[Whonix-devel] [tbb-dev] Tor Browser and Mozilla addon verification

Patrick Schleizer patrick-mailinglists at whonix.org
Mon Feb 20 14:48:00 CET 2017

Georg Koppen:
> bancfc at openmailbox.org:
>> On 2017-02-18 03:44, bancfc at openmailbox.org wrote:
>>> Hi, does Tor Browser check addon code for tampering for addons
>>> downloaded from the Mozilla server?
>> Our usecase is running the foxyproxy addon to be able to use TBB with I2P.
>> On 7.0a1 it (the Debian packaged foxyproxy version) works when you
>> disable xpinstall.signatures.required.
>> However this workaround doesn't work with the latest addon-manager
>> version from Mozilla. It prompts for a browser restart but after it's
>> still not enabled after doing it.
> Not sure what you mean with "latest addon-manager version from Mozilla"
> but it seems to me we are doing no such checks.
> Georg

Hi Georg,

thank you for your reply. I'll be rephrasing these questions.

The first question is:

Does Tor Browser check before add-ons are installed from
addons.mozilla.org signatures before installation? Same as stock
Firefox? (related to xpinstall.signatures.required)

Second question:

Can one use Firefox add-ons from addons.mozilla.org with Tor Browser?
How? Doesn't work for use. After installation of an add-on from
addons.mozilla.org, Tor Browser prompts for a browser restart but after
the browser restart it's still not enabled.


More information about the Whonix-devel mailing list