FF v56 won't honor about:config pref. "xpinstall.signatures.required" being changed from True to False. Still won't allow install of unsigned legacy plugin.
Running FF v56.0.2 (do NOT suggest updating in ignorance--I'm running this for access to almost 10,000 .mht files). Tried to install an update to the legacy NPAPI extension NoScript (v5.1.8.7), but Firefox pops up the message "This add-on could not be installed because it has not been verified." This occurs AFTER having changed the about:config preference "xpinstall.signatures.required" from "True" to "False". Why is Firefox not honoring the preference change? Especially considering Mozilla won't allow signing of legacy add-ons; this is the only alternative.
All Replies (3)
Where did you find 5.1.8.7? The latest legacy version I see on AMO is 5.1.8.4: https://addons.mozilla.org/firefox/addon/noscript/versions/?page=2#version-5.1.8.4
The "xpinstall.signatures.required" preference stopped have an effect in the regular release of Firefox around version 48. You can go back in the forum archives to track it down more exactly if you like, but it was long, long ago.
See also: Add-on signing in Firefox
Latest version on the developer's site (https://noscript.net/getit#classic). Incidentally addresses recent security flaw in previous versions (v5.1.8.6 and earlier); see https://www.zdnet.com/article/exploit-vendor-drops-tor-browser-zero-day-on-twitter/. As you noted, the last couple of legacy updates don't appear on AMO, but they still installed just fine on FF v56 without having to toggle the xpinstall.signatures.required preference, interestingly. Available from same developer's site (also have question posted to that forum). Didn't know that preference no longer has an effect--but that also begs the question why it's in there at all if it's useless.
Please dont continue to run an unsafe version of Firefox. Please update to 62 or later. Firefox 56 is not safe or stable.