Skip to main content
banner image
venafi logo

How Certificate Expiry Inconvenienced Firefox Users

How Certificate Expiry Inconvenienced Firefox Users

expired certificate, Mozilla, Firefox
May 6, 2019 | Guest Blogger: Kim Crawley

According to StatCounter in November 2018, Mozilla Firefox was the third most popular web browser platform worldwide, with about 4.92% overall marketshare. (Google Chrome was number one at 61.75%, and Apple Safari was number two at 15.12%.) That takes into account both desktop and mobile spaces. Of course, not all implementations of the Firefox platform are labelled Firefox, as there are also many popular forks. Tor Browser is one of those forks, and there are many others. A fork has most of the main Firefox code, so bugs that affect vanilla Firefox usually also affect the many forks of it as well.

Frankly I’m really impressed by the Mozilla Foundation’s commitment to cybersecurity and user privacy. Firefox’s opensource nature is one reason why implementations like Tor Browser are based on Firefox, but Mozilla’s pre-existing security features are another. Those security features, such as anti-tracking, are a reflection for Mozilla’s security philosophy. As written in their Online Privacy and Security report:

“One of Mozilla’s founding principles is the idea that security and privacy on the internet are fundamental and must not be treated as optional. This core value underlines and guides all of Mozilla’s work on online privacy and security issues—including our product development and design decisions and policies, and our public policy and advocacy work.”






Many of the Firefox Add-ons developed by third parties, such as HTTPS Everywhere and Privacy Possum, are excellent for improving user security on the web. Many more third-party Add-ons aren’t security-related, but offer useful features some people want, such as tab organizers and RSS readers. Some Firefox forks have a few Add-ons built in. The Tor Browser I previously mentioned has HTTPS Everywhere and an anti-tracking Add-on built in.

Well, guess what! On Friday May 3rd, an expired certificate caused all Add-ons in both vanilla Firefox and its forks on desktop to stop working! Users got loads of error messages alerting them that their Add-ons weren’t working. The certificate in question is a machine identity which helps to sign Add-ons into Firefox to prevent unauthorized Add-ons from being able to harm user security. Unauthorized Add-ons and other such web browser plugins are a common form of malware.


Mozilla’s Kev Needham acknowledged the problem on the Mozilla Add-ons Blog:


“Late on Friday May 3rd, we became aware of an issue with Firefox that prevented existing and new add-ons from running or being installed. We are very sorry for the inconvenience caused to people who use Firefox.


Our team has identified and rolled-out a fix for all Firefox Desktop users on Release, Beta and Nightly. The fix will be automatically applied in the background within the next few hours. No active steps need to be taken to make add-ons work again. In particular, please do not delete and/or re-install any add-ons as an attempt to fix the issue. Deleting an add-on removes any data associated with it, where disabling and re-enabling does not.”


If “Allow Firefox to install and run studies” has been disabled in the user’s preferences, they will need to enable the feature in order to install the hotfix.


I’m glad that the Mozilla team are working quickly on this expired certificate problem, but it just goes to show how common of a problem expired certificates are for large tech companies and media organizations. As I wrote here just last week:


“The reputational damage from web downtime (caused by expired certificates) is difficult for an accountant to ledger, but it definitely affects a company’s bottom line. Transactions aren’t made, services aren’t delivered. If I’m in the mood to buy a new pair of boots and the website of one of my favorite shoe stores is down, I’ll just go to the website of another shoe store, their direct competitor. It’s as simple as that.”


But Firefox’s expired certificate doesn’t just affect a website, it affects all desktop Firefox users, no matter where on the web they go!


This issue didn’t go unnoticed by Venafi on Twitter.



Okay, that’s a bit cheeky. But it’s true! This embarrassing problem could have been prevented with the use of Venafi machine identity management solutions!




Related posts

Like this blog? We think you will love this.
Featured Blog

Why Stopping Certificate Outages Starts with an Outage Safety Net

We’ve also talked a lot in this blog about how to eliminate outages.

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Guest Blogger: Kim Crawley
Guest Blogger: Kim Crawley

Kim Crawley writes about all areas of cybersecurity, with a particular interest in malware and social engineering. In addition to Venafi, she also contributes to Tripwire, AlienVault, and Cylance’s blogs. She has previously worked for Sophos and Infosecurity Magazine.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more