Mozilla has announced that it will no longer accept Firefox extensions that contain obfuscated code as part of their updated Add-on policy that goes into effect on June 10, 2019.
“We will continue to allow minified, concatenated, or otherwise machine-generated code as long as the source code is included. If your extension is using obfuscated code, it is essential to submit a new version by June 10th that removes it to avoid having it rejected or blocked,” wrote Caitlin Neiman, Add-ons Community Manager at Mozilla, in a blog post announcing the move.
In software development parlance, obfuscation refers to the deliberate practice of writing programs that are harder for humans to understand. It’s also done in an attempt to conceal the true purpose of the software, thus making it easy for cyber criminals to hide malicious code.
Minified code, on the other hand, refers to programming scripts that have been compressed by removing unnecessary white spaces, newlines, comments, or shortening variables to make them more efficient without altering their functionality.
The policy update aims to address any such security concerns and make “add-ons safer for Firefox users,” in addition to proactively blocking extensions that are found to be in violation of their policies. The post also goes on to add that it will continue to block extensions that are insecure, and those that compromise user privacy, or circumvent user consent or control.
Depending on the nature of policy violation, Mozilla has explained that the blocking (or blocklisting) could either be a hard or soft block. A hard block completely disables the add-on with no option for the user to manually re-enable it, whereas a soft block allows you to override the block and continue using it.
It’s worth noting that Mozilla’s move to block unsafe add-ons follows a similar policy for Google Chrome extensions that was announced late last year and went into effect at the start of January 2019.
TNW Conference 2019 is coming! Check out our glorious new location, inspiring line-up of speakers and activities, and how to be a part of this annual tech extravaganza by clicking here.