Hacker News new | past | comments | ask | show | jobs | submit login

> I got concerned for a moment that this will end up forcing all extensions to be available only from Add On store, (similar to Chrome). Thankfully it’s not that.

Mozilla is working on achieving exactly that, and in fact Firefox is already worse than Chrome in this aspect, see my comment here: https://news.ycombinator.com/item?id=21418604




Thanks for this. I want to say that it’s all bad choice from Mozilla and rant, but instead I want to understand the threat model they’re considering. Extensions do get a lot of access to browser, and may also use side-channels[1] to work around inaccessible apis. From a brief look at the linked discussions, I grock that they’re thinking about a malware with admin privileges installing the add-on. Is it likely that some malware only has access to “side-load addons” and nothing more? If not, then can’t it just install keylogger, network monitor, etc? I can’t find better answers other than my speculations.

[1]: Not that I have one such exploit, but even without access to “tabs” permissions, extensions can still query the status of tabs, run benchmark processes, and add context menus with various “filters” such as right click on a text or image. Sure this doesn’t give direct access to data, but timing attacks and such should be possible.


I agree that having a discussion on the actual threat model Mozilla is working with is the best way to approach this issue.

Mozilla is trying to defend against malware or adware with root access on the device.

Malware with root access can do what it wants, inluding just replacing the Firefox executable, keylogging, making screenshots, intercepting traffic, or patching Firefox in any number of ways.

Adware can legally do the same if users give consent. Most antivirus software in fact injects code and is capable of controlling processes, they also intercept traffic to monitor for threats.

If both malware and adware can do esentially what they want on the device, then we are left with how this change affects users.

Users can install a different browser, or patch Firefox, but it becomes prohibitive for regular users to control their own browsers if they choose to continue using Firefox, because they lack the expertise to make the necessary changes.

Disallowing local extensions at all costs in Firefox has minimal security benefits, while greatly harming user and software freedom.


You contradict yourself in your linked comment. Add-on install will not be locked to addons.mozilla.org. You can continue to use automatic signing and distribute through whatever channels you like, just as the comment you're replying to states.


> Add-on install will not be locked to addons.mozilla.org. You can continue to use automatic signing and distribute through whatever channels you like

Extensions which require signing by uploading to addons.mozilla.org are controlled by Mozilla and can be blocklisted, it does not matter from where the user ends up downloading the extension.

This practice is worse than what is allowed in Chrome. Google allows installing local and private extensions that have not been signed, after an option is changed in Chrome.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: