In association with heise online

18 November 2009, 12:49

Firefox 3.6 locks down component directory - Update

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Mozilla developers have announced that Firefox 3.6 will "lockdown" the components directory of the browser to stop third party applications bypassing the standard add-ons and plug-in support by pushing user invisible changes directly into Firefox. From today's planned release of Firefox 3.6's beta 3, and onwards, the components directory will be for Firefox code only and third party developers will only be able to extend the browser through the officially supported add-ons system.

Johnathan Nightingale, "Human Shield" at Mozilla, announced the change in a blog posting where he explained that the change in policy was driven by a need to increase the stability of Firefox. Extensions that are installed through the components directory, called "raw components", are not visible in the users Add-On Manager dialogue and do not carry version information with them. This means that neither Firefox or the user can detect out of date versions of these extensions, or update or disable them.

Nightingale directs add-on developers who use "raw components" to a document on the Mozilla Developer Center which covers the process of migrating "raw components" into add-ons.

Update - Firefox 3.6 Beta 3 adds a components.list file to the components directory. This file lists all allowed DLLs and scripts. A user with administrator privileges can access and add entries to this list. Whether this can effectively prevent the addition of raw components to Firefox and bypass the Add-On manager will have to be seen in further testing.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit