Commit b69b60bb authored by Georg Koppen's avatar Georg Koppen
Browse files

Bug 14970: Don't block our unsigned extensions 

Mozilla introduced extension signing as a way to make it harder for an
attacker to get a malicious add-on running in a user's browser. See:
https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience
and https://blog.mozilla.org/addons/2016/01/22/add-on-signing-update/
for some background information.

In ESR45 this feature is enabled by default and we exempt both our own
extensions and EFF's HTTPS-Everywhere from this requirement.
parent f437ef83

browser/components/nsBrowserGlue.js

+7 −1
Original line number Diff line number Diff line
@@ -1244,7 +1244,13 @@ BrowserGlue.prototype = { 
          if (addon.type == "experiment")

            continue;



          if (addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) {

          // We don't need a false notification that our extensions are

          // disabled. Even if they lack Mozilla's blessing they are enabled

          // nevertheless.

          if ((addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) &&

              !(addon.id == "torbutton@torproject.org" ||

                addon.id == "tor-launcher@torproject.org" ||

                addon.id == "https-everywhere-eff@eff.org")) {

            this._notifyUnsignedAddonsDisabled();

            break;

          }

toolkit/mozapps/extensions/content/extensions.js

+7 −1
Original line number Diff line number Diff line
@@ -207,11 +207,17 @@ function loadView(aViewId) { 
  }

}



// This function is the central check point to decide whether to show a warning

// about unsigned extensions or not. We want those warnings but only for

// extensions we don't distribute.

function isCorrectlySigned(aAddon) {

  // temporary add-ons do not require signing

  if (aAddon.scope == AddonManager.SCOPE_TEMPORARY)

      return true;

  if (aAddon.signedState <= AddonManager.SIGNEDSTATE_MISSING)

  if ((aAddon.signedState <= AddonManager.SIGNEDSTATE_MISSING) &&

      !(aAddon.id == "torbutton@torproject.org" ||

        aAddon.id == "tor-launcher@torproject.org" ||

        aAddon.id == "https-everywhere-eff@eff.org"))

    return false;

  return true;

}

toolkit/mozapps/extensions/internal/XPIProvider.jsm

+12 −1
Original line number Diff line number Diff line
@@ -682,9 +682,14 @@ function isUsableAddon(aAddon) { 
      aAddon.signedState != AddonManager.SIGNEDSTATE_SYSTEM) {

    return false;

  }

  // temporary and system add-ons do not require signing

  // Temporary and system add-ons do not require signing. Neither do Torbutton

  // nor TorLauncher nor EFF's HTTPS-Everywhere nor meek.

  if ((aAddon._installLocation.name != KEY_APP_SYSTEM_DEFAULTS &&

       aAddon._installLocation.name != KEY_APP_TEMPORARY) &&

       aAddon.id != "torbutton@torproject.org" &&

       aAddon.id != "tor-launcher@torproject.org" &&

       aAddon.id != "https-everywhere-eff@eff.org" &&

       aAddon.id != "meek-http-helper@bamsoftware.com" &&

       mustSign(aAddon.type)) {

    if (aAddon.signedState <= AddonManager.SIGNEDSTATE_MISSING)

      return false;
@@ -3285,7 +3290,13 @@ this.XPIProvider = { 
          continue;

        }



        // Make sure Torbutton, TorLauncher, EFF's HTTPS-Everywhere and meek

        // are still working after an update.

        if (mustSign(addon.type) &&

            addon.id != "torbutton@torproject.org" &&

            addon.id != "tor-launcher@torproject.org" &&

            addon.id != "https-everywhere-eff@eff.org" &&

            addon.id != "meek-http-helper@bamsoftware.com" &&

            addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) {

          logger.warn("Refusing to install staged add-on " + id + " with signed state " + addon.signedState);

          seenFiles.push(stageDirEntry.leafName);