Compatibility update: Firefox 38 and 38.0.5

Jorge Villalobos

29

Following up on my previous post on Firefox 38 compatibility, I wanted to highlight an important change that I missed: in-content preferences. The preferences window is no more, and instead the main preferences UI is shown in a new tab. This only affects add-ons that overlay the preferences window, which should be rare.

Additionally, there’s an out-of-cycle release planned for June 2nd, which will go with version number 38.0.5. This is 38 with a few additions, which you can see in the release notes. These additions shouldn’t conflict with extensions compatible with 38, but it could conflict with complete themes. The new release is now available in the beta channel, so we recommend you test your add-ons on that version.

Add-on Compatibility for Firefox 39

Jorge Villalobos

5

Firefox 39 will be released on June 30th. Here’s the list of changes that went into this version that can affect add-on compatibility. There is more information available in Firefox 39 for Developers, so you should also give it a look.

General

XPCOM

New!

Please let me know in the comments if there’s anything missing or incorrect on these lists. If your add-on breaks on Firefox 39, I’d like to know.

The automatic compatibility validation and upgrade for add-ons on AMO will happen in the coming weeks, so keep an eye on your email if you have an add-on listed on our site with its compatibility set to Firefox 38.

Friend of AMO: Zitronella

Andreas Wagner

1

Congratulations to Astrid (Zitronella), our newest friend of AMO! Astrid dedicates her spare time to supporting German-speaking Firefox users in forums and chat rooms. She also helps to keep Firefox safe by finding and reporting potentially unsafe add-ons and bringing them to the attention of the AMO team.

“I have been contributing to Mozilla since 2010. Taking each and every one seriously, and providing support within computer literacy beyond the project is very important to me. Having the community at my back, exchanging experiences and working with them means a lot to me and is a huge enrichment.”

Thank you, Astrid! We’re glad to have you!

Thanks also to everyone who contributed to Marketplace and AMO last month–your contributions are reallly appreciated.

The new contribution wiki for May is now available. Please check it for projects that might interest you, and to report any of your contributions.

Dropping support for binary components in extensions

Jorge Villalobos

10

Update: this change has been pushed back to Firefox 41 rather than 40.

Starting with Firefox 40 41, scheduled to be released in August this year, binary XPCOM support for extensions will be dropped.

Binary XPCOM is an old and fairly unstable technology that a small number of add-on developers have used to integrate binary libraries into their add-ons, sometimes to tap into Firefox internals (hence the unstable part). Better technologies have become available to replace binary XPCOM and we have encouraged developers to switch to them. From the original post:

Extension authors that need to use native binaries are encouraged to do
so using the addon SDK “system/child_process” pipe mechanism:
https://developer.mozilla.org/en-US/Add-ons/SDK/Low-Level_APIs/system_child_process

If this is not sufficient, JS-ctypes may be an alternative mechanism to
use shared libraries, but this API is much more fragile and it’s easy to
write unsafe code.

Developers who rely on binary XPCOM should update their code as soon as possible to prevent compatibility issues. If you have any questions or comments about this move, please do so in the mozilla.dev.extensions newsgroup.

May 2015 Featured Add-ons

Amy Tsay

4

Pick of the Month: Save Text To File

by Robert Byrne

Save highlighted text to a file in the directory of your choice.

“One of a kind, save snippets as you surf with a single click including URL. Most important — excellent support.”

Featured: Adblock Plus Pop-up Addon

by Jesse Hakanen
Adblock Plus Pop-up Addon extends the blocking functionality of Adblock Plus to those annoying pop-up windows that open on mouse clicks and other user actions.

Featured: gTranslate

by Pau Tomàs, Pierre Bertet, Éric Lemoine
With gTranslate, you can translate any text in a webpage just by selecting and right-clicking over it. The extension uses the Google translation services to translate the text.

Nominate your favorite add-ons

Featured add-ons are selected by a community board made up of add-on developers, users, and fans. Board members change every six months, so there’s always an opportunity to participate. The deadline to apply for the next community board is May 10, 2015!

Each quarter, the board also selects a featured complete theme and featured mobile add-on.

If you’d like to nominate an add-on for featuring, please send it to amo-featured@mozilla.org for the board’s consideration. We welcome you to submit your own add-on.

Join the Featured Add-ons Community Board

Amy Tsay

1

Want to have a voice in which add-ons are featured on addons.mozilla.org (AMO)? If so, we invite you to apply for the featured add-ons board. Board members are responsible for deciding which add-ons are featured on AMO in the next six months. Featured add-ons help users discover what’s new and useful, and downloads increase drastically in the months they are featured, so your participation really makes an impact!

Anyone from the add-ons community is welcome to apply: power users, theme designers, developers, and evangelists. Priority will be given to applicants who have not served on the board before, followed by those from previous boards, and finally from the outgoing board. This page provides more information on the duties of a board member.

To be considered, please email us at amo-featured@mozilla.org with your name, and tell us how you’re involved with AMO. The deadline is Sunday, May 10, 2015 at 23:59 PDT. The new board will be announced about a week after.

We look forward to hearing from you!

Add-ons Update – Week of 2015/04/29

Jorge Villalobos

3

I post these updates every 3 weeks to inform add-on developers about the status of the review queues, add-on compatibility, and other happenings in the add-ons world.

The Review Queues

  • Most nominations for full review are taking less than 9 weeks to review.
  • 126 nominations in the queue awaiting review.
  • Most updates are being reviewed within 6 weeks.
  • 48 updates in the queue awaiting review.
  • Most preliminary reviews are being reviewed within 9 weeks.
  • 127 preliminary review submissions in the queue awaiting review.

If you’re an add-on developer and would like to see add-ons reviewed faster, please consider joining us. Add-on reviewers get invited to Mozilla events and earn cool gear with their work. Visit our wiki page for more information.

Firefox 38 Compatibility

The Firefox 38 compatibility blog post is up. The automatic AMO validation will be run soon.

Expect a compatibility post soon about a special 38.0.5 Firefox release that will follow 38.0. I don’t think this will break any extensions, but it might affect themes and it’s a heads up so you can test on beta in advance of the release.

Firefox 39 Compatibility

I expect to publish the Firefox 39 compatibility blog post this week.

As always, we recommend that you test your add-ons on Beta and Firefox Developer Edition (formerly known as Aurora) to make sure that they continue to work correctly. End users can install the Add-on Compatibility Reporter to identify and report any add-ons that aren’t working anymore.

Extension Signing

We announced that we will require extensions to be signed in order for them to continue to work in release and beta versions of Firefox. If you’re an extension developer, please read the post and participate in the discussions. A followup post was published recently, addressing some of the reasons behind this initiative.

Electrolysis

Electrolysis, also known as e10s, is the next major compatibility change coming to Firefox. In a nutshell, Firefox will run on multiple processes now, running each content tab in a different one. This should improve responsiveness and overall stability, but it also means many add-ons will need to be updated to support this.

We will be talking more about these changes in this blog in the future. For now we recommend you start looking at the available documentation.

The Case for Extension Signing

Daniel Veditz

12

Mozilla’s  recent announcement that mandatory extension signing is coming to Firefox this summer generated a lot of feedback from our developer community. Most of them were concerned with the burden this puts on developers who don’t host their add-ons on AMO as well as the centralization of add-on oversight. I would like to add more insight into why we are making this change. In our last post we mentioned the difficulties of tracking down add-ons and blocking them, but there’s much more behind the decisions that were made to come up with this plan. This post should give you a better idea of why we think extension signing is necessary and how we are still honoring our principles of openness and user control.

The power of add-ons

We love add-ons and wouldn’t want to browse the Web without the enhanced experience they offer. I myself have 22 active add-ons at the moment, with another seven disabled but on hand just in case. Firefox add-ons aren’t restricted to a limited API for manipulating Web content and parts of the browser. Add-ons can use, manipulate, or even replace just about any aspect of Firefox internals. Add-ons are one manifestation of a freedom so important to us that we have enshrined it in our Mozilla principles: Individuals must have the ability to shape the Internet and their own experiences on the Internet.

The adware scourge

The Web experienced by tech-savvy developers, however, is not the Web experienced by most people. While only fourteen add-ons hosted on our addons.mozilla.org site have more than a million users, and only two of those have more than 3 million, many tens of millions of users have non-hosted add-ons that were installed without their informed consent. Users run the risk of picking up unwanted extra add-ons and other software every time they download software over the Internet. Even updates of software that many users find indispensable or software from download sites run by trusted news organizations come bundled with these unwanted extras. Their Internet experience is being shaped by these third party add-ons in ways they did not choose and that benefit third parties and not the user. Most of these unwanted add-ons are advertising related in some way, tracking user actions and altering content. These add-ons are not created with user security in mind and can break fundamental browser security. These violate another of Mozilla’s basic principles: Individuals’ security and privacy on the Internet are fundamental and must not be treated as optional.

Signing Add-ons

The solution we are pursuing, as described in our last post, is for the builds used by the majority of Firefox users to require that add-ons be signed by Mozilla. It is heartbreaking that there are so many malicious developers in the world intent on taking advantage of others, but we’ve reached the same conclusion as other similar ecosystems that there needs to be a referee looking our for the user’s interests. Firefox users will still be able to shape their online experience through installing add-ons created by others: for the vast majority of them nothing will have changed in that regard. This does, unfortunately, place an additional burden on add-on developers: they will have to develop against an unbranded but otherwise identical version of Firefox that we will provide.

Many developers have asked why we can’t make this a runtime option or preference. There is nowhere we could store that choice on the user’s machine that these greyware apps couldn’t change and plausibly claim they were acting on behalf of the user’s “choice” not to opt-out of the light grey checkbox on page 43 of their EULA. This is not a concern about hypotheticals, we have many documented cases of add-ons disabling the mechanisms through which we inform users and give them control over their add-ons. By baking the signing requirement into the executable these programs will either have to submit to our review process or take the blatant malware step of replacing or altering Firefox. We are sure some will take that step, but it won’t be an attractive option for a Fortune 500 plugin vendor, popular download sites, or the laptop vendor involved in distributing Superfish. For the ones who do, we hope that modifying another program’s executable code is blatant enough that security software vendors will take action and stop letting these programs hide behind terms buried in their user-hostile EULAs.

The other common question is why developers can’t have their own certificates and sign their own add-ons. This would require Mozilla to function as a Certificate Authority which is currently not in our expertise. It also means we would not be able to run security scans on the add-on code. The only thing preventing a malicious add-on in that case would be the strength of our contracts requiring non-malicious code and our ability to bring legal action should those contracts be breached. This approach would favor established companies in jurisdictions where we have offices and would be extremely unfair to individual developers, especially those outside those regions. We feel the community would be better off if we put our resources into the review and scanning process that can treat everyone equally rather than setting up a certificate issuing infrastructure.

More Info and Discussions

The previous blog post on this issue generated a lot of feedback and discussion – we anticipate you will want to discuss this again. The most effective place for these discussions to take place is on the Add-ons User Experience newsgroup.

We created a wiki page about Extension Signing where we will post all of the information we have about it. It includes an FAQ that offers answers to many of the questions the community has posed, as well as some questions that are still pending a definitive answer. We will also continue posting updates on this blog.

Add-ons Update – Week of 2015/04/08

Jorge Villalobos

4

I post these updates every 3 weeks to inform add-on developers about the status of the review queues, add-on compatibility, and other happenings in the add-ons world.

The Review Queues

  • Most nominations for full review are taking less than 9 weeks to review.
  • 216 nominations in the queue awaiting review.
  • Most updates are being reviewed within 4 weeks.
  • 56 updates in the queue awaiting review.
  • Most preliminary reviews are being reviewed within 8 weeks.
  • 198 preliminary review submissions in the queue awaiting review.

If you’re an add-on developer and would like to see add-ons reviewed faster, please consider joining us. Add-on reviewers get invited to Mozilla events and earn cool gear with their work. Visit our wiki page for more information.

Firefox 38 Compatibility

The Firefox 38 compatibility blog post is up. The automatic AMO validation will be run soon.

Firefox 39 Compatibility

I expect to publish the Firefox 39 compatibility blog post in the next week or so.

As always, we recommend that you test your add-ons on Beta and Firefox Developer Edition (formerly known as Aurora) to make sure that they continue to work correctly. End users can install the Add-on Compatibility Reporter to identify and report any add-ons that aren’t working anymore.

Extension Signing

We announced that we will require extensions to be signed in order for them to continue to work in release and beta versions of Firefox. If you’re an extension developer, please read the post and participate in the discussions. We will be posting a followup expanding on the reasons behind this initiative.

Electrolysis

Electrolysis, also known as e10s, is the next major compatibility change coming to Firefox. In a nutshell, Firefox will run on multiple processes now, running each content tab in a different one. This should improve responsiveness and overall stability, but it also means many add-ons will need to be updated to support this.

We will be talking more about these changes in this blog in the future. For now we recommend you start looking at the available documentation.