July 10, 2023THNMorebrowser security

Mozilla has announced that some add-ons may be blocked from running on certain sites as part of a new feature called “”. isolated domain.

“For various reasons, including security concerns, we have introduced a new backend feature that allows only some extensions monitored by Mozilla to run on specific websites,” the company said. Said In the Firefox 115.0 release notes released last week.

The company said the openness provided by the add-on ecosystem could be exploited by malicious actors.

“This feature will prevent attacks by malicious actors targeting specific domains if they have reason to believe that there may be malicious add-ons that they have not yet discovered,” Mozilla said. says. Said in a separate supporting document.

Starting with Firefox version 116, users are expected to have more control over each add-on’s settings. However, it can be disabled by loading “about:config” in the address bar and setting “extensions.quarantinedDomains.enabled” as follows: error.

This development further enhances the existing functionality of Mozilla. Disable individual extensions remotely Those that pose a risk to user privacy and security.

Note that the current implementation shows warnings in the extension popup instead of the extension icon. As a result, no warning is displayed when the add-on is pinned to the toolbar.

Firefox quarantined domains

“We found that when you pin an extension to the toolbar, it no longer appears in the extensions popup.” Jeff Johnson, security researcher and add-on developer I got it.

“As a result, the quarantined domain warning no longer appears in the extension’s popup either. In fact, the extension’s popup is gone. Clicking the icon in the extension toolbar just opens the about:addons page.” and I don’t see any quarantined domain warnings anywhere.”

upcoming webinars

🔐 Privileged Access Management: Learn How to Overcome Key Challenges

Discover different approaches to overcoming the challenges of privileged account management (PAM) and leveling up your privileged access security strategy.

reserve a spot

“This is terrible user interface design for the new so-called ‘security’ feature, silently disabling the extension while hiding the warning from the user,” Johnson added.

Mozilla said it plans to improve the user experience in future releases, but didn’t give a final timeline.

The change follows the French-launched browser-based law, which requires browser vendors to establish a mechanism for enforcing blocking of websites on government-provided lists to combat online fraud. It also follows Mozilla’s condemnation of the website blocking proposal.

“A move like this would overturn decades of well-established content moderation norms and offer a strategy for authoritarian governments that easily deny the existence of censorship evasion tools.” The company said. Said.

Did you enjoy this article? Follow us twitter and LinkedIn To read more of the exclusive content we post.

cropped-BTA_Logo-B-1-scaled-1
YOUR FUTURE STARTS HERE.

BLUE TRAINING ACADEMY

Register now for our membership to gain access to our elite training program and fast forward your career today!

Newsletter

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

cropped-BTA_Logo-B-1-scaled-1
Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog