A critical root certificate embedded within Mozilla Firefox is set to expire on March 14, 2025. This certificate plays a pivotal role in signing Mozilla Foundation’s software and services, including signature verification for Firefox’s core functionalities.
Once the certificate expires, several essential Firefox features will be adversely affected. Notably, all browser extensions will be automatically disabled due to failed validation, and DRM-protected video content will become unplayable within Firefox.
In essence, a Firefox version reliant on the outdated certificate may become largely unusable unless a user completely abstains from using extensions or playing DRM-protected media. Even more concerning is that Firefox’s built-in certificate store will also cease to update, potentially leading to HTTPS access failures as certificates can no longer be properly validated.
To mitigate this issue, the Mozilla Foundation has begun integrating a new certificate starting with Firefox v128.0. Consequently, all versions prior to v128.0 will be impacted, while Firefox v128.0 and subsequent releases remain unaffected.
For users on the Extended Support Release (ESR), an update to Mozilla Firefox v115.3 ESR or later is required, as earlier ESR versions will also be rendered obsolete due to the expired root certificate.
It is crucial to highlight that if users postpone the update until after March 14, Firefox’s built-in update mechanism will no longer function, as it relies on the very certificate that is set to expire. In such cases, users must manually download the latest installation package from Mozilla’s official website and perform an over-the-top installation to restore normal functionality.
Summary Overview:
- Affected Versions: Firefox v128.0 and earlier, Firefox v115.3 ESR and earlier
- Required Update: Firefox v128.0 or later / Firefox v115.3 ESR or later
- Impacted Platforms: Windows, Linux, macOS, Android
