Mozilla is changing its policies and have let developers know that they will be blocking all Firefox add-ons that contain obfuscated code in an effort to clean out malicious third-party code.
Expert Comments:
Usman Rahim, Digital Security and Operations Manager at The Media Trust:
“Paying closer attention to the risks that third-party code suppliers pose is an important step in the right direction. However, Mozilla should clarify a few potential issues:
– First, where do Mozilla and Google, which has introduced a similar policy, draw the line on obfuscation? Most if not all developers at least slightly obfuscate code in order to protect it from unauthorized appropriation, whether to protect their invention from copycats and attackers
– Related to this, how will they evaluate the safety of all submitted code—in short, what is their process? This is important because bad actors are also known to eschew obfuscation to make their code appear legitimate and harmless.
– Finally, why will Mozilla block the extension only after the user installs it rather than before?”
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
