It's not like setting MOZ_REQUIRE_SIGNING to false would allow running unsigned extensions outright. There is also about:config setting xpinstall.signatures.required, that is true by default and needs to be set false by the user before unsigned extensions can be installed.
The about:config setting is behind a grave warning about security ramifications if tampered with. Still, if user attempts to install unsigned extension, they are met with another warning dialog and even after accepting that the extension is marked with big warning label about being unverified in the add-ons manager. There is no way user could install unsigned extension by mistake. And indeed this "security hole" has been around for the last 5 years, yet there appears to be no related exploits. The bug certainly does not mention of any. As mentioned, the official way around this is to install one of the Firefox versions that has MOZ_REQUIRE_SIGNING set to false on default. On Windows that might be reasonable. However, none of these are available in Ubuntus repositories. It is not big hassle to install them from Mozillas own sources, but those installations will be user specific, are not covered by the usual update system and are missing any distribution specific patches. The options left for Ubuntu users (or Linux distro users in general) are not reasonable. So that's my take on the reasonability of this. I was really hoping more balanced approach could be taken. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1937343 Title: FireFox 90 unable to install unsigned webextensions Status in firefox package in Ubuntu: Invalid Bug description: Ubuntu 18.04 FireFox 90.0+build1-0ubuntu0.18.04.1 Steps: - Set xpinstall.signatures.required to FALSE in about:config - Attempt to install UNSIGNED extension from file (Install Add-on From File...) in about:addons Expected: - FireFox warns about unverified add-on but ALLOWS installation. Actual result: - FireFox prevents the installation. Installing unsigned extensions used to work on all FireFox versions before 90. Related question https://answers.launchpad.net/ubuntu/+question/698053 There appears to be at least one other affected person https://old.reddit.com/r/firefox/comments/ootacl/unverified_addon_not_working_anymore_since/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1937343/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
