User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:220.127.116.11) Gecko/2008070208 Firefox/3.0.1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:18.104.22.168) Gecko/2008070208 Firefox/3.0.1 I can't tell you how sad it makes me that I can't seem to re-install Spoofstick for Firefox on version 3 of Firefox. This is one of the most useful tools I've ever found for quickly checking whether I'm actually on the website I think I'm on, without the cumbersome inconvenience of having a sidebar that takes up valuable horizontal space. More frustrating still is this: I've already modified the "maxversion" attribute of the old install.rdf file to allow the extension to install on any version of Firefox up to 3.9, a tactic that always worked with previous versions of Firefox. The Addons page cited above SEEMS to indicate that if one only opens an account with the Addons people, one will be allowed to install Spoofstick as an "experimental" option; well, I did that, and it still won't install. I understand that Corestreet has pretty much abandoned this extension and doesn't provide updates, but really, there's nothing to update. It's a very simple tool that does what it does very effectively, and it makes me want to tear my hair out that I can no longer use it-- except on Internet Explorer. I'd rather not go to all the trouble of uninstalling Firefox 3 and reinstalling the latest version of 2, but really, from my point of view, disallowing installation of Spoofstick in its original version is a major step for the worse. Reproducible: Always Steps to Reproduce: 1. Go to extensions search page cited above. 2. Open new Addons account in order to, theoretically, get permission to install Spoofstick as an experimental extension. 3. Try to actually install Spoofstick. You can even try using a modified version of the .xpi file, in which the "maxversion" value in the contained install.rdf file has been changed to 3.9, 3.1 or whatever. Actual Results: "Incompatible extension" window states "Spoofstick will not be installed because it does not provide secure updates." ... Well, yeah, I already knew and accepted that it doesn't provide updates. I would prefer to be allowed to, you know, take that risk? A much smaller security risk, in my mind, than doing without Spoofstick. Expected Results: Allowed the installation of Spoofstick.
You can change the checkUpdateSecurity if you really want to open a security hole by installing this. The problem here is that the extension is so old it only appears on AMO because it was uploaded before the new policy restrictions came into place. I have filed bug 455574 to ask for it to be removed.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → INVALID
Webpage forgery detection is now built into Firefox, it will automatically alert you about known forgeries. The other way to check a site is to click on the favicon next to the address bar to see more information in a dropdown. If you're looking to highlight the domain inside the address bar itself, you can go to about:config and filter for browser.identity.ssl_domain_display then double-click that line to change the value from 0 to 1 or 2 Descriptions of the values are at http://kb.mozillazine.org/Browser.identity.ssl_domain_display#Possible_values_and_their_effects
You need to log in before you can comment on or make changes to this bug.