Join the Mozilla’s Test Days event from Dec 2–8 to test the new Firefox address bar on Firefox Beta 134 and get a chance to win Mozilla swag vouchers! 🎁

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

FF v56 won't honor about:config pref. "xpinstall.signatures.required" being changed from True to False. Still won't allow install of unsigned legacy plugin.

  • 3 respostas
  • 1 has this problem
  • 19 views
  • Last reply by user633449

more options

Running FF v56.0.2 (do NOT suggest updating in ignorance--I'm running this for access to almost 10,000 .mht files). Tried to install an update to the legacy NPAPI extension NoScript (v5.1.8.7), but Firefox pops up the message "This add-on could not be installed because it has not been verified." This occurs AFTER having changed the about:config preference "xpinstall.signatures.required" from "True" to "False". Why is Firefox not honoring the preference change? Especially considering Mozilla won't allow signing of legacy add-ons; this is the only alternative.

Running FF v56.0.2 (do NOT suggest updating in ignorance--I'm running this for access to almost 10,000 .mht files). Tried to install an update to the legacy NPAPI extension NoScript (v5.1.8.7), but Firefox pops up the message "This add-on could not be installed because it has not been verified." This occurs AFTER having changed the about:config preference "xpinstall.signatures.required" from "True" to "False". Why is Firefox not honoring the preference change? Especially considering Mozilla won't allow signing of legacy add-ons; this is the only alternative.

All Replies (3)

more options

Where did you find 5.1.8.7? The latest legacy version I see on AMO is 5.1.8.4: https://addons.mozilla.org/firefox/addon/noscript/versions/?page=2#version-5.1.8.4

The "xpinstall.signatures.required" preference stopped have an effect in the regular release of Firefox around version 48. You can go back in the forum archives to track it down more exactly if you like, but it was long, long ago.

See also: Add-on signing in Firefox

more options

Latest version on the developer's site (https://noscript.net/getit#classic). Incidentally addresses recent security flaw in previous versions (v5.1.8.6 and earlier); see https://www.zdnet.com/article/exploit-vendor-drops-tor-browser-zero-day-on-twitter/. As you noted, the last couple of legacy updates don't appear on AMO, but they still installed just fine on FF v56 without having to toggle the xpinstall.signatures.required preference, interestingly. Available from same developer's site (also have question posted to that forum). Didn't know that preference no longer has an effect--but that also begs the question why it's in there at all if it's useless.

more options

Please dont continue to run an unsafe version of Firefox. Please update to 62 or later. Firefox 56 is not safe or stable.