Among the many reasons why Mozilla’s Firefox browser has become popular is
the fact that it’s relatively easy to build and install add on extensions
for it. That ease of extensibility however has a potential dark side to it.
Those same extensions that add power to Firefox, generally speaking, could
arguably represent a security risk as well. It’s a security gap that Mozilla
is now plugging with its Alpha 8 development release of its next generation
Firefox 3 browser.
In terms of add-on extension security, Firefox 3 Alpha 8 is specifically
targeting the updating of add-ons to make that process more secure.
Mozilla spells out the issue in its guide on the new extension security:
“Firefox currently automatically checks for updates to add-ons using a url
specified in the add-on’s install manifest. Currently there are no requirements placed on these urls. In particular, neither url is required to be https. This allows either the update manifest or the update package to be compromised, potentially resulting in the injection of malicious updates. A demonstration of one form of compromise is already public.”
The new extension security feature will aim to secure updates by a number of
mechanisms including using SSL (define), and digital signatures that
help to verify the identity and authenticity of the add-on’s author. The
general idea is that by ensuring that both the update mechanism and
integrity of the update package are properly secured, overall safety will be
There still might well be other issues that Mozilla will need to tackle in
order to further improve add-on security though.
“It should be stressed that this feature is targeted at ensuring the
security of updates to add-ons and has no impact on the security of initial
add-on installs,” Mozilla admits in its guide.
The Alpha 8 build is what Mozilla considers to be an early developer
milestone and is not intended for the general public. In fact one of the
rough edges in Firefox 3 Alpha 8 will actually prevent it from launching on
Windows Vista if parental controls are enabled.