Plugin Finder Service should use Authenticode signature instead of a hard-coded sha1 hash to verify plugins on Windows

RESOLVED WONTFIX

Status

Toolkit Graveyard
Plugin Finder Service
RESOLVED WONTFIX
7 years ago
4 years ago

People

(Reporter: briansmith, Unassigned)

Tracking

Trunk
All
Windows XP

Details

We should be able to specify the hash of the Authenticode signature used for signing the installer, instead of specifying the SHA1 hash of the plugin installer executable. That way, we don't have to update the hash every time the plugin vendor updates the plugin; we would only need to update the hash in the rarer case where the plugin vendor changes its Authenticode certificate.
Bug 836415 has now removed the Plugin Finder Service (PFS) from Firefox. As a result, I'm closing all the remaining PFS bugs.

If you're getting this bugmail for an ancient PFS bug, the basic summary of the world today is:

* NPAPI plugins are a dying technology
* PFS was already restricted to assisting with only the 4 most common plugins
* Sites commonly provide their own UI for install a required plugin
* Mozilla is generally focusing on  improving the web platform so that proprietary plugins are not required.

(Note that "plugins" are a completely separate from "browser extensions", such at those found on addons.mozilla.org. The latter are not going anywhere, and are not impacted by the removal of PFS.)
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → WONTFIX
(Assignee)

Updated

4 years ago
Product: Toolkit → Toolkit Graveyard
You need to log in before you can comment on or make changes to this bug.