Compare Revisions
Add-on signing in Firefox
Revision 104271:
Revision 104271 by AliceWyman on
Revision 110898:
Revision 110898 by AliceWyman on
Keywords:
Search results summary:
Firefox keeps you safe by blocking unverified and unsigned add-ons (extensions). Learn more about add-on signing.
Firefox keeps you safe by blocking unverified and unsigned add-ons (extensions). Learn more about add-on signing.
Content:
Add-ons that change your browser's settings without your consent or steal your information have become increasingly common. Some add-ons add unwanted toolbars or buttons, change your search settings or inject ads or malware into your device. This article explains how ''add-on signing'' protects you against such threats.
__TOC__
=What is add-on signing?=
Mozilla verifies and "signs" add-ons that follow a set of guidelines to ensure that users' information will not be stolen or manipulated. All add-ons hosted on addons.mozilla.org undergo this review process in order to be verified and signed. Add-ons hosted on other sites will need to follow the same guidelines in order to be signed by Mozilla.
Add-on signing '''targets only malware and browser hijacking'''. It does not control or censor the content that you choose to see.
{note}'''Developers:''' Learn more about add-on signing guidelines at [https://developer.mozilla.org/en-US/Add-ons/Add-on_guidelines Mozilla Developer Network].{/note}
{for fx43}
=What can I do if Firefox disables an installed, unsigned add-on?=
If any of your installed add-ons gets disabled because it hasn't been verified, contact the add-on developer or vendor to see if they can offer an updated and signed version of that add-on. You can also ask them to [https://developer.mozilla.org/en-US/Add-ons/Distribution get their add-on signed].
{/for}
{for =fx43}{note}'''Override add-on signing (advanced users):''' You can override this setting by changing the {pref xpinstall.signatures.required} preference to '''false''' in the [[Configuration Editor for Firefox|Firefox Configuration Editor]] (''about:config'' page). Support is not available for any changes made with the Configuration Editor so please do this at your own risk.{/note}{/for}
=How does add-on signing protect me?=
{for fx43}
Firefox protects you against malware and browser hijackers by allowing only verified and digitally signed add-ons to be installed on your browser.
{/for}
{for =fx40, =fx41, =fx42}
Firefox protects you against malware and browser hijackers by warning you about third-party add-ons that are not verified and digitally signed by Mozilla.
{/for}
{for not fx40}
{warning}To use this new feature, please [[Update Firefox to the latest version | update to the latest version of Firefox]]{/warning}
Newer versions of Firefox will protect you against malware and browser hijackers by warning you about and (starting in Firefox 43) blocking third-party add-ons that are not verified and digitally signed by Mozilla.
{/for}
While Firefox currently has a [[Add-ons that cause stability or security issues are put on a blocklist |blocklist]] system, it is increasingly difficult to track and block the growing number of malicious add-ons. The new add-on signing process requires developers to follow [https://developer.mozilla.org/en-US/Add-ons/Add-on_guidelines Mozilla Developer guidelines] and ensures that their add-ons are safe. {for =fx40, =fx41, =fx42} Firefox warns you when an add-on did not complete the signing process. For now you can still install the unverified add-on at your own risk, but starting with Firefox 43, such add-ons will get deactivated as well.{/for}
{for not fx43}
{note}Install add-ons only from developers you trust. Unverified add-ons may contain malware or hijackers that can alter your settings and steal your information.{/note}
{/for}
=What types of add-ons need to be signed?=
[[Find and install add-ons to add features to Firefox#w_what-types-of-add-ons-can-i-install|Extensions]] (add-ons that add features to Firefox) will need to be signed. Themes, language packs and plugins do not need to be signed.
=Where would I encounter unsigned add-ons?=
Add-ons installed through the [https://addons.mozilla.org/firefox/ official Firefox Add-ons site] undergo a rigorous review process before they are published. These add-ons are verified and signed.
When you install an add-on through another website, Firefox checks to make sure that the add-on has been digitally signed before you can install it.
Add-ons that change your browser's settings without your consent or steal your information have become increasingly common. Some add-ons add unwanted toolbars or buttons, change your search settings or inject ads or malware into your device. This article explains how ''add-on signing'' protects you against such threats.
__TOC__
=What is add-on signing?=
Mozilla verifies and "signs" add-ons that follow a set of guidelines to ensure that users' information will not be stolen or manipulated. All add-ons hosted on addons.mozilla.org undergo this review process in order to be verified and signed. Add-ons hosted on other sites will need to follow the same guidelines in order to be signed by Mozilla.
Add-on signing '''targets only malware and browser hijacking'''. It does not control or censor the content that you choose to see.
{note}'''Developers:''' To learn more about add-on signing guidelines, see [https://developer.mozilla.org/en-US/Add-ons/Distribution Signing and distributing your add-on] and [https://developer.mozilla.org/en-US/Add-ons/AMO/Policy/Reviews Review Policies] at Mozilla Developer Network.{/note}
{for fx43}
=What can I do if Firefox disables an installed, unsigned add-on?=
If any of your installed add-ons gets disabled because it hasn't been verified, contact the add-on developer or vendor to see if they can offer an updated and signed version of that add-on. You can also ask them to [https://developer.mozilla.org/en-US/Add-ons/Distribution get their add-on signed].
{/for}
{for =fx43}{note}'''Override add-on signing (advanced users):''' You can override this setting by changing the {pref xpinstall.signatures.required} preference to '''false''' in the [[Configuration Editor for Firefox|Firefox Configuration Editor]] (''about:config'' page). Support is not available for any changes made with the Configuration Editor so please do this at your own risk.{/note}{/for}
=How does add-on signing protect me?=
{for fx43}
Firefox protects you against malware and browser hijackers by allowing only verified and digitally signed add-ons to be installed on your browser.
{/for}
{for =fx40, =fx41, =fx42}
Firefox protects you against malware and browser hijackers by warning you about third-party add-ons that are not verified and digitally signed by Mozilla.
{/for}
{for not fx40}
{warning}To use this new feature, please [[Update Firefox to the latest version | update to the latest version of Firefox]]{/warning}
Newer versions of Firefox will protect you against malware and browser hijackers by warning you about and (starting in Firefox 43) blocking third-party add-ons that are not verified and digitally signed by Mozilla.
{/for}
While Firefox currently has a [[Add-ons that cause stability or security issues are put on a blocklist |blocklist]] system, it is increasingly difficult to track and block the growing number of malicious add-ons. The new add-on signing process requires developers to follow [https://developer.mozilla.org/en-US/Add-ons/AMO/Policy/Reviews Mozilla Developer guidelines] and ensures that their add-ons are safe. {for =fx40, =fx41, =fx42} Firefox warns you when an add-on did not complete the signing process. For now you can still install the unverified add-on at your own risk, but starting with Firefox 43, such add-ons will get deactivated as well.{/for}
{for not fx43}
{note}Install add-ons only from developers you trust. Unverified add-ons may contain malware or hijackers that can alter your settings and steal your information.{/note}
{/for}
=What types of add-ons need to be signed?=
[[Find and install add-ons to add features to Firefox#w_what-types-of-add-ons-can-i-install|Extensions]] (add-ons that add features to Firefox) will need to be signed. Themes, language packs and plugins do not need to be signed.
=Where would I encounter unsigned add-ons?=
Add-ons installed through the [https://addons.mozilla.org/firefox/ official Firefox Add-ons site] undergo a rigorous review process before they are published. These add-ons are verified and signed.
When you install an add-on through another website, Firefox checks to make sure that the add-on has been digitally signed before you can install it.