Mozilla bans Firefox add-ons with obfuscated code
As Mozilla continues to try to make it safer than ever to use Firefox, the organization has updated its Add-on Policy so that any updates that include obfuscated code are explicitly banned.
Mozilla has also set out in plain terms its blocking process for add-ons and extensions. While there is nothing surprising here, the clarification should mean that there are fewer causes for disputes when an add-on is blocklisted.
See also:
- Mozilla is launching curated Recommended Extensions program this summer
- Mozilla criticizes Apple's iPhone privacy claims, launches online petition
The updated Add-on policy comes into force on June 10, so add-on developers have a little more than a month to take note of the changes and comply. Mozilla says that the move is designed to help it better deal with malicious extensions.
The main change says:
- We will no longer accept extensions that contain obfuscated code. We will continue to allow minified, concatenated, or otherwise machine-generated code as long as the source code is included. If your extension is using obfuscated code, it is essential to submit a new version by June 10th that removes it to avoid having it rejected or blocked.
In clarifying its blocking process, Mozilla says:
- We will be blocking extensions more proactively if they are found to be in violation of our policies. We will be casting a wider net, and will err on the side of user security when determining whether or not to block.
- We will continue to block extensions for intentionally violating our policies, critical security vulnerabilities, and will also act on extensions compromising user privacy or circumventing user consent or control.
Mozilla invites add-on developers to preview the policy and blocking process documents to ensure compliance, and invites feedback in a forum thread.