The following guide walks you through the steps of overriding the add-on signing enforcement in Firefox Stable and Beta. You will be able to install unsigned add-ons in Firefox versions in which this should not be possible.
Mozilla implemented the add-on signing security feature in Firefox some time ago, and made it mandatory in Firefox 48 for the Stable and Beta channel.
This means that Firefox users who run Stable or Beta versions of the browser can only install signed add-ons in the browser. Firefox Dev, Nightly and ESR users can install unsigned add-ons however after making a change in the preferences.
Add-on developers get access to unbranded Firefox builds which are stable versions of Firefox that still support the preference.
All add-ons submitted to Mozilla's main add-on repository are signed, but that is not necessarily the case for add-ons distributed through other channels.
Add-ons provided by applications, security software comes to mind, on development platforms like Github, and old add-ons that are not in development anymore, may not be signed. These add-ons cannot be installed in Firefox Stable or Beta in that case.
Update: The method does not seem to work anymore. You need to install and use Firefox ESR to disable add-on signing in the Firefox web browser (if you don't want to use Firefox Dev or Nightly builds).
All that is required in Firefox ESR is to set the preference xpinstall.signatures.required to False on about:config.
The method requires that you create two new files and place them in the main Firefox installation / run folder.
Please note that you are free to select any installation directory, and that you may run Firefox as a portable program as well. Adjust the program path accordingly. Make sure you place the file in the root program folder of Firefox.
Once done, you may once again install any add-on, signed or unsigned, in Firefox Stable or Beta just like before.
What happens in the background
You are probably wondering what the few lines of code do, and whether it is save or dangerous.
Without going into too many details, here is what is happening:
The first bits of code, those added to the config.js file, load one of Firefox's configuration files and remove information from the Signed_Types constant in that file. It so happens that this constant defines the types of add-ons and extensions that need to be signed for be installed.
You may remember that some extensions, themes for instance, don't need to be signed. So, the code clears the constant from all types of add-ons so that none requires signing.
The preferences in the second file tell Firefox to load the config.js file on start.
The method removes the add-on signing enforcement in Firefox. It is rather surprising that it is this easy, considering that one of the main arguments for enforcing add-on signing is security.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.