Firefox switched NoScript and Adblock Plus off

I detected this just a few minutes and as I regularly admit scripts on certain sites it can’t be that long, but Firefox switched off the NoScript and Adblock Plus (and Flagfox, but that is only a nicety).

They seem they think they have some security reason for it, but I feel more or less naked now and much more vulnerable.

This is FF 60.6.1 esr.

Anybody else experiencing this?
And what to do about it?

Yes… >:(


A temporary “fix” is to use “about:config” and set “xpinstall.signatures.required” to false

YES!. They are back. Thanks a lot, feels much more safe now.

What will be the definitive fix?

Looked at the link you provided.

Seems to be a real bug and thus it will be repaired asap I guess.

After it is repaired, I assume we are supposed to undo that setting. Hope we get some hint when it is repaired.

Mozilla are releasing a new certificate ( ) …

Don’t know when that will make it into the openSUSE repositories, contact the maintainers and let them know of the problem maybe?

Created a report at bugzilla: 1134126 – Firefox extensions disabled after failed signature verification due to Mozilla intermediate certificate issue

Thanks. I’ve added myself to the CC list of that bug report.

It happened to me last night. So I looked around (at and found the workaround.

Not all graphical logins were affected. Some had already the fix installed:

  • hotfix-reset-xpi-verification-timestamp-1548973•Aktiv
  • hotfix-update-xpi-signing-intermediate-bug-1548973•Aktiv

see “about:studies”.

Only of course if one hasn’t opted out of “studies”…

… and for those who don’t know of it End User Interaction — Normandy 0.1.0 documentation

See also:


It appears that there hot fix does not apply to “esr” versions, such as with Leap. However, the other workaround can be used there. So I can wait.

For me, “noscript” is the only extension that matters. And even that doesn’t matter when reading opensuse forums. But it is a help when accessing other sites.

oS 42.3: After update to 66.0.3 from mozilla repo the extensions are recognized, no need to set xpinstall… to false (it is set to true by default). Studio privacy option was activated.
Note that the update may have nothing to do with it, as the first run after update still blocked the extension, but after a few minutes they appeared, maybe after closing and opening FF again. This could be mozilla’s fix through studio, not related to the new version.

IMHO Privacy Badger and HTTPS Everywhere are important too.

From various platforms i becomes clear that Mozilla fixed the certificates issue.

Yes, it is working in another box with FF 60.6.1esr without any change in settings.

Yes, as it is a security protection against malware.

The mailing lists seem to indicate it is fixed for some, but not for all.
In my case, it is not fixed, but that is because of my disdain for Firefox’s direction in the past few years and my customized version of Firefox.
The about.config change is working for me, though, and the security issue with that is moot, since I am not adding any new plugins.

Not working here with 60.6.1esr, so presumably some specific settings are necessary. The opensuse bug says the fix will be in an updated release but as yet gives no indication of when.

Please also read the Mozilla Bugzilla (the link is posed in post #2 above), so that everybody here has the same information.

Firefox pulled a patch that resets all certificates. If some were removed, check them after. Click the link to add the correction = same as adding an extension. Works OK in Tumbleweed (FF 66.0.3). You should set other parameters default after. **Copy link location in a new tab.