Extension Manager:Addon Update Security
Overview
This specification discusses changes to the Toolkit Extension Manager in Gecko 1.9 with the aim of improving the security of automated add-on updates.
Scope
It should be stressed that this feature is targeted at ensuring the security of updates to add-ons and has no impact on the security of initial add-on installs. It will be noted later that this feature does have an impact on the install process however.
Terms
- Install manifest
- The add-on metadata held in the install.rdf file inside the add-on's xpi.
- Update manifest
- The update metadata delivered from a website using the rdf format (update.rdf).
- Update package
- An updated version of the add-on in xpi form.
Many points in the specification mention Firefox 3 however the actual application is irrelevant and the same will apply for any application based on Gecko 1.9 using the Toolkit Extension Manager.
Current Situation
New Requirements
Proposed Implementation
Securing Updates Through SSL
Securing Updates Through Digital Signatures
Migration
Impact to Add-on Authors
Authors Currently Hosting at AMO
Authors that host their add-ons at https://addons.mozilla.org should see no impact from this feature.
Authors Currently Hosting Updates from SSL Websites
Equally any authors that host their add-ons from sites protected by a valid SSL certificate would see no impact from this feature.
Other Authors
Any other add-on authors have two options open to them. Either they can switch to secure hosting through SSL, or they will have to begin using digital signatures to sign the update manifest. In either case in order to continue to deliver automatic updates to their users after Firefox 3 is released they must release a new version of their add-on supporting Firefox 3 before their users update to Firefox 3. See the Migration section for more details.
Related Bugs
- bug 378216 - Overall bug tracking this feature.