Add-on Review Questions

Hi @danny08381, there hasn’t been a policy update but we do frequently update our mechanism for detecting potentially malicious extensions, and that can lead to more submissions being flagged for investigation. When that happens, we try to make adjustments to improve our accuracy, but that can take some time to put in action.

Hello

we submit an addons from 30-6 and no reply till now, Status “Disabled by Mozilla” and hold in “Awaiting Review”

Can you help us to know if there something wrong!!

Hi @hotelresbot, there is currently a backlog of submissions in the manual review queue. Our team is working as quickly as possible to look at add-ons in this queue. It may take 3 - 4 weeks for your submission to be reviewed.

Please do not resubmit your version as it will be added to the manual review queue and cause additional delays.

We expect the wait time for manual reviews to return to normal near the end of July. In the meantime, we sincerely apologize for the inconvenience.

I would like to ask why add-ons are not approved immediately as they have been so far in case of unlisted versions (only for testers).
I have a configuration for Circle CI based on: https://extensionworkshop.com/documentation/develop/getting-started-with-web-ext/#signing-test-version-listed

My reviewer answered me that I have to send source for my extension but it was required only whenever I wanted to submit production version.

I would be grateful for help.

1 Like

Hi @Mateusz_Przybylo, it would be helpful to know the name, GUID, or URL of your add-on. There are some circumstances where we need to review the source code (see https://extensionworkshop.com/documentation/publish/source-code-submission/).

Hey Folks,

It’s pretty clear right now that there’s been some changes when it comes to which add-ons are manually reviewed, and how long people should expect to wait then it comes to those manual reviews. There’s numerous posts already with people talking about how long reviews are taking. In another thread it was mentioned things should get better at the end of july.

Reviewing our own place in the review process over time, it’s clear that the queue isn’t a simple first-in-first-out. The number of people behind us in the queue has been as high as 17 and as low as one, often jumping up and down. So people behind us in the queue are being taken out of it, and presumably approved.

Firefox used to be where we released first. The reliable quick process helped us get changes to market quickly, and we’d follow up with other browsers later. This is going to need to change for us.

Some questions, that I think if answered would help the development community:

  1. What changed recently requiring more manual reviews?
  2. What can developers do to avoid the manual review requirement? (knowing this may help reduce the manual review load).
  3. Are there multiple manual-review queues? How do you get into the faster manual review queue?
  4. Timeliness of reviews seems to be a perpetual item of concern (the sidebar populated with lots of posts going back years), does mozilla consider extensions to be an asset worth prioritizing?

thanks!

@caitlin My addon was submitted on June 6, 2021, and was rejected on June 8, 2021 with a single silly reason, that iframe[sandbox~="allow-scripts"][sandbox~="allow-same-origin"] is forbidden. I replied to the reviewer and he did not give me a good justification, and then I raised a discussion and there has still been no justification for it: What's the point of forbidding a sandboxed iframe with allow-scripts and allow-same-origin?)

Although I totally disagree with that rejection, I still re-submitted a quick workaround that fixed the issue on June 8, 2021, and the re-submission is halted for review till now. I asked the reviewer about the current review process and there has been no reply.

If the sandboxed iframe issue is the reason for rejection, you should be able to diff the latest submission with the previous submission and be easily sure that it has been fixed. If there is another issue seen than I should received a further notification about it. What’s the problem causing the everlasting halt and nonresponsiveness of such re-review of a re-submission?

This is a production version: https://addons.mozilla.org/en-US/firefox/addon/split-desktop-extension/. In this case we always send with source code.
But the problem is with our staging version: https://addons.mozilla.org/en-US/firefox/addon/032673e71f074aeaa90e/ which we don’t want to submit for production. We just keep this version for testers (It will not be submitted to production review) and earlier these versions were immediately approved. For send staging version we use circleci file.

Thank you for your help,
Matt

Hi @preinheimer, thanks for reaching out. I’ll do my best to answer these questions.

  1. What changed recently requiring more manual reviews?

We continually assess the ecosystem for threats and update our security mechanisms to identify and react to potentially malicious submissions. Sometimes when this happens, it results in more submissions being flagged for manual review.

When we see a backlog in the manual review queue, we investigate the causes of the surge and use our findings to improve the accuracy of our security mechanisms to reduce the impact to non-malicious developers. Sometimes that can take awhile to sort out.

  1. What can developers do to avoid the manual review requirement? (knowing this may help reduce the manual review load).

That’s a great question. In general, developers should follow security best practices, request the right permissions, and make sure to follow the add-on policies.

We don’t have anything more specific at this time. We will share more information as it becomes available.

  1. Are there multiple manual-review queues? How do you get into the faster manual review queue?

There are different queues depending on the category, type and properties of add-on. While some queues may naturally move a bit faster than others (e.g. we want to react to malicious add-ons quickly to protect users), they are not review-speed based and add-ons don’t move from one into the other.

  1. Timeliness of reviews seems to be a perpetual item of concern (the sidebar populated with lots of posts going back years), does mozilla consider extensions to be an asset worth prioritizing?

Yes, this is a challenging area for us and other browser vendors! We do consider timeliness important and we aim to complete manual reviews as quickly as possible. However, other factors can contribute to delays (such as personal time off for staff, holiday schedules, etc).

I know the current delays are very frustrating for folks in the manual review queue. We apologize for the inconvenience and we’re working as quickly as possible to address the backlog.

Our application Free VPN Proxy by VeePN ver. 2.1.5 is in the review status from June 24th. What could be the reason for such a long review process? No comments from support team yet :frowning: We really need the update of the app now. Can we help with something to speed it up?

Hi @olena

We are currently experiencing a higher than usual volume of submissions. Our team is working as quickly as possible to look at add-ons that have been selected for manual review. It may take a couple of weeks for your submission to be reviewed.

Please do not resubmit your version as it will be added to the manual review queue and cause additional delays.

We sincerely apologize for the inconvenience.

We’ve now been in the queue for 6 weeks, no end in sight. We often go days without even advancing in the queue at all.

At this point we’ve got another release ready to go, and one that fixes bugs and reduces the number of warnings we expect the automated tools to fire. It seems like we’ll only be able to share that with Chrome & Edge users because the advice seems to be to not upload again while stuck in this queue.

Oh and the display of the queue disappeared. Here’s the data I did get: https://twitter.com/preinheimer/status/1422577415780450311/photo/1

Hi @preinheimer, can you please email me at cneiman [at] mozilla.com with the name of your add-on? I can look into this.

@caitlin Can you clarify something for me please. Our addon is unlisted, but has been awaiting review for a couple of weeks (addon id = pangeo-beta@geoedge.com).

Our addon is unlisted (as it’s just the beta versions for our testers and some early adopters to use)

The previous policy for unlisted addons was to approve them automatically (ie: no manual review was required).

  • Has the policy changed for unlisted addons? (some now appear to require manual review)

  • If so, why?

I think we all appreciate that the manual review team can only do so much in a given time, so a lot of us here are using unlisted addons to push out beta versions more frequently than our stable versions of the addon. If the unlisted addons now take as much time as listed addons then we’re all in for a lot of problems.

Thanks in advance for any clarification you can give about the situation

Hi @caitlin, I’ve submitted an unlisted (private) addon but it’s stuck in “Awaiting Review” process.

Any suggestion?

Best regards

Hi @werehamster, good questions.

Unlisted add-ons have always been eligible for manual review, although there’s been an increase in those selected for manual review since we introduced some security mechanisms when we moved to the post-review model a few years ago.

What is the name of your add-on? I can check to see where it’s at in the process.

Hi @nextgear2000, can you give me the name or (preferably) the ID of your add-on?

As long as you are in the “awaiting review” position, there’s not a lot to do, unfortunately. We’re working through the queue as quickly as possible.

Hi @caitlin we have two unlisted beta addons.

We’d like to push new changes out to these addons in the coming weeks, so it would be good to know if they will need manual review each time? If so, is there anything we can change in our codebase to avoid requiring manual review (we don’t use eval or any external code).

Thanks.

Hi @caitlin, my addon id is: 9d34c7229a4b40c4adb3.

Thanks.