Mozilla is reportedly including a "walled garden" in an upcoming version of Firefox. How can a walled garden secure...
Web browsers? Why would a walled garden be seen as not beneficial?
One method used by vendors to increase the popularity of their browsers and strengthen user loyalty is encouraging independent developers to create add-ins, plug-ins and other extensions that provide additional functionality and allow users to customize their browser so it can work the way that suits them best. The downside of this policy, though, is poorly written plug-ins can affect the stability of the browser and the system it runs on while malicious ones can put personal information at risk.
The Mozilla add-ons platform has traditionally been very open to developers. Not only are they capable of changing Firefox in radical and innovative ways, but developers are entirely free to distribute their add-ons from their own sites, and not necessarily through AMO, Mozilla's website repository of add-ons. This gives genuine developers a great deal of flexibility, but it also hands bad actors the ability to take advantage of Firefox users. For example, extensions that change the homepage and search settings without a user's consent have become common, so too have extensions that inject advertisements into webpages or even inject malicious scripts into social media sites.
Mozilla has tried to enforce add-on guidelines that add-on creators must follow by remotely disabling noncompliant extensions. Most extensions that violate these guidelines are distributed almost exclusively outside of AMO, but tracking them down has become increasingly impractical. Mozilla has decided add-on development for Firefox needs to change to improve security and performance.
When version 39 of Firefox is released later this year, Mozilla will require all add-ons to go through AMO review and code signing, even those self-hosted add-ons outside of Mozilla's AMO. While developers won't be forced to distribute their extensions solely through AMO, they must still be submitted for review, and thus, signing. After the transition period, it will not be possible for users to install unsigned extensions in release or beta versions of Firefox. There won't be any preferences or command-line options to disable this configuration either. Details haven't been released yet about how add-ons that will never be publicly distributed -- such as those developed for in-house use -- will be handled.
Balancing functionality with security is a constant struggle when it comes to software development and is particularly true for browsers, the most popular interface for accessing the Internet and content from unknown and untrusted sources. Firefox add-ons execute with full control over the browser, and unlike Chrome and Safari, there are no barriers to keep them separate from each other or the browser; this is what enables developers to achieve such potent levels of customization and added functionality -- both good and bad. The new review process may go some way to improving security, but it relies heavily on automated and human reviewers to find possible hidden attack vectors -- a daunting task given the volume of submissions and the sophistication of modern malware.
Many Firefox fans are disappointed with these proposed changes particularly as there will be no option to allow the installation of unsigned extensions even if the user understands the risks. By forcing developers to go through a lengthy review process to get an extension approved or to release a critical security update, Mozilla risks alienating developers and making extensions less secure if they can't be patched in a timely manner.
The number of add-ins available for Firefox is one of its biggest strengths, and the additional steps developers now need to go through to make their add-on available may reduce the number of those willing to support Firefox. This so-called walled garden may help protect users from malicious add-ons but it has its downsides, so the balancing act of making sure the add-on ecosystem continues to flourish while keeping the average user safe goes on.
Ask the Expert:
Perplexed about application security? Send Michael Cobb your questions today. (All questions are anonymous.)
Uncover more about Internet security in this Web browser security tutorial
Dig Deeper on Web browser security
Related Q&A from Michael Cobb
A technique known as the GhostHook attack can get around PatchGuard, but Microsoft hasn't patched the flaw. Expert Michael Cobb explains why, as well...continue reading
Software developed by the hacking group Platinum takes advantage of Intel AMT to bypass the built-in Windows firewall. Expert Michael Cobb explains ...continue reading
Tensions between the U.S. and Russia have led to source code reviews on security products, but the process isn't new. Expert Michael Cobb explains ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.