This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Firefox and not signed addon - how to bypass the error.

  • 9 replies
  • 1 has this problem
  • 9 views
  • Last reply by zygdresze

more options

Firefox 52.5.3. I would like to ask how to make possible of using not signed addon. The problem is I am using some addon which is no longer in development state, and author is not interesting on fixing exist bugs in it. It is signed so I can install it on my profile without any issue. I have corrected few problems on my own and for my personal use - the problem is the addon is no longer seen as signed. So Firefox persitently disable this addon at start.

I have found somewhere such solution: - if addon was signed before modification and was installed under given profile then it is enough to change in extensions.json entry from "signedState":2 to "signedState":1. I can admit that this make the addon work till the next day, then i need to modify extensions.json once again, and have working addon till next day. And so on, so on. Can I somehow force Firefox to use this addon without any limitation?

Firefox 52.5.3. I would like to ask how to make possible of using not signed addon. The problem is I am using some addon which is no longer in development state, and author is not interesting on fixing exist bugs in it. It is signed so I can install it on my profile without any issue. I have corrected few problems on my own and for my personal use - the problem is the addon is no longer seen as signed. So Firefox persitently disable this addon at start. I have found somewhere such solution: - if addon was signed before modification and was installed under given profile then it is enough to change in extensions.json entry from "signedState":2 to "signedState":1. I can admit that this make the addon work till the next day, then i need to modify extensions.json once again, and have working addon till next day. And so on, so on. Can I somehow force Firefox to use this addon without any limitation?

All Replies (9)

more options

Separate Security Issue: Update your Flash Player or remove it using these links; http://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html Uninstall Flash Player | Windows http://helpx.adobe.com/flash-player/kb/uninstall-flash-player-mac-os.html Uninstall Flash Player | Mac

Note: Windows users should download the ActiveX for Internet Explorer. and the plugin for Plugin-based browsers (like Firefox).

Note: Windows 8 and Windows 10 have built-in flash players and Adobe will cause a conflict. Install the plugin only. Not the ActiveX.

Flash Player Version: Version 29.0.0.113

https://get.adobe.com/flashplayer/ Direct link scans current system and browser Note: Other software is offered in the download. <Windows Only>

https://get.adobe.com/flashplayer/otherversions/ Step 1: Select Operating System Step 2: Select A Version (Firefox, Win IE . . . .) Note: Other software is offered in the download. <Windows Only> +++++++++++++++++++ See if there are updates for your graphics drivers https://support.mozilla.org/en-US/kb/upgrade-graphics-drivers-use-hardware-acceleration

more options

This will disable add-on signature enforcement; Firefox ESR version only. Enter about:config into your Firefox address bar Click the I Accept the Risk button Find xpinstall.signatures.required in the list Right click the preference Select Toggle until the value is false https://support.mozilla.org/en-US/kb/add-on-signing-in-firefox

more options

"xpinstall.signatures.required" has been left as a compatibility solution, and i am not quite sure if it will still work. But even if that work it will disable signature enforcement on every addon, and this is not quite what i need. I only need to lower the security for one specific addon. For example the method with "signedState":1 is working for few hours already, but I know it is still time limited (intentional or bug), and after next hours Firefox will finally inform me that addon was disabled. Maybe some settings which disable this timer? Or extend this timer somehow? Or is it a way to sign the addon without publishing it to community? I have generated proper CRC for all modified files but I can't bypass the same for main file in addon due to missing signature file.

more options

zygdresze said

Or is it a way to sign the addon without publishing it to community? I have generated proper CRC for all modified files but I can't bypass the same for main file in addon due to missing signature file.

Signing the legacy addon is not possible. You can only sign webextensions (with or without publishing).

more options

So it seems that there is no good solution, i am not interested in disabling signing enforcement for all addons, nor using nightly or development edition of FF. Total fail if You ask me.

more options

Why aren't you using the current ESR release (52.7.2)?

If you have set xpinstall.signatures.required to false then Firefox should allow you to install unsigned extensions. In case of issues with signing it normally helps to delete extensions.json (and possibly addons.json) to reset the extensions registry.

more options

cor-el powiedział

Why aren't you using the current ESR release (52.7.2)?

Without the reason, just not making updates too frequently. I have grown over the idea that each update is better than previous version. Now I rather think that "better is the worst enemy of good". It is from my experiences using different kind of software. Besides this subject has no meaning for my main question.

If you have set xpinstall.signatures.required to false then Firefox should allow you to install unsigned extensions.

And how good is the Mozilla verification process of addons? How can I be so sure that some addon won't be able to inject other, not signed addon?

I just don't want to disable signing enforcement for all addons, only for one specific, and legacy, where I fixed some bugs and use it for my own needs. Just when original author decided to stop playing with this addon, and do more interesting things. Nevermind, i don't expect more solutions for my question now.

more options

Please then Mark this as Solved with Your last answer as the Solution

more options

Pkshadow said

Please then Mark this as Solved with Your last answer as the Solution

Define "solved" firstly. In my opinion, there is no solution here. Workarounded (worse or better, no matter), but no "Solved". I don't see "workarounded" button anywhere.