Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox 3.6 Locks Out Rogue Add-ons

Posted by CmdrTaco on from the and-stay-out dept.

CWmike writes "Mozilla will add a new lockdown feature to Firefox 3.6 that will prevent developers from sneaking add-ons into the program, the company said. Dubbed 'component directory lockdown,' the feature will bar access to Firefox's 'components' directory, where most of the browser's own code is stored. Mozilla has billed the move as a way to boost the stability of its browser. 'We're doing this for stability and user control [reasons],' said Johnathan Nightingale, manager of the Firefox front-end development team. 'Dropping raw components in this way was never an officially supported way of doing things, which means it lacks things like a way to specify compatibility. When a new version of Firefox comes out that these components aren't compatible with, the result can be a real pain for our shared users ... Now that those components will be packaged like regular add-ons, they will specify the versions they are compatible with, and Firefox can disable any that it knows are likely to cause problems.'"

7 of 265 comments (clear)

  1. .NET Anyone? by Daengbo · · Score: 5, Insightful

    Last February, and again in May, Firefox users complained when they found that Microsoft had pushed the .Net Framework Assistant add-on and the Windows Presentation Foundation (WPF) plug-in to their browsers as part of the .NET Framework 3.5 Service Pack 1 (SP1) update, which was delivered via Windows Update.

    That's the first thing I thought of when I read the summary.

    --
    Put identity in the browser.
    1. Re:.NET Anyone? by maxume · · Score: 5, Informative

      Those components were installed by editing the Windows registry, not 'dropped in' as is discussed here (Firefox looks in various locations to find plug-ins and addons to load).

      --
      Nerd rage is the funniest rage.
    2. Re:.NET Anyone? by Anonymous Coward · · Score: 5, Funny

      What do you mean? As far as I know, in all the instances where a toolbar is bundled with some other software, the toolbar installation is clearly mentioned in the software EULA, so each time the toolbar is installed, the user agreed that he wanted it. As a developer for a Web optimizer plugin, this Firefox change will make it much harder for us to reach our users.

    3. Re:.NET Anyone? by trevdak · · Score: 5, Insightful

      Regardless, there should've been a prompt to ask if you wanted to install it, and there damn well should be a working uninstall button.

    4. Re:.NET Anyone? by mqduck · · Score: 5, Insightful

      the toolbar installation is clearly mentioned in the software EULA, so each time the toolbar is installed, the user agreed that he wanted it. As a developer for a Web optimizer plugin, this Firefox change will make it much harder for us to reach our users.

      I fail to see the downside for anybody but you, and you make it sound like you clearly deserve it.

      --
      Property is theft.
  2. User perspective by omfglearntoplay · · Score: 5, Insightful

    From a user perspective, this sounds like a good move. Stability problems in Firefox always seems to stem from add-ons or extensions. Lock that crap down, and make the devs code the right way.

  3. Re:I want a mechanism for pluck-outs... by jamstar7 · · Score: 5, Funny

    The pony should be a plugin

    The mental image that came to mind when I saw that convinces me that I watch WAY too much porn...

    --
    Understanding the scope of the problem is the first step on the path to true panic.