Mozilla Connect

sam13 · ‎03-11-2025

Hello software developers,

Getting strange messages that my Firefox browser version 127.0 will fall dead and be broke on March 14, 2025 ==> Is this really true ??? <== Been doing software development a long time and never heard of just 'breaking' a legacy product version for installed customers. A big No-No.

Question:

Will you really break a browser version I really like and have used for almost 20 years ? <or> Will you give your developers a crash course on how to renew, store, chain, and manage X.509 certificates to prevent this breakage ???

Please recommend a good replacement browser such as Brave, LibreWolf, Floorp, etc, which replicates the good, fast performing, basic, and non-intrusive functions that Firefox used to do in the past.

Do not want to interrupt your busy coding schedule, but Certificate management code and tools are everywhere for you to do a quick fix for this breakage, generally called a bug. An extra 30 LOC to fix this won't hurt performance that much.

Thanks for you quick response,

Sam

siffemcon · ‎03-11-2025

Yes, it's true if you don't update or switch to ESR and there's nothing you can do to prevent it other than that.

https://support.mozilla.org/en-US/kb/root-certificate-expiration

Many people like Librewolf and Floorp.

jscher2000 · ‎03-12-2025

Hi Sam, why are you running Firefox 127? Was there an unacceptable UI change in Firefox 128??

The supported options -- i.e., the versions with the updated certificate built in -- are:

Firefox 128.0 and later, including the ESR series of Firefox 128 if you dislike frequent updates (https://support.mozilla.org/kb/choosing-firefox-update-channel)
Firefox 115.13.0esr and later in the ESR series of Firefox 115

superkuh · ‎03-12-2025

If you can find (or have previously saved) an unbranded build of Firefox for your version it does not have the walled garden / CA TLS system for add-ons. So it will break less than the normal walled-garden branded-Firefox versions.

jscher2000 · ‎03-12-2025

@superkuh wrote:
If you can find (or have previously saved) an unbranded build of Firefox for your version it does not have the walled garden / CA TLS system for add-ons. So it will break less than the normal walled-garden branded-Firefox versions.

If I understand your suggestion, the poster should find an "unbranded" build of Firefox 127.0.2 so they can toggle the xpinstall.signatures.required preference to false. That preference is not effective in the standard Firefox "rapid release" versions, but is honored in the Firefox Extended Support Release and Developer Edition, and in "unbranded" builds. In theory, at least, that would allow Firefox to keep running unverified extensions after certificate expiration. Has anyone tested this? I think you would just need to roll your system clock forward a few days to see what happens.

sam13 · ‎03-12-2025

Thanks for the replies.

Still confused:

The post dated 03-12-2025 01:27 PM by jscher2000 says the "updated certificate is built in", ie, addons are protected, for "Firefox 115.13.0esr and later in the ESR series of Firefox 115" but all subsequent posts imply that the xpinstall.signatures.required preference is set to false even for ESR editions.

Question:

A) Is version "Firefox 115.13.0esr and later in the ESR series of Firefox 115" running with xpinstall.signatures.required = false and thus addons are still basically unprotected ???

B) <or> is there special CA magic in version ESR Firefox 115 to protect addons ??? (which would be good)

==> If (B) is true would appreciate a link to download the latest ESR Firefox 115 version. A truly good solution.

Note: Running with security turned off is not a solution, one of quickest ways to get fired in a business environment.

Thanks for one more response,

Mozilla Connect

Messages my Firefox browser version 127.0 will be broke on March 14, 2025 ???