Mozilla announced a change to the Add-on Policy for Firefox to ban Firefox extensions containing obfuscated code starting from June 10, 2019. The move aims to prevent malicious extensions to threaten Firefox users.
“As part of our ongoing work to make add-ons safer for Firefox users, we are updating our Add-on Policy to help us respond faster to reports of malicious extensions. The following is a summary of the changes, which will go into effect on June 10, 2019.” reads the advisory published Mozilla.
“We will no longer accept extensions that contain obfuscated code. We will continue to allow minified, concatenated, or otherwise machine-generated code as long as the source code is included.”
Development teams behind extensions using obfuscated code must submit a new version by June 10th to avoid having them rejected or blocked.
Mozilla also plans on making its blocking (blocklisting) process clearer to ensure major transparency on the motivations that led to disabling extensions or other third-party software installed by Firefox users.
“We will also be clarifying our blocking process. We will be blocking extensions more proactively if they are found to be in violation of our policies. We will be casting a wider net, and will err on the side of user security when determining whether or not to block.” continues the post.
“We will continue to block extensions for intentionally violating our policies, critical security vulnerabilities, and will also act on extensions compromising user privacy or circumventing user consent or control.”
Mozilla will block extensions that intentionally violate its policies or that contain critical security vulnerabilities.
The organization has already published the documentation on the policy and blocking process to give the development teams the opportunity to address any issues in their Firefox extensions. Mozilla also created a forum thread for developers.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.