Mozilla Firefox 17: better add-on security but some add-ons may break
Additional security is always a good thing, right? Mozilla is currently working on a patch that is improving the add-on security of the Firefox web browser. The initial idea appeared on Bugzilla in 2010 and is rather technical in nature. Firefox add-ons currently can expose privileged objects to web content which is something that should not happen in first place as websites may be able to access contents that they should not have access to.
To resolve the issue, Mozilla had the idea that objects had to be whitelisted explicitly by the add-on before web pages can access them.The company has added the feature to Firefox 15 Beta and all other development channels in a non-restrictive way. Instead of blocking access to the object outright, the browser will report any error in the browser's error console. From Firefox 17 on, the whitelisting becomes mandatory in the web browser which may have the consequence that add-ons that you rely on may not work properly anymore if the developer of the extension failed to update it in time to reflect the change. Chance is though that Mozilla may post pone the release in Firefox 17 if too many add-ons turn out to be incompatible at the release date.
It needs to be noted that this affects add-ons that share objects with the content, and that it won't affect add-ons that do not do that. Mozilla is asking developers to look at the error console output of their extensions to make sure it is not throwing error messages. Developers should see a message like "Error: Exposing chrome JS objects to content without __exposedProps__ is insecure and deprecated" here in this case.
A new post on the Mozilla blog explains what add-on developers have to change in this case to make sure that their add-on continues to work in Firefox 17.
Mozilla in addition will notify Jetpack author add-ons with information on how to update the add-ons with the most recent version to resolve issues such as memory leaks and security related issues such as this.
If you are a user of the Firefox browser and using at least the beta version, you can check the error log yourself to see if any of your extension will break in Firefox 17. You can open the error console with Ctrl-Shift-J.
Advertisement
Anyone using Tab Max Plus [TMP] with firefox 17 will find they can’t open Add Ons Manager & a few other problems too. You can test that TMP is the cause by temporarily disabling TMP. Over at the TMP forum there’s a build that solves the problem.
Here’s the post containing a link to the particular Tab Mix Plus Dev-Build 0.4.X that solves the problem:- http://tmp.garyr.net/forum/viewtopic.php?p=58622#p58622
Ups! I was wrong with this one I did not see it untill I have restarted Firefox.
Just ignore me then.
Hi Martin,
did you know you can no longer ad this new integer nglayout.initialpaint.delay to Firefox?
Best Regards.
@John
Meh..
” I also want to know when Firefox is going to give us the ability to add extensions without having to restart. ”
It is possible to build them since Firefox 4.. but many devs wont rebuild their old addons, so they need to be restarted like before.
Few of restartless addons: https://addons.mozilla.org/pl/firefox/search/?q=restartless&appver=&platform=
Technology: https://addons.mozilla.org/en-US/developers/
Great news about the better security, but functionality problems again? I also want to know when Firefox is going to give us the ability to add extensions without having to restart. Firefox has been around much longer than Google Chrome yet Firefox is lagging behind in this respect?
Every time I see some news about a future version of Firefox, it is impossible not to mention addons functionality problems/breaking. It’s almost hilarious…
GreaseMonkey (16 Aurora)