Add a periodic check to verify existing add-ons have valid signatures

RESOLVED FIXED

Status

()

enhancement
RESOLVED FIXED
5 years ago
4 years ago

People

(Reporter: dveditz, Unassigned)

Tracking

({meta})

unspecified
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox40+ fixed)

Details

Reporter

Description

5 years ago
If signing add-ons is required (bug 1038068) we need to make sure previously installed add-ons are not tampered with. Therefore we need to periodically re-verify their signatures. We should kick off an async thread to do so after start-up, and we should also re-check when a disabled add-on is re-enabled.

If an add-on has an invalid or missing signature we should note that on the add-on manager page much as we note vulnerable plugins.

If a currently enabled add-on is found to have an invalid signature we should alert the user that it has been tampered with and prompt them to restart Firefox with the add-on disabled. If we can get the signature check in before restartless add-ons are loaded we could block the load and simply inform the user and not have to force a restart, but I'm not hopeful we can afford to block startup to do that checking.
Reporter

Updated

5 years ago
Depends on: 1038072
Reporter

Updated

5 years ago
Component: Installer: XPInstall Engine → Add-ons Manager
Product: Core → Toolkit
No longer depends on: 1062388
Flags: firefox-backlog+
Flags: qe-verify?
Reporter

Updated

4 years ago
Assignee: nobody → dveditz
Points: --- → 5
No longer blocks: signed-addons
No longer depends on: 1062380
So based on the check being asynchronous we can't block startup to do this before add-ons are loaded. I'd say we don't necessarily have to do this immediately after startup either since it can be annoying to tell the user they have to restart so soon after starting and some users don't restart their browser for days. Instead we should just do this on a regular schedule, maybe even the same as the update checks.
Summary: Add a startup thread to verify existing add-ons have valid signatures → Add a periodic check to verify existing add-ons have valid signatures
[Tracking Requested - why for this release]:

First two stages of add-ons signing work are targeted at Firefox 39.
Thanks for the heads up, Dave. Tracking for 39+.
Assignee: dveditz → nobody
Points: 5 → ---
Flags: qe-verify?
Flags: firefox-backlog+
Keywords: meta
No longer depends on: 1062386
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
I guess 40 is fixed. Please contact me if it is not the case and we want an uplift.
You need to log in before you can comment on or make changes to this bug.