Just an FYI since this is bound to impact users:
https://bugzilla.mozilla.org/show_bug.cgi?id=1548973
Basically, Mozilla forgot to renew an intermediate cert, and people's Firefox browsers have mass-disabled addons.
Whoops.
Clearly false, since it is 2019-05-04 02:46:31.342994 now and nothing whatsoever happened to my Firefox browser, and all the extensions are still working just fine.
My temporary solution was to set "xpinstall.signatures.required" to "false".
Besides which, if something was signed AT THE TIME when the certificate chain was valid, then that signature will be a valid signature forever (unless one of the certificates in the chain is revoked). The future or current expiry of a certificate or an intermediary has no effect whatsoever on the validity of a signature IF THE CERTIFICATE CHAIN WAS VALID at the time the signature was made, and the chain can be verified TO HAVE BEEN VALID at the time the signature was made.
In other words, the fact that subsequent to making a signature the pen ran out of ink does not make the signature invalid. If it did so then there would be no point in having signatures. It may be impossible to make a valid signature with a pen that is out of ink, but that does not invalidate signatures made before the ink ran out.
This is why it’s important that every single website on the internet is available ONLY over HTTPS. Don’t forget to install an HSTS policy, too, so, if anyone ever visits Kazakhstan or a security-conscious corporate office, they’ll be prevented from accessing the cute pictures of cats on your fully static website. Of course, don’t forget to abandon HTTP, too, and simply issue 301 Moved Permanently redirects from all HTTP targets to HTTPS, to cover all the bases.
Backwards compatibility? Don’t you worry — no browser lets anyone remove HSTS, once installed, so, you’re golden. And HTTPS links won’t fallback to HTTP, either, so, you’re good there, too — your cute cats are safe and secure, and once folks link to your new site under https://, your future self will be safe and secure from ever having the option to go insecure again. I mean, why would anyone go “insecure”? Especially now with LetsEncrypt?
Oh, wait…
Wait a moment, and who’s the biggest player behind the HTTPS-only movement? Oh, and Mozilla’s one of the biggest backers of LetsEncrypt, too? I see… Well, nothing to see here, move along! #TooBigToFail.
C.
The diagnosis in the OP's message may be false, but there is most
definitely a widespread FF issue (or was, maybe fixed now). It affected
me and numerous others.
Simple temporary fix is to browse to "about:config" and change the
value for "xpinstall.signatures.required" to false. Well, that worked
for me, anyway. When Mozilla fixes whatever the issue is, I'll set it
back to true.
BTW it hit at midnight UTC,so different people saw the effect at
different times depending on their timezone.
Regards, K.
HTTPS: has nothing to do with the website being "secure". https: means that transport layer security (encryption) is in effect. https: is a PRIVACY measure, not a SECURITY measure.
I'm just repeating what was mentioned elsewhere - don't shoot the messenger. We'll have to wait for them to tell us what exactly happened (if they do) to know for sure.
Clearly you are not reading the bug reports and paying attention.
Its not happening to everyone, but a large enough group of people are experiencing it. My desktop for example, is having the issue, my laptop is not.
Unfortunately only works if you are using the Dev version 
They totally removed ability to bypass that in the standard distribution of Firefox. Ugh
Or, apparently, if you are using the Linux version. I'm on 66.0.3 Linux
64-bit. I think the Android version still allows it, too.
I dislike this trend to remove features "for our own good", yet
everyone seems to be doing it.
Regards, K.
so is there a recipe for re-enabling the add-ons? otherwise, one is
running pretty nekkid.
randy
12:50 p.m. UTC / 03:50 a.m. PDT: We rolled-out a fix for release, beta and nightly users on Desktop. The fix will be automatically applied in the background within the next few hours, you don’t need to take active steps.
In order to be able to provide this fix on short notice, we are using the Studies system. You can check if you have studies enabled by going to Firefox Preferences -> Privacy & Security -> Allow Firefox to install and run studies.
You can disable studies again after your add-ons have been re-enabled.
We are working on a general fix that doesn’t need to rely on this and will keep you updated.
so is there a recipe for re-enabling the add-ons? otherwise, one is
running pretty nekkid.12:50 p.m. UTC / 03:50 a.m. PDT: We rolled-out a fix for release, beta
and nightly users on Desktop. The fix will be automatically applied in
the background within the next few hours, you don’t need to take
active steps.In order to be able to provide this fix on short notice, we are using
the Studies system. You can check if you have studies enabled by going
to Firefox Preferences -> Privacy & Security -> Allow Firefox to
install and run studies.You can disable studies again after your add-ons have been re-enabled.
We are working on a general fix that doesn’t need to rely on this and
will keep you updated.
read that. to do it, i have to start ffox. and 100 tabs will open and
javascript will flood in.
12:50 p.m. UTC / 03:50 a.m. PDT: We rolled-out a fix for release, beta and nightly users on Desktop. The fix will be automatically applied in the background within the next few hours, you don’t need to take active steps.
In order to be able to provide this fix on short notice, we are using the Studies system. You can check if you have studies enabled by going to Firefox Preferences -> Privacy & Security -> Allow Firefox to install and run studies.
This is a lie. I had both updates and studies disabled but “hotfix-update-xpi-intermediate” appeared in my addons anyway.
It also failed to re-enable noscript.
Regards,
Bill Herrin
Disconnect from the network, start Firefox while offline, then KILL IT WITH FIRE^W SIGKILL.
After that, Firefox will start with a “Restore tabs” page which doesn’t activate tabs automatically.
HTTPS: has nothing to do with the website being “secure”. https: means that transport layer security (encryption) is in effect. https: is a PRIVACY measure, not a SECURITY measure.
Disconnect from network.
Start Firefox.
Take a moment to appreciate the silence.
Close tabs.
Reconnect to network.
OR: Start firefox's profile manager:
firefox -P --no-remote
Then create a new profile and start FireFox with the new profile. Not
100% sure how the studies feature works, but I am assuming it updates
more than just the profile, so once FF has updated you should be able
to open the old profile and get all your extensions and settings back.
Regards, K.
So, for being "Clearly false", the hotfix pushed out by the Firefox Studies feature is...
*drumroll*
An updated intermediate certificate!
You can turn on the Studies option under Privacy & Security for a little while, then check about:studies and you should see one or two in there regarding the xpi verification/signing. Once you have those two studies, you can disable Studies again.
Likely we'll see a full fix with a point release of Firefox in a day or so.
I will stick to the "clearly false" since it is now well to the point where we are in 2019-05-04 (even in local UT1, let alone UTC), studies are disabled (and have been since forever), no studies have been loaded, and my extensions still work quite fine, thank-you. Attempting to install a "new" extension fails with a "bad signature" error.
Is the "permanent fix" going to be proper validation of signatures I wonder?
Or will they still consider the signature (made while there was ink in the pen) to be invalid after the pen runs out of ink?
Or, more accurately, not invalidate the handwritten signature after the death of the witness. Lordy forbid that the "real world" worked like that ... invalidating the signature on a contract merely because the witness or signer got killed by a rogue bus ... What a lovely way to render a contract nul ab initio -- just kill one of the witnesses ...