Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Firefox Root Certificate Expiration: Questions & Tips for Updating

  • 10
  • 9
  • Nzaghachi ikpeazụ nke vtay

more options

Important update! On March 14, 2025, a critical root certificate in Firefox will expire. If you’re still using an older version (before Firefox 128 or ESR 115.13+), it’s crucial to update to Firefox 128 or newer to avoid issues with add-ons, DRM-protected content, and other features.

For full details, check out Update Firefox to prevent add-ons issues from root certificate expiration.

If you have questions about the update or need help with the process, this is the place to ask! Whether you’re just starting or you’ve already updated and want to share your experience, we’d love to hear from you.

Let’s come together, share tips, and ensure we’re all prepared. Drop your questions or insights below!

'''Important update!''' On '''March 14, 2025''', a critical [https://support.mozilla.org/en-US/kb/root-certificate-expiration#w_what-is-a-root-certificate-and-why-is-its-expiration-important root certificate] in Firefox will expire. If you’re still using an older version (before Firefox 128 or ESR 115.13+), it’s crucial to update to Firefox 128 or newer to avoid issues with add-ons, DRM-protected content, and other features. For full details, check out [[Update Firefox to prevent add-ons issues from root certificate expiration]]. If you have questions about the update or need help with the process, this is the place to ask! Whether you’re just starting or you’ve already updated and want to share your experience, we’d love to hear from you. Let’s come together, share tips, and ensure we’re all prepared. Drop your questions or insights below!

Edeziri site na Lucas Siebert

All Replies (10)

more options

My PC uses Windows 7 Ultimate SP1. I definitely do not want to update to a newer version of Windows. Thus, I cannot update my Firefox.

Please let me know what root or roots are affected and how to download replacement(s).

Helpful?

more options

david860 said

My PC uses Windows 7 Ultimate SP1. I definitely do not want to update to a newer version of Windows. Thus, I cannot update my Firefox.

You can update to a current version as the OP says Firefox 115.13+ ESR. It is currently at Fx 115.16.1esr.

The Firefox 115 ESR is still being updated to support the older OS's Windows 7, 8, 8.1 and macOS 10.12, 10.13, 10.14 in mind. The updates will occur until Fx 115.21.0esr in March 2025 unless Mozilla extends update support again.

https://support.mozilla.org/en-US/kb/firefox-users-windows-7-8-and-81-moving-extended-support

Edeziri site na James

Helpful?

more options

With Windows 7 you can use Firefox 115 ESR (current: 115.16.0 and isn't affected) and you should be fine with this version since you can't update to a newer version. You keep getting updates up to March 25, then your OS will no longer be supported and you need to stuck with the last version.

Firefox 116 and newer require Windows 10 as the minimum, users on Windows 7 and 8 and 8.1 have been moved to Firefox 115 ESR.

Helpful?

more options

That does NOT answer my questions. (1) What are the affected roots? (2) What URIs can I use to download the replacements roots?

NOTE WELL: My wife's PC is still using Windows XP SP3. It does not have the capacity to update even to Windows 7. However, it still meets my wife's needs. She does not want any version of Firefox. I will have to update her SeaMonkey for new root certificates. Yes, I know how, but I need to know what roots.

Helpful?

more options

Helpful?

more options

Hi

I have looked into this with Mozilla staff, who have confirmed that it is not possible to download replacement root certificates. They are baked into the code.

Helpful?

more options

Windows 7 Firefox 115.0.3 (new as of 23 Jan 2023 and -- without my authorization -- pushed onto my PC on 12 Apr 2024)


In Firefox, I go to [Settings > Privacy & Security > Certificates > View Certificates]. That gives me the Certificate Manager window. When Authorities is selected on that window's menu bar, there is an Import button at the bottom (among others) to import a root certificate.

In the meantime, your Web page at https://ccadb.my.salesforce-sites.com.../IncludedCACertificateReport -- last updated today -- indicates the only root expiring in 2025 is one DigiCert root. Using the Certificate Manager window' View button to examine all DigiCert roots, I did not find any expiring in 2025. However, I found several that expired in 2023, on which I used the window's Delete or Distrust button.

Again, which root in Firefox's root store is the subject of your alert? And what root will be replacing it? How is it that a version of Firefox released this year included root certificates that expired last year?

Helpful?

more options

The roots in question are part of Mozilla's system for verifying add-ons and delivering other remote content to Firefox. They are not part of the public web PKI, aren't included in the CCADB, and aren't accessible via the certificate manager. They are compiled into Firefox and can only be updated by updating Firefox. Short of manually backporting the patch to your outdated copy of Firefox and recompiling it, the only way to ensure Firefox will keep working is to update it.

Helpful?

more options

Can't Mozilla consider to provide an update for 78.15.0 as that is the latest version that runs on Mac OS X 10.9/10.10/10.11 and they have hardware that doesn't support newer macOS versions? Mac OS X 10.12/10.13/10.14 use 115 ESR and thus aren't affected.

Helpful?

more options

cor-el said

Can't Mozilla consider to provide an update for 78.15.0 as that is the latest version that runs on Mac OS X 10.9/10.10/10.11 and they have hardware that doesn't support newer macOS versions? Mac OS X 10.12/10.13/10.14 use 115 ESR and thus aren't affected.

I reached out to our engineering team. It was something they looked at and considered but unfortunately, it seems that making this happen would be quite challenging at this point. Since it's been out of support for over three years, we no longer have the infrastructure in place to build ESR78.

Helpful?

Jụọ ajụjụ

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.