One of the things that makes Mozilla’s Firefox browser so powerful is its support for third-party add-ons and extensions that can change the look or behavior of the browser. But some extensions could also pose risks or hijack your browser.

Earlier this year Mozilla announced plans to phase out support for unsigned extensions. Among other things, the move is designed to prevent extensions that you never meant to install from taking over your browser. And now we’re getting closer to the implementation of that plan.

The latest version of Firefox (version 40) will now show a warning when you attempt to install an unsigned browser extensions. Firefox 42 won’t let you install unsigned extensions at all.

firefox addons

Firefox 42 is currently available as an “aurora” pre-release build. When the beta launches on September 21st, it will no longer support unsigned extensions.

Firefox 42 is scheduled for a full release on November 3rd. That’s when it will roll out to all users.

Generally speaking, the move is designed to help keep Firefox users safe from unwanted browser extensions that install themselves in order to make money through affiliate links, redirect website requests to alternate pages, or spy on users.

But the updated behavior could also have unintended consequences. While Mozilla will review and sign extensions submitted to addons.mozilla.org, some developers might want to distribute their add-ons through different channels, and older extensions may no longer be supported even if they’re safe.

Mozilla isn’t the only company to make this kind of move though: Google no longer allows installation of Chrome browser extensions from outside of the Play Store. But at least Chrome offers exceptions for developers and enterprise users.

via Mozilla and Hacker News

Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker* and hate online shopping.

Contribute to our Patreon campaign

or...

Contribute via PayPal

* If you are using an ad blocker like uBlock Origin and seeing a pop-up message at the bottom of the screen, we have a guide that may help you disable it.

8 replies on “Firefox 42 won’t support unsigned extensions”

  1. I don’t think this is going to effect most people at all.
    According to the FAQ here:
    https://wiki.mozilla.org/Addons/Extension_Signing

    “We automatically signed reviewed versions of all add-ons currently
    hosted on AMO. All new versions will be signed automatically after they
    pass review”

    AMO is the Mozilla Add On site:
    https://addons.mozilla.org/en-US/firefox/

    That is where 99% of users get their Firefox Add-Ons from. As I read that even older no longer updated but still functioning extensions should be signed and working if they had been reviewed. And most have.
    I guess we’ll see.

  2. The link to the Moz wiki is broken, I suspect it should point to
    https://wiki.mozilla.org/Addons/Extension_Signing

    The discussion when this was initially unveiled was… heated, I guess you could say:
    https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience/

    Unfortunately it has broken my Gnome 3 and Ubuntu extensions, so I will dig around in about:config to see if there really is a kill switch… looks like xpinstall.signatures.required=false

  3. Its open source, right? Just build it without the check. (I’ve never built FF from source, so i’m not sure how hard it is.)

    I agree there should be some user override. Let people use and test malware if they want.

    1. It isn’t too hard to build on Linux, OSX is tougher (I haven’t tried in a while). No idea about Windows, but I would think it might be a little tricky.

  4. Im sure someone will release a modified version. I trust my own choices and have not had any issues with noscript by my side. I dont use any unsigned extensions but would definitely be seeking a modified install if possible just to avoid any speed bumps if the need does arise. Thanks for the info

    1. The Mozilla Wiki states:

      The Developer Edition and Nightly versions of Firefox will have a setting to disable signature checks. There will also be special unbranded versions of Release and Beta that will have this setting, so that add-on developers can work on their add-ons without having to sign every build.

  5. If Moz forbids me from installing an extension I want to install I will replace it with a browser from a source that doesn’t think it knows more than I do. Protect the users by default, don’t assume they are all just sheep.

Comments are closed.