Extension Signing: Availability of Unbranded Builds

Kev Needham

64 responses

With the release of Firefox 48, extension signing can no longer be disabled in the release and beta channel builds by using a preference. As outlined when extension signing was announced, we are publishing specialized builds that support this preference so developers can continue to test against the code that beta and release builds are generated from. These builds do not use Firefox branding, do not update automatically, and are available for the en-US locale only.

You can find links to the latest unbranded beta and release builds on the Extension Signing page as they come out. Additional information on Extension Signing, including a Frequently Asked Questions section, is also available on this page.

64 responses

  1. Luís Miguel (Quicksaver) wrote on :

    Are there any plans to add auto-updating ability to these builds? While not critical, it would certainly be useful, especially for minor updates (e.g. 48.0.0 to 48.0.1) which are easy to miss.

    1. Kev Needham wrote on :

      Hi Miguel,

      No plans currently, but it’s something I’ll keep an eye on.

  2. Sören Hentzschel wrote on :

    The beta builds for macOS are not working as expected. I installed the unbranded Beta build (was branded as “Nightly”, version 48.0b11), then I opened the about dialog and immediately an update was installed to Firefox 48.0 *with Firefox branding*.

    1. Kev Needham wrote on :

      Will look into this right away. Thanks, Sören.

      1. Piet wrote on :

        Here on Windows, the browser is called both “Mozilla Developer Preview” and “Nightly”. For example:

        Inside, it’s just called Nightly everywhere. Not even a mention of “Mozilla Developer Preview”. (Not that much of a problem, but thought I’d report anyway.)

        Also, the browser didn’t update for me, but it did appear to check for updates when opening “About Nightly”.

        1. Piet wrote on :

          Example got removed, here is it again: https://i.stack.imgur.com/iIZnr.png

  3. Rand wrote on :

    Have any decisions been made yet as to how to handle extension signing in future ESR builds of FireFox?

    1. Jorge Villalobos wrote on :

      ESR builds will continue to have the preference that allows you to disable signature enforcement. There are no plans to change that behavior.

      1. vosie wrote on :

        Does this mean that Firefox 52 and future ESR versions also will have this preference?

        1. Jorge Villalobos wrote on :

          Yes.

          1. Javier ‘DM’ wrote on :

            And how about hiding ‘Firefox’ brand completely, if the pref. for unsigned-addons is on?
            Or using another brand, eg. for corporative users.
            So for the brand and Mozilla POV (AFAIK), the brand won’t be seen at all in any Fx installation that enables unsigned addons.

  4. GrayFace wrote on :

    Without update support unbranded versions are useless. I need a fully-functional version of FireFox that can both update and load custom extensions. I won’t go into hassle of downloading each FF update manually nor will I go into hassle of signing an addon each time I make a change in it. (e.g. each time the DownloadHelper addon updates I changed it to remove free version watermark on ADP downloads) Now the only option available is to disable updates completely and forget about security. How could you mess everything so horribly?

    1. Anon wrote on :

      You could just install DevEdition or Nightly builds to have autoupdates and still be able to install unsigned .xpi’s.

      1. GrayFace wrote on :

        They are both pre-beta, which is the opposite of what I need.

  5. noone wrote on :

    In Firefox 47 I had xpinstall.signatures.required=false and I was using some unsigned addons which I wrote or edited myself.

    I updated to Firefox 48 which disabled the unsigned addons (it still had xpinstall.signatures.required=false).

    I got the latest unbranded build which is available now (Jul-30) and ran it (after closing the official 48), it still has xpinstall.signatures.required=false, but the unsigned addons were still disabled, also after few restarts of Firefox.

    Only when I set xpinstall.signatures.required=true (not sure if I had to restart after that, possibly yes), and then to false again – only then it re-enabled them. That sounds like a bug to me.

    1. Piet wrote on :

      Not exactly the same thing happened to me, but still:

      Installed Developer Preview, created clean profile and launched it, shut down Developer Preview, added file named the extension ID containing the path to the extension (as I’m working on an old XPI-based extension), figured out it was still disabled in about:addons because “unsigned”, went to about:config and noticed xpinstall.signatures.required was set to true, toggled the pref, restarted Developer Preview, got prompted to allow installation, allowed it, had to restart Developer Preview again, finally got it working.

      Really, if the the whole point of Developer Preview is to allow easy installation of unsigned extensions, then why make it so needlessly difficult?

  6. erosman wrote on :

    I have had my concerns with signing from the start and now with FF49 release, they have been validated.

    User Choice has been removed
    It is up to the user (and not Mozilla) to decide which addons user would like to install. The signing has taken away the users’ choice completely and forcibly. The fact that the users’ choice may or may not be a good one, is up to the user and the user alone.
    Users had a choice to select from reviewed and verified addons or riskier non-reviewed ones.
    (I am an addon reviewer with over 18,000 reviews.)

    Developer Choice has been removed
    As a developer, I believe addons should be developed and tested on a version that is used by the target users i.e. the stable release. The signing has taken away the developers’ choice completely and forcibly. Developers can no longer develop and test using the stable release (or even the beta) thus making the new policies less developer-friendly.

    1. hao hao wrote on :

      I’m totally agree with you erosman.
      I’ve gave up on chrome because they doesn’t allowed 3rd extension and now firefox. The new version firefox 48 sucks.

      1. llop wrote on :

        Abosulutely agree with erosman. Not having the choice to enable unsigned add-ons in firefox 48 sucks!

  7. trainman261 wrote on :

    This is so unnecessarily complicated. Can you just provide a simple installer that will replace the “standard” firefox with the unbranded firefox that is equivalent to the final release? I am not ready to bend over just because some genius over at Mozilla decided that I shouldn’t be running unsigned add-ons. This was one of the main reasons I have been using firefox – I pretty much ditched Chrome when it stopped supporting add-ons that aren’t from the Chrome Web Store. It’s MY system, not yours. Stop trying to tell me what I should be doing with MY system.

    1. hao hao wrote on :

      Yes you say the right things, I gave up firefox after it update to version 48.

  8. The_Falcon wrote on :

    FFS Firefox what were you thinking? You’ve decided to take away my comfort without an option to opt out. Now I have to waste my time looking for an older version and disable updating.

  9. Vladimir wrote on :

    Why do you did this? I need unsigned addons. Why do you forbid me to use them? Why should I to choose between addons and my native language support? I need russian version of firefox, that will be updating automatically, and that will allow me to use any addon I want. I really don’t care if it branded or unbranded, just make it usable. And remember, you decide to make things complicated, not me. So it’s your problem to solve this complications.
    P.S. special option in about:config was a better choice. Was this option enabled on too many installations, so you decide to kill this feature? If so, you are wrong, because widespread using of this option, mean just that it was useful option. Otherwise, it was not common problem, just leave us alone.
    P.P.S. links for unbranded builds from https://wiki.mozilla.org/Add-ons/Extension_Signing#Unbranded_Builds are broken (give a 404 error). All, except link for linux build.
    P.P.P.S what is “Treeherder” mean? I can’t even translate it from English. Is it some slang?
    P.P.P.P.S. Is it possible to sign addon without any mozilla participate? With my own signature, just like any other application? If not – why? Mozilla wants to decide, which addons are allowed and which are not? In such a state it’s not about safety. It’s about control. I don’t like when someone trying to control me.

    1. Noitidart wrote on :

      You can sign your own addon. You have to upload to addons.mozilla.org as “Unlisted”. No one will see it or be able to download it except you. After you download it, you can install it to stable/beta as before.

      1. Vladimir wrote on :

        But, as I understand, first I should register an account on addons.mozilla.org. Second I should obtain the key from Mozilla. Third – always when I sign my addon, I have to send it to Mozilla server.
        I depend on Mozilla on every step. It’s not like usual digital signing of application. In fact we have only one digital certificate provider here. That’s why I say, that it’s not about safety, but about control.
        Those who want to take control, always claim for safety. Maybe we should jailed thyself? Sitting in the cage supervised 24/7 it would be pretty safe.

  10. Bob wrote on :

    I want known & trusted & NEEDED add-ons to work on MY computer!

    Do NOT block me!! Otherwise I will dump version 48 and ultimately Firefox!

    Make xpinstall.signatures.required work again, or better add a SELECTIVE enablement to add-ons!

  11. Samantha wrote on :

    I wrote my own extensions. I know they are safe. I don’t have time to waste with signing. I need “xpinstall.signatures.required” to work. I now will be switching to Chrome because FF 48 breaks “xpinstall.signatures.required” and I can’t install my extensions.

    1. GrayFace wrote on :

      Chrome isn’t any better than FF in that regard. You can’t even publish an extension in their store without paying them (although they should be the ones paying extension developers and not vise versa).

  12. GrayFace wrote on :

    This starts to get into the realm clinical paranoia.
    I’ve posted a link for a fix fox this bug (the bug known as “mandatory extension signing”). Now my post is gone.

    Some legitimate extensions don’t even get signed. E.g. Selenium project’s old extension didn’t get signed because it’s a “potential risk”: https://twitter.com/tunabum/status/761652602303946752

    I call it a bug for a good reason. It doesn’t do anything good at all. It doesn’t improve security against new risks. Instead of installing a hidden extension a piece of malware could exploit (and hide) legitimate addons like Greasemonkey. There’s just no way to protect browser from being compromised if malware got full control over user machine, the whole idea of guarding against such case is ridiculous, to say the least.

    1. anon wrote on :

      So can you email what was the fix to the “bug” that you were linking that they took down?

  13. V wrote on :

    So called “unbranded” builds are nothing more then a nightly build with release update channel instead of nightly…
    @GrayFace:
    can you post the link again?

  14. Alphacinha wrote on :

    I regressed to 47.0.1 and will stay on it, monitoring Web talk on this.
    That’s because I use ChromeView and EmailThis, where I’ve raised the max version so they would install, and they work just fine.
    They do not appear to be signed, even though the name includes a .signed, and now even a -signed following that.
    Let me worry about what I use!
    Is Mozilla trying to emulate MS?

  15. Nighthawk wrote on :

    I fully agree with previous posts. Installing unsigned addons in the stable mainline build must be possible. This is not a niche / development feature! If I’d prefer a nanny browser I’d use Chrome more often.
    Make it optional again and all is fine.

    I just installed unbranded nightly and a much-needed addon without issues. Thanks for the links!

  16. Andi wrote on :

    That’s the worst decision Mozilla ever made.
    Now I must chose between your developer edition, chrome or a downgrade.
    For now I downgraded to 47, but I’ll give chrome a try.

    PS: With your decision to ingrease security, you forced me to use an outdated version…
    PPS: Sorry for my bad english

  17. Javier ‘DM’ wrote on :

    IDEA: Hide ‘Firefox’ brand at all, if the pref. for unsigned-addons is on!

    So if user has unsigned addons with release/beta, He/She *won’t* see any ‘Firefox’ brand!, as Mozilla intended AFAIK.
    – So there is no need for unbranded builds.
    – All trouble for so many users will be gone!
    – Of course, any addon that tries to *restore* Firefox brand won’t get approved.
    Regards!

    PS: no autoupdating for BETA (at least) is nonsense to me.

  18. John S wrote on :

    I haven’t use Firefox for a while, but decided to try 48 since it’s another new step for the browser. Can’t say I am impressed with it. Some site the navigate buttons don’t do anything, I can’t say it’s loading pages any faster with multi core support. I don’t use extensions, but concur with those who think signed extensions should be optional or at least a way for the user to use a unsigned one if they choose.
    Even Android allows for a side load app install but of course you risk goes up.

  19. Security4Casuals wrote on :

    Hi there,

    I’m incredibly disappointed, I can see why your client base is eroding when you make such unpopular decisions.

    You could have opted to educate the user with a tool tip and 3 disclaimer agreements or any combination of things to make you feel better at night and scare casuals off from using it, or at the very least so they can make an informed decision.

    Please re-enable this hidden option, I don’t think I’ve ever had my blood boil over a Mozilla decision in all the years I have used Firefox, but today is a major deal breaker.

  20. Joerg wrote on :

    With important addons now intentionally blocked, it seems like Mozilla is going the way of Apple in regards to user choice. It’s a really disappointing end to a browser that once broke the strangle hold of Microsoft. At this point I suppose the only option is to downgrade to 47 and start looking for a new browser to move to 🙁

  21. fuckyou wrote on :

    why are you doing this? you are just bullying power users off your browser.
    i want to use a newer version of an addon that takes ages to get verified, and i cannot disable this signing bullshit. stop being power hungry and pretending its security!

  22. Jerry wrote on :

    Firefox needs option, when set true, prompts YES/NO at load of each unsigned add-on encountered, to allow it, thus solving “THE PROBLEM” with mandatory signing. This should allow everybody with unsigned add-on to continue to function with minor hassle, while protecting the supposed security that mandatory (read forced) signing supposedly provides.

    The message could be composed as a warning, that to reply “Y” (or “YES” if developers think it best) would bypass signing for this plug-in, and will prevent Mozilla from protecting against this plugin being bogus, etc. Anyway, a warning message.

  23. Jerry wrote on :

    If I install the unbranded version to allow my unsigned, old Evernote clipper to work, will the unsigned version pick up and use the profile, config settings, and bookmarks (all the Firefox files) I already have set up on my standard 47.0.1 version?

    1. Nighthawk wrote on :

      Yes, it will work.
      You nevertheless should backup before any major changes:
      %appdata%/Mozilla/Firefox/Profiles

  24. Natalie Grossman wrote on :

    (1) There’s no link to a 32-bit Linux build on the wiki. An oversight? Not likely – I see a Win32 build. You’ve promised unbranded builds for over a year; please deliver on your promise.

    (2) “…/mozilla-release-[OS]-add-on-devel/…”? You’ve been calling this vaporware “unbranded builds” since you hit upon it as a way to pacify angry users. Why then obfuscate the name this way? Why hide the downloads on an apparently deserted internal wiki? If you don’t want to distribute it, then don’t distribute it. Otherwise, make an honest effort to do it right.

    1. Robert Cantangus wrote on :

      This is _extremely_ frustrating indeed.

  25. Kurt Garnjost wrote on :

    I have an extension that I have used for years. They still have a Web site, but I don’t think they are supporting it. The extension still worked great for me. It plainly did not include malicious code. But now, Firefox has arbitrarily disabled it with no way I can see to get it working again.

    I have been a faithful Firefox user for years. I run it on all six computers that I work on. Now I am being forced to move to another browser to keep this add on working (it still works in Safari). Incredibly annoying and obnoxious. Obviously, no one at Firefox cares they are losing faithful users.

    1. Anonymouse wrote on :

      Yeah, I’m in a similar boat. I use an extension that a friend of a friend made years ago for joke purposes. It’s never going to be signed and because Mozilla doesn’t think that their users can be smart enough to make case-by-case decisions about unsigned extensions, as of tonight I’m no longer able to use the extension.

      I used to love Firefox and think it was the best browser, but at this point I’m starting to feel like I should either switch browsers or do what I did with iTunes and just stop updating. Every single update messes something up–whether it’s UI (I think I have about 3 extensions installed to make it look like it used to), functionality (I had to install Session Restore because Firefox stopped being able to restore my sessions properly and it loses my pins and tabs a LOT), or this new “security” BS that is basically Mozilla serving a stinking shit sandwich to those of us who are actually computer literate–and I’m sick of it.

      I know we live in an era of “if it’s not broke, let’s break it!” style of unnecessary updates (and, honestly, if it was just bad UI/UX choices I would just deal with it) but this is just ridiculous. Why is it so hard for companies to understand that making things easy to use for people who don’t understand computers does NOT require taking away choices and options for advanced users? Like, is the concept of having settings for advanced users only really THAT mind-blowing?!?!

  26. manatlan wrote on :

    What a stupid idea !
    How to tell to my users (intranet only) to download/install another version of firefox to continue to work with our extension ?!? Should them downgrade to 47 and disable autoupdate ?!
    I won’t/can’t sign this extension (it’s for private usage, in a private space (intranet))
    WTF ?!

  27. Kostas wrote on :

    Disabling unsigned add-ons is probably the most stupid thing you people ever made!
    What were you thinking????
    Im about to give up on FF.

    Congratulations FF Developers!

  28. Hadi wrote on :

    This is terrible. What’s the actual logical reason behind this.
    This is just bad. i’m disappointed
    that’s all.

  29. gsdgdsgsdgsd wrote on :

    The only ONE reaseon why I still using firefox is the addons. I really love pentadactyl that is my favorite extension, and now, thanks to this feature I can’t use it, because the signature option can not be set to FALSE….

    This is the end of firefox ??? Only just a developers or programmers using firefox and you don’t allow them to install addons ?? Its okay if you do this on mobile platform, but the option of signature could only be changed manually to false !!!

    I think this decision should be enough to get your greatest marketing-manager fired!
    Your marketing process make the company falling into bankruptcy. Just check the statistics!

    For the users it does not matter what browser is used because they are following the trend… but it seems you would like to lose your remain fans too… umm… and I am just a user who really loves firefox…. and of course I will not go to download the nigthly or beta versions (because your sales are stupid) to use my favorite addon.. I am using the version which is provided by the package manager… and only the release versions are provided under arch linux ….

    1. Jorge Villalobos wrote on :

      Pentadactyl is signed.

  30. with firefox from ages wrote on :

    Sorry, bye bye Firefox, it is most stupid thing with this disabling unasign add-ons. I have many old working add-ons I need it and now I can not use it… oh, wait, I’m changing browser or leave older wersion of Firefox.

  31. Mitch wrote on :

    I am also getting very fed up with this.
    I’ve been a long time Firefox user, but it might be a good time to ditch Firefox and try out Edge and some other browsers.

  32. Jean W wrote on :

    Oh, I could take the extra time to train up on how to interact with AMO in order to continue to hack the most rewarding modern browser around.
    Or I could cut my losses and develop more contacts in the wider hacking community – you know… the one that
    has always helped us out here in client land use software to best suit our needs.
    Who’s to say that AMO won’t simply continue to pile conditions on conditions and who’s to say where it
    will all end up?
    My considered position is that I spent a lot of effort and coin to support the development of a truly community
    owned browser, only to have it walled off into just one more one-way corporate enclave away from us all, so
    why should I go on my knees to be allowed to hack it now?

    So far, it’s a piece of cake to hack 48 back to ignoring sigs.
    Let’s see what the corporates can do with everything when xml is binned?
    I look forward to the games.
    And I honestly can’t understand the logic behind on the one hand publishing a special unbranded release
    edition but not serving an auto-update channel. Passive aggression springs to mind.

  33. kebrus wrote on :

    Oh common…

    What is the point of removing the ability to change the setting? I really don’t get it, what harm could it do? It’s already a hidden setting, whats the idea? FFS… It’s MY computer, let me do whatever I feel like.

    Does anyone has a good alternative?

    1. Piet wrote on :

      Because less experienced users do sometimes install malicious extensions and blame Firefox for the resultant problems.

      Chrome disabled unsigned extensions for the same reasons. (Rogue extension developers then started replacing Chrome by a years-old version to get around that and creating dozens of differently-named clones, but still.)

      For the next few months, the Firefox 45-based extended support release will still allow unsigned extensions and receive security updates. After that… Nightly, Developer Edition or a fork like Pale Moon.

  34. Dev wrote on :

    I regressed to 47.0.1 and will stay on it.

    1. Piet wrote on :

      You can install the extended support release and receive security updates for a few more months.

  35. Disappointed wrote on :

    Disabling unsigned extensions is very disappointing.

    Surely it is hidden enough behind about:config and xpinstall.signatures.required.

    If a user wants to go to the trouble of researching and performing the above, then let them.

    At least give them a way. Don’t just strip away this hidden functionality.

    I suspect you will loose many users…

  36. Annoyed wrote on :

    I’m really disappointed and annoyed that this change has finally been made, despite all the people with concerns about it. Users should retain the choice about whether they want addon signing or not, without being cut off from the standard release cycle. I’m not sure what I’ll be doing yet, sticking with an older version, or jumping to a fork with actually cares about its users.

  37. Angry Fin wrote on :

    This is most hilarious decision… I’ve run the simplest of addons around and now it does not work, because you are scared about the average user breaking their browser? Please… if they know how to change a setting in about:config they know better ways to find false and harmful info your little change does not help those who are incapable to travel the web without getting cought in someones cunning webs. Cater those who care for your browser with passion as seen above!

    MAKE THE ADDON SIGNING IGNORABLE AS IT WAS IT FINE AS IT WAS… ffs

    Let us use the firefox how it was used until the addon no longer works due to changes done to core of your browser, but if you please just NOT destroy it with arbitrary reasonings for OUR SAFETY… We are fully aware of what we are running, thank you very much for your concern, allow us to be the reckless user we used to be for YEARS!

  38. FFUser wrote on :

    I have been a Firefox User since Version 1.5 and I always loved Firefox for respecting the user’s decisions and enjoyed tweaking the browser by about:config. I think, freedom of choice is a large aspect, why power users choose Firefox.

    A lot of regular internet users passed on to Chrome anyway. Do you really want to risk losing your power users as well?

  39. saadi wrote on :

    Oh, I could take the extra time to train up on how to interact with AMO in order to continue to hack the most rewarding modern browser around.
    Or I could cut my losses and develop more contacts in the wider hacking community – you know… the one that
    has always helped us out here in client land use software to best suit our needs.
    Who’s to say that AMO won’t simply continue to pile conditions on conditions and who’s to say where it
    will all end up?
    My considered position is that I spent a lot of effort and coin to support the development of a truly community
    owned browser, only to have it walled off into just one more one-way corporate enclave away from us all, so
    why should I go on my knees to be allowed to hack it now? facebook auto like

  40. Nils S wrote on :

    Okay thx FF Team, staying on 47 4ever.

    Bullsh*t change.