Geeks for your information News Browsers News & Tips v
Mozilla bans all extensions that execute remote code
Mozilla bans all extensions that execute remote code
harlan4096 Online
MalWare Zoo Team
*******
Posts: 16,141
Threads: 10,258
Thanks Received: 9,332 in 7,478 posts
Thanks Given: 10,295
Joined: 12 September 18
#1
Information  07 November 19, 11:59
Quote:
[Image: mozilla-block-addons.png]

Mozilla added a number of extensions for the Firefox web browser that execute code remotely to the organization's blocklist in the beginning of November.

The bugzilla listing shows only IDs of the extensions and (almost) no names but the move appears to have affected several translation add-ons for the browser that injected Google Translate or Bing Translate code into websites to provide users of the web browser with page translation functionality.

The developers of Page Translator and Google Translate this page revealed recently that their extensions were banned by Mozilla. Several other translator extensions, Babelfox, Google Translate Element or Bridge Translate seem to be affected by the ban as well.

The developer of Page Translator offers insights into what happened in the past couple of days. The extension used Google Translate or Microsoft Translator libraries to provide Firefox users with in-line language translation capabilities. It downloaded the JavaScript file and injected it into pages to provide on-page translations.

Mozilla disallowed execution of external remote code for listed extensions for some time. Extensions listed on AMO were not allowed to execute remote code; the same was not true in all cases for self-hosted, read unlisted, extensions.

The developer had the extension removed from AMO when Mozilla made the initial policy change but did offer it as an unlisted add-on to users. According to him, the extension was used by thousands of users who used it to translate pages in Firefox.

Mozilla put the extension on a blacklist which killed it remotely in all Firefox installations that did not have the blacklisting functionality disabled.

An exchange with a Mozilla representative confirmed Mozilla's stance on the matter.

Quote:I've read your article, but unfortunately this is not a restriction we will be lifting.

If you find a way to provide this feature in compliance with our policies, we'd be willing to lift the block in a way that you could submit a new version for your users.
...
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  • silversurfer
Find
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
QOwnNotes
26.4.6  Fixed a w...Kool — 08:36
INTEL Arc Graphics 32.0.101.8629 driver
Highlights: Int...harlan4096 — 07:57
Qualcomm Snapdragon X2 Elite Review Rou...
Snapdragon X2 Elite ...harlan4096 — 07:55
Qualcomm Snapdragon X2 Elite Review Roun...
Snapdragon X2, sec...harlan4096 — 07:55
Mozilla Firefox Browser 149.0.2
149.0.2 Firefox Re...harlan4096 — 07:52

[-]
Birthdays
Today's Birthdays
avatar (39)vemedProkbior
Upcoming Birthdays
avatar (45)wapedDow
avatar (49)oapedDow
avatar (42)Sanchowogy
avatar (46)MeighGoask
avatar (38)urumahiz
avatar (44)techlignub
avatar (43)Stevenmam
avatar (50)onlinbah
avatar (50)fuspeukChark
avatar (44)werriewWaiNg
avatar (38)Freemanleo
avatar (43)cdoubapKit
avatar (38)lystraPonia
avatar (31)smith8395john
avatar (51)steakelask
avatar (45)Termoplenka
avatar (43)bycoPaist
avatar (49)pieloKat
avatar (43)ilyagNeexy
avatar (51)donitascene
avatar (51)burntLaw
avatar (41)MrDoorsskibheeds
avatar (51)Toligo
avatar (46)Rodneykak
avatar (49)tradeSmode
avatar (38)RobertUtelt
avatar (36)Kiran78

[-]
Online Staff
There are no staff members currently online.

>