New Mozilla Feature Blocks Risky Add-Ons on Specific Websites to Safeguard User Security

Cyber Security

Products You May Like

Jul 10, 2023THNBrowser Security

Mozilla has announced that some add-ons may be blocked from running on certain sites as part of a new feature called Quarantined Domains.

“We have introduced a new back-end feature to only allow some extensions monitored by Mozilla to run on specific websites for various reasons, including security concerns,” the company said in its Release Notes for Firefox 115.0 released last week.

The company said the openness afforded by the add-on ecosystem could be exploited by malicious actors to their advantage.

“This feature allows us to prevent attacks by malicious actors targeting specific domains when we have reason to believe there may be malicious add-ons we have not yet discovered,” Mozilla said in a separate support document.

Users are expected to have more control over the setting for each add-on, starting with Firefox version 116. That said, it can be disabled by loading “about:config” in the address bar and setting “extensions.quarantinedDomains.enabled” to false.

The development adds to Mozilla’s existing capability to remotely disable individual extensions that pose a risk to user privacy and security.

It’s worth noting that the warning appears in the Extensions popup rather than on the Extensions icon in the current implementation, as a result of which the alerts are not displayed should an add-on be pinned to the toolbar.

Firefox Quarantined Domains

“It turns out that when you pin an extension to the toolbar, it no longer appears in the Extensions popup!,” security researcher and add-on developer Jeff Johnson noted.

“Consequently, the quarantined domains warning no longer appears in the Extensions popup either. In fact, there’s no longer an Extensions popup: clicking the Extensions toolbar icon simply opens the about:addons page, which doesn’t show the quarantined domains warning anywhere.”

UPCOMING WEBINAR

🔐 Privileged Access Management: Learn How to Conquer Key Challenges

Discover different approaches to conquer Privileged Account Management (PAM) challenges and level up your privileged access security strategy.

Reserve Your Spot

“This is a terrible user interface design for the new so-called ‘security’ feature, silently disabling extensions while hiding the warning from the user,” Johnson added.

Mozilla has said that it intends to improve the user experience in future releases, although it did not give a definitive timeline.

The change also comes as Mozilla decried a browser-based website blocking proposal put forth by France that would require browser vendors to establish mechanisms to mandatorily block websites present on a government-provided list to tackle online fraud.

“Such a move will overturn decades of established content moderation norms and provide a playbook for authoritarian governments that will easily negate the existence of censorship circumvention tools,” the company said.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

Brazil’s top court orders nationwide suspension of Elon Musk’s X
Atlantic Ocean Might Be Undergoing a Rapid Cooling Near Equator And Scientists Do Not Know Why
Instagram Creator Lab Launched in India; Company Rolls Out New Story Features, Birthday Notes
New Malware Masquerades as Palo Alto VPN Targeting Middle East Users
Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack

Leave a Reply

Your email address will not be published. Required fields are marked *