Firefox addon signing

Simo Sorce simo at redhat.com
Thu Feb 12 17:53:09 UTC 2015


On Thu, 2015-02-12 at 18:19 +0100, Florian Weimer wrote:
> On 02/12/2015 04:53 PM, Simo Sorce wrote:
> > On Thu, 2015-02-12 at 09:54 -0500, Miloslav Trma─Ź wrote:
> >>> or simply exempt signature checking if
> >>> the extension is on disk. They should check on download only.
> >>
> >> That would defeat the entire purpose; malware is very commonly sideloading extensions.
> > 
> > Malware can easily binary patch firefox to ignore verification,
> 
> Windows has Authenticode, which may change the equation somewhat.
> 
> > I do not
> > think trying to defeat sideloading with this kind of verification makes
> > much sense.
> 
> Maybe it is only about preventing people from bundling the official
> Firefox version with dodgy add-ons.  Not downright malware, but things
> users may not actually want without realizing it.  The signature
> checking means that those who prepare the downloads can no longer use
> the unmodified upstream binary.  Which in turn might force them not to
> use Mozilla brands.
> 
> Maybe this is a bit far-fetched, but after hours of staring at other
> people's code today, it seems pretty reasonable to me.
> 
> But what do add-on developers do?  Surely there is a way to disable this
> somehow?

Mozilla stated they will have to use the Developer Version (Aurora was
the name ?) or the nightlies ...

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York



More information about the devel mailing list