One malicious add-on and another add-on with a serious security vulnerability were discovered recently on the Mozilla Add-ons site. Both issues have been dealt with, and the details are described below. Mozilla Sniffer Issue An add-on called “Mozilla Sniffer” was … Continue reading
Reviewing add-ons is a complicated task, and we haven’t been very good at documenting the whole process. New editors were trained live through IRC, and the training session usually took the better part of 2 hours. Even though I am … Continue reading
There have been a number of situations in the past few weeks that have prompted modifications to our established Review Policies. Most of them have already been announced in a different number of ways, but it’s a good idea to … Continue reading
The add-on review process remains a mystery for many add-on developers. As a developer myself, I admit it feels like dropping your add-on into a bottom-less pit and just waiting (and hoping) for something to happen. As the weeks pass … Continue reading
Last week, we disclosed two instances of suspected malware in experimental add-ons on AMO. Since that disclosure, we’ve worked with security experts and add-on developers to determine that the suspected trojan in Version 4.0 of Sothink Video Downloader was a … Continue reading
NOTE: Further investigation has revealed that all versions of Sothink Web Video Downloader are malware free. For more, read our update. Issue Two experimental add-ons, Version 4.0 of Sothink Web Video Downloader and all versions of Master Filer were found … Continue reading
Surprises can be appropriate in many situations, but they are not welcome when user security, privacy, and control are at stake. Mozilla is committed to guarding these principles, and we feel that a policy should be adopted that explicitly details … Continue reading
Over on the Adblock Plus blog, Wladimir Palant has posted two great articles on how to avoid making some common mistakes in extension development that lead to security vulnerabilities. I highly recommend extension authors check out his posts: Displaying web … Continue reading
