Firefox 17 to make add-ons more secure

[Jack]

As suggested by some of its developers back in 2010, the Firefox browser will introduce enhanced separation between add-ons and the rest of the browser. With the change, which is planned to take effect with the release of Firefox 17, scripts on web pages will only be able to access the data belonging to add-ons if they are included in a whitelist.
The beta version of Firefox 15 already logs warning messages in the browser's Error Console when a page that is not on the whitelist tries to access data from add-ons. This behaviour has been included to make add-on developers aware of the new policy and to give them time to fix their add-on's behaviour before the release of Firefox 17.

In the current versions of Firefox, entire add-on objects can be shared by adding them to contentWindow.wrappedJSObject which allows scripts on web sites to access all data belonging to these objects through the window.sharedObject variable. With Firefox 17, add-on developers are required to explicitly mark attributes with the __exposedProps__ property which acts as a whitelist for objects that Firefox will share. Possible values for this property allow read-only access, write-only access and read and write access.

Read more: http://www.h-online.com/security/news/item/Firefox-17-to-make-add-ons-more-secure-1672626.html

 

[McLovin]

Aren't the addons secure as they are now?

 

[Ink]

Apparently not, even so most extensions want access to your data.

I'm not sure how it works, but I never trust all add-ons, that's why I use 1 or 2 only.

 

[McLovin]

Apparently not, even so most extensions want access to your data.

I'm not sure how it works, but I never trust all add-ons, that's why I use 1 or 2 only.

The only ones that I can say that I trust down pat is Lastpass, WOT, Ghostery and Ablock Plus.

 

[Ramblin]

Apparently not, even so most extensions want access to your data.

I'm not sure how it works, but I never trust all add-ons, that's why I use 1 or 2 only.

As I understand it, addons are allowed to read your files and since they are also allowed to connect because they are part of the browser, they are able to send the info out. To minimize the danger, like you, I only use 3 addons, they are well known and being around for a long time.

Sandboxie helps a bit to keep our personal files ours. Since I am always running browsers, other programs sandboxed, I block programs in the sandbox to have access to my personal files by using the settings that Sandboxie give us to do so (Blocked file access).

Bo