Extensions became disabled because they "couldnot be verified."

Add-ons Add-on Support
#15

Andreas Wagner, i am sorry to be honest but this is complete distaster. OK, i am not saying signing is completely bad, if you provide some reasonable way for addons to get signed IN NORMAL TIMEFRAME. I have requested preliminary review in November, and extension is until now in queve, moved from 100 to about 50. In chrome, getting signed is just much more simple and straightforward. Lot of my customers depend on the disabled extension and all i can say them now is ‘sorry’…

I am forced now to look for possible cracks of firefox to remove this BS, so i can recommend my customers crack firefox, downgrade it or just go to chrome.

#17

I recommend you contact Yahoo directly. They have not submitted a version to us so we could sign it.

We know about the backlog. We are working actively to reduce it, we even hired more people to work on it. It just takes a bit more time. What is your add-on?

#18

This is the extension in question: http://ow.ly/Wdx3b. What i am also worried is, that after that long wait, there will be eventually some little problem to fix, which will result in need of waiting to wait same queue once again…

#19

Cool Previews worked great yesterday and is not supported as of today. It is one of the best add-ons, I used it all of the time, It’s disappointing that great add-ons get taken away and yet worthless ones are always available

#20

Sorry, but that is not an acceptable answer to me. Why have I to do your work? Until Firefox 42, Yahoo Toolbar was verified ( not for me ), but now, suddenly, is not? It think this a total disrespect with Firefox users.

#21

CoolPreviews was discontinued quite some time ago by their developers, see their website.

#22

We have already contacted them several times. It is up to them to take action and submit a new version.

#23

One way to enable the extension is to disable the signature check in FF43 by toggling the xpinstall.signatures.required setting in about:config.

Another is to get the users to download and install FF ESR via https://www.mozilla.org/en-US/firefox/organizations/all/
FF ESR (Extended Support Release) is FF38 but it receives all the latest security updates at the same time as the main release branch of Firefox, and it doesnt check for signatures on extensions. Its version number wont be bumped up for about 6 months or so.

#24 
I follow what user  jafo1966 says: "Ok, I get the new update requires the add-ons to be verified, but what is the deal when an add-on directly from Firefox's own add-on site is marked as signed and verified, but continues to be disabled and deleted every time I restart Firefox???? The current one in question is the Yahoo Toolbar." So, I insist in my complain, because is exactly my case. I want  Firefox as my  browser, I like it, but with all these obstacles, it seems Mozilla doesn't want us anymore.
#25

You say it was discontinued some time ago and yet it was working on my computer on 12/21 and on 12/22 it is just gone. So for something discontinued why did I still have it up through yesterday.

#26

Discontinued does not mean broken.

#27

This screen shot shows that the Yahoo toolbar IS signed for Firefox Add-ons. If it wasn’t why is it in the add-on store??? And why does it say its signed??? Let’s get it together folks…don’t blame Yahoo for something you screwed up in your updates, or remove the Yahoo toolbar from your add-on store til it is updated to your ‘standards’.

#28

Yahoo is modifying add-on files silently based on various factors like cookies and server responses. If and when add-on files are modified, the signature is broken as Firefox can no longer verify their integrity. It is up to Yahoo to change to code to not manipulate add-on files.

#29

Correct me if I am wrong, but don’t you retain a singular download link for your verified add-ons? Yahoo can change all the things they want on a toolbar found on their own website, but your add-on store download does not link to them. This means the most recent one in your store, which is signed and verified by you isn’t tampered with by Yahoo…or it shouldn’t be.

Any download from the Firefox Add-on store should be a separate and distinct link from any other download for that same item…for example, I can expect that if I went to the website for Ad-Block Pro, and downloaded it from there, that it could be rejected by Firefox for not being digitally signed. By the same token though, if I download it directly thru your add-on store, I expect it to be stable and to work fine within Firefox.

Again, if you cannot maintain a secure add-on from your own site, then it needs to be removed from your site til you can keep a stable download in place.

#30

I think you misunderstood.

There is code inside the add-on that modifies at least the install.rdf inside the add-on.

#31

Well, I am not happy with the Hobson choice you left me with…either continue with V43 and be able to do nothing since all my add-ons are disabled, or back-grade to V42 which is now so laggy if you don’t
upgrade it, that almost every keystroke renders the browser non-responsive.

#32

I analyzed this signed extension and succeeded to be enabled permanently it.

http://blog.livedoor.jp/blackwingcat/archives/1918863.html

  • At first install extension.
  • exit firefox.
  • backup install.rdf
    in “%appdata%\Mozilla
    \Firefox\Profiles<Random String>.default\extensions\staged
    {635abd67-4fe9-1b23-4f01-e679fa7484c1}”
  • restart firefox and Yahoo toolbar is installed.
  • Yahoo toolbar changes index.rdf to localize.
  • over write index.rdf
  • You will use Yahoo Toolbar permanently.
#34

I think it is the problem of yahoo toolbar specification, and it is easy to change and support yahoo’s programmer it. The bad is not Firefox but Yahoo fault.

It is only wait release new Yahoo Toolbar extension that You should do. :stuck_out_tongue:

#35

And by the way, I didnt misunderstand you…I simply dont understand what you mean. I am not a computer engineer or programmer, after all. I wouldn’t recognize ‘install.rdf’ from Royal Crown Cola.

But the one point you didn’t confuse me on is the fact that you are saying that the code is able to be manipulated after it has been verified and signed within your store. This means to me then that your store links are not singular…and therefore not secure. And if they can be manipulated, rendering the validation irrelevant, then again I say that such add-ons shouldn’t even be on your site in the first place, especially under the new rules that you are imposing.

1 Like
#36

Not permanently. Just until the next time the toolbar modified install.rdf.