Firefox 3.6 Locks Out Rogue Add-ons

CWmike writes "Mozilla will add a new lockdown feature to Firefox 3.6 that will prevent developers from sneaking add-ons into the program, the company said. Dubbed 'component directory lockdown,' the feature will bar access to Firefox's 'components' directory, where most of the browser's own code is stored. Mozilla has billed the move as a way to boost the stability of its browser. 'We're doing this for stability and user control [reasons],' said Johnathan Nightingale, manager of the Firefox front-end development team. 'Dropping raw components in this way was never an officially supported way of doing things, which means it lacks things like a way to specify compatibility. When a new version of Firefox comes out that these components aren't compatible with, the result can be a real pain for our shared users ... Now that those components will be packaged like regular add-ons, they will specify the versions they are compatible with, and Firefox can disable any that it knows are likely to cause problems.'"

Re:Effects on Add-on Development

[v1]

Seems like the best way to deal with an open plugin structure is to require mozilla to approve an app for wide-scale access to the internals, and for everyone else, restricted access that's more idiot-proofed. That way, anyone can write a plugin (unlike say, the apple store) albeit with limits, but at the same time the main app devs can allow power user plugins that are proven to be safe.

It's too bad Apple hasn't gone this route. (yet) Right now the only reason they are claiming for the app approval process is to "protect the users". While that certainly is one of their goals, eliminating competition with their own software, (the #1, #2, and #3 top reasons for app rejection at the store) doing what mozilla is doing would accomplish user protection without the lockdown/collateral damage of a must-be-signed-to-run system.