[tbb-dev] Tor Browser and Mozilla addon verification

Georg Koppen gk at torproject.org
Mon Feb 20 14:53:00 UTC 2017

Patrick Schleizer:
> Georg Koppen:
>> bancfc at openmailbox.org:
>>> On 2017-02-18 03:44, bancfc at openmailbox.org wrote:
>>>> Hi, does Tor Browser check addon code for tampering for addons
>>>> downloaded from the Mozilla server?
>>> Our usecase is running the foxyproxy addon to be able to use TBB with I2P.
>>> On 7.0a1 it (the Debian packaged foxyproxy version) works when you
>>> disable xpinstall.signatures.required.
>>> However this workaround doesn't work with the latest addon-manager
>>> version from Mozilla. It prompts for a browser restart but after it's
>>> still not enabled after doing it.
>> Not sure what you mean with "latest addon-manager version from Mozilla"
>> but it seems to me we are doing no such checks.
>> Georg
> Hi Georg,
> thank you for your reply. I'll be rephrasing these questions.
> The first question is:
> Does Tor Browser check before add-ons are installed from
> addons.mozilla.org signatures before installation? Same as stock
> Firefox? (related to xpinstall.signatures.required)


> Second question:
> Can one use Firefox add-ons from addons.mozilla.org with Tor Browser?
> How? Doesn't work for use. After installation of an add-on from
> addons.mozilla.org, Tor Browser prompts for a browser restart but after
> the browser restart it's still not enabled.

I just search on about:addons in a clean, new Tor Browser 6.5 for
FoxyProxy and installed FoxyProxy Standard. After restart I see the
FoxyProxy icon in the toolbar and seem to be able to interact with it.
Not sure what is going wrong on your side.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20170220/67eaea12/attachment.sig>

More information about the tbb-dev mailing list