Add-on signing in Firefox
Revision Information
- Revision id: 103120
- Created:
- Creator: Tonnes
- Comment: haven't -> hasn't. Is "verified" OK here? (Verified/signed may be confusing here and there)
- Reviewed: Yes
- Reviewed:
- Reviewed by: heyjoni
- Is approved? Yes
- Is current revision? No
- Ready for localization: No
Revision Source
Revision Content
Add-ons that change your browser's settings without your consent or steal your information have become increasingly common. Some add-ons add unwanted toolbars or buttons, change your search settings or inject ads or malware into your device. This article explains how add-on signing protects you against such threats.
Table of Contents
What is add-on signing?
Mozilla verifies and "signs" add-ons that follow a set of guidelines to ensure that users' information will not be stolen or manipulated. All add-ons hosted on addons.mozilla.org undergo this review process in order to be verified and signed. Add-ons hosted on other sites will need to follow the same guidelines in order to be signed by Mozilla.
Add-on signing targets only malware and browser hijacking. It does not control or censor the content that you choose to see.
What can I do if Firefox disables an installed, unsigned add-on?
If any of your installed add-ons gets disabled because it hasn't been verified, contact the add-on developer or vendor to see if they can offer an updated and signed version of that add-on. You can also ask them to get their add-on signed by following the developer guidelines.
How does add-on signing protect me?
Newer versions of Firefox (version 40)(version 41 and above) protect you against malware and browser hijackers by warningblocking you against third-party add-ons that are not digitally signed and verified by Mozilla. To use this new feature, please update to the latest version of Firefox.
While Firefox currently has a blocklist system, it is increasingly difficult to track and block the growing number of malicious add-ons. The new add-ons signing process requires developers to follow Mozilla Developer guidelines to ensure that their add-ons are safe. Firefox protects you by warning you when an add-on has not been verified through this signing process, but you can still install the unverified add-on at your own risk.
Firefox protects you by allowing only digitally signed or verified add-ons to be installed on your browser. While Firefox currently has a blocklist system, it is increasingly difficult to track and block the growing number of malicious add-ons. The add-ons signing process requires developers to follow Mozilla Developer guidelines to ensure that their add-ons are safe.
What types of add-ons need to be signed?
Extensions (add-ons that add features to Firefox) will need to be signed. Themes, language packs and plugins do not need to be signed.
Where would I encounter unsigned add-ons?
Add-ons installed through the official Firefox Add-ons site undergo a rigorous review process before they are published. These add-ons are signed and verified.
When you install an add-on through another website, Firefox checks to make sure that the add-on has been digitally signed before you can install it.