[tbb-dev] Tor Browser and Mozilla addon verification
Patrick Schleizer
patrick-mailinglists at whonix.org
Mon Feb 20 13:48:00 UTC 2017
Georg Koppen:
> bancfc at openmailbox.org:
>> On 2017-02-18 03:44, bancfc at openmailbox.org wrote:
>>> Hi, does Tor Browser check addon code for tampering for addons
>>> downloaded from the Mozilla server?
>>
>> Our usecase is running the foxyproxy addon to be able to use TBB with I2P.
>>
>> On 7.0a1 it (the Debian packaged foxyproxy version) works when you
>> disable xpinstall.signatures.required.
>>
>> However this workaround doesn't work with the latest addon-manager
>> version from Mozilla. It prompts for a browser restart but after it's
>> still not enabled after doing it.
>
> Not sure what you mean with "latest addon-manager version from Mozilla"
> but it seems to me we are doing no such checks.
>
> Georg
Hi Georg,
thank you for your reply. I'll be rephrasing these questions.
The first question is:
Does Tor Browser check before add-ons are installed from
addons.mozilla.org signatures before installation? Same as stock
Firefox? (related to xpinstall.signatures.required)
Second question:
Can one use Firefox add-ons from addons.mozilla.org with Tor Browser?
How? Doesn't work for use. After installation of an add-on from
addons.mozilla.org, Tor Browser prompts for a browser restart but after
the browser restart it's still not enabled.
Cheers,
Patrick
More information about the tbb-dev
mailing list