Mozilla announced a change to the Add-on Policy for Firefox to ban Firefox extensions containing obfuscated code starting from June 10, 2019. The move aims to prevent malicious extensions to threaten Firefox users.
“As part of our ongoing work to make add-ons safer for Firefox users, we are updating our Add-on Policy to help us respond faster to reports of malicious extensions. The following is a summary of the changes, which will go into effect on June 10, 2019.” reads the advisory published Mozilla.
“We will no longer accept extensions that contain obfuscated code. We will continue to allow minified, concatenated, or otherwise machine-generated code as long as the source code is included.”
Development teams behind extensions using obfuscated code must submit a new version by June 10th to avoid having them rejected or blocked.
Mozilla also plans on making its blocking (blocklisting) process clearer to ensure major transparency on the motivations that led to disabling extensions or other third-party software installed by Firefox users.
“We will also be clarifying our blocking process. We will be blocking extensions more proactively if they are found to be in violation of our policies. We will be casting a wider net, and will err on the side of user security when determining whether or not to block.” continues the post.
“We will continue to block extensions for intentionally violating our policies, critical security vulnerabilities, and will also act on extensions compromising user privacy or circumventing user consent or control.”
Mozilla will block extensions that intentionally violate its policies or that contain critical security vulnerabilities.
The organization has already published the documentation on the policy and blocking process to give the development teams the opportunity to address any issues in their Firefox extensions. Mozilla also created a forum thread for developers.