McAfee Add-on Update

5

Just over a week ago, Mozilla’s memory team discovered major leaks caused by the McAfee SiteAdvisor 3.4.1 add-on. A bug was filed, and six days later the McAfee team released version 3.4.1.195, which fixed the major leaks.

The Add-ons Team generally will not block legitimate add-ons without consulting with their developers first and giving them a reasonable amount of time to analyze and fix whatever problem is discovered. We have found that developers of legitimate, widely-used add-ons are usually more than happy to work with us in finding resolutions to problems and ensuring a smooth experience for users. As expected in this case, the McAfee team kept close communications with us and provided a pre-release version for us to test in advance. The partially fixed version was released less than a week later.

Version 3.4.1.195¬†doesn’t fix all the memory leaks, but it does fix the most serious ones. The remaining leaks are being tracked on bug 729608. At this point it is unclear if the remaining memory leaks are caused by McAfee’s code or Firefox bugs. We will keep you up-to-date on any major developments.

Tags: ,

Categories: end users, policy

5 responses

  1. Jesse Ruderman

    How do users get updates for the McAfee SiteAdvisor add-on? Will we blacklist the old version in a few weeks?

    1. Jorge Villalobos

      The add-on is updated through the McAfee software, so users should be checking for updates there.

      Blocking the old versions is bug 729614.

  2. Neil Rashbrook

    Has the underlying cause of the leak been documented in some sort of best practices document somewhere that extension authors can look at?

    1. Jorge Villalobos

      I don’t know about this particular situation, but there is documentation being written for common causes for memory leaks. Since we’re only beginning to investigate leaks in add-ons, there’s still much to learn about it, but the current docs are a good start.

  3. Jonathan Watt

    Good to hear that they were very responsive.