How to find out if a Firefox add-on is signed

How do you know whether a Firefox add-on is signed or not? And what does it mean if it is signed?

One could say that you find out as soon as you try to install the add-on in a recent version of Firefox and that is certainly true, but it may sometimes be useful to know in advance.

For instance, how many of the add-ons that you have installed will be blocked by Firefox when add-on signing is enforced? Or, can you distribute the add-on that you found on a third-party site, or will Firefox refuse to install it on systems you want it deployed on?

Firefox indicates whether add-ons are signed or not. If you open the add-ons manager of the browser by loading about:addons in the address bar for instance, you will notice that unsigned add-ons are highlighted in it.

mod apk

unsigned addon firefox

A yellow exclamation mark and warning “could not be verified.. proceed with caution” is displayed above the add-on name in the add-ons manager.

But how can you find out about the signing status of add-ons that you have not installed?

There is only one rule of thumb available right now, and that is that all recent versions of add-ons listed on Mozilla’s AMO website are signed.

While that is helpful at times, it won’t help you if you want to install or distribute an add-on offered on a third-party site. You could install that in Firefox and see if you get an error message trying to do so or not.

caution this site would like-to install unverified addon

If you run Firefox Developer Edition or Nightly, you can flip a switch to allow the installation of unsigned add-ons in the browser, whereas Firefox Stable and Beta will refuse to install those add-ons right away once the enforcement version of the browser has been reached (Mozilla plans to enforce this when Firefox 44 is released to the stable channel).

There is another option, one that does not require that you run Firefox at all. You do need the .xpi file of the extension for that, or the extracted contents of the .xpi file.

Zip programs like Bandizip can unzip Firefox add-on files with the .xpi extension.

  1. Extract the .xpi file using a zip program that supports the operation.
  2. Check for a META-INF folder in the root directory of the extracted package.

If you find a META-INF folder in the root directory, the add-on is signed. If you don’t, then it is not.

meta-inf signed add-ons

Note: I have checked this with a good dozen signed and unsigned add-ons and it matched the assumption. I cannot vouch however that this is a 100% surefire way of telling if an add-on is signed or not. For now though, it seems to be an accurate method.

Now You: Are you affected by the upcoming add-on signing policy?


Article Name

How to find out if a Firefox add-on is signed


Martin Brinkmann


The guide walks you through the steps of finding out if a Firefox add-on is signed or unsigned.

About Martin Brinkmann

Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook, Twitter or Google+

This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at