Mozilla is going to update the Add-on Policy for Firefox to ban Firefox extensions containing obfuscated code starting from June 10, 2019.
Mozilla announced a change to the Add-on Policy for Firefox to ban Firefox extensions containing obfuscated code starting from June 10, 2019. The move aims to prevent malicious extensions to threaten Firefox users.
“As part of our ongoing work to make add-ons safer for Firefox users, we are updating our Add-on Policy to help us respond faster to reports of malicious extensions. The following is a summary of the changes, which will go into effect on June 10, 2019.” reads the advisory published Mozilla.
“We will no longer accept extensions that contain obfuscated code. We will continue to allow minified, concatenated, or otherwise machine-generated code as long as the source code is included.”
Development teams behind extensions using obfuscated code must submit a new version by June 10th to avoid having them rejected or blocked.
Mozilla also plans on making its blocking (blocklisting) process clearer to ensure major transparency on the motivations that led to disabling extensions or other third-party software installed by Firefox users.
“We will also be clarifying our blocking process. We will be blocking extensions more proactively if they are found to be in violation of our policies. We will be casting a wider net, and will err on the side of user security when determining whether or not to block.” continues the post.
“We will continue to block extensions for intentionally violating our policies, critical security vulnerabilities, and will also act on extensions compromising user privacy or circumventing user consent or control.”
Mozilla will block extensions that intentionally violate its policies or that contain critical security vulnerabilities.
The organization has already published the documentation on the policy and blocking process to give the development teams the opportunity to address any issues in their Firefox extensions. Mozilla also created a forum thread for developers.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.