Closed Bug 713321 Opened 13 years ago Closed 10 years ago

Plugin Finder Service should use Authenticode signature instead of a hard-coded sha1 hash to verify plugins on Windows

Categories

(Toolkit Graveyard :: Plugin Finder Service, defect)

Product:
Toolkit Graveyard
Component:
Plugin Finder Service
Platform:
All
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: briansmith, Unassigned)

Details

We should be able to specify the hash of the Authenticode signature used for signing the installer, instead of specifying the SHA1 hash of the plugin installer executable. That way, we don't have to update the hash every time the plugin vendor updates the plugin; we would only need to update the hash in the rarer case where the plugin vendor changes its Authenticode certificate.
Bug 836415 has now removed the Plugin Finder Service (PFS) from Firefox. As a result, I'm closing all the remaining PFS bugs.

If you're getting this bugmail for an ancient PFS bug, the basic summary of the world today is:

* NPAPI plugins are a dying technology
* PFS was already restricted to assisting with only the 4 most common plugins
* Sites commonly provide their own UI for install a required plugin
* Mozilla is generally focusing on  improving the web platform so that proprietary plugins are not required.

(Note that "plugins" are a completely separate from "browser extensions", such at those found on addons.mozilla.org. The latter are not going anywhere, and are not impacted by the removal of PFS.)
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
Product: Toolkit → Toolkit Graveyard
You need to log in before you can comment on or make changes to this bug.