Use old extensions forbidden in Firefox 48: poor decision?
In my opinion your decision of forcing the disabling of unsigned extensions with no override option is a poor one.
For the average user, it would have no real advantage as they wouldn't have been able to find the option to re-enable the extensions in the first place.
For the advanced user, it's harmful as you oblige them, me included, to downgrade the whole Firefox as to keep the needed extensions. So to prevent a small and remote security issue that an extension might or might not have, you create a much bigger and certain security issue forcing the use of an older version of the application.
Please rethink your policy because no one likes to have a strict mother controlling their life.
Chosen solution
the "unbranded" version (not called Firefox?)
It is labeled Nightly and uses the Nightly branding icons.
4th option that I neglected to mention is build Firefox from source code. https://developer.mozilla.org/en-US/docs/Mozilla/Developer_guide/Build_Instructions https://developer.mozilla.org/en-US/docs/Mozilla/Developer_guide/Build_Instructions/Simple_Firefox_build#Building
Personally, I will be using the ESR version until 3rd quarter 2017.
Read this answer in context 👍 1All Replies (5)
Possibly you haven't read all the hundreds (thousands?) of threads here where users unknowingly installed unsigned malware extensions that caused them enough pain to create an account here and post about the problem.
Our support article does list options for advanced users in the last section, other than using an old version: Add-on signing in Firefox.
I'm sure a lot of people would have been damaged by malware, but this doesn't change the fact that there are unsigned application that are not malware (mostly because who created them can't keep up with the updates of Firefox versions that comes out so frequently, or because who created them closed his activity). A grown up adult and specially a developer would know his risks and act accordingly.
I read all the possible links on the matter but it looks like that since version 48 the option do disable the signature check goes ignored by the browser and the only real solution is to postpone the inevitable installing version 45 ESR, which I have done today but that will end mid 2017.
Mozilla made the decision a long time ago to require Firefox extensions to be verified by Mozilla and to be signed. Regardless of what user think about that decision it is now being enforced on the Release and Beta channels. Don't like it, use a version from a different channel. It ain't going away just because users don't like it.
1. the "unbranded" version (aka add-on developer as the folder is named on the Mozilla servers) 2. use the Developer Edition 3. "hack Firefox" to override signing - http://www.largrizzly.net/firefox.html
I'm against signing as far as Mozilla not allowing "advanced users" from disabling it; overall or per extension.
malavock82 said
... it looks like that since version 48 the option do disable the signature check goes ignored by the browser and the only real solution is to postpone the inevitable installing version 45 ESR, which I have done today but that will end mid 2017.
The other option mentioned in the article is to use the Developer edition, which is two versions ahead (future Firefox 50) and is less stable. This could be a viable choice for more adventurous users.
There also is or will be something called the "unbranded" version (not called Firefox?), but I think it's not mentioned in the article yet because the initial release had some issues.
Chosen Solution
the "unbranded" version (not called Firefox?)
It is labeled Nightly and uses the Nightly branding icons.
4th option that I neglected to mention is build Firefox from source code. https://developer.mozilla.org/en-US/docs/Mozilla/Developer_guide/Build_Instructions https://developer.mozilla.org/en-US/docs/Mozilla/Developer_guide/Build_Instructions/Simple_Firefox_build#Building
Personally, I will be using the ESR version until 3rd quarter 2017.