The Mandelbear's Musings

If you were using Firefox any time after midnight UTC on Star Wars Day (May the 4th), you probably noticed that all your add-ons were disabled, with the unhelpful message: "... could not be verified for use in Firefox and has been disabled". If you're reading this before 9am or so Pacific time on the 4th they may still be.

This happened because a certificate in the code-signing certificate chain expired at midnight UTC. The same thing happened three years ago, causing today's version to be dubbed "Armagadd-On-2.0".

• wait for the fix to roll onto your browser (you can look for it by browsing to about:studies and looking for hotfix-update-xpi-signing-intermediate-bug-1548973) (make sure that "Firefox Options/Preferences -> Privacy & Security -> Allow Firefox to install and run studies" is checked) (it landed in my browser at 8:18 or so Pacific time)
• download and run either the Firefox nightly build, LTS, or developer edition and set xpinstall.signatures.required to false in about:config
• temporarily switch to Chrome.

This outage highlights a weakness in any security technique that involves code-signing, or indeed anything else that involves the Public Key Infrastructure and X.509 certificates (which is just about everything except SSH and PGP/GnuPG): an expired or revoked certificate can wreak wide-spread havoc. X-509 certs are used not only for code signing but for TLS/SSL (the protocol behind HTTPS). At this point there doesn't seem to be much that can be done about it in the near term.

Resources

• Firefox disabled all add-ons because a certificate expired
• Firefox add-ons disabled en masse after Mozilla certificate issue
• Update Regarding Add-ons in Firefox | Mozilla Add-ons Blog
• bug report
• 1267318 - (armagadd-on) Moving date forward to May 2nd is causing add-on signature "unrecognized issuer" errors

Another fine post from The Computer Curmudgeon (also at computer-curmudgeon.com).
Donation buttons in profile.

Pro SEO: FireFox Jumps To 13% Of Global Market Share

According to the Amsterdam analytics firm onestat the FireFox browser has jumped from a global market share of 8.7% to a whopping 13% since April 2005.

The national usage of firefox make some interesting reading to with FireFox making up 16% in the USA, 24% in Australia and a huge 39% in Germany.

Onestat provide visitor statistics for 50,000 websites from 100 countries; The FireFox usage statistics are based on these websites and counties.

It's worth noting that usage of Microsoft IE is just under 80% in the US, and only 83% worldwide. This is well past the point where website designers have to take standards-compliant browsers into account if they don't want to lose a significant fraction of their readership.