Commit 86447348 authored Mar 30, 2017 by Georg Koppen Committed by Matthew Finkel Jul 21, 2020

Bug 14970: Don't block our unsigned extensions

Mozilla introduced extension signing as a way to make it harder for an
attacker to get a malicious add-on running in a user's browser. See:
https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience
and https://blog.mozilla.org/addons/2016/01/22/add-on-signing-update/
for some background information.

Since ESR45 this feature is enabled by default and we exempt EFF's
HTTPS-Everywhere from this requirement.

parent 45b51af7

browser/components/BrowserGlue.jsm

+5 −1

Original line number	Diff line number	Diff line
		@@ -1900,7 +1900,11 @@ BrowserGlue.prototype = {
		);
		AddonManager.getAddonsByIDs(disabledAddons).then(addons => {
		for (let addon of addons) {
		if (addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) {
		// We don't need a false notification that our extensions are
		// disabled. Even if they lack Mozilla's blessing they are enabled
		// nevertheless.
		if ((addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) &&
		(addon.id !== "https-everywhere-eff@eff.org")) {
		this._notifyUnsignedAddonsDisabled();
		break;
		}

toolkit/mozapps/extensions/content/aboutaddonsCommon.js

+6 −0

Original line number	Diff line number	Diff line
		@@ -186,9 +186,15 @@ var gBrowser = {
		},
		};

		// This function is the central check point to decide whether to show a warning
		// about unsigned extensions or not. We want those warnings but only for
		// extensions we don't distribute.
		function isCorrectlySigned(addon) {
		// Add-ons without an "isCorrectlySigned" property are correctly signed as
		// they aren't the correct type for signing.
		if (addon.id == "https-everywhere-eff@eff.org") {
		return true;
		}
		return addon.isCorrectlySigned !== false;
		}

toolkit/mozapps/extensions/internal/XPIDatabase.jsm

+5 −0

Original line number	Diff line number	Diff line
		@@ -2121,6 +2121,11 @@ this.XPIDatabase = {
		* True if the add-on should not be appDisabled
		*/
		isUsableAddon(aAddon) {
		// Ensure that we allow https-everywhere
		if (aAddon.id == "https-everywhere-eff@eff.org") {
		return true;
		}

		if (this.mustSign(aAddon.type) && !aAddon.isCorrectlySigned) {
		logger.warn(`Add-on ${aAddon.id} is not correctly signed.`);
		if (Services.prefs.getBoolPref(PREF_XPI_SIGNATURES_DEV_ROOT, false)) {

toolkit/mozapps/extensions/internal/XPIInstall.jsm

+1 −0

Original line number	Diff line number	Diff line
		@@ -3836,6 +3836,7 @@ var XPIInstall = {

		if (
		XPIDatabase.mustSign(addon.type) &&
		addon.id !== "https-everywhere-eff@eff.org" &&
		addon.signedState <= AddonManager.SIGNEDSTATE_MISSING
		) {
		throw new Error(