Firefox is Blocking Unsigned Extensions by @AaronLintz

firefox logo

Sourcers tend to be fans of extensions and addons. If you’re a Firefox user, this is valuable information you should know.

It has been reported and verified by several sources that as of Firefox version 41, all add-ons must be approved and hosted by Firefox. This mirrors a similar move by Google Chrome to block extensions installed by other sources. Currently, several of Firefox’s most popular add-ons are automatically disabled in the background without notification. Some developers may not comply with these changes. Developers will be required to submit their code for review. This will be required with all future updates. Once verified, they will receive a certificate.  Add-ons that previously could be updated from any hosting service now must fix their code and submit for approval.

The goal is to stop people from accidently installing spyware and malware. Like Google, Firefox keeps a separate blacklist of extension signatures to auto-disable the bad ones. This may create a false sense of security since browsers are such popular targets for data thieves. Earlier this month, Firefox had to repair their PDF rendering script after finding malicious code in the wild that was stealing and passing passwords through FTP.

If you are interested in a more secure browser that lets you test add-ons/extensions for candidate research, you will want to attend my Sourcecon Lab on September 17th in Dallas.

Leave Your Comment