Mozilla bans all extensions that execute remote code
Mozilla added a number of extensions for the Firefox web browser that execute code remotely to the organization's blocklist in the beginning of November.
The bugzilla listing shows only IDs of the extensions and (almost) no names but the move appears to have affected several translation add-ons for the browser that injected Google Translate or Bing Translate code into websites to provide users of the web browser with page translation functionality.
The developers of Page Translator and Google Translate this page revealed recently that their extensions were banned by Mozilla. Several other translator extensions, Babelfox, Google Translate Element or Bridge Translate seem to be affected by the ban as well.
Mozilla disallowed execution of external remote code for listed extensions for some time. Extensions listed on AMO were not allowed to execute remote code; the same was not true in all cases for self-hosted, read unlisted, extensions.
The developer had the extension removed from AMO when Mozilla made the initial policy change but did offer it as an unlisted add-on to users. According to him, the extension was used by thousands of users who used it to translate pages in Firefox.
Mozilla put the extension on a blacklist which killed it remotely in all Firefox installations that did not have the blacklisting functionality disabled.
An exchange with a Mozilla representative confirmed Mozilla's stance on the matter.
I've read your article, but unfortunately this is not a restriction we will be lifting.
If you find a way to provide this feature in compliance with our policies, we'd be willing to lift the block in a way that you could submit a new version for your users.
Where does that leave Firefox users?
There are still add-ons available for Firefox that offer translation functionality and these may work for users of the browser. None of these appear to support the on-page translation of the entire page though and that puts Firefox at a severe disadvantage when compared to Chrome or Edge which both support the feature natively.
Mozilla announced some time ago that it is working on integrating translate functionality natively in the browser but it will take some time before the first implementation becomes available in Stable versions of the web browser.
Another option that Firefox users have is to install userscripts in the browser as these are not subject to the same limitation as add-ons.
Mozilla's stance is clear: it does not want any extensions to execute remote code anymore because of potential security or privacy implications.
Extension developers were caught off-guard as it appears that no communication took place prior to the execution of the ban.
Now You: What is your take on this?Advertisement