There's a workaround that involves going to about:config and setting xpinstall.signatures.required to false.
However, if you're running the Stable or Beta version, it will only work under Linux. On Windows and MacOS you'll need to download Nightly or the Developer Edition.
To fix this on MacOS I did the following:
1. Downloaded and installed Firefox Nightly
2. Ran /Applications/Firefox\ Nightly.app/Contents/MacOS/firefox-bin --profilemanager
3. Changed the profile to "default" so my normal Firefox profile would be used
4. Started up Firefox Nightly, opened about:config, then set xpinstall.signatures.required to false
Not sure if it's a good idea to use my default profile in Nightly. It might be a wiser idea to copy it instead.
Upgrading your profile from Release to Nightly, which occurs automatically when you open it with Nightly, is a one-way irreversible step. This could prevent your profile from being used with Release without crashes, or lose profile data such as bookmarks or saved passwords when later used with Release, depending on what work is underway in Nightly and if it happens to be backwards-compatible. Be sure to backup your profile if you choose to switch channels.
Note: I am told that Developer channel uses a separate profile, but there are instructions below showing people how to override that, at which point this warning becomes relevant once again.
Oof. Would you happen to know if it's the same with the developer edition as well?
The developer edition has its own user profile.
That’s a good point. However, some of the instructions below specifically tell people how to force any channel onto using the existing Release profile. I’ll update my post.
And I told the developer edition to use my regular profile because that's the one that has all my settings and add-ons and I didn't realize the risk was there. Guess at this point all I can really do is hope and cross the bridge when I get there.
If you’re on Mac, you should be able to recover the old profile with time machine. Or if you are on windows and have another backup setup.
Yes, the risk remains. If I read this right (from my phone), Release is 66, Developer is 67, Nightly is 68. This isn’t guaranteed to be a problem, but it’s not guaranteed okay either. YMMV.
(See reply about Developer, though.)
FWIW I started using beta, nightly and the old "UX" channel, first on Mac and then on Linux, and before I knew it could be a problem I switched between them with the same profile all the time. Maybe there were subtle bugs I wasn't aware of, but nothing I ever noticed.
I haven’t run into any issues in a while, but you only have to get hit by lightning one time to lose your profile data. Best to be consciously careful about it.
I do agree, and I'm more careful now. Always keep a backup, at the very least. I now symlink ~/bin/firefox to nightly because some apps seem to have it hardcoded to open "firefox" rather than what's set as default.
Looks like it would have been better to copy the profile instead. I managed to get most of my profile back using Firefox Sync, though for some reason it didn't transfer across my preferences and I had to redo those.
Gotta love the Linux release team for not disabling this ability.
And Linux desktop for being pretty usable. :)
The following workaround works on regular editions: https://www.reddit.com/r/firefox/comments/bkhzjy/temp_fix_fo...
Origin here... https://news.ycombinator.com/item?id=19824410
Firefox stopped respecting the signature-required setting in the mainline version in 2016. I know because I got burned by it and made a Hitler parody.
https://youtube.com/watch?v=taGARf8K5J8
And frankly, this an extra absurdity on top of that. If you’re going to require signatures for all extensions, regardless of user preference, shouldn’t you be keeping an eye on the signing process?
Why does Mozilla do this? Same with removing the option to not update. Why not let users choose (in the case of update maybe with an about config setting)?
Because (stable) users are dumb, are easily manipulated and can't be trusted. Thus the mothership has to be in control for the greater good. They also argue that enduser computers are already effectively "compromised" from a mozilla perspective because adware runs installers with admin privs and thus could insert things into the program folders. Thus anything the user can do adware could do too and therefore they can't give them any choice.
They put it in nicer words though.
To their credit, you can opt out but only if you switch to dev edition, nightly or custom builds, which either is a one-way road since downgrades corrupt profiles or tedious because you don't receive auto-updates.
But what they should really have done is allowing additional signing roots. Even secure boot does that.
I get the ostensible justification, but attacking this way requires the user to dig into the obscure dev settings and load an xpi from outside the browser[1]. Is there even one case of a user compromised that way?
[1] or at least they could have allowed that as a compromise
I updated my previous comment. They say there exist crapware installers that use elevated privileges that do inject stuff into the browser and that's why we can't have nice things, yes.
But I disagree with their value tradeoffs. They want to add a little "protection" - which is really flimsy since there is no privilege separation - for users who already compromised their systems with adware at the expense of the freedom of everyone else.
I'm totally fine with software already running on my machine being able to install addons into my browser. It can also already install a keylogger and record the screen, what's the big deal?
Are you fine with calling “editing of crypto certs” a study? And do you endorse all Orwellian doublespeak, or just this instance?
This sounds like a threat model and mitigation developed by a college intern.
How, exactly, is a user land application going to protect itself from modification by a computer admin? I think DRM, anti-virus, and os vendors everywhere would love an answer to this.
This threat model completely fails to account for live patching, trusted cert root modification, dll hooking, etc. Either the Mozilla security folks are incompetent / winging it, or this isn't the real reason.
Here's the official reason in case you don't trust my grim representation of it: https://blog.mozilla.org/addons/2015/04/15/the-case-for-exte...
Because they don't want trojans to hijack the browser. If the user can change the signing preference, any application can.
Yes, the sibling comment and thread already brought that up.
It is not possible for a user land application to prevent root processes from hijacking / modifying it. Such protection requires the protecting mechanism to run at a higher level of trust / security ring than the attacker.
This worked for me on Firefox 60.6.1esr on Debian 9 Linux—changing the setting instantly restored my addons.
No go for me on Firefox 59.0 / Debian 64bit. I even restarted Firefox but they're all still "Legacy Extensions". :(
Legacy Extensions is different.
BINGO... X-ring.
I OWE you, dude.
On Windows and MacOS you'll need to download Nightly or the Developer Edition.
The workaround also works if you're running Firefox Extended Support Release on MacOS. Thankfully.
For me missing extensions aren't just an inconvenience. I simply don't browse with JS on. Firefox is dead to me without NoScript.
Same is true for ESR on Windows.
Works on android too.
Thank you!
Saved me tons of ultimately pointless thrashing.
It is probably safer to use an unbranded build with the same version as the currently installed Firefox (take note that it will not update). Page with links to the latest release builds: https://wiki.mozilla.org/Add-ons/Extension_Signing
This also works if you build from source, even if you build off mozilla-release. (Just tried it.)
Doesn't work for me. Using Arch Linux. I was already on Nightly when this happened.
What timezone are you in? I'm in UTC-4 (Detroit), and haven't seen any problems so far. (Also running Nightly on Arch Linux - I haven't made any previous changes to the addon signing either)
To clarify, by 'not working' I meant none of the addons with signing issues are re-enabled after changing xpinstall.signatures.required. I might have wrongly assumed this would happen. However, I tried installing a new addon I had never installed before and that works, but reinstalling one that I had previously installed still doesn't, even after uninstalling it (uBlock Origin).
My timezone is America/Los_Angeles.
EDIT: Sorry, I'm dumb. I actually have two versions of FF installed and I chose the one that wasn't Nightly.
This does not work with Firefox 66.0.3 in Arch Linux ...