Well, at least they're paying lip-service to enterprise users who may have internal extensions to deal with:
What about private add-ons used in enterprise environments?
We haven't announced our plan for this case yet. Stay tuned.
In the interim, ESR will not support signing at least until
version 45, which won't come out until 2016.
I have seen several suggestions along the following lines as far back as the original blog post which announced the intention to require extension signing
Allow an extension signing certificate to be place in a directory/store which requires elevated privileges to modify (ie /etc/ or similar).
Extensions in the user's profile signed by this certificate will load as if they were signed with the Mozilla certificate.
If the user has enough privileges to add an extension signing certificate then they also most likely have the ability to modify the Firefox itself, I think this addresses any concerns that this method could be used to load malicious extensions (if the user is willing to run unknown executables with elevated privileges then extensions with apparently valid signatures are the least of their worries).
This allows enterprises to sign and distribute their own extensions, with the additional step of creating and distributing the signing certificate, and could work also work for home users.
