I'm pretty sure Mozilla will review and "sign" the SimplePass extension if HP (or the new publisher) submits it...

In the final release of Firefox 41, as in Firefox 40, the signing requirement is not enforced, there is only a warning. If yours says that the extension is blocked because it is not signed, please check the following setting:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste xpi and pause while the list is filtered

(3) If the xpinstall.signatures.required preference is bolded and "user set" to true, double-click it to switch it to false

If that is already set to false, then there must be some other problem with the add-on. Firefox 41 is just rolling out so I haven't heard other reports about SimplePass yet.

I dispair that Mozilla and HP/Softexinc will ever get their act together.

Firefox 43.0 sneaked into my machine yesterday (could have sworn I had "let me choose when to update" set, but there have been so many lately maybe I forgot. Why doesn't it remember my settings ???)

Anyway, 43.o insists that HP Simplepass 8, produced by Softexinc, is not signed and is therefore unsafe. Despite the fact we've all been using it for the past year or so - when we figured out how to make it run.

There are a LOT of HP laptops out there with fingerprint readers. Please don't make us go into the config and allow ALL unsigned add-ons !!!!

P.S. Softexinc has a suppoert question system. I asked them to get it signed - we'll see what they come back with.

A friend was asked earlier today to complete a Mozilla Survey re:Support Forums. He asked me to post part of his response. I decided that this question best represents the issue he raised, and for which there has been no full answer given. I will give this a bold title, followed by a line and what follows that will be part of his response, including a quote from the HP Forums:

HP SimplePass Users stuck with FF 39.0.3. ________________________________________________________________________________

For many of your users, with HP Laptops (Pavilion dv7 - with an essential biometric fingerprint reader, Win 7 Pro 64-Bit) you have chosen to leave us stuck at FF v39.0.3, and refuse to take the responsibility to allow HP SimplePass (6 series or 8 series) to actually work.

According to the HP "Forums" the fault is yours; "Like Chrome, Firefox has implemented a “we hate add-ons” policy for any Add-on that has not been screened by Firefox for security threats."

They are not broken - you simply refuse to screen them.

(They work just fine through Win 10.)

Would you please screen HP SimplePass (both versions) and allow them to work.

They are NOT security threats.

However, continuing to use a severely outdated browser is a major security threat to your users.

I used to recommend Firefox exclusively to my family, friends & acquaintances. That stopped several years ago, when Mozilla kept choosing (in multiple versions) to prevent SimplePass from functioning.

You are forcing many of us to start looking for another browser, I hate IE. (I have used Mozilla since the commercial version of "Netscape.")

Please provide support for SimplePass.

Note, I am just a Firefox user and support contributor, I don't work for Mozilla.

HP should have been aware of the new requirement of digital signing for extensions a full year ago. Feb 10, 2015 https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience/ With a follow up in mid-April. https://blog.mozilla.org/addons/2015/04/15/the-case-for-extension-signing/

jscher2000 posted a pref each user can set to override this requirement, which has been extended a number of times and is now set to expire with Firefox 46. How much more should Mozilla be expected to do? The user simply needs to toggle the pref xpinstall.signatures.required to false to override mandatory signing in their Firefox installation.

IMO, HP is being disingenuous by shifting the blame to Mozilla. Mozilla owns Firefox and they can do whatever the hell they want to do to protect their users from malware and potential security exploits, planned or inadvertent. Is HP any more 'special' than any other add-on developer? Do they think the 'rules' don't apply to their add-ons? Who do they think they are kidding by saying? "Like Chrome, Firefox has implemented a “we hate add-ons” policy for any Add-on that has not been screened by Firefox for security threats."

At least Mozilla didn't go as far as Apple did with their "walled garden" approach to Apps (add-ons for mobile devices) or entirely disallow non-native Javascript; and require Apps / add-ons to only be installed directly from Mozilla, as Apple did years ago with the iPhone an subsequent "mobile" devices. And IMO Google is sitting in the middle between what Apple requires and what Mozilla has done with the signing requirement. Plus, Mozilla allows "self-hosted" add-ons and add-ons that are included as part of an application that needs / wants to interface with Firefox (what HP is doing with that SimplePass application) ; no requirement that such add-on has to be available only from the official Add-ons website or in addition to how the add-on developer intends to supply their add-ons to their customers / clients.

The 'game' has changed, HP needs to quit whining, and own up to their responsibilities to their customers. And HP needs to stop spreading malicious misinformation and get with the program by submitting their add-on to Mozilla to get it signed, to support their software properly.

IMO, Mozilla should have done this many years ago - the 'code' for "verification of extensions" has been inside of Firefox for at least 8 years now; I saw "not verified" many thousands of times, each and every time I installed an extension in Release, Beta, Aurora, and Nightly versions, until it became mandatory for Release and Beta versions. I suspect the team leader who was working on "verification" initially was hired away from Mozilla by a competitor (probably went to Google to work on Chrome) and the "program" was kept on the "back burner" for way too long; because that fits my timeline for when "verification" first appeared in Firefox and the 'departure' of two key Mozilla developers.

Bottom line is that HP needs to submit their add-ons to Mozilla for signing and stop whining about "how unfair life is".

[quote]P.S. Softexinc has a support question system. I asked them to get it signed - we'll see what they come back with./quote

Perhaps I was lax in not reporting my information. Softexinc (the supplier of the software) replied to my Support request and indicated they have sent a new version of Simplepass to HP, who owns the product. It is up to HP to find time to verify the Add-on with Mozilla, they claim.

As the late January update of Firefox did NOT stop the work-around's effectiveness, I hadn't given it any thought. Simplepass is working on my latest and greatest Firefox (despite the threat to stop it.)

The only thing I noticed when the latest upgrade came in was that I had to disable/enable Simplepass to get it to start working.

First, thank you Fred2179 & jscher2000.

I had my friend download and install Firefox 44.0.2, then apply the tweak that jscher2000 suggested. Then I had him disable/enable SimplePass.

When neither of those worked, I had him do a "Repair" from the control panel, and a full shut down and reboot.

He is using the AuthenTec series 6 version, which is compatible with even Windows 10. (And which Mozilla has approved for at least 4+ years.)

The only quick solution that I see for him is to downgrade back to Firefox 39.0.3.

Any one else have any other ideas?

I am on 44.0.2 and Simplepass 8.1.46 is working fine. It is slow to activate, and I recommend the disable/enable trick a couple of times!

The Authentec version 6 is defunct, as Apple bought the company. I suggest an upgrade of Simplepass from the HP website.