Joined
·
39,718 Posts
Mozilla will add a new lockdown feature to Firefox 3.6 that will prevent developers from sneaking addons into the program, the company said.
The new feature, which Mozilla dubbed "component directory lockdown," will bar access to Firefox's "components" directory, where most of the browser's own code is stored. The company has billed the move as a way to boost the stability of its browser.
"We're doing this for stability and user control [reasons]," said Johnathan Nightingale, manager of the Firefox frontend development team, in an email. "Dropping raw components in this way was never an officially supported way of doing things, which means it lacks things like a way to specify compatibility. When a new version of Firefox comes out that these components aren't compatible with, the result can be a real pain for our shared users.
"Now that those components will be packaged like regular addons, they will specify the versions they are compatible with, and Firefox can disable any that it knows are likely to cause problems," Nightingale added.
His mention of "regular addons" referred to the new policy that will be enforced by Firefox 3.6, a minor upgrade to last summer's 3.5 that is to ship before the end of the year. Because third party developers will no longer be able to drop their code into the components directory, they must instead recreate their addons as XPI-based files, the standard Firefox extension format. Mozilla has posted information on its developer site to aid programmers who need to migrate addons to the XPI format.
Most, but not all, Firefox addons are available through Mozilla's Addon site, which boasts that more than 1.6 billion addons have been downloaded by users.
Nightingale said that rogue addons created performance and stability problems for Firefox users. "[They] can lead to all kinds of unfortunate behavior: lost functionality, performance woes and outright crashing, often immediately on startup," he wrote in a post to the Mozilla developer's blog.
Crashes are caused in large part because of developer lethargy, added Mozilla developer Vladimir Vukicevic, who headed up the work on the new lockdown feature. "Many of these components were written for Firefox 3.0, and have not been updated for Firefox 3.5," Vukicevic said in a blog post of his own. "Because a number of internal interfaces changed between the two versions, this leads to crashes or other problems when these components are used."
http://news.techworld.com/security/3206670/firefox-web-browser-locks-down-rogue-addons/?olo=rss
The new feature, which Mozilla dubbed "component directory lockdown," will bar access to Firefox's "components" directory, where most of the browser's own code is stored. The company has billed the move as a way to boost the stability of its browser.
"We're doing this for stability and user control [reasons]," said Johnathan Nightingale, manager of the Firefox frontend development team, in an email. "Dropping raw components in this way was never an officially supported way of doing things, which means it lacks things like a way to specify compatibility. When a new version of Firefox comes out that these components aren't compatible with, the result can be a real pain for our shared users.
"Now that those components will be packaged like regular addons, they will specify the versions they are compatible with, and Firefox can disable any that it knows are likely to cause problems," Nightingale added.
His mention of "regular addons" referred to the new policy that will be enforced by Firefox 3.6, a minor upgrade to last summer's 3.5 that is to ship before the end of the year. Because third party developers will no longer be able to drop their code into the components directory, they must instead recreate their addons as XPI-based files, the standard Firefox extension format. Mozilla has posted information on its developer site to aid programmers who need to migrate addons to the XPI format.
Most, but not all, Firefox addons are available through Mozilla's Addon site, which boasts that more than 1.6 billion addons have been downloaded by users.
Nightingale said that rogue addons created performance and stability problems for Firefox users. "[They] can lead to all kinds of unfortunate behavior: lost functionality, performance woes and outright crashing, often immediately on startup," he wrote in a post to the Mozilla developer's blog.
Crashes are caused in large part because of developer lethargy, added Mozilla developer Vladimir Vukicevic, who headed up the work on the new lockdown feature. "Many of these components were written for Firefox 3.0, and have not been updated for Firefox 3.5," Vukicevic said in a blog post of his own. "Because a number of internal interfaces changed between the two versions, this leads to crashes or other problems when these components are used."
http://news.techworld.com/security/3206670/firefox-web-browser-locks-down-rogue-addons/?olo=rss
