What you do when Firefox disables installed add-ons

There is a lot of buzz surrounding Tuesday's Firefox 43 release, and here specifically the enforcement of add-on signing for the first time in the stable version of the web browser.

The change caught many users of the browser unprepared and might have disastrous consequences for Mozilla as users might migrate to another browser supporting their favorite extensions.

While tech savvy users knew that add-on signing would be enforced in Firefox 43, by reading this blog for instance, others may be in a situation now where they don't know what to do.

The following guide lists all the options that Firefox users have if the browser disabled add-ons automatically that they have installed.

The cause: add-on signing

Add-on signing is enforced for the first time in Firefox 43. It affects all versions of Firefox by default, but overrides are provided for some versions of the browser.

The main idea is to make it harder for malicious and otherwise problematic extensions to be installed on user systems as they need to be signed by Mozilla before that can happen.

Add-on signing has been criticized recently for being ineffective, and one author managed to get a malicious demo add-on signed by Mozilla.

What you can do about it

So what can you do if one or multiple installed add-ons have been disabled by Firefox?

1. Temporary Solutions.
2. Trying to locate a signed copy of the add-on.
3. Switching to a different version of Firefox.
4. Other options.

Temporary Solutions

There are two temporary solutions that may help you out for a short period of time. This can be all that is needed, for instance if a developer is already working on getting an add-on signed but has not succeeded yet.

1. Load about:config in the browser's address bar.
2. Confirm you will be careful if the prompt appears.
3. Search for xpinstall.signatures.required.
4. Double-click the preference to set it to false.

This overrides the add-on signing requirement in Firefox 43. Please note that Mozilla plans to remove the flag when Firefox 44 is released for Firefox Stable and Beta.

The second option is to switch to Firefox ESR, Extended Support Release. The ESR versions of Firefox update slower, and you have a couple of months (March 8, 2016) until the next major update hits that includes add-on signing enforcement.

Signed copies

If you have installed a disabled add-on from a third-party source, for instance directly from the developer website, then you may want to check on Mozilla's official AMO website if it is also listed there.

All recent versions of add-ons listed on AMO are signed, and all you have to do in this case is to download and install the extension from Mozilla's site to continue using it.

For instance, the Github release of uBlock Origin may not install anymore in Firefox, but you can install the same extension directly from the Mozilla website instead.

Generally speaking, you will have troubles installed developer or beta versions of extensions in Stable or Beta versions of Firefox as they are usually not signed when published on third-party sites. Some authors may submit them for signing to Mozilla, but that is probably a minority.

Check out this article to understand how to find out if a Firefox add-on is signed.

Firefox Dev or Nightly

Depending on your work environment, you may want to consider switching to a Firefox Developer Edition or Nightly edition instead.

The main advantage that these two versions have is that the override parameter described under temporary solutions won't be removed in those versions.

This means that you can run unsigned add-ons in those versions of Firefox.

Mozilla announced that it plans to release unbranded versions of Firefox as well which offer similar functionality. These are specifically designed for developers who need to test their add-ons in stable or beta versions of Firefox.

If those would not be provided, developers would have to submit every new version of their add-on to Mozilla first to get it signed, before they can test it in Stable or Beta versions of the browser.

Other options

There is not much that you can do, and most of the remaining options may have side-effects. One option that you may want to consider, especially if the add-on that was disabled was created or modified by you, is to submit it to Mozilla to get it signed.

Since you don't need to publish it to the Store, you'd be the only one profiting from that.  I suggest you start with "signing and distributing your add-on" on Mozilla's Developer Network site.

There is no simple way of doing so unfortunately.

Another option that you may want to consider is blocking updates after Firefox 43. This is not optimal, as you will block security updates as well which will make the browser vulnerable to certain forms of attacks.

Still,under certain conditions, for instance if Firefox is only used in a local environment, it may be a solution.