In an effort to head off the problem of malicious or misbehaving browser add-ons, Mozilla is planning to require developers to have their Firefox extensions signed by the company in the near future.
As much of users’ computing has moved into their browsers in the last few years, extensions and add-ons have become important tools. There are an untold number of useful extensions for most of the major browsers, but there are also are plenty of malicious ones. Attackers have been known to insert extensions into browser Web stores or other download sites in order to steal users’ data or perform other malicious actions. There also are all kinds of somewhat legitimate extensions that may collect more data than they disclose to users or perform unwanted actions.
To defeat this problem, Google requires developers to distribute their extensions through the Chrome Web store. However, Mozilla officials said they didn’t want to take that approach.
“We’re responsible for our add-ons ecosystem and we can’t sit idle as our users suffer due to bad add-ons. An easy solution would be to force all developers to distribute their extensions through AMO, like what Google does for Chrome extensions. However, we believe that forcing all installs through our distribution channel is an unnecessary constraint. To keep this balance, we have come up with extension signing, which will give us better oversight on the add-ons ecosystem while not forcing AMO to be the only add-on distribution channel,” Jorge Villalobos of Mozilla said in a blog post.
The idea is that sometime in the second quarter, Mozilla will begin requiring developers to submit their extensions and add-ons to AMO, the company’s main distribution channel for those apps. Each submission will go through a review process to ensure that it doesn’t exhibit any malicious or undocumented behavior. If the developer plans to host her extension on AMO and it passes the check, Mozilla will automatically sign it. If the developer plans to host the extension elsewhere, it will go through the same process and be sent back signed if it passes muster.
The change will mean that after a transition period of about three months, users won’t be able to install any unsigned extensions on either the Release or Beta versions of Firefox. Villalobos said the company plans to begin displaying warnings about unsigned extensions in Firefox 39.
This move by Mozilla will give users more confidence in the extensions and add-ons they’re installing.
“Extensions that change the homepage and search settings without user consent have become very common, just like extensions that inject advertisements into Web pages or even inject malicious scripts into social media sites. To combat this, we created a set of add-on guidelines all add-on makers must follow, and we have been enforcing them via blocklisting (remote disabling of misbehaving extensions). However, extensions that violate these guidelines are distributed almost exclusively outside of AMO and tracking them all down has become increasingly impractical. Furthermore, malicious developers have devised ways to make their extensions harder to discover and harder to blocklist, making our jobs more difficult,” Villalobos said.