If signing add-ons is required (bug 1038068) we need to make sure previously installed add-ons are not tampered with. Therefore we need to periodically re-verify their signatures. We should kick off an async thread to do so after start-up, and we should also re-check when a disabled add-on is re-enabled. If an add-on has an invalid or missing signature we should note that on the add-on manager page much as we note vulnerable plugins. If a currently enabled add-on is found to have an invalid signature we should alert the user that it has been tampered with and prompt them to restart Firefox with the add-on disabled. If we can get the signature check in before restartless add-ons are loaded we could block the load and simply inform the user and not have to force a restart, but I'm not hopeful we can afford to block startup to do that checking.
Component: Installer: XPInstall Engine → Add-ons Manager
Product: Core → Toolkit
So based on the check being asynchronous we can't block startup to do this before add-ons are loaded. I'd say we don't necessarily have to do this immediately after startup either since it can be annoying to tell the user they have to restart so soon after starting and some users don't restart their browser for days. Instead we should just do this on a regular schedule, maybe even the same as the update checks.
Summary: Add a startup thread to verify existing add-ons have valid signatures → Add a periodic check to verify existing add-ons have valid signatures
[Tracking Requested - why for this release]: First two stages of add-ons signing work are targeted at Firefox 39.
Thanks for the heads up, Dave. Tracking for 39+.
Assignee: dveditz → nobody
Points: 5 → ---
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
I guess 40 is fixed. Please contact me if it is not the case and we want an uplift.
You need to log in before you can comment on or make changes to this bug.