MozillaZine


unsigned extensions (again)

User Help for Mozilla Firefox
couldabeen

User avatar
 
Posts: 6729
Joined: September 9th, 2003, 11:24 am
Location: I'm Right Here

Post Posted August 15th, 2015, 9:31 am

Is there any way to bypass the gods of deprecation (defecation as i prefer to call it) and get around the unsigned and disabled extensions they have forced on us?

I don't want new ones that may be security problems, just to be able to continue using the ones I've had for a few years.

TIA
Last edited by DanRaisch on August 15th, 2015, 10:01 am, edited 1 time in total.
Reason: Minor edit for lanuage.
Free Your Mind, And Your A$$ Will Follow - Funkadelic, 1970

James
Moderator

User avatar
 
Posts: 27843
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Post Posted August 15th, 2015, 1:13 pm

Firefox 40: Firefox warns about signatures but doesn't enforce them.
Firefox 41: Firefox will have a preference that allows signature enforcement to be disabled (xpinstall.signatures.required in about:config).
Firefox 42: Release and Beta versions of Firefox 42.0 will not allow unsigned extensions to be installed, with no override

Only extensions (type 2 in install.rdf). Themes, dictionaries, language packs, and plugins don't need to be signed.

https://wiki.mozilla.org/Addons/Extension_Signing

Chaosas
 
Posts: 102
Joined: July 18th, 2004, 3:22 am

Post Posted August 15th, 2015, 3:10 pm

Guess it's a RIP for GMail Manager NG :(

WaltS48

User avatar
 
Posts: 5101
Joined: May 7th, 2010, 9:38 am
Location: Pennsylvania, USA

Post Posted August 15th, 2015, 3:41 pm

Chaosas wrote:Guess it's a RIP for GMail Manager NG :(


Why? The extension is signed.

Gmail Manager NG :: Add-ons for Firefox
Linux Desktop - AMD Athlon(tm) II X3 455 3.3GHz | 8.0GB RAM | GeForce GT 630
Windows Notebook - AMD A8 7410 2.2GHz | 6.0GB RAM | AMD Radeon R5

Manhart1

User avatar
 
Posts: 27
Joined: June 2nd, 2015, 3:02 pm
Location: Somewhere in the USA

Post Posted August 16th, 2015, 4:13 am

James, Moderator states:
Firefox 40: Firefox warns about signatures but doesn't enforce them.
Firefox 41: Firefox will have a preference that allows signature enforcement to be disabled (xpinstall.signatures.required in about:config). Firefox 42: Release and Beta versions of Firefox 42.0 will not allow unsigned extensions to be installed, with no override
Only extensions (type 2 in install.rdf). Themes, dictionaries, language packs, and plugins don't need to be signed.
What type of extensions are considered (type 2 in install.rdf? What about 3rd Party extensions? Will they be disabled as well once Firefox version 42.0 kicks in? I ask as I have an extension that is 3rd Party. I did remove it via Kaspersky's program as it does not affect Kaspersky's ability to monitor safety when I'm online but would like to reinstall it if it will continue to function properly once Firefox 42.0 kicks in. I need to know as I am not sure Kasperky's is signing the extensions which get put into the Extension section of Firefox by them. Here's a quote from a Moderator at the Kaspersky English Forum
The Kaspersky add-ons are not a problem. The Kaspersky add-ons themselves, per se, are ok/fine/groovy. The only problem is that someone has not signed something yet. No cause for anxiety. More information can be had by asking Tech Support.
The moderator then refers concerned forum members to this Firefox page in the matter: https://support.mozilla.org/en-US/kb/ad ... =inproduct as justification for their lax attitude concerning when someone at Kaspersky's will get around to signing their extension for Firefox and then closes out the topic.

Gingerbread Man

User avatar
 
Posts: 7735
Joined: January 30th, 2007, 10:55 am

Post Posted August 17th, 2015, 9:13 am

couldabeen wrote:get around the unsigned and disabled extensions they have forced on us?

All reviewed extensions hosted on AMO are signed now. Some third-party extensions may not be signed yet, but should be by the time signing is enforced.
That means you only have cause for concern if you're using abandoned extensions not hosted on AMO, or versions you've modified. In that case, you can submit them to be signed, without having them listed on the site.
Otherwise, you'd have to use either the unbranded version of Firefox (not available yet), or Firefox Developer Edition or Nightly, and disable signature checks. It's all answered in the link James posted: https://wiki.mozilla.org/Addons/Extension_Signing#FAQ
James wrote:Firefox 42: Release and Beta versions of Firefox 42.0 will not allow unsigned extensions to be installed, with no override

This has been pushed back to Firefox 43, and may be pushed back again if not enough third-party add-ons are signed by that time.
Manhart1 wrote:What type of extensions are considered (type 2 in install.rdf?

All extensions are type 2 add-ons.
Manhart1 wrote:What about 3rd Party extensions? Will they be disabled as well once Firefox version 42.0 kicks in?

Firefox 43 at the earliest. If they're unsigned, they'll be disabled.
Manhart1 wrote:I need to know as I am not sure Kasperky's is signing the extensions which get put into the Extension section of Firefox by them.

Mozilla is the one signing extensions. Third-party authors just have to submit them for signing. Backstory:

Manhart1

User avatar
 
Posts: 27
Joined: June 2nd, 2015, 3:02 pm
Location: Somewhere in the USA

Post Posted August 17th, 2015, 11:04 am

Gingerbread Man thank you for your response to my inquiries into the issue of unsigned extensions. One of my concern as I stated is Kaspersky's lax attitude toward getting their Third-party extension submitted to Firefox for signing. I also use a Third-Party proxy program [Proxify] that has an extension listed in the Add-Ons section. I guess I'll have to contact them and request they submit their Third-party extension to Firefox for signing. Please let me know the details of how the Proxify people go about contacting Firefox and if it is Mozilla.org, who do they specifically contact and by what means? If you prefer to keep this information confidential, feel free to PM me with the details.

James
Moderator

User avatar
 
Posts: 27843
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Post Posted August 17th, 2015, 1:41 pm

Gingerbread Man wrote:
James wrote:Firefox 42: Release and Beta versions of Firefox 42.0 will not allow unsigned extensions to be installed, with no override

This has been pushed back to Firefox 43, and may be pushed back again if not enough third-party extensions are signed by that time.

The person who made this change on https://wiki.mozilla.org/Addons/Extension_Signing reverted it back.

Manhart1

User avatar
 
Posts: 27
Joined: June 2nd, 2015, 3:02 pm
Location: Somewhere in the USA

Post Posted August 18th, 2015, 2:31 am

James : Thanks for advising that the person who made this change on https://wiki.mozilla.org/Addons/Extension_Signing reverted it back. However as previously stated, I do use a Third-Party proxy program [Proxify] that has an extension listed in the Add-Ons section and need to contact Proxify to request they submit their Third-party extension to Mozilla for signing. I, therefore, need to know who the Proxify people contact at Mozilla.org [i.e.: who specifically to contact and the method of contact]. If you prefer to keep this information confidential, please PM me with the details on who Proxify should contact and the method of contact to be employed by Proxify regarding contact.

the-edmeister

User avatar
 
Posts: 32249
Joined: February 25th, 2003, 12:51 am
Location: Chicago, IL, USA

Post Posted August 18th, 2015, 2:45 am

You can refer the Proxify developers to here:
https://developer.mozilla.org/en-US/Add ... stribution




.
A mind is a terrible thing to waste. Mine has wandered off and I'm out looking for it.

Manhart1

User avatar
 
Posts: 27
Joined: June 2nd, 2015, 3:02 pm
Location: Somewhere in the USA

Post Posted August 18th, 2015, 5:39 am

the-edmeister: thanks for the quick response to my question and have a great day. :D

couldabeen

User avatar
 
Posts: 6729
Joined: September 9th, 2003, 11:24 am
Location: I'm Right Here

Post Posted August 26th, 2015, 5:46 pm

Interesting discussion. Sorry so late getting back to read it. Health problems(don't like getting old!)
Free Your Mind, And Your A$$ Will Follow - Funkadelic, 1970

MarkRH

User avatar
 
Posts: 1304
Joined: September 12th, 2007, 2:30 am
Location: Edmond, OK

Post Posted August 26th, 2015, 5:58 pm

There are some extensions on AMO that say they are signed but Firefox still thinks they are not after a restart. HTML Validator is one: https://addons.mozilla.org/en-US/firefo ... src=search

I'm hunting for something to replace it. Sent an email to the author but no response yet. Fun stuff.

patrickjdempsey

User avatar
 
Posts: 23686
Joined: October 23rd, 2008, 11:43 am
Location: Asheville NC

Post Posted August 26th, 2015, 6:09 pm

There's probably not a darn thing the author can do as signing is done automatically by AMO, so it's their screwup.
Tip of the day: If it has "toolbar" in the name, it's crap.
What my avatar is about: https://addons.mozilla.org/en-US/seamonkey/addon/sea-fox/

TheVisitor
 
Posts: 5318
Joined: May 13th, 2012, 10:43 am

Post Posted August 26th, 2015, 6:16 pm

patrickjdempsey wrote:There's probably not a darn thing the author can do as signing is done automatically by AMO, so it's their screwup.



Anyone care to hazard a guess as how this whole fiasco of 'signing' is supposed to be 'more secure' when anything uploaded to AMO get's 'auto-signed' ? This is going to prevent messes like 'Conduit' how ?

Return to Firefox Support


Who is online

Users browsing this forum: No registered users and 5 guests