Firefox for Android will enforce add-on signing, and will retain a preference - which will be removed in a future release - to allow the user to disable signing enforcement. Release and Beta versions of Firefox for Desktop will not allow unsigned extensions to be installed, with no override.
The Case for Extension Signing, Add-ons Blog.Ĭheck the Firefox Release Calendar for specific dates.Introducing Extension Signing, Add-ons Blog.If the add-on is signed with the staging root, in Nightly you need to set the pref `-root = true` to tell Firefox to verify it.If the add-on is a hotfix, the add-on ID must match the pref `` (currently and the public key hash of the end-entity cert must match the fingerprints set in `.1.sha1Fingerprint` or `.2.sha1Fingerprint`.If the add-on is a Mozilla Extension, the OU of the EE cert must be set to "Mozilla Extensions".If the add-on is a system add-on, the Organizational Unit (OU) of the end-entity certificate must be set to "Mozilla Components".There are three special cases of add-ons developed by Mozilla: System add-ons, Mozilla Extensions and Hotfixes. verify all files in the XPI are listed in `manifest.mf`.verify the hashes of all files in the XPI match the hashes stored in `manifest.mf`.verify the hash of `manifest.mf` matches the hash stored in `mozilla.sf`.verify the signing cert chains back to the Firefox Root CA.verify the signature of `mozilla.sf` using `mozilla.rsa`.When installing add-ons, Firefox does the following verifications: The root cert is not stored in the document
SHA1-Digest-Manifest: 82zZH0Aq6GaTNMq+PnBlzep6fEA=īoth the end-entity and the intermediate certificates are also stored in the MD5-Digest-Manifest: OlmmwIHcPmhoIt4uMxdh8A= $ openssl cms -verify -inform der -in META-INF/mozilla.rsa -content META-INF/mozilla.sf -CAfile .ca.crt -purpose any
0 kommentar(er)
