Firefox To Get Better Third Party Add-On Security

Martin Brinkmann
Aug 4, 2011
Updated • Feb 22, 2014
Firefox, Firefox add-ons
|
22

Good news for Firefox users who like me think that Mozilla needs to do something against third party add-on installations in the browser. Third party add-ons are browser extensions that are installed from third party programs on the system. It is for instance very common for security software to install toolbars and other add-ons in the browser automatically during installation. The real problem here from a security point of view is malicious software exploiting the issue. The worst case scenario is malware that successfully installs an add-on in the browser this way.

The current version of Firefox does not offer protection against these kinds of installations. Mozilla has acknowledge the issue and is currently working on a solution. The development team plans to include protection against unwanted add-on installations from Firefox 8 on.

A wiki page over at Mozilla offers details about the motivation and current stage of development.

Mozilla notes that they "currently do not provide adequate warning to users that new third-party provided add-ons have been installed" and that the "project will ensure that users opt-in to all add-ons that aren't installed through the Firefox UI".

With the protection in place, Firefox would inform its user of new add-ons that have been installed from third party software and not from within the browser UI. It is Mozilla's plan to display an opt-out page to the user so that it is possible to block the installation and execution of the add-on in the browser.

A mockup has been created that shows how the user prompt could look like during start of the browser. In this mockup, each third party add-on installation would span in its own tab in the browser. (via)

firefox-third-party-software-installation

We do not know at this point if add-ons refer only to browser extensions, or if browser plugins are also included in the checks. It would make sense if Mozilla would block all automatic third party installations, and not only those that are extension related.

Conceivable Tech notes that Mozilla also wants to make sure that add-ons are always removable in the browser, another long standing issue that is about to get resolved.

The projected release target should give Mozilla ample time to test the new security measure before it reaches the majority of users in the Firefox Beta and Stable channels.

Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. pete dillon said on October 10, 2012 at 2:09 am
    Reply

    Spybot (free) flags Babylon Toolbar as an error, then can’t remove or fix it. I have tried several fixes from Google searches, none have been successful.

    WHAT NEXT??? dillonph@hotmail.com

  2. william said on August 25, 2012 at 11:52 pm
    Reply

    how do I uninstall Babylon from firefox

  3. misssunshine said on August 10, 2011 at 10:46 am
    Reply

    Recently,some news said that firefox and chrome are insecure. I am afraid to use them .So i change to use avant browser .I never heard about some news said that avant browser is in secure .At least, it is safer than firefox and chrome.

  4. swill said on August 10, 2011 at 10:42 am
    Reply

    Good news, no other browsers have this feature yet.
    I often find some unknow plug-ins in my control panel, Don’t know when and how it came into my PC.
    Boring, If firefox can do it, I will abandon avant browser and use firefox

  5. pd said on August 5, 2011 at 5:23 pm
    Reply

    Only 8 years too late. So much for Firefox’s more-secure reputation. This sort of hole has been flying under the radar for so long it’s both a disgrace that the media hasn’t picked it up nor has Mozilla fixed it.

  6. Cattleya said on August 5, 2011 at 11:51 am
    Reply

    I think Mozilla should take a look to Google Update Plugin automatically install to Firefox, it auto check and update Google Chrome, Google Earth, Google software… in background and make Firefox freeze(chrome_updater.exe and setup.exe take 100% CPU Usage and 200MB RAM), make Firefox’s user think that Firefox is slow, freeze, unstable.

    Block this stupid plugin to make Firefox’s user happy.

    1. Deo Domuique said on August 5, 2011 at 12:40 pm
      Reply

      I was going to comment on the same thing. That’s why I never install Chrome on my PC. Only Chromium. That means I can have only Dev version and thus never being the default browser. Not that I care much, just saying.

      Anyway, it was about time. Very good move. If someone feels the pressure coming from rival browsers, can do great things. I really like Chrome being around. It woke Mozilla up. Moving even faster than previously.

      1. insanelyapple said on August 6, 2011 at 9:31 am
        Reply

        Same here – im using Firefox but SRWare Iron is my second one; without “extras” and annoying update service.
        And im also share your thoughts Cattleya about Fx users feel about their browser performance and Chrome existence in their system – its probably easy to explain: Google tries to push their browser onto people computers by adding it in various software installers – one misclick while pressing “Next” button and Chrome gets onto computer like ordinary spyware and the funniest thing is that Google claims about gaining marketshare…

        Anyway, i really hope that this solution will finally help me get rid of Microsofts .Net Framework Assistant extension – MS claims that theres no way to uninstall it, but truth is that you can – by digging in registry and some system folders.

  7. henryg said on August 4, 2011 at 11:40 pm
    Reply

    Yes! Each time I update the Kaspersky main program, I have to find all its add-ons which I don’t want, and I always forget where they are ‘hidden’.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.