Language Selection

English French German Italian Portuguese Spanish

Firefox 17 Will Boost Add-On Security

Filed under
Moz/FF

Add-ons are a big part of the Firefox experience for many users of Mozilla's popular browser, and just recently we saw the number of add-ons downloaded so far cross the 3 billion mark.

Now, it looks like Mozilla is working to make those add-ons more secure than ever.

“Add-ons often need to interact with page content, and mixing privileged and unprivileged code can be a tricky thing to get right without compromising security,” explained Jorge Villalobos, Mozilla's add-ons developer relations lead, in a post on the Add-Ons Blog on Monday. “Unintentionally exposing privileged objects to Web content is a major security concern.”

Rest here




More in Tux Machines

Development News

  • Git for design projects
  • Updating POSIX
    To the first point, many people seem unaware that POSIX is an actual set of standards - IEEE 1003.1 in several variations, plus descendants. These standards cover a lot more than just operations on files, and technically "POSIX" only refers to systems that have passed a set of conformance tests covering all of those. Nonetheless, people often use "POSIX" to mean only the section dealing with file operations, and only in a loose sense of things that implement something like the standard without having been tested against it. Many systems, notably including Linux, pretty explicitly do not claim to comply with the actual standard.
  • Delete Your Dead Code!
    A few days ago, Ned Batchelder's post on deleting code made the rounds on HN, even though it was originally written in 2002. Here I want to echo a few of Ned's points, and take a stronger stance than he did: delete code as soon as you know you don't need it any more, no questions asked. I'll also offer some tips from the trenches for how to identify candidate dead code. This is the first in a series on eating your vegetables in software engineering, on good, healthy practices for a happy and successful codebase. I don't (yet) know how long the series will be, so please stay tuned!

Security Leftovers

  • 66% of USB Flash Drives infected – don’t trust a stray [Ed: Windows]
    The problem is that the OS will automatically run a program that can install malware from a USB stick.
  • Dental Assn Mails Malware to Members
    The domain is used by crooks to infect visitors with malware that lets the attackers gain full control of the infected Windows computer.
  • Slack bot token leakage exposing business critical information
    Developers are leaking access tokens for Slack widely on GitHub, in public repositories, support tickets and public gists. They are extremely easy to find due to their structure. It is clear that the knowledge about what these tokens can be used for with malicious intent is not on top of people’s minds…yet. The Detectify team shows the impact, with examples, and explains how this could be prevented.

Android Leftovers

Debian and Devuan

  • An Open Letter to Linas Vepstas
    The entire essay continues on a similar note. Although the title implies this is a rant about Ubuntu and Debian, he seems to paint the entirety of Linux Land with the same broad brush. And that would be factually wrong. "Factually wrong" doesn't mean he hasn't pointed out some serious problems. He has. I and many other Linux users see the same problems he identifies. What's "factually wrong" is that these problems are built into the combination of kernel, system software, and applications generally called either "Linux" or "GNU/Linux". And his implication that there's no reasonable way for a user to avoid these problems is also factually wrong. The bottom line of my objection to his essay is this: Nobody should use software they don't like, especially if there's a reasonable alternative. And by extension, why is Linas still using Debian and Ubuntu and systemd and Firefox and Chrome and Gnome? There are reasonable alternatives to every single one of them.
  • March and April contributions
  • My work for Debian in April
  • Free software activities in April 2016
  • Devuan Jessie 1.0 Beta Screenshot Tour