Mozilla will enforce the signing of extensions in Firefox in Firefox 40. This particular version of Firefox is scheduled for release on August 11, 2015 to the stable channel.
Add-on signing refers to a new system implemented by Mozilla that requires extensions for Firefox to be signed by the organization in order to install them in stable and beta versions of the Firefox web browser.
Developers who want to make their extensions available to stable or beta users of Firefox need to get them signed through addons.mozilla.org (AMO) even if they plan to publish it only on third-party sites and not Mozilla's main add-ons repository.
All latest versions of extensions on Mozilla AMO are signed automatically. This means that Firefox users may run into issues when they try to install old versions of extensions hosted on AMO and extensions not hosted on the site or submitted to it for the signing process.
If that is the case, the following options are available to keep on using the add-on:
- Switch to Firefox ESR and modify the configuration to disable the add-on signing requirement.
- Switch to Firefox Developer or Firefox Nightly as they offer the same switch to disable add-on signing.
- Mozilla plans to release special builds for developers (so-called unbranded versions) which have the same preference.
- Switch to another browser based on Firefox, e.g. Pale Moon.
The current deployment timeline for signed extensions
- Firefox 40: Warnings are shown if unsigned add-ons are installed.
- Firefox 41: Add-on signing is enforced in stable and beta versions of the Firefox web browser. There is a preference that users can make use of to disable the requirement in this particular version.
- Firefox 48: Add-on signing is mandatory. The override is no longer working and there is no option available to install unsigned extensions on Stable or Beta Firefox versions.
It is unclear right now if the rule will be enforced for Firefox ESR as well. If that is the case, it would hit when the ESR channel reaches version 45. Mozilla plans to make the override switch available in Firefox ESR currently for the time being (meaning that the override will remain and not be removed).
How to disable the add-on signing enforcement
Firefox Stable, Beta and ESR users may use the preference xpinstall.signatures.required to disable the signing requirement in their version of the browser.
Stable and Beta users may only do so before their version of Firefox hits 41 while ESR users may use it afterwards as well.
- Type about:config in the browser's address bar and hit enter. This loads Firefox's main configuration page.
- Confirm the warning prompt if it appears.
- Search for the preference xpinstall.signatures.required.
- Double-click on it to toggle its value.
When you set it to false, you disable the add-on signing requirement.
Additional information about the feature are available on Mozilla's website.