Request For Feedback: Ignoring signed add-ons in Firefox for Android

Mark Finkle mfinkle at
Thu Apr 4 21:23:02 PDT 2013

See bug 854934 for more details or to follow along. 

In order to easily support packaged apps in Firefox for Android, we want to use the same approach used by FirefoxOS. For FirefoxOS, we replaced the meaning of the "code signing" bit of the NSS root certificate database to mean "can sign packaged apps" instead of "can sign extensions." Doing the same thing in Firefox for Android is the simplest way forward, but has the drawback: We can't verify signed add-ons. 

The proposed plan is to ignore signed add-ons and treat them as unsigned add-ons. The are few if any signed add-ons, especially on Firefox for Android. Next steps are here: 

* Should this be a Firefox for Android change only? 
* Are there drawbacks to treating signed add-ons as unsigned add-ons? 
* What are we forgetting? 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the mobile-firefox-dev mailing list