Geeks for your information News Browsers News & Tips v
Mozilla bans all extensions that execute remote code
Mozilla bans all extensions that execute remote code
harlan4096 Online
MalWare Zoo Team
*******
Posts: 14,704
Threads: 9,636
Thanks Received: 9,083 in 7,233 posts
Thanks Given: 9,884
Joined: 12 September 18
#1
Information  07 November 19, 11:59
Quote:
[Image: mozilla-block-addons.png]

Mozilla added a number of extensions for the Firefox web browser that execute code remotely to the organization's blocklist in the beginning of November.

The bugzilla listing shows only IDs of the extensions and (almost) no names but the move appears to have affected several translation add-ons for the browser that injected Google Translate or Bing Translate code into websites to provide users of the web browser with page translation functionality.

The developers of Page Translator and Google Translate this page revealed recently that their extensions were banned by Mozilla. Several other translator extensions, Babelfox, Google Translate Element or Bridge Translate seem to be affected by the ban as well.

The developer of Page Translator offers insights into what happened in the past couple of days. The extension used Google Translate or Microsoft Translator libraries to provide Firefox users with in-line language translation capabilities. It downloaded the JavaScript file and injected it into pages to provide on-page translations.

Mozilla disallowed execution of external remote code for listed extensions for some time. Extensions listed on AMO were not allowed to execute remote code; the same was not true in all cases for self-hosted, read unlisted, extensions.

The developer had the extension removed from AMO when Mozilla made the initial policy change but did offer it as an unlisted add-on to users. According to him, the extension was used by thousands of users who used it to translate pages in Firefox.

Mozilla put the extension on a blacklist which killed it remotely in all Firefox installations that did not have the blacklisting functionality disabled.

An exchange with a Mozilla representative confirmed Mozilla's stance on the matter.

Quote:I've read your article, but unfortunately this is not a restriction we will be lifting.

If you find a way to provide this feature in compliance with our policies, we'd be willing to lift the block in a way that you could submit a new version for your users.
...
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  • silversurfer
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
K-Lite Codec Pack 15.9.1 Update
Changes in 19.0.0 ...Kool — 05:00
QOwnNotes 19.1.6
25.6.1 A segmen...Kool — 15:34
Privazer 4.0.19
PrivaZer version v...Kool — 08:36
AMD announces Ryzen AI Z2 Extreme and Ry...
AMD is announcing ...harlan4096 — 08:12
AMD expands FSR4 game list to 65 titles,...
AMD adds more FSR4...harlan4096 — 08:10

[-]
Birthdays
Today's Birthdays
avatar (41)zacforat
avatar (46)NemrokReks
Upcoming Birthdays
avatar (38)Tedscolo
avatar (45)brakasig
avatar (44)JamesReshy
avatar (46)Francisemefe
avatar (39)leoniDup
avatar (38)Patrizaancem
avatar (38)biobdam
avatar (37)Barrackleve
avatar (39)Julioagopy
avatar (49)aolaupitt2558
avatar (39)storoBox
avatar (47)kinotHeemn
avatar (38)Ceballos1976
avatar (39)efynu
avatar (31)horancos

[-]
Online Staff
harlan4096's profile harlan4096
Administrator
zevish's profile zevish

>