Last Updated on
Mozilla, the company behind Firefox, have implemented a number of security checks in their browser related to extensions. One such check is a digital certificate that all add-ons must be signed with. This certificate is like a HTTPS certificate – the thing that gives you a green padlock in your browser’s URL bar.
You’ve probably seen a HTTPS error before. This happens when a site’s certificate is invalid for one reason or another. One such reason is that the certificate has expired.
HTTPS certificates are only valid for a certain amount of time. When that time runs out, they need to be renewed. This is done to ensure that the person with the certificate is still running the website, and is still interested in keeping the certificate.
When a certificate expires, your browser will refuse to connect to the website. A similar issue happened with Firefox – their own add-on signing certificate expired on the 4th of May, 00:09 UTC, causing everyone’s add-ons to be disabled after that timed passed.
One would think that Firefox wouldn’t disable an add-on that had been signed with a certificate while it was still valid, but apparently they didn’t do that. Even so, this could have been avoided if anybody had remembered to renew the certificate, which nobody did. This is a particularly embarrassing issue for Firefox, especially considering both how easily it could have been avoided and the fact that it really shouldn’t have been possible for this to happen in the first place. It also raises the question: What happens if Mozilla disappears, and people keep using Firefox? Thankfully, there are ways to disable extension signing, which means that you can protect yourself from ever happening again, but note that doing this is a minor security risk.
One could argue that by remotely disabling some of the functionality of your browser, intentionally or not, Mozilla is violating the four essential freedoms, specifically, the right to unlimited use for any purpose.