Firefox support HTTPS: No unsigned Addons in Firefox 42

Mozilla Firefox, world’s second most popular web browser, has now decided to deny any Addons and/or Extensions that are unsigned in their upcoming version, Firefox 42.

Mozilla announced, “Due to security reasons, unsigned Addons and Extensions will no longer be accepted as valid”. Now Firefox will simply give a warning such as; You are trying to install an unsigned Addon, do you want to proceed? if a user is trying to install an unsigned Addon.

Timeline: When Users Install Unsigned Addons

  • Firefox 40: Warned users about signatures, but they will not enforce them.
  • Firefox 41: Have a setting to disable signature enforcement.
  • Firefox 42: Beta version will not allow unsigned Addons to install.

Note: In older Firefox versions, all Addons/Extension will work fine without causing any errors/warning.

Firefox Addon SigningHere is a little more, as per Mozilla’s Addons/Extension Signing policy “Mozilla will begin requiring all extensions to be signed in order for them to be installable in Release and Beta versions of Firefox. The signing will be done through addons.mozilla.org (AMO) and will be mandatory for all extensions, regardless of where they are hosted.”

How Firefox Sign Addons?

If a Firefox Addon developer does not have a Mozilla account; he’ll need to create one, after signup/sign-in the developer can submit the Addon/Extension for review. Mozilla’s automated review system will the check the Addon submission.

If the automated reviewing system encounters any errors, the developer will then need to apply for a manual verification. Then, one of Mozilla’s moderators will review the Addon.

Mozilla’s new policy specifically says, the Addon developer can host their Addon either on Mozilla’s server or they can host on a third-party hosting service.

Note: Only Extension/Addons may be reviewed by the Mozilla team only. Dictionary, Themes, Language Packs, Plugins are excluded, so developers do not need to apply for the review.

Simply Sign Addons/Extensions with an SSL Certificate

Mozilla states that developers can secure their Addons/Extension using a trusted SSL certificate or Code Signing certificate from a globally recognized certificate authority such as; Comodo, GeoTrust, CERTUM, Thawte, Symantec (formerly Verisign).

SSL and Code Signing Certificates that are trusted by Firefox:

  • Comodo Code Signing Certificate
  • Thawte Code signing Certificate
  • Symantec (Verisign) Code Signing Certificate

If you want a secured environment for your Addon users, you can sign your extension using any of the above-listed certificates. This signing method will help convince the Mozilla moderators that you are putting user’s safety & security first, which will help to approve the Addon/Extension quickly.

 

1. Comodo Code Signing Certificate

It is an advanced-level digital signature solution, which is designed to secure software, application, codes, contents and scripts on the Internet. It’s fully compatible with Mozilla Firefox, and it ensures the strength of encryption 256-bit to protect software in the web browsers, and it also ensures a secure environment to protect Addon/extensions.

Comodo Code Signing Certificate enables the digital encryption technology to secure Addons from such as horrible cyber-attacks such as code tempering, data breaching, phishing, etc. Being a secure digital signature, COMODO Code Signing Certificate is fully supported by Mozilla to eliminate a scary web browser’s pop-ups & warning messages. It’s a comprehensive digital code signing security to enhance user’s perspective on the Internet to deliver the safest Mozilla Firefox web browsing while protecting data on the web.

Comodo Code Signing is the end-to-end package of digital signature and hence; it covers all the major web technologies such as Java, Microsoft, Apple Mac, Android, iOS, etc.

It is robust and reliable security & encryption technology to deliver security assurance to Mozilla Moderator’s and convince them for immediate authentication of Addon, so it can be used safely by the user.

You can find more detailed information about Comodo Code Signing and its features here.

Comodo Code Signing Features:

  • Full Compatible with Mozilla Firefox.
  • A Complete Trusted Digital Signature by Mozilla Firefox.
  • COMODO is the world’s remarkable Certificate Authority.
  • End-to-End Support of Multiple Web Technologies
  • Highly Recommended by Firefox for XPI signing
  • Revoke Web Browser Scary Warnings & Security Vulnerabilities
  • Highly Advisable Practice to Ge Validate Mozilla Addon/extension
  • The Cheapest Price in Code Signing Industry $73/year
  • Increase Your Addon/Extension Downloads with the Best Security.

2. Thawte Code Signing Certificate

Thawte Code Signing certificate is also a perfect solution for Addon developers. It digitally signs the Addon/extension codes, scripts, and content. Once the Addon is signed with a Thawte code signing, it won’t allow hackers to tamper, breach or change the Addon code/scripts/data in any way.

It’s compatible with Mozilla Firefox and gives that necessary security to Java applets, Java Software, Windows & Mac Software, Android & iOS Apps, Microsoft documents & files, etc… which provides trust & confidence to Addon users of various platforms.

As it is trusted by Mozilla Firefox, it will help the moderator understand that your Addon is encrypted with world’s most trusted security solution & will help sign your Addon as trusted quickly.

Go here for more detailed information on Thawte Code Signing.

Thawte Code Signing Features

  • Trusted & reliable solutions to sign Addons
  • Compatible with Mozilla Firefox
  • Secures Addon/Extension Codes & Scripts
  • Multiple Platform support
  • Eliminates security warnings
  • Boosts Addon/Extension Downloads

Internet users are increasing day by day, and user security is always a concern for the Mozilla team. The Mozilla team finally decided to deny any unsigned Addons/extensions. Mozilla is now encouraging Addon developers to digitally sign their Addon, so they can provide better security to their users.

Related Posts

Author

Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24/7 security teams.