Firefox faced a major cybersecurity-related outage this weekend that caused all browser add-ons, themes, search engines, and language packs to be disabled, which left many Tor users potentially exposed to tracking. However, Mozilla was quick to react and published an update to version 66.0.4 on Android and Desktop OSs that reinstated said features yesterday.
The bug started to make its rounds late Friday, May 3rd, when users found all of their browser customizations deactivated. Apparently, an expired certificate on Mozilla’s end was the culprit, since Firefox suddenly couldn’t verify the integrity of any third-party add-ons anymore and thus automatically disabled everything for everyone. This is a standard procedure to protect users from rogue unsigned extensions, and it worked just as it should since no add-ons were classified as safe any longer.
While that was merely a (granted, big) annoyance to most, especially since it happened during the weekend, one particular group of people had their safety at risk through this snafu: Tor users, who want to surf the web anonymously. You see, the Tor browser is a Firefox fork and relies on the same certificates to verify third-party add-ons – including the pre-installed NoScript extension that prevents websites from tracking you across the internet, which users found deactivated in the middle of researching the dark web. Ouch.
This is what Firefox add-ons looked like over the weekend on version 66.0.2
Luckily, Mozilla was quick to react with a hotfix that came to desktop browsers shortly after the bug was found and an update from version 66.0.2 to 66.0.4 that fixes the issue across all platforms, including Android.
You can either grab the new release from the Play Store widget below or download it straight from APK Mirror. Note that a small number of extensions may disappear from your about:addons after getting the new version. Their data is not gone; you just need to reinstall them from Firefox’s add-on store. The situation is similar for themes, which have to be re-enabled manually.