Firefox makes extension porting easier as security crackdown looms

New tools should help developers bring their extensions over from Chrome or Opera, but existing extensions may have trouble surviving the shift.

firefoxlogo

Mozilla is pushing ahead with a plan to block unsigned Firefox browser extensions, though it’s offering better developer tools as consolation.

As Mozilla has previously indicated, it will soon require a security check for all third-party Firefox extensions. Starting with Firefox 41, which launches on September 22, Mozilla will block all unsigned extensions, though users will be able to override this protection if they want. However, that override won’t be available for all beta and release versions of Firefox 42 and higher, as they’re released. (Nightly and Developer additions will still allow unsigned extensions with the user’s override permission, ostensibly for testing.)

Mozilla has said that the new signing procedure is necessary to stop ad injections and malicious scripts. Add-on guidelines and a blocklist are no longer enough, Mozilla argues, as it’s become too difficult to track and discover malware before the damage is done. The move is not without controversy, as some users rely on extensions that are no longer officially supported by their developers.

To help mitigate these concerns, Mozilla is introducing a WebExtensions API, which it says will allow for low-effort porting of extensions from other browsers, such as Chrome, Opera, and eventually Microsoft Edge . Mozilla says it can review these extensions faster, and they also support a new multi-process version of Firefox that will go stable in December. Multi-process effectively separates rendering and UI chrome from page content, preventing full browser crashes if just one page experiences problems.

As part of these changes, Mozilla also plans to deprecate Firefox add-ons that use XPCOM, XUL, and XBL, possibly in the next 12 to 18 months. While these add-ons allow Firefox to be deeply customizable, they’re also prone to breaking when Mozilla rolls out browser updates, and the switch to multi-process will only exacerbate those problems. The challenge, then, is for Mozilla to build out its WebExtensions and other tools so that developers can offer suitable replacements for existing add-ons.

The impact on you: Make no mistake, these changes will cause some ugliness for Firefox users who rely on add-ons—especially those that don’t exist in other browsers. Even Mozilla is admitting that without considerable development, Firefox-only add-ons will not survive the transition. It’s a huge trade-off as Mozilla pursues a more secure and stable browser, and while it may pay off in the long run, for some users it could diminish what makes Firefox unique in the first place.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Related:
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.