If you think this add-on violates Mozilla's add-on policies or has security or privacy issues, please report these issues to Mozilla using this form.
Please don't use this form to report bugs or request add-on features; this report will be sent to Mozilla and not to the add-on developer.
After posting my previous review (below) I decided to perform an experiment:
- Right-click on the "Add to Firefox" button on this page and select "Save Link As..."
- Save the file with the original filename "signature_check-1.1-fx.xpi"
- Open the .xpi file with 7-Zip ( www.7-zip.org )
- Browse into \chrome\content\
- Right-click "signaturecheck.js" and select Edit to open the file in Notepad
- Replace the two instances of "http://signaturecheck.org" with "http://signaturecheck.org"
- Save the file and close Notepad
- When 7-Zip asks "Do you want to update it in the archive?", click OK
- Close 7-Zip
- Open Firefox and drag the .xpi into an open window to install in the usual manner
After installing the modified .xpi in Firefox the extension seemed to work just the same as before. I also used the "HttpFox" extension to verify that the traffic between my browser and SignatureCheck.org was indeed encrypted.
Since SignatureCheck.org is already able to use HTTPS, it would be really easy for the extension developer to make this change (so easy that I give it an extra star in this particular review :-)
Until an official update is released, you can follow the procedure above to do this yourself if you're interested. (Please don't ask here how to do this here as your questions probably won't get noticed.)
why the addon does not use https connection to signature org to verify https certs..
Incompatible with Certificate Watch 1.0. This addon will prevent Certificate Watch from popup the certificate notification window.