« Article: Securely deploying cross-domain policy files | Main | Symantec SQL Injected, Seeks Counseling »

Firefox 3.6 locks out rogue add-ons

From computerworld

"Mozilla will add a new lockdown feature to Firefox 3.6 that will prevent developers from sneaking add-ons into the program, the company said.

The new feature, which Mozilla dubbed "component directory lockdown," will bar access to Firefox's "components" directory, where most of the browser's own code is stored. The company has billed the move as a way to boost the stability of its browser.

"We're doing this for stability and user control [reasons]," said Johnathan Nightingale, manager of the Firefox front-end development team, in an e-mail today. "Dropping raw components in this way was never an officially supported way of doing things, which means it lacks things like a way to specify compatibility. When a new version of Firefox comes out that these components aren't compatible with, the result can be a real pain for our shared users.

"Now that those components will be packaged like regular add-ons, they will specify the versions they are compatible with, and Firefox can disable any that it knows are likely to cause problems," Nightingale added."

Read more: http://www.computerworld.com/s/article/9141044/Firefox_3.6_locks_out_rogue_add_ons


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!

Very smart idea by the Mozilla Dev team to do this! I for one am glad that there will be no attacks via this method now!