Firefox add-ons related query.

Status
Not open for further replies.
RCuber

RCuber

The Mighty Unkel!!!
Staff member
Why so many Firefox add-ons do not have verified authors? Should I trust that add-on even though it opensource and firefox tells me that the author is not verified!!!

is Firefox add-ons sandboxed?
This is one of the most important reason why I stay away from addons in firefox :( , I havent come accross a single one which is from a verified author.
 
M

mrintech

Technomancer
Even screengrab, greasemonkey and alexa toolbar are not signed by verified authors. I use sandboxie: *www.sandboxie.com/
 
thewisecrab

thewisecrab

AFK
Why worry about it if they are working fine? From time to time Mozilla also updates the five most recommended addons....
As long as you have no problem with the addon, dont worry :)
 
OP
RCuber

RCuber

The Mighty Unkel!!!
Staff member
mrintech said:
Even screengrab, greasemonkey and alexa toolbar are not signed by verified authors. I use sandboxie: *www.sandboxie.com/
Click to expand...
yes I had seen this application before , but its only for windows, and not for other operating systems.

thewisecrab said:
Why worry about it if they are working fine? From time to time Mozilla also updates the five most recommended addons....
As long as you have no problem with the addon, dont worry :)
Click to expand...
Its not about they are working fine are not, its about can I trust them, and why mozilla doesnt make the addons authorised/signed only?
 
gary4gar

gary4gar

GaurishSharma.com
XPI file which is default file format for firebox extensions is just a zip file. Decompress it to find a JAR file (which is also just a zip file) in which you will find all the source behind a Addon and it won't take a rocket scientist to figure out, anything fishy.

So developer can't do anything fishy. As users will soon find out and express the same in comments page of that particular extension:p

Its all open, Open Source:D
 
QwertyManiac

QwertyManiac

Commander in Chief
Signing a .xpi requires a purchase of certificates, of PKCS#12 type, from any CA (There are also free certs, like from Ascertia, but they are not directly usable).

Here is a page detailing how one would go about signing a .xpi file for Firefox. It also has a page detailing how to use the Ascertia's free certificate for the same.

Its obviously the money factor that prevents the authors to sign their extensions.

And oh, Del.icio.us extensions are verified, in case you wanted to see one. :)
 
M

mrintech

Technomancer
QwertyManiac said:
Signing a .xpi requires a purchase of certificates, of PKCS#12 type, from any CA (There are also free certs, like from Ascertia, but they are not directly usable).

Here is a page detailing how one would go about signing a .xpi file for Firefox. It also has a page detailing how to use the Ascertia's free certificate for the same.

Its obviously the money factor that prevents the authors to sign their extensions.
Click to expand...
Nice Find ;)
 
Faun

Faun

Wahahaha~!
Staff member
obviously if you download from mozilla's page then they check every addon before releasing them.
 
G

GINA3434

Right off the assembly line
Charan said:
Why so many Firefox add-ons do not have verified authors? Should I trust that add-on even though it opensource and firefox tells me that the author is not verified!!!

is Firefox add-ons sandboxed?
This is one of the most important reason why I stay away from addons in firefox :( , I havent come accross a single one which is from a verified author.
Click to expand...


Great thread. This really needed to be discussed

:-?:-?:-?:-?
 
Status
Not open for further replies.
Top Bottom