Ownership

Developer contacts: Dave Townsend, Mike Connor

QA: Krupa Raj, Vasilica Mihasca, :vasilica_mihasca on IRC, Petruta Rasa :petruta on IRC

Status

Overview

• Not landed in any channel

[ON TRACK] Beta 38: tbd

[ON TRACK] Release 39: tbd

Risk analysis

• Tbd

Summary

Context

Add-ons have always been an important part of the Firefox ecosystem, adding features and flexibility to meet niche interests. With an installed base of millions, however, this powerful capability has attracted bad actors who mistreat or outright attack our users. As every smartphone vendor has found malicious apps abound, and in many ways Firefox add-ons are more powerful than mere “apps”. They should receive a similar amount of scrutiny and control.

The features of this proposal:

* All add-ons are signed with Mozilla-issued certificates
* All add-on IDs will be registered and known to Mozilla
* Accommodations are made for developers without opening a loophole the bad-actors can drive through.

Please read this document Add-on Signature System for more information.

Enabling the feature

References

• Meta: Bug 1047239
• The planned Firefox All-Doorhanger Add-On Install Flow is available here.

Test cases

Overview

• Draft test suites
  • [ON TRACK] Smoke and Regression Test Suites: tbd.
• MozTrap test suites
  • [ON TRACK] Smoke Test Suite: tbd
  • [ON TRACK] Regression Test Suite: tbd

Bug work

Tracking bug

meta: Bug 1047239

• depends on: bugzilla query

Sign off

Criteria

• All the test cases were executed.
• All the blocker, critical, major bugs have been fixed.

Results

Merge to Beta Sign-off

• [ON TRACK] Beta 38 (date).

Merge to Release Sign-off

• [ON TRACK] RC 38.0 (date).