- Tuesday, 9 February 2010
- INQ Mobile
- RSS
The ground is 100% effective against all known combat aircraft
Firefox 3.6 will block dodgy add-ons
THE MOZILLA FOUNDATION has decided to block illegitimate add-ons to its Firefox web browser, starting with the next version that's still under development.
In a bid to protect the browser from hacked and potentially malicious code, the Mozzarella foundation has updated its Firefox 3.6 beta to prevent users and websites from installing unsigned add-ons, plug-ins and extensions to Firefox's components directory.
The Firebadger developers hope this will stop crashes caused by add-ons, like that stupid Quicktime thing that keeps crashing and taking the browser with it. It will also stop vendors and malicious websites from silently installing Firefox add-ons without permission from the user.
Firefox's components directory houses much of Firefox's own code as well as add-on code, and some add-on code can compromise the browser's security or make it go tits up.
Mozilla Human Shield - no really, that is his job title, whereas most companies just have security experts - Johnathan Nightingale wrote on the Mozilla Security Blog that bits dropped blindly into Firefox don't carry version information with them, which means that when users upgrade Firefox and these components become incompatible, there's no way to tell Firefox to disable them.
Nightingale trilled that this leads to all kinds of unfortunate behaviour, including potential security vulnerabilities, lost functionality, performance woes, crashing, wetting the bed, and downloading Internet Exploder. Okay, we made the last two up.
Requiring add-ons to be signed by Mozilla in order to be installable is expected to fix this.
Mozilla Firefox 3.6 Beta 3 is available for download now. µ
Share this:
ShareBusiness Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
L'Inqs and everthin!
Ed you should realshow Farrell how it's done. if we could get you two on the same lighted marquise; one knite only
You know, if you're ever untoward a firebadger, they shun you for life
They need to have a remove button on Plug-ins just like they do on addons and extensions. I hate that i have no easy way to uninstall a plugin so i can correctly reinstall it.
get Nick farrell a few more page ranks why dont ya.
iTards are such ...tards
u do realise... everytime there is a story and you mention "Nick farrell", you make him just a little more popular?, and mentioning Nick farrell along with that fruity creation "Apple" leads even more sheep to his lair?
no, I guess u didnt, they really dont call u guys itards for nothing
anyway 'yer dickie'
dont think about it too much, no1 takin it too seriously cept u
as the doggy plug-in to crashes Firefox for a long time, Nick.
And by the way, shouldn't these "signed add-ons only" a basic feature?
Just my 2 cents.
To lock down stuff is not a 'basic feature' of open source, and you will be able to switch off that signed addons thing I understand.
As for dodgy addons/plugins installed without asking, I think a good example is MS's .net thing (for which they had to make an apologetic page with info on how to remove it) and another one is java's quick starter, which also gets installed without asking, and I tink skype does it too (I stopped using skype long ago when I learned they monitor chat of chinese users for censoring purposes), basically that system where you can install 'global addons' by putting them in the registry is a real pest because it's so easily abused, and not removable by the addon management system (as if they can't make it remove the registry entry).