Mozilla has issued an urgent warning to Firefox users worldwide, emphasizing the critical need to update their browsers before March 14, 2025, when a vital root certificate will expire.
This expiration threatens to disable extensions, break DRM-protected content playback, and expose users to significant security risks.
The warning affects millions of Firefox users across multiple platforms, still running versions earlier than 128 or ESR versions prior to 115.13.
The core of this issue involves a root certificate essential for Firefox’s security infrastructure.
This certificate serves as a trusted authority that verifies the authenticity of websites, add-ons, and software updates across various Mozilla projects.
Certification Expiry
When this certificate expires on March 14, systems relying on it will no longer be able to validate signed content, creating widespread disruption properly.
“While it’s possible to use Firefox without updating, you may experience problems such as add-ons being disabled, DRM media difficulties, and other interruptions,” Mozilla warned in its advisory.
This technical limitation is not merely inconvenient but represents a fundamental break in the browser’s security architecture. The certificate expiration affects a broad spectrum of functionality within Firefox.
The xpinstall.signatures.required verification system, which ensures add-ons come from trusted sources, will fail to authenticate extensions after the expiration date.
Similarly, the certificate verification process for DRM-protected content will halt, preventing playback of streaming media that relies on these security measures.
Mozilla emphasizes that the consequences extend far beyond mere functionality issues.
The company stated in its support documentation that “not updating Firefox before the root certificate expires can expose you to significant security threats. “
Without up-to-date security configurations, users become vulnerable to malicious activity, including compromised passwords, exposure to harmful add-ons, and the inability to identify fraudulent websites.
The root certificate issue affects Firefox on Windows, macOS, Linux, and Android platforms.
iOS users are not impacted due to Firefox on Apple’s mobile platform utilizing a different certificate management system that operates independently of Mozilla’s root certificates.
This situation bears a striking resemblance to a previous incident in May 2019, when an expired signing certificate suddenly disabled all Firefox extensions worldwide.
That event caught users by surprise, causing significant disruption and prompting Mozilla to scramble for a fix.
Unlike that situation, Mozilla is now providing advance warning, giving users several weeks to prepare before the March 14 deadline.
Update Process and Requirements
Updating Firefox is relatively straightforward.
Desktop users can check their current version by navigating to Menu > Help > About Firefox, which will also initiate an automatic update check.
Android users need to update through their platform’s app store. Users still running Windows 7/8/8.1 or older macOS versions (10.12–10.14) need to ensure they’re on at least Firefox ESR 115.13 to maintain functionality.
Firefox versions below 128 (released in July 2024) will experience the full range of issues once the certificate expires.
This certificate expiration comes at a challenging time for Mozilla, as Firefox currently holds less than three percent of the global browser market share—a significant decline from its peak of nearly a third in 2009.
The urgency of this update reflects Mozilla’s commitment to maintaining security standards despite its diminished market position.
Mozilla recommends that all users verify they are running Firefox 128 or higher immediately to ensure an uninterrupted browsing experience and continued protection against emerging online threats.
Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.
