Skip to main content

Firefox 17 to make add-ons more secure

posted onAugust 22, 2012
by l33tdawg

As suggested by some of its developers back in 2010, the Firefox browser will introduce enhanced separation between add-ons and the rest of the browser. With the change, which is planned to take effect with the release of Firefox 17, scripts on web pages will only be able to access the data belonging to add-ons if they are included in a whitelist.

The beta version of Firefox 15 already logs warning messages in the browser's Error Console when a page that is not on the whitelist tries to access data from add-ons. This behaviour has been included to make add-on developers aware of the new policy and to give them time to fix their add-on's behaviour before the release of Firefox 17.

In the current versions of Firefox, entire add-on objects can be shared by adding them to contentWindow.wrappedJSObject which allows scripts on web sites to access all data belonging to these objects through the window.sharedObject variable. With Firefox 17, add-on developers are required to explicitly mark attributes with the __exposedProps__ property which acts as a whitelist for objects that Firefox will share. Possible values for this property allow read-only access, write-only access and read and write access.

Source

Tags

Mozilla Firefox Software-Programming

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th