Mozilla's mea culpa for breaking Firefox


By Dylan Bushell-Embling
Tuesday, 14 May, 2019

Mozilla's mea culpa for breaking Firefox

Mozilla has issued an apology for the issue with its Firefox web browser which broke existing add-ons from working and prevented new ones from being installed.

The incident, which occurred earlier this month, has been traced to the expiration of a digital certificate used to sign add-ons. Mozilla CTO Eric Rescorla shared details of the gaffe in a blog post.

The expired certificate acted as an intermediate certificate for the digital signing process used to verify new add-ons or ensure add-ons loaded into Firefox are legitimate.

This meant that the vast majority of the more than 15,000 Firefox add-ons that are available stopped working, and the browser rejected attempts to install new add-ons due to the expired certificate. The effect was delayed because Firefox only checks add-ons about every 24 hours, and the time of these checks is different for each user.

Once Mozilla became aware of the issue, the company initially temporarily disabled signing of new add-ons, and pushed a hotfix designed to suppress re-validating the signatures on add-ons, in an attempt to prevent disruption for users who had not re-validated yet and encountered the issue.

As a more long-term solution, Mozilla developed a new certificate with the same subject name and public key as the old certificate, and then set about developing and pushing an update to Firefox to install the new certificate and force the browser to re-verify every add-on.

“We strive to make Firefox a great experience. Last weekend we failed, and we’re sorry,” new Mozilla Head of Engineering Joe Hildebrand said.

“You deserve a full accounting, but we didn’t want to wait until that process was complete to tell you what we knew so far. We let you down and what happened might have shaken your confidence in us a bit, but we hope that you’ll give us a chance to earn it back.”

Image credit: ©stock.adobe.com/au/Mila Gligoric

Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.

Related News

Govt unveils code of practice to boost IoT security

The Australian Government has released a code of practice for IoT devices like smart televisions...

Career opportunities booming in RPA

UiPath has revealed that the COVID-19 pandemic has increased demand for robotic process...

Magento 1 still in wide use despite reaching end of life

Adobe has issued the final patches for version 1 of the popular e-commerce platform Magento, but...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd