Thank you.

Best,
Philip Baumann

(In reply to sjw from comment #9)

(In reply to cacilie from comment #8)

Is this a reasonable way to apply the hotfix?: https://github.com/NixOS/nixpkgs/issues/60916 (without enabling studies)

On your own risk, you can download it manually:
hxxps://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate@mozilla.com-1.0.2-signed.xpi

As far as I can tell, the XPI mentioned in the NixOS fix injects the correct intermediate certificate in Firefox. I extracted the DER from the XPI and imported it in my Firefox ESR certificate store. Now addons can be installed again, and they work.

I believe that by publishing that certificate at some trusted url (owned by Mozilla) and telling ESR users how to import it would solve the problem for many people, without waiting for studies and the like.

If it helps … some time before I encountered this bug 1549078, for one of my profiles I temporarily switched:

☑ Allow Firefox to install and run studies

– from allowed (checked) to disallowed (un-checked) then back – maybe more than once. Ultimately reverted to allowed (the default)

My intention was not to avoid the hotfix. Just curiosity, at the time; I had about:config?filter=normandy in a window to the right of about:preferences#privacy to tell whether un-checking the box had any effect on features.normandy-remotesettings.enabled (a preference that was pictured at https://github.com/mozilla/addons/issues/983#issuecomment-489318497).

First, I'm sorry to have used Google Translator.

about: studies
prefflip-push-performance-1491171 • Active
hotfix-reset-xpi-verification-timestamp-1548973 • Active
hotfix-update-xpi-signing-intermediate-bug-1548973 • Active

In this state, the system time was changed to May 3. And the addon was working properly.
I reset the system time. And I rerun Firefox.
Twenty minutes later, the add-on was disabled again.
Only iCloud Bookmarks worked before applying the hotfix.

We will change the system time until it is resolved.

… (a preference that was pictured at https://github.com/mozilla/addons/issues/983#issuecomment-489318497).

A typo in my previous comment. Sorry. The picture actually showed features.normandy-remote-settings.enabled (documented: https://mozilla.github.io/normandy/dev/remote-settings.html#client-side).

prefflip-push-performance-1491171•Complete

hotfix-reset-xpi-verification-timestamp-1548973•Complete

hotfix-office365-legacy-keycode-and-charcode•Complete

pref-flip-defaultoncookierestrictions-1523780•Complete

First two are related to the issue as far as i can see, but nothing changed, am i missing something or i'm also affected by this bug?

Nvm, i figured out that the fix i got was to postpone the shutdown of adds, i'm still waiting for my turn.

(In reply to Kev Needham [:kev] from comment #0)

We're seeing multiple users reporting that both Studies are active, including hotfix-update-xpi-signing-intermediate-bug-1548973, and extensions are still disabled. Users are on latest release, and have followed the steps in the add-ons blog post to verify the studies are active. One user has reported success with disabling and renabling their extensions.

Unable to replicate, and seeking help from commenters.

I had this exact issue and fixed it by going to "about:profiles" and the selecting "restart normally" and upon restart, all my add-ons were back.

(In reply to c borghi from comment #29)

As far as I can tell, the XPI mentioned in the NixOS fix injects the correct intermediate certificate in Firefox. I extracted the DER from the XPI and imported it in my Firefox ESR certificate store. Now addons can be installed again, and they work.

I believe that by publishing that certificate at some trusted url (owned by Mozilla) and telling ESR users how to import it would solve the problem for many people, without waiting for studies and the like.

The source of this url is https://normandy.cdn.mozilla.net/api/v1/recipe/signed/, which is the default url set in app.normandy.api_url. The extension is also signed by Mozila. However, a new release is scheduled in bug 1549061.

Edit:

There are a number of work-arounds being discussed in the community. These are not recommended as they may conflict with fixes we are deploying. We’ll let you know when further updates are available that we recommend, and appreciate your patience. (May 4, 15:01 EST)
https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/

Is there any reason not to publish just the certificate, in a form that can be easily imported?

I have had Firefox on pretty much all day (Mac, Pacific Daylight Time) with studies enabled and I don't have the critical study, only hotfix-reset-xpi-verification-timestamp-1548973 and prefflip-push-performance-1491171. I too would prefer to download the certificate with instructions as to how to import.

It is slowly becoming a joke

After still waiting for the "hotfix-update-xpi-signing-intermediate-bug-1548973" study I tried one thing.
I have generated a new empty profile and started a new browser window with that profile. All required studies are immediately available with that new empty profile while I am still waiting for it at my old one. New (reinstalled old) Add-ons worked at that Profile. There has to be more to set than just enable studies to get that to work? (The mentioned hotfix-update-xpi-intermediate@mozilla.com-1.0.2-signed.xpi solution does not work for me either).
Hope I can avoid to have to restart from scratch.

(In reply to Cathy from comment #38)

I have had Firefox on pretty much all day (Mac, Pacific Daylight Time) with studies enabled and I don't have the critical study, only hotfix-reset-xpi-verification-timestamp-1548973 and prefflip-push-performance-1491171. I too would prefer to download the certificate with instructions as to how to import.

I got tired of waiting. I downloaded the certificate manually using Chrome and installed it by dragging the .xpi file into the "manage your extensions" tab (or you could use the gear icon to "install add-on from file."

Instant fix.

Study is not working, it is installed, but addons disabled.
xpinstall.signatures.required is not working for release firefox. It is fail, mozilla.

Once the required "Study" has been enabled, and has downloaded and installed itself, I am still not able to successfully update my add-ons, but I have since discovered that if I attempt to re-install my add-ons by installing them from addons.mozilla.org, they do then re-install successfully and, most importantly, do retain their existing settings.

(Tested successfully on Firefox ESR 60.6.1esr / MacOS, with several browser profiles.)

Manually downloading 'storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate@mozilla.com-1.0.2-signed.xpi' as per comment 9 worked for me.

The automatic update via Studies did not happen !!!???

Working with a Mac, Firefox 66.0.3, didn't get the required study after 7 hours of waiting. Did get prefflip-push-performance-1491171•Actief. It is still saying it is active, says dom.push.alwaysConnect will become false. But when I look in config, this is already false for 5 hours at least.
I also got hotfix-reset-xpi-verification-timestamp-1548973•Voltooid It says is completed, should have given app.update.lastUpdateTime.xpi-signature-verification the integer 1556945257. But it didn't do that, I've looked in config and there the integer is on 1557000963. I think this is strange, since the hotfix says it is completed.
I've changed the integer manually, but this doesn't help in any way.

3:00 pm PST - have followed all instructions for hotfix. 3 studies have been installed but addons are still disabled. FF 66.0.3 Win10 x64.

Cannot install any add-ons - same connection issue.

Studies installed today are:

prefflip-push-performance-1491171
pref-flip-activity-stream-60-release-pocket-spocs-holdback-1456585
hotfix-reset-xpi-verification-timestamp-1548973

I have rebooted browser multiple times and laptop 2x.

26 year IT veteran - Just a note.. nothing worked after 'studies' debacle, all add ons still disabled.

Pasted Comment 43's link above, and presto, everything automagically worked.

What a pain in the ass this was across our entire network who relies on certain add ons to do work.

Vivaldi is looking better & better everyday. I keep giving FF 2nd chances over a decade, but this "cert bug' lol was a disaster.

Update from my last post 7 hours ago... Still have not received the hotfix "hotfix-update-xpi-signing-intermediate-bug-1548973" so I am still without extensions.

(In reply to aardvarkruby-avast from comment #43)

Manually downloading 'storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate@mozilla.com-1.0.2-signed.xpi' as per comment 9 worked for me.

The automatic update via Studies did not happen !!!???

Earlier I was trying to get a similar file (might have been the same) from googleapis and all I got was a message saying that it was corrupted, no matter how many times I tried to download it. Then I used your link and it installed immediately and now all my add-ons are working again, so thanks!

Like you I get the impression that the update via Studies doesn't work for everyone, because I waited like 10 hours, plus I live in North-American, I can't imagine that it would take more than the suggested 6 hours for that update to arrive.

Update from my last post #23

I changed the system date back to before the certificate problem and of course everything was working, and the hotfix that mozilla provided through the study was "not verified" and put into the unsupported legacy tab. I then changed the date back to today expecting it to not work, but it did work for awhile. Of course it went back to the current non working state eventually. The point is that the Mozilla hotfix does not work. Period.

It appears that all we need is a new Cert or am I over simplifying it ?

(In reply to Noone from comment #50)

Update from my last post #23

I changed the system date back to before the certificate problem and of course everything was working, and the hotfix that mozilla provided through the study was "not verified" and put into the unsupported legacy tab. I then changed the date back to today expecting it to not work, but it did work for awhile. Of course it went back to the current non working state eventually. The point is that the Mozilla hotfix does not work. Period.

It appears that all we need is a new Cert or am I over simplifying it ?

What OS and version of Firefox are you using? Have you installed it directly from mozilla.org or by using a third parity package manager?

(In reply to bscxptau from comment #49)

because I waited like 10 hours, plus I live in North-American, I can't imagine that it would take more than the suggested 6 hours for that update to arrive.

Mine arrived within minutes of enabling Studies, but as mentioned, it did not work. All add-ons were still disabled, and would not download either. Rebooting does nothing since it's a Hotfix and after installing the above .xpi, all add-ons instantly appeared.

(In reply to bscxptau from comment #49)

(In reply to aardvarkruby-avast from comment #43)

Manually downloading 'storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate@mozilla.com-1.0.2-signed.xpi' as per comment 9 worked for me.

The automatic update via Studies did not happen !!!???

Earlier I was trying to get a similar file (might have been the same) from googleapis and all I got was a message saying that it was corrupted, no matter how many times I tried to download it. Then I used your link and it installed immediately and now all my add-ons are working again, so thanks!

Like you I get the impression that the update via Studies doesn't work for everyone, because I waited like 10 hours, plus I live in North-American, I can't imagine that it would take more than the suggested 6 hours for that update to arrive.

Well color me happy, I tried this link too and addons are all enabled again.

This wait and lack of a quick response from Mozilla is really going to make me look at migrating my usage to another browser. I've stayed with FF because all my stuff was here, but this kind of cock-up is a clear sign that users need to have backups.

Yes, backing up Drew(#47), aardvarkruby-avast (#43), and obviously sjw (#9).

I "installed" the 1.0.2 study by directly pasting in the link (the entire link, not just the bit that was link-ified by the browser) into the address bar of Firefox (no other browser needed), and it automatically detected the "XPI" and allowed me to install.

Now a quick examination of the "FIX":
But a Caveat first. Although I have been a developer for ~30 years, I have never worked on any free software projects, let alone Firefox.

Now a quick examination of the downloaded XPI shows that it is a ZIP archive, and the meat of the fix appears to be in the api.js file (folder path: ...\hotfix-update-xpi-intermediate@mozilla.com-1.0.2-signed\experiments\skeleton\api.js).
Superficially, this looks to install a digital signature and forces a re-verification of all of the signatures. It's right there in the code - a measly 33 lines in entirety.

Anyway, this looks like a signature leak. So I clearly expect that the signature that has been used will become invalidated at some point - and thus the "FIX" rendered, invalid. Hopefully, not before a new release of Firefox, thus not this needing this "studies...", ah, yeah.

Right now it's working for me, and I can go back to watching youtube.

Thank you.

Oh, and I might have been seeing things. But I could have sworn my firefox version was 66.0.4 beforehand. But looking now, it is 66.0.3.

(In reply to Kev Needham [:kev] from comment #0)

We're seeing multiple users reporting that both Studies are active, including hotfix-update-xpi-signing-intermediate-bug-1548973, and extensions are still disabled. Users are on latest release, and have followed the steps in the add-ons blog post to verify the studies are active. One user has reported success with disabling and renabling their extensions.

Unable to replicate, and seeking help from commenters.

I'm also having this problem. My firefox is showing the active studies item: hotfix-update-xpi-signing-intermediate-bug-1548973 but several add-ons I count on which were just disabled by this bug today are still disabled.

I am using an old version of firefox, 56.0.2 (64 bit) specifically because there are some add-ons I use many times each day which last I knew weren't available after the big change with the update to 57. I'm on a windows 10 system.

The add-ons which were disabled include uBlock Origin, tabhunter, behind the overlay, and Tin Eye Reverse Image Search. There may be a few others - they are showing as 'not verified therefore disabled' rather than just disabled... But these four are the ones that I know I had enabled and working just fine up until last night/this morning - and they're not working now.

Let me know if you need more information or if you have suggestions (other than updating firefox!) - or if you think this problem will be resolved before too much longer even on older versions of firefox.

(In reply to Richard Rudek from comment #54)

Oh, and I might have been seeing things. But I could have sworn my firefox version was 66.0.4 beforehand. But looking now, it is 66.0.3.

April 10th release was 0.3

You were seeing things :)

To add to my earlier comment (no. 55 above), both adblock plus and ghostery are also being shown as unverfied and therefore disabled - although I know I'd already had those two disabled myself since I was using ublock origin. But this leaves me with no adblocker possible at all. Several others I didn't mention are also still shown as unverfied and disabled.

Also, I had "studies" off when this problem first occurred. Turned it on after the problem occurred once I found the buzilla thread on the issue, made sure the fix appeared to be there, and have since tried closing and reopening firefox several times, but that hasn't fixed the problem. The fix is shown as "active" only - does it need to show both "active" AND "completed" or is "active" all that's needed for it to work?

I'm on 67.b16, about:studies show hotfix-reset-xpi-verification-timestamp-1548973 and hotfix-update-xpi-signing-intermediate-bug-1548973 as active, but my addons are all disabled except 3 (out of ~40).

I'm on firefox version was 66.0.3 release and hotfix-reset-xpi-verification-timestamp-1548973 is showing completed and my add-ons are still disabled

I also have 66.0.3 and under studies, Firefox is showing that prefflip-push-performance-1491171 is active, but all my addons are still disabled, even though the following studies are complete:

  1. hotfix-reset-xpi-verification-timestamp-1548973
  2. hotfix-disable-websockets-over-h2-65-1523978
  3. pref-flip-defaultbrowser-bug1507011
  4. hotfix-http-throttling-v2-bug-1462906
  5. pref-flip-search-composition-57-release-1413565

I am running 60.6.1 ESR and two win 7 pc's and both show hotfix-update-xpi-signing-intermediate-bug-1548973 ACTIVE but the add-ons are only working on one pc but are still disabld on the other.

hotfix-update-xpi-signing-intermediate-bug-1548973 Applied but all add-ons are still disabled in firefox version 59.0.3 ESR so hotfix is not effective.

I've received the hotfix-update-xpi-signing-intermediate-bug-1548973 and is still in active studies for the past 6 hours.

There are these errors in browser console

WebExtensions: failed to add new intermediate certificate:
"Component returned failure code: 0x805a1fe8 [nsIX509CertDB.addCertFromBase64]"
NS_ERROR_FAILURE: Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIInterfaceRequestor.getInterface]
network-response-listener.js:73
NS_ERROR_FAILURE: Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIInterfaceRequestor.getInterface]

addons.update-checker	WARN	onUpdateCheckComplete failed to parse update manifest: [Exception... "Update manifest is missing a required addons property."  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: resource://gre/modules/addons/AddonUpdateChecker.jsm :: getRequiredProperty :: line 121"  data: no] Stack trace: getRequiredProperty()@resource://gre/modules/addons/AddonUpdateChecker.jsm:121
parseJSONManifest()@resource://gre/modules/addons/AddonUpdateChecker.jsm:131
onLoad()@resource://gre/modules/addons/AddonUpdateChecker.jsm:313
UpdateParser/<()@resource://gre/modules/addons/AddonUpdateChecker.jsm:242
1557024827897	addons.update-checker	WARN	onUpdateCheckComplete failed to parse update manifest: [Exception... "Update manifest is missing a required addons property."  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: resource://gre/modules/addons/AddonUpdateChecker.jsm :: getRequiredProperty :: line 121"  data: no] Stack trace: getRequiredProperty()@resource://gre/modules/addons/AddonUpdateChecker.jsm:121
parseJSONManifest()@resource://gre/modules/addons/AddonUpdateChecker.jsm:131
onLoad()@resource://gre/modules/addons/AddonUpdateChecker.jsm:313
UpdateParser/<()@resource://gre/modules/addons/AddonUpdateChecker.jsm:242
1557024827906	addons.update-checker	WARN	onUpdateCheckComplete failed to parse update manifest: [Exception... "Update manifest is missing a required addons property."  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: resource://gre/modules/addons/AddonUpdateChecker.jsm :: getRequiredProperty :: line 121"  data: no] Stack trace: getRequiredProperty()@resource://gre/modules/addons/AddonUpdateChecker.jsm:121
parseJSONManifest()@resource://gre/modules/addons/AddonUpdateChecker.jsm:131
onLoad()@resource://gre/modules/addons/AddonUpdateChecker.jsm:313
UpdateParser/<()@resource://gre/modules/addons/AddonUpdateChecker.jsm:242
1557024827958	addons.update-checker	WARN	onUpdateCheckComplete failed to parse update manifest: [Exception... "Update manifest is missing a required addons property."  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: resource://gre/modules/addons/AddonUpdateChecker.jsm :: getRequiredProperty :: line 121"  data: no] Stack trace: getRequiredProperty()@resource://gre/modules/addons/AddonUpdateChecker.jsm:121
parseJSONManifest()@resource://gre/modules/addons/AddonUpdateChecker.jsm:131
onLoad()@resource://gre/modules/addons/AddonUpdateChecker.jsm:313
UpdateParser/<()@resource://gre/modules/addons/AddonUpdateChecker.jsm:242


1557024830156	addons.manager	WARN	Failed to update system addons: Error: Rejecting updated system add-on set that either could not be downloaded or contained unusable add-ons.(resource://gre/modules/addons/XPIInstall.jsm:3469:13) JS Stack trace: updateSystemAddons@XPIInstall.jsm:3469:13

(In reply to Paul from comment #62)

hotfix-update-xpi-signing-intermediate-bug-1548973 Applied but all add-ons are still disabled in firefox version 59.0.3 ESR so hotfix is not effective.

versikon is 59.0.3 and not 59.0.3 ESR sorry my bad but the rest of the comment still stands.

Further to my earlier comment (#54)

I have a new install of Debian 9.9 (32-bit) with 60.6.1esr (32-bit). It would not allow me to download any add-ons, giving a download error. However, pointing at the direct download link (#9 -replace 'hxxps' with 'https') I was able to download and install the intermediate signature.

Going back to the Mozilla add-on site, I can now download and install.

(In reply to Paul from comment #62)

hotfix-update-xpi-signing-intermediate-bug-1548973 Applied but all add-ons are still disabled in firefox version 59.0.3 ESR so hotfix is not effective.

version is 59.0.3 and not 59.0.3 ESR sorry my bad but the rest of the comment still stands.

I have three essential (to me) addons, AdBlock, NoScript, and Tree Style Tab. While waiting for the fix, I used about:debugging to load them as temporary addons. Then I saw the post about enabling studies for the hot fix which I did. As far as I can tell, the only addon it enabled was uBlock Origin. I wondered if it was because of the temporary addon status. So I restarted the browser to clear it, then went to about:origins and to clear the hotfix.

Which may have been a mistake. It's just marked complete now. Will it attempt to run again? Is there a way to MAKE it run again?

hotfix-reset-xpi-verification-timestamp-1548973•Complete
This study sets app.update.lastUpdateTime.xpi-signature-verification to 1556945257.

hotfix-update-xpi-signing-intermediate-bug-1548973•Complete
This is a hotfix that updates an intermediate certificate used for signing add-ons. It is one of the mechanisms used to fix bug 1548973.

Active studies

    prefflip-push-performance-1491171•Active
            This study sets dom.push.alwaysConnect to true.

    hotfix-reset-xpi-verification-timestamp-1548973•Active
            This study sets app.update.lastUpdateTime.xpi-signature-verification to 1556945257.

I do not have the crucial “hotfix-update-xpi-signing-intermediate-bug-1548973” showing.

I have 66.0.3 (64-bit) running - or rather, limping...

It is impossible to keep using Firefox with no ability to block the incessant ads, so I'll have to get close and personal with Chrome.

I hope the Mozilla engineers can awaken refreshed as giants, ready to fix this issue soon without being steamrollered by the pressure of community expectation.

(In reply to Melissa Mears from comment #68)

I have three essential (to me) addons, AdBlock, NoScript, and Tree Style Tab. While waiting for the fix, I used about:debugging to load them as temporary addons. Then I saw the post about enabling studies for the hot fix which I did. As far as I can tell, the only addon it enabled was uBlock Origin. I wondered if it was because of the temporary addon status. So I restarted the browser to clear it, then went to about:origins and to clear the hotfix.

Which may have been a mistake. It's just marked complete now. Will it attempt to run again? Is there a way to MAKE it run again?

hotfix-reset-xpi-verification-timestamp-1548973•Complete
This study sets app.update.lastUpdateTime.xpi-signature-verification to 1556945257.

hotfix-update-xpi-signing-intermediate-bug-1548973•Complete
This is a hotfix that updates an intermediate certificate used for signing add-ons. It is one of the mechanisms used to fix bug 1548973.

Hah, was able to fix it. Went to about:config, searched for app.update.lastUpdateTime.xpi-signature-verification and updated it manually to 1556945257. For some reason, my three addons were no longer in the extensions (legacy or otherwise) list, but searching for them DID let me install them. It also did remember my settings.

(In reply to c borghi from comment #37)

Is there any reason not to publish just the certificate, in a form that can be easily imported?

I would appreciate an answer to this as well. I used the Certificate Manager in a successfully patched instance of Firefox for Linux to export the updated certificate and then imported it using the same facility in an unpatched instance of Firefox for Windows. I selected "Trust this CA to identify software developers" when queried for the import purpose. I had to restart the Firefox for Windows twice before it took affect, but all add-ons are now verified and working again.

Are there versions or variants of Firefox for which this wouldn't have worked?

I recognize that this isn't a practical solution for many users, but I don't understand why Mozilla didn't make the updated certificate file available yesterday already. Manually enabling Studies and waiting for up to 6 hours seems somewhat onerous compared to using the Certificate Manager for its intended purpose. What am I missing here?

Running Firefox 56.0 (64-bit)
Win7 Professional
Addons:
AdBlock 3.29.0
YouTube NonStop 0.5.1

Things i did try/change in about:config :
extensions.shield-recipe-client.first_run - set to true
extensions.shield-recipe-client.run_interval_seconds - set it to 15minutes (900 seconds
app.update.lastUpdateTime.xpi-signature-verification - set value from 1557031824 to 1556945257, which according to hotfix should have changed automatically (https://normandy.cdn.mozilla.net/api/v1/recipe/signed/)

Studies active
Automatic fix through studies didn´t arrive within 10h, so applied it manually.
After applying hotfix-update-xpi-signing-intermediate-bug-1548973 and waiting some time, it is now marked as Complete under Studies, and addons are still disabled.
I´ve tried to reapply this fix and restarted browser multiple times. Addons are still staying disabled.
Computer restart also not helping.

Also if i try to download addon again from developer site, then receiving error that "Download failed. Please check your connection."

Any clue what other things can be tried to troubleshoot this?

(In reply to aardvarkruby-avast from comment #43)

Manually downloading 'storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate@mozilla.com-1.0.2-signed.xpi' as per comment 9 worked for me.

The automatic update via Studies did not happen !!!???
Manual download solved the problem for me. I had enabled Studies and "app.normandy.run_interval_seconds" changed to 1 but I still did not receive the hotfix. Thankfully my customers use GC.

FF: 66.0.3 x64
OS: W10 1809

(In reply to SakuIce from comment #72)

Running Firefox 56.0 (64-bit)
Win7 Professional
Addons:
AdBlock 3.29.0
YouTube NonStop 0.5.1

Things i did try/change in about:config :
extensions.shield-recipe-client.first_run - set to true
extensions.shield-recipe-client.run_interval_seconds - set it to 15minutes (900 seconds
app.update.lastUpdateTime.xpi-signature-verification - set value from 1557031824 to 1556945257, which according to hotfix should have changed automatically (https://normandy.cdn.mozilla.net/api/v1/recipe/signed/)

Studies active
Automatic fix through studies didn´t arrive within 10h, so applied it manually.
After applying hotfix-update-xpi-signing-intermediate-bug-1548973 and waiting some time, it is now marked as Complete under Studies, and addons are still disabled.
I´ve tried to reapply this fix and restarted browser multiple times. Addons are still staying disabled.
Computer restart also not helping.

Also if i try to download addon again from developer site, then receiving error that "Download failed. Please check your connection."

Any clue what other things can be tried to troubleshoot this?

Little troubleshoot update to this:

When created new profile for troubleshoot purposes, this is what i noticed.
hotfix-update-xpi-signing-intermediate-bug-1548973 - is now active again under about:studies
Addons mentioned previously (adblock and youtube nonstop) have been completely removed from browser.
When trying to install them again or any new ones from mozilla add-on database, receiving Connection failure error.

When switching back to old profile. Somehow latest firefox update is applied even tho never check or install updates was marked in old firefox 56.0 (update forced for user via studies?). grrrrr.
Addons which were previously installed (adblock plus and youtube nonstop) are no longer present. When trying to add them or any other from mozilla add-on database results Connection failure error.

hi all new here just wanted to say that the hotfix says complete on studies hotfix-reset-xpi-verification-timestamp-1548973 and only hotfix-update-xpi-signing-intermediate-bug-1548973 is active as of now running on ff66.0.3 win10 i disabled and re enable my add ons and started working like ublock so i think it might be fixed

Running FF 56.0 x64 on W10.

The fix from comment 9, hxxps://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate@mozilla.com-1.0.2-signed.xpi , has no effect what so ever, restarting FF didn't help.

About:studies shows a blank page, nor can I find related settings (no matter how I translate them). Probably not available in v56?

Half my addons are still disabled, Stylus and uBlock are among them. Thank god NoScript and Session Manager still seem to work.

In addition to comment #44
After a good night sleep the necessary hotfix still didn't appear and add-ons are still gone. Since one of them is my passwordkeeper, I'm have a serious problem.
Am I the only one who is using a mac (OS High Sierra, version 10.13.6)?

(In reply to bart from comment #76)

Running FF 56.0 x64 on W10.

The fix from comment 9, hxxps://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate@mozilla.com-1.0.2-signed.xpi , has no effect what so ever, restarting FF didn't help.

About:studies shows a blank page, nor can I find related settings (no matter how I translate them). Probably not available in v56?

Half my addons are still disabled, Stylus and uBlock are among them. Thank god NoScript and Session Manager still seem to work.

Im also using v56.
Studies is present.
Found in Tools->Options->Privacy and Security
Scroll down to Firefox Data Collection and Use.
For studies to be active: first two needs to be checked.
2nd one is Allow Firefox to rund and install studies

about:studies - should work

(In reply to SakuIce from comment #78)

Im also using v56.
Studies is present.
Found in Tools->Options->Privacy and Security
Scroll down to Firefox Data Collection and Use.
For studies to be active: first two needs to be checked.
2nd one is Allow Firefox to rund and install studies

about:studies - should work

I'm running the Dutch version, could it be that the options aren't literally translated? I see 2 options: to allow FF to send crash reports and to have FF automatically send technical data. Nothing that even remotely translates to studies.

I'm also on v56.
From what I've found, it seems unlikely there will be a patch for v56 and other earlier versions. :(
https://old.reddit.com/r/firefox/comments/bkkra7/fyi_if_you_havent_gotten_the_addon_hotfix_yet/?st=jvapiy0v&sh=838550f0
https://twitter.com/mozamo/status/1124692929312780289

Not working here either: macOS 10.4.4, FF 66.0.3

Studies enabled, studies applied incl. hotfix, but most addons are still disabled, i.e. no change.

The interesting thing is that the study "hotfix-reset-xpi-verification-timestamp-1548973" says it will set "app.update.lastUpdateTime.xpi-signature-verification" to "1556945257".

However, the value of that key is now at "1557046775". I have tried setting it to "1556945257" manually, but it will just revert back to a different value. The value does change, however: it used to be "1557045012", now it's "1557046775" (as stated above).

Also tried setting "app.normandy.run_interval_seconds" to "15", which I read elsewhere, but it has no effect.

Has been like that for about 12 hours.

The following addons are still working:

Bloody Vikings!
Disable WebRTC
First Party Isolation
History Cleaner
JavaScript Toggle On and Off
Link Cleaner
Nuke Anything
OverbiteWX
Shortkeys (Custom Keyboard Shortcuts)

Someone pointed me to a fix for older FF's and it seems to work! reddit.com/r/firefox/comments/bkspmk/addons_fix_for_5602_older/

(In reply to bart from comment #82)

Someone pointed me to a fix for older FF's and it seems to work! reddit.com/r/firefox/comments/bkspmk/addons_fix_for_5602_older/

my hero! :D

Windows 7, 66.0.3 64 bit. It's now 15 hours since I enabled studies, and I only have the hotfix-reset-xpi-verification-timestamp-1548973 study - and NOT the hotfix-update-xpi-signing-intermediate-bug-1548973 study!! Extensions are still disabled including the Kaspersky Protection extension which is part of their Internet Security system. Can I force the hotfix study to be downloaded somehow? Without the Kaspersky extension, I now feel very unprotected using the Internet.

This really isn't very good, Mozilla, after all this time since the issue was first known.

Oh damn, you're right: I didn't get "hotfix-update-xpi-signing-intermediate-bug-1548973" either, just the timestamp hotfix.

Others that were pushed, but might not be related:

  • prefflip-push-performance-1491171
  • hotfix-http-throttling-v2-bug-1462906

(In reply to 8472 from comment #83)

(In reply to bart from comment #82)

Someone pointed me to a fix for older FF's and it seems to work! reddit.com/r/firefox/comments/bkspmk/addons_fix_for_5602_older/

my hero! :D

YAY Worked.
Tried installing any new addons from mozilla add-on database too. All is well and no more check your connection error.

Comment #43 does the trick!

storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate@mozilla.com-1.0.2-signed.xpi

is the link that solves your problem.

Before i tried the hotfixes:
prefflip-push-performance-1491171
hotfix-reset-xpi-verification-timestamp-1548973

the first one was activated the second one successfully finished but to no effect at all.

Right, it does: xpi will be added automatically. Addons working again. Thank you.

(In reply to myw from comment #77)

In addition to comment #44
After a good night sleep the necessary hotfix still didn't appear and add-ons are still gone. Since one of them is my passwordkeeper, I'm have a serious problem.
Am I the only one who is using a mac (OS High Sierra, version 10.13.6)?

No correct hotfix-file yet, after 24 hours. The other 2 files I received in studies are completed now:
p
prefflip-push-performance-1491171•Voltooid
Dit onderzoek stelt dom.push.alwaysConnect in op false.
h
hotfix-reset-xpi-verification-timestamp-1548973•Voltooid
Dit onderzoek stelt app.update.lastUpdateTime.xpi-signature-verification in op 1556945257.

So what now? Use the .xpi that works?

Re comment #87. It worked great. All my extensions are now working. Thanks.

I have both the studies installed, normal addons are now enabled, but I had to manually enable my custom theme.

The worst issue is I had all my search engines disabled, this broke the address bar almost completely. No completion and suggestions pop up typing on the bar and I could only navigate to any page was to type the full address, including http:// at the beginning.

After a couple of restarts, it seems Amazon got somehow enabled, and now I can use the address bar normally, but all other search engines are still disabled, and the restore defaults button is greyed out in preferences.

(In reply to Henri from comment #91)

I have both the studies installed, normal addons are now enabled, but I had to manually enable my custom theme.

The worst issue is I had all my search engines disabled, this broke the address bar almost completely. No completion and suggestions pop up typing on the bar and I could only navigate to any page was to type the full address, including http:// at the beginning.

After a couple of restarts, it seems Amazon got somehow enabled, and now I can use the address bar normally, but all other search engines are still disabled, and the restore defaults button is greyed out in preferences.

I had the same, missing search engines. I did this:
Close Firefox and open File Explorer and navigate to your profile, or use about:support and use the 'Open Folder' button for your Profile location.
Locate file search.json.mozlz4 and rename it , I just added .old to the file
Restart Firefox and all the search engines were recreated.
I think this also cleared up the Navbar not working correctly.

Guys, you shouldn't blame everything else on Mozilla just because there is an occasion. I already had similar problems in the past, where all my extensions were working but disappeared from the browser's extensions page. It's possible that some of you didn't check that page for ages and your extensions weren't there already even before this armagadd-on started. This happens when your profile went silently corrupted. This could explain why you didn't receive hotfix or why it didn't work as expected. Just make a new profile in that case.

Restrict Comments: true

Let's try and keep this bug focused on finding out what causes extensions to stay disabled for some users with the update-xpi-intermediate hotfix applied, rather than listing (possibly harmful) workarounds for the issue.

(In reply to Henri from comment #91)

I have both the studies installed, normal addons are now enabled, but I had to manually enable my custom theme.

The worst issue is I had all my search engines disabled, this broke the address bar almost completely. No completion and suggestions pop up typing on the bar and I could only navigate to any page was to type the full address, including http:// at the beginning.

After a couple of restarts, it seems Amazon got somehow enabled, and now I can use the address bar normally, but all other search engines are still disabled, and the restore defaults button is greyed out in preferences.

Was this (and comment 92) on firefox 66 (current release)?

Flags: needinfo?(jmjjeffery)
Flags: needinfo?(cg+zbmvyynohtmvyyn)

Henri says he's on nightly. That particular issue is tracked in bug 1549075, and doesn't (as far as we know) affect other channels.

Flags: needinfo?(cg+zbmvyynohtmvyyn)

@Julien Cristau
I am currently on the Nightly channel where I posted the work-around that worked for me.

Flags: needinfo?(jmjjeffery)

Is there a chance that this has the same cause as bug 1549249 (master password)?

The hotfixes are no longer needed. Official updates have been released and the root problem is resolved.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: