# Firefox add-ons related query.



## RCuber (Nov 12, 2008)

Why so many Firefox add-ons do not have verified authors? Should I trust that add-on even though it opensource and firefox tells me that the author is not verified!!! 

is Firefox add-ons sandboxed?
This is one of the most important reason why I stay away from addons in firefox  , I havent come accross a single one which is from a verified author.


----------



## mrintech (Nov 12, 2008)

Even screengrab, greasemonkey and alexa toolbar are not signed by verified authors. I use sandboxie: *www.sandboxie.com/


----------



## thewisecrab (Nov 12, 2008)

Why worry about it if they are working fine? From time to time Mozilla also updates the five most recommended addons....
As long as you have no problem with the addon, dont worry


----------



## RCuber (Nov 12, 2008)

mrintech said:


> Even screengrab, greasemonkey and alexa toolbar are not signed by verified authors. I use sandboxie: *www.sandboxie.com/


yes I had seen this application before , but its only for windows, and not for other operating systems.



thewisecrab said:


> Why worry about it if they are working fine? From time to time Mozilla also updates the five most recommended addons....
> As long as you have no problem with the addon, dont worry


Its not about they are working fine are not, its about can I trust them, and why mozilla doesnt make the addons authorised/signed only?


----------



## mrintech (Nov 12, 2008)

Charan said:


> Its not about they are working fine are not, its about can I trust them, and why mozilla doesnt make the addons authorised/signed only?


Simple because they have no time


----------



## gary4gar (Nov 12, 2008)

XPI file which is default file format for firebox extensions is just a zip file. Decompress it to find a JAR file (which is also just a zip file) in which you will find all the source behind a Addon and it won't take a rocket scientist to figure out, anything fishy.

So developer can't do anything fishy. As users will soon find out and express the same in comments page of that particular extension

Its all open, Open Source


----------



## Rahim (Nov 12, 2008)

^You have enlightened me gary.


----------



## QwertyManiac (Nov 12, 2008)

Signing a .xpi requires a purchase of certificates, of PKCS#12 type, from any CA (There are also free certs, like from Ascertia, but they are not directly usable).

Here is a page detailing how one would go about signing a .xpi file for Firefox. It also has a page detailing how to use the Ascertia's free certificate for the same.

Its obviously the money factor that prevents the authors to sign their extensions.

And oh, Del.icio.us extensions are verified, in case you wanted to see one.


----------



## mrintech (Nov 12, 2008)

QwertyManiac said:


> Signing a .xpi requires a purchase of certificates, of PKCS#12 type, from any CA (There are also free certs, like from Ascertia, but they are not directly usable).
> 
> Here is a page detailing how one would go about signing a .xpi file for Firefox. It also has a page detailing how to use the Ascertia's free certificate for the same.
> 
> Its obviously the money factor that prevents the authors to sign their extensions.


Nice Find


----------



## Faun (Nov 12, 2008)

obviously if you download from mozilla's page then they check every addon before releasing them.


----------



## GINA3434 (May 20, 2009)

Charan said:


> Why so many Firefox add-ons do not have verified authors? Should I trust that add-on even though it opensource and firefox tells me that the author is not verified!!!
> 
> is Firefox add-ons sandboxed?
> This is one of the most important reason why I stay away from addons in firefox  , I havent come accross a single one which is from a verified author.




Great thread. This really needed to be discussed


----------



## thewisecrab (May 20, 2009)

GINA3434 said:


> Great thread. This really needed to be discussed


Says someone who bumped a year old thread...sheesh..the irony


----------



## GINA3434 (Jul 2, 2009)

Hey Crab,

Your officially a hater. Congrats.


----------



## thewisecrab (Jul 2, 2009)

^^


----------

