Méngale Njàngat yi
Add-on signing in Firefox
Njàngat 294119:
Njàngatu 294119 bu robwu ci
Njàngat 294159:
Njàngatu 294159 bu AliceWyman ci
Baat yi ëpp solo:
Tënkub njuréefi seet:
Learn about add-on signing and what to do if an extension you want to use could not be verified for use in Firefox.
Learn about add-on signing and what to do if an extension you want to use could not be verified for use in Firefox.
Ëmbiit:
[[Find and install add-ons to add features to Firefox|Add-ons]] that can change your browser's settings without your consent or steal your information have become increasingly common. Some add-ons can add unwanted toolbars or buttons, change your search settings or inject ads into your computer. Firefox does now verify that the add-ons you install have been signed by Mozilla, digitally. This article explains the ''add-on signing'' feature and how it works.
__TOC__
=What is add-on signing?=
Mozilla verifies and “signs” add-ons that follow a set of security guidelines. All add-ons hosted on [https://addons.mozilla.org addons.mozilla.org] have to go through this process in order to be signed. Add-ons hosted on other sites will need to follow the same guidelines in order to be signed by Mozilla.
{note}'''Developers:''' To learn more about the add-on signing guidelines, see [https://developer.mozilla.org/en-US/Add-ons/Distribution Signing and distributing your add-on] and [https://developer.mozilla.org/en-US/Add-ons/AMO/Policy/Reviews Review Policies] at ''MDN Web Docs''.{/note}
While Firefox currently has a [[Why does Mozilla disable some add-ons from running in Firefox?|blocklist]] system, it is becoming difficult to track and block the growing number of malicious or unverified add-ons. The add-on signing process requires developers to follow [https://developer.mozilla.org/en-US/Add-ons/AMO/Policy/Reviews Mozilla Developer guidelines]. Add-on signing in Firefox helps protect against browser hijackers and other [https://wikipedia.org/wiki/Malware malware] by making it harder for them to be installed.
Firefox prevents you from installing unsigned add-ons and disables any unsigned add-ons that are already installed.
=What types of add-ons need to be signed?=
[[Find and install add-ons to add features to Firefox#w_what-types-of-add-ons-can-i-install|Extensions]] (add-ons that add features to Firefox), [[Use the Firefox interface in other languages with language packs|language packs]] and [[Use themes to change the look of Firefox|Themes]] (add-ons that change the visual appearance of Firefox) need to be signed. Other types of add-ons do not need to be signed.
=Where would I encounter unsigned add-ons?=
Add-ons installed through the [https://addons.mozilla.org/firefox/ official Firefox Add-ons site] go through security checks before they are published. These add-ons are verified and signed. When you install an add-on through another website, Firefox checks to make sure that the add-on is digitally signed.
=What can I do if Firefox disables an installed add-on?=
If all of your add-ons have been disabled, your Firefox version may be out of date. See [https://support.mozilla.org/en-US/kb/root-certificate-expiration Update Firefox to prevent add-ons issues from root certificate expiration].
If an unsigned add-on is disabled, you won't be able to use it and the Add-ons manager will show a message that the add-on ''could not be verified for use in Firefox and has been disabled''. You can [[Disable or remove Add-ons#w_how-to-remove-extensions-and-themes|remove the add-on]] from Firefox and then reinstall a signed version from the [https://addons.mozilla.org/ Mozilla Add-ons site] if one is available.
If a signed version is not available, contact the add-on developer or vendor to see if they can offer an updated and signed version of that add-on. You can also ask them to [https://developer.mozilla.org/en-US/Add-ons/Distribution get their add-on signed].
==What are my options if I want to use an unsigned add-on? (advanced users)==
[[Template:aboutconfigwarning]]
<!-- Firefox 52 ESR (and future ESR versions) also allows the override. Ref: https://blog.mozilla.org/addons/2016/07/29/extension-signing-availability-of-unbranded-builds/#comment-222314 and https://support.mozilla.org/en-US/questions/1210341#answer-1091394 -->Firefox [https://www.mozilla.org/firefox/organizations/ Extended Support Release (ESR)], Firefox [https://www.mozilla.org/firefox/developer/ Developer Edition] and [https://nightly.mozilla.org/ Nightly] versions of Firefox will allow you to override the setting to enforce the extension signing requirement, by changing the preference {pref xpinstall.signatures.required} to {pref false} in the [[Configuration Editor for Firefox|Firefox Configuration Editor]] (''about:config'' page).<!--https://bugzilla.mozilla.org/show_bug.cgi?id=1454141--> To override the language pack signing requirement, you would set the preference {pref extensions.langpacks.signatures.required} to {pref false}. There are also special unbranded versions of Firefox that allow this override. See the Mozilla wiki article, [https://wiki.mozilla.org/Add-ons/Extension_Signing Add-ons/Extension Signing] for more information.
[[Find and install add-ons to add features to Firefox|Add-ons]] that can change your browser's settings without your consent or steal your information have become increasingly common. Some add-ons can add unwanted toolbars or buttons, change your search settings or inject ads into your computer. Firefox does now verify that the add-ons you install have been signed by Mozilla, digitally. This article explains the ''add-on signing'' feature and how it works.
__TOC__
=What is add-on signing?=
Mozilla verifies and “signs” add-ons that follow a set of security guidelines. All add-ons hosted on [https://addons.mozilla.org addons.mozilla.org] have to go through this process in order to be signed. Add-ons hosted on other sites will need to follow the same guidelines in order to be signed by Mozilla.
{note}'''Developers:''' To learn more about the add-on signing guidelines, see [https://developer.mozilla.org/en-US/Add-ons/Distribution Signing and distributing your add-on] and [https://developer.mozilla.org/en-US/Add-ons/AMO/Policy/Reviews Review Policies] at ''MDN Web Docs''.{/note}
While Firefox currently has a [[Why does Mozilla disable some add-ons from running in Firefox?|blocklist]] system, it is becoming difficult to track and block the growing number of malicious or unverified add-ons. The add-on signing process requires developers to follow [https://developer.mozilla.org/en-US/Add-ons/AMO/Policy/Reviews Mozilla Developer guidelines]. Add-on signing in Firefox helps protect against browser hijackers and other [https://wikipedia.org/wiki/Malware malware] by making it harder for them to be installed.
Firefox prevents you from installing unsigned add-ons and disables any unsigned add-ons that are already installed.
=What types of add-ons need to be signed?=
[[Find and install add-ons to add features to Firefox#w_what-types-of-add-ons-can-i-install|Extensions]] (add-ons that add features to Firefox), [[Use the Firefox interface in other languages with language packs|language packs]] and [[Use themes to change the look of Firefox|Themes]] (add-ons that change the visual appearance of Firefox) need to be signed. Other types of add-ons do not need to be signed.
=Where would I encounter unsigned add-ons?=
Add-ons installed through the [https://addons.mozilla.org/firefox/ official Firefox Add-ons site] go through security checks before they are published. These add-ons are verified and signed. When you install an add-on through another website, Firefox checks to make sure that the add-on is digitally signed.
=What can I do if Firefox disables an installed add-on?=
If all of your add-ons have been disabled, your Firefox version may be out of date. See [[Update Firefox to prevent add-ons issues from root certificate expiration]].
If an unsigned add-on is disabled, you won't be able to use it and the Add-ons manager will show a message that the add-on ''could not be verified for use in Firefox and has been disabled''. You can [[Disable or remove Add-ons#w_how-to-remove-extensions-and-themes|remove the add-on]] from Firefox and then reinstall a signed version from the [https://addons.mozilla.org/ Mozilla Add-ons site] if one is available.
If a signed version is not available, contact the add-on developer or vendor to see if they can offer an updated and signed version of that add-on. You can also ask them to [https://developer.mozilla.org/en-US/Add-ons/Distribution get their add-on signed].
==What are my options if I want to use an unsigned add-on? (advanced users)==
[[Template:aboutconfigwarning]]
<!-- Firefox 52 ESR (and future ESR versions) also allows the override. Ref: https://blog.mozilla.org/addons/2016/07/29/extension-signing-availability-of-unbranded-builds/#comment-222314 and https://support.mozilla.org/en-US/questions/1210341#answer-1091394 -->Firefox [https://www.mozilla.org/firefox/organizations/ Extended Support Release (ESR)], Firefox [https://www.mozilla.org/firefox/developer/ Developer Edition] and [https://nightly.mozilla.org/ Nightly] versions of Firefox will allow you to override the setting to enforce the extension signing requirement, by changing the preference {pref xpinstall.signatures.required} to {pref false} in the [[Configuration Editor for Firefox|Firefox Configuration Editor]] (''about:config'' page).<!--https://bugzilla.mozilla.org/show_bug.cgi?id=1454141--> To override the language pack signing requirement, you would set the preference {pref extensions.langpacks.signatures.required} to {pref false}. There are also special unbranded versions of Firefox that allow this override. See the Mozilla wiki article, [https://wiki.mozilla.org/Add-ons/Extension_Signing Add-ons/Extension Signing] for more information.