There have been a number of situations in the past few weeks that have prompted modifications to our established Review Policies. Most of them have already been announced in a different number of ways, but it’s a good idea to sum them up in a single post. The policy page won’t be updated until the… Continue reading
The add-on review process remains a mystery for many add-on developers. As a developer myself, I admit it feels like dropping your add-on into a bottom-less pit and just waiting (and hoping) for something to happen. As the weeks pass by, patience runs out and you wonder what’s going on. Developers have rightly demanded more… Continue reading
Last week, we disclosed two instances of suspected malware in experimental add-ons on AMO. Since that disclosure, we’ve worked with security experts and add-on developers to determine that the suspected trojan in Version 4.0 of Sothink Video Downloader was a false positive and the extension does not include malware. The same investigation also confirmed that… Continue reading
NOTE: Further investigation has revealed that all versions of Sothink Web Video Downloader are malware free. For more, read our update. Issue Two experimental add-ons, Version 4.0 of Sothink Web Video Downloader and all versions of Master Filer were found to contain Trojan code aimed at Windows users. Version 4.0 of Sothink Web Video Downloader… Continue reading
Surprises can be appropriate in many situations, but they are not welcome when user security, privacy, and control are at stake. Mozilla is committed to guarding these principles, and we feel that a policy should be adopted that explicitly details our stance on these issues in regard to add-on modifications. The text of our proposal… Continue reading
Over on the Adblock Plus blog, Wladimir Palant has posted two great articles on how to avoid making some common mistakes in extension development that lead to security vulnerabilities. I highly recommend extension authors check out his posts: Displaying web content in an extension – without security issues Five wrong reasons to use eval() in… Continue reading
