Commit a5c53802 authored by Georg Koppen's avatar Georg Koppen
Browse files

Bug 14970: Don't block our unsigned extensions 

Mozilla introduced extension signing as a way to make it harder for an
attacker to get a malicious add-on running in a user's browser. See:
https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience
and https://blog.mozilla.org/addons/2016/01/22/add-on-signing-update/
for some background information.

In ESR45 this feature is enabled by default and we exempt both our own
extensions and EFF's HTTPS-Everywhere from this requirement.
parent e8ea8344

browser/components/nsBrowserGlue.js

+7 −1
Original line number Diff line number Diff line
@@ -1131,7 +1131,13 @@ BrowserGlue.prototype = { 
          if (addon.type == "experiment")

            continue;



          if (addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) {

          // We don't need a false notification that our extensions are

          // disabled. Even if they lack Mozilla's blessing they are enabled

          // nevertheless.

          if ((addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) &&

              !(addon.id == "torbutton@torproject.org" ||

                addon.id == "tor-launcher@torproject.org" ||

                addon.id == "https-everywhere-eff@eff.org")) {

            this._notifyUnsignedAddonsDisabled();

            break;

          }

toolkit/mozapps/extensions/content/extensions.js

+8 −0
Original line number Diff line number Diff line
@@ -274,9 +274,17 @@ function loadView(aViewId) { 
  }

}



// This function is the central check point to decide whether to show a warning

// about unsigned extensions or not. We want those warnings but only for

// extensions we don't distribute.

function isCorrectlySigned(aAddon) {

  // Add-ons without an "isCorrectlySigned" property are correctly signed as

  // they aren't the correct type for signing.

  if (aAddon.id == "torbutton@torproject.org" ||

      aAddon.id == "tor-launcher@torproject.org" ||

      aAddon.id == "https-everywhere-eff@eff.org") {

    return true;

  }

  return aAddon.isCorrectlySigned !== false;

}

toolkit/mozapps/extensions/internal/XPIProvider.jsm

+14 −0
Original line number Diff line number Diff line
@@ -745,6 +745,14 @@ function isUsableAddon(aAddon) { 
  if (aAddon.type == "theme" && aAddon.internalName == XPIProvider.defaultSkin)

    return true;



  // Ensure that we allow torbutton, tor-launcher, and https-everywhere

  if (aAddon.id == "torbutton@torproject.org" ||

      aAddon.id == "tor-launcher@torproject.org" ||

      aAddon.id == "https-everywhere-eff@eff.org" ||

      aAddon.id == "meek-http-helper@bamsoftware.com") {

    return true;

  }



  if (mustSign(aAddon.type) && !aAddon.isCorrectlySigned) {

    logger.warn(`Add-on ${aAddon.id} is not correctly signed.`);

    return false;
@@ -3450,7 +3458,13 @@ this.XPIProvider = { 
          continue;

        }



        // Make sure Torbutton, TorLauncher, EFF's HTTPS-Everywhere and meek

        // are still working after an update.

        if (mustSign(addon.type) &&

            addon.id != "torbutton@torproject.org" &&

            addon.id != "tor-launcher@torproject.org" &&

            addon.id != "https-everywhere-eff@eff.org" &&

            addon.id != "meek-http-helper@bamsoftware.com" &&

            addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) {

          logger.warn("Refusing to install staged add-on " + id + " with signed state " + addon.signedState);

          seenFiles.push(stageDirEntry.leafName);