1 files changed, 10 insertions, 2 deletions

diff --git a/toolkit/components/corroborator/Corroborate.sys.mjs b/toolkit/components/corroborator/Corroborate.sys.mjs
index 1f06ce8412..51b447726c 100644
--- a/toolkit/components/corroborator/Corroborate.sys.mjs
+++ b/toolkit/components/corroborator/Corroborate.sys.mjs
@@ -33,10 +33,18 @@ export const Corroborate = {
       lazy.gCertDB.openSignedAppFileAsync(
         root,
         file,
-        (rv, _zipReader, cert) => {
+        (rv, _zipReader, signatureInfos) => {
+          // aSignatureInfos is an array of nsIAppSignatureInfo.
+          // This implementation could be modified to iterate through the array to
+          // determine if one or all of the verified signatures used a satisfactory
+          // algorithm and signing certificate.
+          // For now, though, it maintains existing behavior by inspecting the
+          // first signing certificate encountered.
           resolve(
             Components.isSuccessCode(rv) &&
-              cert.organizationalUnit === expectedOrganizationalUnit
+              signatureInfos.length &&
+              signatureInfos[0].signerCert.organizationalUnit ==
+                expectedOrganizationalUnit
           );
         }
       );