unsigned extensions (again)
User Help for Mozilla Firefox
22 posts • Page 1 of 2 • 1, 2
Is there any way to bypass the gods of deprecation (defecation as i prefer to call it) and get around the unsigned and disabled extensions they have forced on us?
I don't want new ones that may be security problems, just to be able to continue using the ones I've had for a few years.
Last edited by DanRaisch on August 15th, 2015, 10:01 am, edited 1 time in total.
Reason: Minor edit for lanuage.
Free Your Mind, And Your A$$ Will Follow - Funkadelic, 1970
Firefox 40: Firefox warns about signatures but doesn't enforce them.
Firefox 41: Firefox will have a preference that allows signature enforcement to be disabled (xpinstall.signatures.required in about:config).
Firefox 42: Release and Beta versions of Firefox 42.0 will not allow unsigned extensions to be installed, with no override
Only extensions (type 2 in install.rdf). Themes, dictionaries, language packs, and plugins don't need to be signed.
Guess it's a RIP for GMail Manager NG
Why? The extension is signed.
Gmail Manager NG :: Add-ons for Firefox
Linux Desktop - AMD Athlon(tm) II X3 455 3.3GHz | 8.0GB RAM | GeForce GT 630
Windows Notebook - AMD A8 7410 2.2GHz | 6.0GB RAM | AMD Radeon R5
James, Moderator states:
What type of extensions are considered (type 2 in install.rdf? What about 3rd Party extensions? Will they be disabled as well once Firefox version 42.0 kicks in? I ask as I have an extension that is 3rd Party. I did remove it via Kaspersky's program as it does not affect Kaspersky's ability to monitor safety when I'm online but would like to reinstall it if it will continue to function properly once Firefox 42.0 kicks in. I need to know as I am not sure Kasperky's is signing the extensions which get put into the Extension section of Firefox by them. Here's a quote from a Moderator at the Kaspersky English Forum
The moderator then refers concerned forum members to this Firefox page in the matter: https://support.mozilla.org/en-US/kb/ad ... =inproduct as justification for their lax attitude concerning when someone at Kaspersky's will get around to signing their extension for Firefox and then closes out the topic.
All reviewed extensions hosted on AMO are signed now. Some third-party extensions may not be signed yet, but should be by the time signing is enforced.
That means you only have cause for concern if you're using abandoned extensions not hosted on AMO, or versions you've modified. In that case, you can submit them to be signed, without having them listed on the site.
Otherwise, you'd have to use either the unbranded version of Firefox (not available yet), or Firefox Developer Edition or Nightly, and disable signature checks. It's all answered in the link James posted: https://wiki.mozilla.org/Addons/Extension_Signing#FAQ
This has been pushed back to Firefox 43, and may be pushed back again if not enough third-party add-ons are signed by that time.
All extensions are type 2 add-ons.
Firefox 43 at the earliest. If they're unsigned, they'll be disabled.
Mozilla is the one signing extensions. Third-party authors just have to submit them for signing. Backstory:
Gingerbread Man thank you for your response to my inquiries into the issue of unsigned extensions. One of my concern as I stated is Kaspersky's lax attitude toward getting their Third-party extension submitted to Firefox for signing. I also use a Third-Party proxy program [Proxify] that has an extension listed in the Add-Ons section. I guess I'll have to contact them and request they submit their Third-party extension to Firefox for signing. Please let me know the details of how the Proxify people go about contacting Firefox and if it is Mozilla.org, who do they specifically contact and by what means? If you prefer to keep this information confidential, feel free to PM me with the details.
The person who made this change on https://wiki.mozilla.org/Addons/Extension_Signing reverted it back.
James : Thanks for advising that the person who made this change on https://wiki.mozilla.org/Addons/Extension_Signing reverted it back. However as previously stated, I do use a Third-Party proxy program [Proxify] that has an extension listed in the Add-Ons section and need to contact Proxify to request they submit their Third-party extension to Mozilla for signing. I, therefore, need to know who the Proxify people contact at Mozilla.org [i.e.: who specifically to contact and the method of contact]. If you prefer to keep this information confidential, please PM me with the details on who Proxify should contact and the method of contact to be employed by Proxify regarding contact.
You can refer the Proxify developers to here:
https://developer.mozilla.org/en-US/Add ... stribution
A mind is a terrible thing to waste. Mine has wandered off and I'm out looking for it.
the-edmeister: thanks for the quick response to my question and have a great day.
Interesting discussion. Sorry so late getting back to read it. Health problems(don't like getting old!)
Free Your Mind, And Your A$$ Will Follow - Funkadelic, 1970
There are some extensions on AMO that say they are signed but Firefox still thinks they are not after a restart. HTML Validator is one: https://addons.mozilla.org/en-US/firefo ... src=search
I'm hunting for something to replace it. Sent an email to the author but no response yet. Fun stuff.
My Firefox Config
There's probably not a darn thing the author can do as signing is done automatically by AMO, so it's their screwup.
Tip of the day: If it has "toolbar" in the name, it's crap.
What my avatar is about: https://addons.mozilla.org/en-US/seamonkey/addon/sea-fox/
Anyone care to hazard a guess as how this whole fiasco of 'signing' is supposed to be 'more secure' when anything uploaded to AMO get's 'auto-signed' ? This is going to prevent messes like 'Conduit' how ?
22 posts Page 1 of 2 • 1, 2
Who is online
Users browsing this forum: No registered users and 2 guests