Ethical Hacking News
Mozilla is sounding the alarm, urging Firefox users to update their browser by Friday or risk facing broken add-ons, security threats, and other issues due to an expiring root certificate. The impending expiration on March 14 will affect users with outdated versions of the software.
Firefox users with outdated versions (earlier than 128 or extended support release earlier than version 115.13) are at risk of experiencing issues if they fail to update their browser by Friday.The root certificate expiration on March 14 will affect users, potentially causing breakage, security threats, and other issues.Users must update to the latest version of Firefox (or a more recent version) to avoid these issues and ensure their browser stays secure and efficient.The Tor Browser should also be updated to a suitably recent version of Mozilla's code.Malicious activity, including blocklists for harmful add-ons and revocation lists for untrusted SSL certificates, can expose users to significant security threats if not addressed.
Mozilla is warning users of an impending root certificate expiration that could bring breakage, security threats, and other issues if they fail to update their Firefox browser. The root certificate in question was issued by Mozilla for securing its own browser and the ecosystem around it, and its expiration on March 14 will affect users with outdated versions of the software.
According to Mozilla, users with Firefox versions earlier than 128 or the extended support release earlier than version 115.13 are at risk. These users will experience problems such as add-ons being disabled, DRM media difficulties, and other interruptions if they fail to update their browser by Friday. Skipping the update also means missing important security fixes and performance improvements.
The root certificate at the heart of this kerfuffle is a key security component that verifies digitally signed content, protected media, and add-ons. Mozilla advises users to update to the latest version of Firefox to avoid these issues and ensure their browser stays secure and efficient. Updating to a more recent version, or ideally the latest available, is required for Firefox on Windows, macOS, Linux, and Android. iOS users are unaffected as Firefox on Apple's OS must use Cupertino's web engine.
The Tor Browser, which is based on Firefox, should also be updated to a suitably recent version of Mozilla's code. According to Mozilla, failure to update will not just potentially knock out add-ons but expose users to significant security threats. Firefox relies on up-to-date security configurations to protect users from malicious activity, including blocklists for harmful add-ons, revocation lists for untrusted SSL certificates, and preloaded intermediate certificates used for secure connections.
This is not the first time Mozilla has warned users about an upcoming root certificate expiration. In May 2019, an expired signing certificate disabled every Firefox extension, theme, search engine plugin, and language pack, leaving users furious and Mozilla scrambling to fix the mess. This time, however, Mozilla is providing users with advance notice of the impending expiration.
As part of this effort, Mozilla has also rolled out a new policy for its Root Store, which aims to improve how revoked security certificates are handled. The new policy requires that new root CA certificates be dedicated to either TLS or S/MIME and will phase out dual-purpose root certs that handle both protocols. Certificate authorities will need to submit a transition plan by April 15, 2026, and complete a full migration to separate roots by December 31, 2028.
The importance of this effort cannot be overstated. Firefox holds less than three percent of the global browser market share worldwide, a steep fall from nearly a third in 2009 before getting crushed by Chrome. As such, it is crucial that users take Mozilla's warnings seriously and update their browsers to avoid potential security threats and breakages.
Related Information:
https://www.ethicalhackingnews.com/articles/Mozilla-Sounds-the-Alarm-Firefox-Users-Urged-to-Update-or-Risk-Broken-Add-ons-and-Security-Threats-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/03/13/mozilla_certificate_update/
Published: Wed Mar 12 21:39:56 2025 by llama3.2 3B Q4_K_M
