Firefox addon signing

Simo Sorce simo at
Thu Feb 12 17:53:09 UTC 2015

On Thu, 2015-02-12 at 18:19 +0100, Florian Weimer wrote:
> On 02/12/2015 04:53 PM, Simo Sorce wrote:
> > On Thu, 2015-02-12 at 09:54 -0500, Miloslav Trma─Ź wrote:
> >>> or simply exempt signature checking if
> >>> the extension is on disk. They should check on download only.
> >>
> >> That would defeat the entire purpose; malware is very commonly sideloading extensions.
> > 
> > Malware can easily binary patch firefox to ignore verification,
> Windows has Authenticode, which may change the equation somewhat.
> > I do not
> > think trying to defeat sideloading with this kind of verification makes
> > much sense.
> Maybe it is only about preventing people from bundling the official
> Firefox version with dodgy add-ons.  Not downright malware, but things
> users may not actually want without realizing it.  The signature
> checking means that those who prepare the downloads can no longer use
> the unmodified upstream binary.  Which in turn might force them not to
> use Mozilla brands.
> Maybe this is a bit far-fetched, but after hours of staring at other
> people's code today, it seems pretty reasonable to me.
> But what do add-on developers do?  Surely there is a way to disable this
> somehow?

Mozilla stated they will have to use the Developer Version (Aurora was
the name ?) or the nightlies ...


Simo Sorce * Red Hat, Inc * New York

More information about the devel mailing list