Does this mean the end of Mozilla’s Firefox?
In the firefox browser and also for instance in Cliqz not a single one of the add-ons will work.
No more extensions, not a single one allowed.
A golden day for those that strive for Google chromium supremacy
or mono-culture of the chromium browser forks.
No more NoScript, no more adblockers, no more LastPass.
They may have to upgrade all of the browser with what results?
How many run of the mill end-users will now switch to Google Chrome, Brave, Iridium etc,
because of this fiasco?
What will the certification war, bring us further? Problems for Kaspersky, Huawei?
Symantec is not a player anymore in the field of certification,
Let’s Encrypt has many advantages,
but also has lowered the bar for cybercrime, scam, spam & fraud,
and other (political) manipulation.
It is also striking there is no general news about this mozilla add-ons mishap,
no news on the Reg and other main tech news outlets.
Silence reigns big time…
The problem was first expected to appear from May 10th henceon,
but now has reared it’s head world-wide already when world clock struck 0:01 on May 4th 2019.
There is a work-around fix available via Firefox studies account,
but that is probably to complicated for the average user to install.
Beyond belief actually while Mozilla developers implemented this in such a way (date depending),
they have to come up with an emergency browser update now to fix this add-on Daemmerung ,
and we do not know what further implications that may have.
polonus
P.S. And this bug now has a proper name “Armag-add-on 2.0” ;D
@ polonus,
While this gaffe is not major as in some like McAfee bricking Windows systems en masse, because it does not brick or prevent use of Firefox, it is similar in scope and certainly a major annoyance factor for everyone. I suspect, tho, that [only] FF browsers open/running/online at 0001 UTC were affected by this bug, so the number impacted may be less than expected. Just happened again @ 1522 UTC.
Run your browsers in a sandbox always if you don’t run a virtual machine. I did. So when I encountered this, simply closing and re-opening the browser brought everything back .
A fix has been rolled out since 16.00 GMT and now all my extensions in my Firefox fork, CLIQZ browser, have returned via de add-on manager, retire.JS, uMatrix, JaVascript Error Notifier extension. CLIQZ is a privacy browser fork.
Hard to tell, why they haven’t paid attention.
Now as a final solution they have to update all of the browser.
Mind, when you have your add-ons working normally again,
to disable settings in “about:studies” (via the browser-bar),
else you will continue sharing your browser data with Mozilla telemetries,
and that is not the securest settings you could have,
and may not be what you want as a continuous situation.
What I could imagine (might not be too far-fetched a thought),
that this could have been an orchestrated action against tor-browser users,
as tor-browser is basically a Firefox browser fork relenting on NoScript add-on being active,
and there this essential add-on (NoScript) for anonymous browsing was also disabled.
But again that is pure speculation on my part, and probably about such schemes we will never know.
Anyways stay on the square, and browse safely and securely,
is the wish of,
Trust in Mozilla’s diminishes with every hour this misery goes on.
A reliable alternative for the average browser user just searching for some info, banking and doing some shopping at times
= Waterfox 8), which is 64 bit, based on FF ESR 52 and with RSS read still available to the browser-user,
a functionality that regular FF took out “for reasons of user friendliness”.
Happy to inform you all, Mozilla team produced an update with the fix for this included,
download firefox 66.0.4 build 1 restart the browser and voila.
Good Firefox can at least hold some ground, as a complete chromium mono-culture is not something to be glad about
or to look forward to. Mono-cultures always will spell elevated risks and a greater attack surface.
So those on Firefox run less risk, as all major script injection mimicks Google scripts,
as in the latest magecart gang attacks.
What Windows means as a main vector for operational system threats,
chromium will be in the case of browser vector attacks.
(e.g. against Edge, Google Chrome, chromium-forks like Iridium, Brave etc.).
Always nice to have a browser that is not a run of the mill one and kept for the masses.