Bug 1293874 - [DEBIAN] firefox: support for Fedora add-ons was removed
[DEBIAN] firefox: support for Fedora add-ons was removed
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: firefox (Show other bugs)
22
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Martin Stransky
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-23 05:36 EST by Florian Weimer
Modified: 2016-05-12 06:08 EDT (History)
9 users (show)

See Also:
Fixed In Version: firefox-45.0.1-2.fc23 firefox-45.0.1-2.fc24
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-05-12 06:08:50 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Allow unsigned addons in /usr/{lib,share}/mozilla/extensions (1.63 KB, patch)
2016-02-05 03:55 EST, Frederik Holden
no flags Details | Diff

  None (edit)
Description Florian Weimer 2015-12-23 05:36:55 EST
firefox-43.0-1.fc22.x86_64 removed support for browser add-ons which are part of Fedora (as opposed to downloaded/curated by Mozilla).  Please restore support for locally-installed add-ons.

This affects packages such as mozilla-noscript-2.7-1.fc22.noarch and makes them unusable with Firefox.
Comment 1 Florian Weimer 2015-12-23 05:45:56 EST
It turns out you can set xpinstall.signatures.required to false in about:config to restore the old behavior.  Perhaps this should be the default for Fedora.
Comment 2 Martin Stransky 2016-01-04 17:11:48 EST
New update (43.0.3) has the addon signing temporary disabled by upstream (Mozilla).
Comment 3 Frederik Holden 2016-02-05 03:55 EST
Created attachment 1121298 [details]
Allow unsigned addons in /usr/{lib,share}/mozilla/extensions

Debian carries a patch that allows unsigned addons in /usr/{lib,share}/mozilla/extensions (see attachment). Perhaps this patch should be added to Fedora as well?
Comment 4 Martin Stransky 2016-02-26 09:35:08 EST
Let's see if Debian will ship this patch in their branded browser. If so we can do the same in Fedora.
Comment 5 Kevin Kofler 2016-03-05 21:29:11 EST
IMHO, while this patch fixes this particular bug (i.e., add-ons Fedora itself ships), it is not a sufficient solution for the problem as a whole. It limits support for unsigned add-ons to add-ons installed as root to system locations, preventing their installation through the normal browser mechanisms for add-on installation.
Comment 6 Stephen Gallagher 2016-03-07 08:42:43 EST
(In reply to Kevin Kofler from comment #5)
> IMHO, while this patch fixes this particular bug (i.e., add-ons Fedora
> itself ships), it is not a sufficient solution for the problem as a whole.
> It limits support for unsigned add-ons to add-ons installed as root to
> system locations, preventing their installation through the normal browser
> mechanisms for add-on installation.

Kevin, talks are ongoing with Mozilla around how best to both allow add-ons and also to protect the user from malicious extensions (which are fairly common these days). No absolute consensus has been reached, but as a temporary solution, this is a considerable improvement.

Also, it *could* be argued that the right to install an unsigned extension really does belong only to the root user of a machine, since A) they could do so anyway, since they already have privilege to install a modified Firefox and B) they are assumed to be a trusted, knowledgeable administrator of the system.

That said, as noted elsewhere, I agree that the ideal case is for the user to have the ability to make their own choices, but at the same time I want them to be able to make properly-informed choices. That's a difficult balance to strike and one that we are actively working on finding.
Comment 8 Martin Stransky 2016-03-21 05:06:28 EDT
Added to firefox-45.0.1-2
Comment 9 Fedora Update System 2016-03-21 11:33:35 EDT
firefox-45.0.1-2.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-035239c3d5
Comment 10 Fedora Update System 2016-03-21 11:33:42 EDT
firefox-45.0.1-2.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2016-33be675c57
Comment 11 Fedora Update System 2016-03-21 11:33:48 EDT
firefox-45.0.1-2.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-44d7ec40fd
Comment 12 Fedora Update System 2016-03-21 18:30:32 EDT
firefox-45.0.1-2.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-44d7ec40fd
Comment 13 Fedora Update System 2016-03-21 21:26:19 EDT
firefox-45.0.1-2.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-33be675c57
Comment 14 Fedora Update System 2016-03-22 11:22:26 EDT
firefox-45.0.1-2.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-035239c3d5
Comment 15 Fedora Update System 2016-03-23 18:22:08 EDT
firefox-45.0.1-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 16 Fedora Update System 2016-03-26 13:55:30 EDT
firefox-45.0.1-2.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Comment 17 Fedora Update System 2016-04-13 14:43:23 EDT
firefox-45.0.2-1.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2016-94582896cd
Comment 18 Fedora Update System 2016-04-16 15:28:16 EDT
firefox-45.0.2-1.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-94582896cd
Comment 19 Fedora Update System 2016-04-26 14:03:56 EDT
firefox-46.0-2.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2016-cdf8e2592e

Note You need to log in before you can comment on or make changes to this bug.