Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Mozilla Bans Firefox Extensions Containing Obfuscated Code

Mozilla this week announced plans to update its Add-on Policy for Firefox, to ban extensions that contain obfuscated code.

The change, which will enter into effect on June 10, 2019, is expected to allow the Internet organization to respond faster to reports of malicious extensions. 

Mozilla this week announced plans to update its Add-on Policy for Firefox, to ban extensions that contain obfuscated code.

The change, which will enter into effect on June 10, 2019, is expected to allow the Internet organization to respond faster to reports of malicious extensions. 

“We will no longer accept extensions that contain obfuscated code. We will continue to allow minified, concatenated, or otherwise machine-generated code as long as the source code is included,” Mozilla’s Caitlin Neiman reveals. 

Developers with extensions that are using obfuscated code are urged to update their applications to remove it and submit a new version by June 10 to avoid having them rejected or blocked.

Additionally, Mozilla plans on making its blocking (blocklisting) process clearer, for a better understanding of why extensions or other third-party software that has already been installed by Firefox users has been disabled. 

Thus, the organization explains that it aims at blocking extensions more proactively when discovering that they are in violation of its policies. 

“We will be casting a wider net, and will err on the side of user security when determining whether or not to block,” Neiman explains. 

Extensions that intentionally violate the organization’s policies will continue to be blocked as well, the same as those that contain critical security vulnerabilities. Moreover, Mozilla also plans on acting on extensions compromising user privacy or circumventing user consent or control.

Advertisement. Scroll to continue reading.

The organization has already published policy and blocking process documents for developers to access to ensure their extensions abide by them to avoid any disruption. It also created a forum thread for those developers who have questions about these updated policies or would like to provide feedback.

Related: Chrome, Firefox Get Windows Defender Application Guard Extensions

Related: Site Isolation is Coming to Firefox

Related: Firefox 69 to Disable Adobe Flash by Default

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Stephanie Crowe has been appointed head of the Australian Cyber Security Centre (ACSC).

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

Cybersecurity and data protection company Acronis has appointed Gerald Beuchelt as CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.