Mozilla Company about the emergence of mass with add-ons for Firefox. For all browser users, the add-ons were blocked due to the expiration of the lifetime of the certificate used to generate digital signatures. In addition, it is noted that it is impossible to install new add-ons from the official catalog (addons.mozilla.org).
Way out of the current situation , the Mozilla developers are considering possible fixes and have so far limited themselves to only a general confirmation of the situation that has arisen. It is only mentioned that add-ons became inactive after 0 hours (UTC) on May 4th. The certificate was supposed to be updated a week ago, but for some reason this did not happen and this fact went unnoticed. Now, a few minutes after starting the browser, a warning is displayed about disabling add-ons due to digital signature problems and the add-ons disappear from the list. The digital signature is checked once a day or after the browser is launched, so add-ons may not immediately turn off in long-running Firefox instances.
As a workaround for Linux users to regain access to add-ons, digital signature verification can be disabled by setting the "xpinstall.signatures.required" variable in about:config to "false". This method for stable and beta releases only works on Linux and Android, for Windows and macOS, such manipulation is possible only in nightly builds and in the Developer Edition. Alternatively, you can also change the value of the system clock to the time before the expiration of the certificate, then the ability to install add-ons from the AMO directory will return, but the already set disable flag is not removed.
Recall that the mandatory verification of Firefox add-ons for digital signatures was in April 2016. According to Mozilla, verification by digital signature allows you to block the spread of malicious and spying add-ons for users. Some plugin developers with this position and believe that the mechanism of mandatory verification by digital signature only creates difficulties for developers and leads to an increase in the time it takes to bring corrective releases to users, without affecting security in any way. There are many trivial and obvious to bypass the system of automated checks for additions that allow you to silently insert malicious code, for example, through the formation of an operation on the fly by concatenating several lines with the subsequent execution of the resulting line by calling eval. Mozilla's position to the fact that most authors of malicious add-ons are lazy and will not resort to such techniques to hide malicious activity.
Addition: Mozilla Developers about the start of testing the fix, which, if tested successfully, will soon be brought to users (the decision to apply the proposed fix has not yet been made). Until the patch is applied, digital signature generation for new additions is disabled.
Source: opennet.ru