Commit c1e58594 authored by Georg Koppen's avatar Georg Koppen
Browse files

Bug 14970: Don't block our unsigned extensions

Mozilla introduced extension signing as a way to make it harder for an
attacker to get a malicious add-on running in a user's browser. See:
https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience
and https://blog.mozilla.org/addons/2016/01/22/add-on-signing-update/
for some background information.

Since ESR45 this feature is enabled by default and we exempt EFF's
HTTPS-Everywhere from this requirement.
parent 9a5eb16f
......@@ -2180,7 +2180,11 @@ BrowserGlue.prototype = {
);
AddonManager.getAddonsByIDs(disabledAddons).then(addons => {
for (let addon of addons) {
if (addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) {
// We don't need a false notification that our extensions are
// disabled. Even if they lack Mozilla's blessing they are enabled
// nevertheless.
if ((addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) &&
(addon.id !== "https-everywhere-eff@eff.org")) {
this._notifyUnsignedAddonsDisabled();
break;
}
......
......@@ -214,9 +214,15 @@ var gBrowser = {
},
};
// This function is the central check point to decide whether to show a warning
// about unsigned extensions or not. We want those warnings but only for
// extensions we don't distribute.
function isCorrectlySigned(addon) {
// Add-ons without an "isCorrectlySigned" property are correctly signed as
// they aren't the correct type for signing.
if (addon.id == "https-everywhere-eff@eff.org") {
return true;
}
return addon.isCorrectlySigned !== false;
}
......
......@@ -2207,6 +2207,11 @@ this.XPIDatabase = {
* True if the add-on should not be appDisabled
*/
isUsableAddon(aAddon) {
// Ensure that we allow https-everywhere
if (aAddon.id == "https-everywhere-eff@eff.org") {
return true;
}
if (this.mustSign(aAddon.type) && !aAddon.isCorrectlySigned) {
logger.warn(`Add-on ${aAddon.id} is not correctly signed.`);
if (Services.prefs.getBoolPref(PREF_XPI_SIGNATURES_DEV_ROOT, false)) {
......
......@@ -3834,6 +3834,7 @@ var XPIInstall = {
if (
XPIDatabase.mustSign(addon.type) &&
addon.id !== "https-everywhere-eff@eff.org" &&
addon.signedState <= AddonManager.SIGNEDSTATE_MISSING
) {
throw new Error(
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment