I'd like to incorporate security features in my standalone XULRunner app. Specifically, I'd like to use security certificates to validate the app executable as downloaded by a user. From what I've seen, its called code signing. But I'm very green in this area. Any pointers on how to proceed? Thanks in advance.
The certificate functionality built into XULRunner isn't meant to validate signatures of Windows executables - you would need to use Windows functions for that (e.g. via js-ctypes). Not going to be simple however, here you can see how that check works in C++ code.
However, if you are merely downloading an update to your application then maybe using an HTTPS connection would be sufficient - the origin of the executable is verified then (won't help you if that server is hacked however).