Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1293874
Summary: | [DEBIAN] firefox: support for Fedora add-ons was removed | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Florian Weimer <fweimer> | ||||
Component: | firefox | Assignee: | Martin Stransky <stransky> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 22 | CC: | frh+fedora, gecko-bugs-nobody, jhorak, jpokorny, kevin, kevin, samuel-rhbugs, sgallagh, stransky | ||||
Target Milestone: | --- | Keywords: | Reopened | ||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | firefox-45.0.1-2.fc23 firefox-45.0.1-2.fc24 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2016-05-12 10:08:50 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Florian Weimer
2015-12-23 10:36:55 UTC
It turns out you can set xpinstall.signatures.required to false in about:config to restore the old behavior. Perhaps this should be the default for Fedora. New update (43.0.3) has the addon signing temporary disabled by upstream (Mozilla). Created attachment 1121298 [details]
Allow unsigned addons in /usr/{lib,share}/mozilla/extensions
Debian carries a patch that allows unsigned addons in /usr/{lib,share}/mozilla/extensions (see attachment). Perhaps this patch should be added to Fedora as well?
Let's see if Debian will ship this patch in their branded browser. If so we can do the same in Fedora. IMHO, while this patch fixes this particular bug (i.e., add-ons Fedora itself ships), it is not a sufficient solution for the problem as a whole. It limits support for unsigned add-ons to add-ons installed as root to system locations, preventing their installation through the normal browser mechanisms for add-on installation. (In reply to Kevin Kofler from comment #5) > IMHO, while this patch fixes this particular bug (i.e., add-ons Fedora > itself ships), it is not a sufficient solution for the problem as a whole. > It limits support for unsigned add-ons to add-ons installed as root to > system locations, preventing their installation through the normal browser > mechanisms for add-on installation. Kevin, talks are ongoing with Mozilla around how best to both allow add-ons and also to protect the user from malicious extensions (which are fairly common these days). No absolute consensus has been reached, but as a temporary solution, this is a considerable improvement. Also, it *could* be argued that the right to install an unsigned extension really does belong only to the root user of a machine, since A) they could do so anyway, since they already have privilege to install a modified Firefox and B) they are assumed to be a trusted, knowledgeable administrator of the system. That said, as noted elsewhere, I agree that the ideal case is for the user to have the ability to make their own choices, but at the same time I want them to be able to make properly-informed choices. That's a difficult balance to strike and one that we are actively working on finding. Debian patch for it: https://sources.debian.net/patches/firefox/45.0.1-1/debian-hacks/Allow-unsigned-addons-in-usr-lib-share-mozilla-exten.patch/ Added to firefox-45.0.1-2 firefox-45.0.1-2.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-035239c3d5 firefox-45.0.1-2.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2016-33be675c57 firefox-45.0.1-2.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-44d7ec40fd firefox-45.0.1-2.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-44d7ec40fd firefox-45.0.1-2.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-33be675c57 firefox-45.0.1-2.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-035239c3d5 firefox-45.0.1-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. firefox-45.0.1-2.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report. firefox-45.0.2-1.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2016-94582896cd firefox-45.0.2-1.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-94582896cd firefox-46.0-2.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2016-cdf8e2592e |