Mozilla postpones Firefox add-on signing enforcement
Mozilla announced back in February 2015 that the decision was made to introduce add-on signing to Firefox's extension system.
The idea behind the move was to eliminate the majority of malicious or invasive extensions by making add-on signatures mandatory.
Signatures are only generated for add-ons which go through a review process on Mozilla's official add-ons store before they are pushed to the store.
Since malicious extensions would fall through the cracks, it should reduce a number of common issues that Firefox users face day in day out.
Mozilla's initial plan was to start showing notifications that unsigned extensions are used in Firefox 40, to block extensions but provide an override in Firefox 41, and to make signed extensions mandatory in Firefox 42 by removing the override option in Firefox Stable and Beta.
Firefox Developer Edition and Nightly users can override the requirement, while Stable and Beta users cannot.
A recent discussion on Bugzilla indicates that the add-on signing enforcement has been postponed by two releases.
This means that it will become mandatory when Firefox 44 is released to the stable channel and not with the release of Firefox 42 as initially planned.
This is the new schedule as it stands currently:
- Firefox 40 - Warnings are shown if unsigned extensions are installed.
- Firefox 41 - Warnings continue to show up.
- Firefox 42 - Warnings are still displayed if unsigned add-ons are run.
- Firefox 43 - Add-ons without signatures are blocked by default, but there is an override that is available in all versions of the browser.
- Firefox 44 - Only signed add-ons can be installed in Firefox Stable and Beta. There is no override anymore for those editions of the browser. The override remains in Firefox Developer and Nightly.
Firefox 44 is scheduled to be released on January 26, 2016.
Mozilla plans to release unbranded versions of Firefox to provide add-on developers with options to test their add-ons in Stable and Beta releases of Firefox without having to go through the review process each time they update the add-on during development.
It is unclear why Mozilla made the decision to postpone the enforcement of signed add-ons in the web browser. (via SÃ¶ren Hentzschel)Advertisement