Firefox addon signing
Simo Sorce
simo at redhat.com
Thu Feb 12 17:53:09 UTC 2015
On Thu, 2015-02-12 at 18:19 +0100, Florian Weimer wrote:
> On 02/12/2015 04:53 PM, Simo Sorce wrote:
> > On Thu, 2015-02-12 at 09:54 -0500, Miloslav Trmač wrote:
> >>> or simply exempt signature checking if
> >>> the extension is on disk. They should check on download only.
> >>
> >> That would defeat the entire purpose; malware is very commonly sideloading extensions.
> >
> > Malware can easily binary patch firefox to ignore verification,
>
> Windows has Authenticode, which may change the equation somewhat.
>
> > I do not
> > think trying to defeat sideloading with this kind of verification makes
> > much sense.
>
> Maybe it is only about preventing people from bundling the official
> Firefox version with dodgy add-ons. Not downright malware, but things
> users may not actually want without realizing it. The signature
> checking means that those who prepare the downloads can no longer use
> the unmodified upstream binary. Which in turn might force them not to
> use Mozilla brands.
>
> Maybe this is a bit far-fetched, but after hours of staring at other
> people's code today, it seems pretty reasonable to me.
>
> But what do add-on developers do? Surely there is a way to disable this
> somehow?
Mozilla stated they will have to use the Developer Version (Aurora was
the name ?) or the nightlies ...
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the devel
mailing list