Mozilla has announced that some add-ons may be blocked from running on certain sites as part of a new feature called “”. isolated domain.
“For various reasons, including security concerns, we have introduced a new backend feature that allows only some extensions monitored by Mozilla to run on specific websites,” the company said. Said In the Firefox 115.0 release notes released last week.
The company said the openness provided by the add-on ecosystem could be exploited by malicious actors.
“This feature will prevent attacks by malicious actors targeting specific domains if they have reason to believe that there may be malicious add-ons that they have not yet discovered,” Mozilla said. says. Said in a separate supporting document.
Starting with Firefox version 116, users are expected to have more control over each add-on’s settings. However, it can be disabled by loading “about:config” in the address bar and setting “extensions.quarantinedDomains.enabled” as follows: error.
This development further enhances the existing functionality of Mozilla. Disable individual extensions remotely Those that pose a risk to user privacy and security.
Note that the current implementation shows warnings in the extension popup instead of the extension icon. As a result, no warning is displayed when the add-on is pinned to the toolbar.
“We found that when you pin an extension to the toolbar, it no longer appears in the extensions popup.” Jeff Johnson, security researcher and add-on developer I got it.
“As a result, the quarantined domain warning no longer appears in the extension’s popup either. In fact, the extension’s popup is gone. Clicking the icon in the extension toolbar just opens the about:addons page.” and I don’t see any quarantined domain warnings anywhere.”
🔐 Privileged Access Management: Learn How to Overcome Key Challenges
Discover different approaches to overcoming the challenges of privileged account management (PAM) and leveling up your privileged access security strategy.
“This is terrible user interface design for the new so-called ‘security’ feature, silently disabling the extension while hiding the warning from the user,” Johnson added.
Mozilla said it plans to improve the user experience in future releases, but didn’t give a final timeline.
The change follows the French-launched browser-based law, which requires browser vendors to establish a mechanism for enforcing blocking of websites on government-provided lists to combat online fraud. It also follows Mozilla’s condemnation of the website blocking proposal.
“A move like this would overturn decades of well-established content moderation norms and offer a strategy for authoritarian governments that easily deny the existence of censorship evasion tools.” The company said. Said.