Mozilla has issued an urgent update advisory for Firefox users, warning that an expiring root certificate could disable add-ons, disrupt digital rights management (DRM) content, and impact other security-dependent features if the browser isn’t updated before March 14, 2025.
Users running Firefox versions earlier than 128 or Firefox ESR versions prior to 115.13 must update to avoid potential functionality issues.
The affected root certificate plays a critical role in verifying signed content within Firefox, including add-ons and security updates. If not renewed by updating the browser, Firefox could fail to authenticate add-ons, causing them to be disabled. Additionally, DRM-protected media — such as content from popular streaming platforms — may no longer play due to verification failures. Other systems that rely on content signing could also be disrupted, affecting overall browser performance and security.
The issue impacts all Firefox users on Windows, macOS, Linux, and Android who have not updated to the required versions. Those using Firefox ESR (Extended Support Release), including organizations and individuals on older operating systems such as Windows 7/8/8.1 and macOS 10.12–10.14, must also ensure they update to version 115.13 or later. Users who received an in-app notification about this issue are directly affected and need to take immediate action.
Failing to update Firefox before the March 14 deadline could lead to several security risks. Without an updated root certificate, the browser will be unable to validate security-related updates, leaving users vulnerable to:
- Untrusted Security Certificates – Secure website connections depend on certificate validation. Without updates, Firefox may fail to detect revoked or fraudulent SSL certificates, increasing the risk of phishing or man-in-the-middle attacks.
- Compromised Password Protection – Features that warn users about breached passwords could stop functioning, reducing the browser’s ability to alert users to compromised accounts.
Firefox for Android is also affected by this issue, requiring users to update via Google Play Store or Samsung Galaxy Store. However, Firefox for iOS users do not need to take any action, as Apple’s platform manages security and certificate updates separately.
To prevent disruptions, users should update Firefox to version 128 (or ESR 115.13+) as soon as possible. Updates can be accessed through the Firefox menu under Help > About Firefox, which will check for and install the latest version. For Android users, updates are available in the respective app stores.
For users who encounter issues updating or need assistance, Mozilla has provided support via the Firefox Community Forum, where troubleshooting steps and expert guidance are available.
Ensuring your browser is updated before the March 14 deadline will prevent service interruptions and maintain essential security protections, keeping Firefox fully functional and secure. The same applies to Tor Browser users, as the project is based on Firefox.
Apple Patches Zero-Day Flaw Used in Targeted iPhone Attacks
“Expired validation could expose users to harmful or fraudulent add-ons.” is incorrect. When Firefox’s root certificate expires, the user’s add-ons will all be disabled. No malicious add-ons will be inadvertently trusted.
Thanks for your feedback, Chris. We’ve updated the article accordingly.