News: 0176674423

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Firefox Certificate Expiration Threatens Add-ons, Streaming on March 14 (betanews.com)

(Tuesday March 11, 2025 @12:47PM (msmash) from the PSA dept.)


A critical root certificate expiring on March 14, 2025 will [1]disable extensions and potentially break DRM-dependent streaming services for Firefox users running outdated browsers. Users must update to at least Firefox 128 or ESR 115.13+ to maintain functionality across Windows, macOS, Linux, and Android platforms.

The expiration additionally compromises security infrastructure, including blocklists for malicious add-ons, SSL certificate revocation lists, and password breach notifications. Even those on legacy operating systems (Windows 7/8/8.1, macOS 10.12â"10.14) must update to minimum ESR 115.13+.



[1] https://betanews.com/2025/03/10/firefox-addons-breaking-update-now/


Not for distro handling certs (Score:3)

by GPLHost-Thomas ( 1330431 )

For Debian users for example, the CA store is *not* in the browser...

Certificate expiries are timebombs (Score:3)

by xack ( 5304745 )

Every so often a major website or product stops working because of an expired certificate somewhere. Despite "soft coding" certificates and update automation there is always a chance one will be forgotten. EOL is often enforced by manufacturers with deliberate expiration dates as well, leading to the "internet of shit" problem. All this ewaste is piling up Idiocracy/Wall-e style thanks to broken certificates. With the version number now so inflated by Chrome/Firefox, no one knows what the "correct" version is supposed to be anymore, and all these old Firefox installs on spare computers or EOL Windows 7 computers are going to blow up fast. Many non-tech savvy people will be affected, and it will increasingly destroy even more of Firefox's lost good will that has occurred over the years.

Re: (Score:2)

by omnichad ( 1198475 )

It should be easier than this to manually update the certificate store on any program or automate it with third party utiltiies.

Seems that Firefox will only trust private root stores from the operating system and they don't intend to ever support using the rest of the store from the OS. Of course that doesn't help when the OS is obsolete too, but it would be much easier to import updated certs once at the OS level instead of to each individual app.

What the hell is this crap!? (Score:1)

by lyran74 ( 685550 )

"10.12â"10.14"

It's 2025. I expected this in 1999. Seriously, sort out the encodings already.

Timing is everything (Score:2)

by akw0088 ( 7073305 )

Seems like this might have been factored in with the terms of use change, force people to upgrade for streaming and get the browser tracking under the table

... and for absolute majority of programmers additional shared objects mean
additional fsckup sources. I don't trust them to write correct async code.
OK, so I don't trust the majority of programmers to find their dicks if
you take their Visual Masturbation Aid++ away, but that's another story -
I'm talking about otherwise clued people, not burger-flippers armed with
Foo For Complete Dummies in 24 Hours.

- Al Viro about multi-threading on linux-kernel