Add-ons Blog

Posts tagged with “security”

The Add-on Review Process and You

The add-on review process remains a mystery for many add-on developers. As a developer myself, I admit it feels like dropping your add-on into a bottom-less pit and just waiting (and hoping) for something to happen. As the weeks pass by, patience runs out and you wonder what’s going on.  Developers have rightly demanded more… Continue reading

Tags: , , , , , ,

Categories: developers, documentation, end users, general, policy

Update on the AMO Security Issue

Last week, we disclosed two instances of suspected malware in experimental add-ons on AMO.  Since that disclosure, we’ve worked with security experts and add-on developers to determine that the suspected trojan in Version 4.0 of Sothink Video Downloader was a false positive and the extension does not include malware.  The same investigation also confirmed that… Continue reading


Categories: general

Please read: Security Issue on AMO

NOTE: Further investigation has revealed that all versions of Sothink Web Video Downloader are malware free.  For more, read our update. Issue Two experimental add-ons, Version 4.0 of Sothink Web Video Downloader and all versions of Master Filer were found to contain Trojan code aimed at Windows users. Version 4.0 of Sothink Web Video Downloader… Continue reading


Categories: general

No Surprises

Surprises can be appropriate in many situations, but they are not welcome when user security, privacy, and control are at stake. Mozilla is committed to guarding these principles, and we feel that a policy should be adopted that explicitly details our stance on these issues in regard to add-on modifications. The text of our proposal… Continue reading

Tags: ,

Categories: developers, policy

Better Safe than Sorry

Over on the Adblock Plus blog, Wladimir Palant has posted two great articles on how to avoid making some common mistakes in extension development that lead to security vulnerabilities. I highly recommend extension authors check out his posts: Displaying web content in an extension – without security issues Five wrong reasons to use eval() in… Continue reading


Categories: developers