Firefox addon signing

Florian Weimer fweimer at
Thu Feb 12 12:47:34 UTC 2015

On 02/12/2015 11:15 AM, Nikos Roussos wrote:
> On Thu, Feb 12, 2015 at 6:30 AM, Michael Cronenworth <mike at>
> wrote:
>> Is Fedora going to get authorization to build Firefox with a runtime
>> disable option?
> If the only way is to completely disable this feature, I'd prefer we don't.
> I wouldn't like for us to ship a less secure build of Firefox.

It's not the only way, you can also patch the Firefox binary on disk to
disable the check.  You can even run a copy in case you cannot modify
the original version due to file system permissions.

This is why I don't see how this can be a security improvement, at least
not on Fedora.  If it really cannot be disabled, it will also cause
problems for centrally managed Firefox deployments which need to
pre-install add-ons into user profiles.

Florian Weimer / Red Hat Product Security

More information about the devel mailing list