Mozilla Add-ons Community Blog
Categories: compatibility developers documentation

Add-on Compatibility for Firefox 41

27 responses

Firefox 41 will be released on September 22nd. Here’s the list of changes that went into this version that can affect add-on compatibility. There is more information available in Firefox 41 for Developers, so you should also give it a look.

Extension signing

  • This is the first version of Firefox that will enforce our new signing requirements. Firefox 40 only warned about it. 41 will disable unsigned extensions by default. All AMO add-ons have already been signed and we’re in the process of reviewing non-AMO add-ons.

Update: the deadline has been extended to Firefox 43. The wiki page should always have the latest information.

General

XPCOM

New

Please let me know in the comments if there’s anything missing or incorrect on these lists. If your add-on breaks on Firefox 41, I’d like to know.

The automatic compatibility validation and upgrade for add-ons on AMO will happen in the coming weeks, so keep an eye on your email if you have an add-on listed on our site with its compatibility set to Firefox 40.

27 comments on “Add-on Compatibility for Firefox 41”

  1. niels wrote on

    Are ytou f* crazy or what? Because some STUPID users are too stupid to be careful if what they install as plugin, you simply forbid ALL users to install plugins? Unless they are checked and allowed for by Firefox headquarters??!! I say: the serious user NEEDS an option to install and use non-signed plugins / addons! Fuck the loosers that don;t understand the risks of being on the internet.

    1. Jorge Villalobos wrote on

      There are a number of ways you can install unsigned extensions in Firefox. The wiki page explains what they are.

      1. Adi wrote on

        link please 🙂

        1. Jorge Villalobos wrote on

          Oh, sorry about that: https://wiki.mozilla.org/Addons/Extension_Signing

  2. Kohei Yoshino wrote on

    Japanese translation: https://dev.mozilla.jp/2015/08/firefox-41-addon-compatibility/

    1. Jorge Villalobos wrote on

      Woo!

  3. Daniel wrote on

    What about add-ons that have not been reviewed yet? These do not seem to be signed and the review queue has more than 370 of those?

    1. Jorge Villalobos wrote on

      Yeah, we’re getting many new reviewers on board (both volunteers and paid) to get all queues down to normal levels.

  4. Robert Rex EDWARDS wrote on

    It is funny that the security programs were disabled by this build.
    My Trend Micro and McAfee no longer work.
    I am disabling this version on all computers until this is fixed.
    Very serious over site.

  5. Eph wrote on

    Is there a way for private add-ons to be installed without signing. The FAQ still says “stay tuned”. Is Firefox ESR the only way to go in this case?

    1. Jorge Villalobos wrote on

      There’s Nightly, Developer Edition, and unbranded builds of Release and Beta.

  6. Anwaar Fatima wrote on

    I have my add ons listed and signed
    https://addons.mozilla.org/en-US/firefox/addon/perapera-kun-japanese-popup-tr/

    . Unfortunately it is not working since firefox 40 has released. I am not sure what exactly is the gap. I tried changing the max version to 40.* also 99.*. But no luck.

    Please help me .
    Thanks & Regards,
    Anwaar Fatima

    1. Jorge Villalobos wrote on

      Please email amo-admins AT mozilla DOT org with the details.

  7. Jonah Bishop wrote on

    Today I distribute my extensions via both AMO and my personal website. They are the same binaries, with the sole exception being that the ones I distribute via my site use a custom updateURL. My site currently does not have an https connection mechanism, so I sign my update manifest with McCoy.

    How can I distribute signed binaries via my http-only site (or is that even possible)? It seems to me that it becomes a chicken and egg problem: I have to submit my extensions to AMO to sign them, but I also need the custom updateURL for the variant I distribute via my site. Last I knew, AMO rejected add-ons with a custom updateURL.

    Is what I’m striving to do impossible? If so, I guess I’ll just have to switch to AMO for my extension’s hosting…

    1. Jorge Villalobos wrote on

      You can submit your add-on to AMO and choose the Unlisted option. Unlisted add-ons can have an updateURL.

  8. Michael Kaply wrote on

    > Turn NewChannel deprecation warnings into assertions. We have warned about this before, and you can find the documentation of the new interface here.

    This one is confusing me. It seems to be saying that Services.io.newChannel and Services.io.newChannelFromURI don’t work anymore but they do without a problem.

    Also, the documentation you point to is for NetUtil.jsm, but the code changes are in nsIOService.cpp.

    The documentation:

    https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIIOService#newChannelFromURI%28%29

    says nothing of newChannelFromURI2 or newChannel2.

    What exactly is the change here?

    1. Jorge Villalobos wrote on

      The main changes are on this bug. The functions that are deprecated are those ending with ‘2’, and the original ones like newChannel changed slightly.

      1. Mike Kaply wrote on

        This patch:

        https://bug1162657.bmoattachments.org/attachment.cgi?id=8605523

        Specifically says that the non 2 ones are being deprecated and to use the 2 versions….

        and it’s in nsIOService.cpp.

        Did this change impact all IO Service or just NetUtil?

        1. Ben Bucksch wrote on

          Use the source, Mike

          Patch https://bug1125618.bmoattachments.org/attachment.cgi?id=8559982 deprecated NetUtils.newChannel2() and updates NetUtils.newChannel() with the new parameters. Please note that NetUtils are a wrapper around nsIIService and not the same as the latter.

          The source for nsIIOService http://mxr.mozilla.org/comm-central/source/mozilla/netwerk/base/nsIIOService.idl has both nsIIOService.newChannelForURI() and nsIIOService.newChannelForURI2(). Neither is marked deprecated, but only the 2 version has the new parameters.

          Your confusion comes from looking at the function names only, which are indeed confusing: use nsIIOService.newChannelForURI2() or NetUtils.newChannel().

          1. Mike Kaply wrote on

            If you look at the patch I referenced:

            https://bug1162657.bmoattachments.org/attachment.cgi?id=8605523

            and the source code:

            http://mxr.mozilla.org/mozilla-central/source/netwerk/base/nsIOService.cpp#676

            You’ll see that even though the IDL isn’t marked, the source says it is deprecated.

            NS_ASSERTION(false, “Deprecated, use NewChannelFromURI2 providing loadInfo arguments!”);

        2. Jorge Villalobos wrote on

          Yeah, that’s very confusing. It looks like the nsIOService changes deprecate the ‘non-2’ APIs, while the changes to NetUtils deprecate the ‘2’ APIs. I suppose NetUtils uses nsIOService, so they are connected. I would recommend using the JSM rather than the component directly, and focus on the changes done to the JSM.

  9. Asamoah wrote on

    this is so autocratic.. why do i get my add-on disabled by this new update????? kinda regret applying this update…

  10. Mike Bird wrote on

    What on earth were you thinking? Four of my add-ons I use for extra security are disable with \no way to run them even if we know what we are doing! Firefox is getting harder and harder to use and it is harder and harder to remember why I bother. This version is going on the scrap heap until you get real.

  11. bidpin wrote on

    Attached is from the wiki:

    What are my options if I want to install unsigned extensions in Firefox?

    The Developer Edition and Nightly versions of Firefox will have a setting to disable signature enforcement. There will also be special unbranded versions of Release and Beta that will have this setting, so that add-on developers can work on their add-ons without having to sign every build.

  12. vijay wrote on

    When it’s releasing ?

    1. Jorge Villalobos wrote on

      September 22nd.

  13. James van Zeeland wrote on

    Nice. Between google dropping npapi yesterday, firefox making plugin installation impossible and IE being IE (debugging an IE10/11 install failure presently on newly buiilt Win7 PC)

    I…don’t have a single browser I can use with the web based managed services solution I use.

    i ABSOLUTELY appreciate that chrome and hopefully firefox are both moving to more secure solutions and there will be some pain involved with that, but I have grave concerns regarding the growing tendency for software to be developed with a “legislate against stupidity” mindset – it is making it unreasonably difficult to get anything done.

    I have just returned from holidays to a rebuild workstation with a clean OS, and have spent all afternoon trying to get a fully functional browser installation. ANY BROWSER I DONT CARE AS LONG AS IT WORKS WITH THE PLUGIN I NEED.

    Firefox was briefly my expected new default browser, but….

    Seriously…. Beyond…. A…. Joke…..

    If this is the best we can do after a few decades of IT development – write software for idiots that prevents experienced “power” users from achieving a sane, viable solution in a sane and reasonable timeframe without performing hours of research or installing development beta code, then….

    No wonder the industry has such poor reputation.