Security of Add Ons and Extensions

Add-ons Add-on Support
1

Question 1: When Mozilla tests new Add Ons or Extensions, do you do that by testing it at several different

physical locations? I ask because several malware items are primed to release their malware load only, when the

location is different from the “known locations of your testing facilities”. (/S I know it is too much to assume that

Mozilla even has testing facilities. /s . Because I don’t know what you do.)

On the other hand, given the known troubles with “Google Play”, “App Store”, “Apple Store” etc, it is not an unreasonable question to ask you!
Are you willing to take this on, or is it too much to ask?

==========================

PS: Keyword “Too much to ask”

Dear Mozilla,

Why is my sign on not following me from one page, or tab, to the next?
That’s dumb! Please stop being dumb!

Why do you have so many different blogs?

Do I have to have a separate sign-in ID and password for each of your blogs?
If so, why? Is it because you want to make sure nobody can find the
proper blog to ask a question?

Why do you make it so difficult to find the proper forum, hub, blog for any
particular question?

Why are “Add Ons” different from “Extensions”? Any reason at all for that?

What is the difference between a “Community Blog” and a “Forum”? Do tell !

Why, in general, can’t questions be answered on your multiple blogs, hubs and forums?

Some questions, I know, cannot be answered, because you do not know the answer.
If I had all the answers, I wouldn’t even bother you!

Other questions, related to security and other important issues, should be answered
simply because it would reasonable, important and essential to answer them.

4

I’m afraid I can’t answer that question. Fighting abuse and malware is, unfortunately, bit of a cat and mouse game.

Yep, this is a material concern for counter-abuse. The more general term for the technique you’re describing is “cloaking.”

I’m not sure what you’re referring to. What pages are you navigating between where your sign in does not persist between sites?

The assertion that you’re losing log-in state between tabs (presumably on the same site) is very odd. Have you changed the settings in your browser to clear cookies as you browse?

We’ve got a lot of different stuff to talk about. Since everyone doesn’t care about everything, we split them up into separate areas that are (hopefully) most relevant for each group of readers. That said, I’d welcome more information about the specific frustrations you’re encountering or what you’d like to see done differently.

To my knowledge the various blogs on blog.mozilla.org are powered by the same system, so you should be able to reuse the same authentication across all of them.

That, my friend, is a difficult question to answer. In the few minutes I have at the moment, my best summary is that the Mozilla Project was founded around 27 years ago and over the years it has undergone a number of expansions and contractions that have left our community efforts more scattered than any contributor would like.

At the moment the main place where we encourage discussion related to Add-ons is this corner of our Discourse server or in the #addons channel on our Matrix server. We try to call this out in the documentation and in links on addons.mozilla.org.

If you have seen any specific resources that provide contradicting information or where you haven’t seen this information but expected it, please let us know.

Add-ons are an umbrella term for all of the different ways that Firefox can be customized after initial installation. Extensions are the single biggest category of add-ons, but other types include themes, language packs, and dictionaries. And as a bit of extra trivia, some parts of Firefox itself are also implemented using add-ons, like the WebCompat system add-on.

Well, blogs are generally one-way communication platforms that allow a publisher to put out articles while forums are meant as venues for asynchronous conversation between multiple parties. Comments on a blog can facilitate some dialog, but that’s usually limited to the subject of the initial post people are commenting on. Forums, on the other hand, are intended to enable folks to discuss a much broader set of topics in a timely fashion.

Essentially, blogs are good for sharing updates with a large number of people while forums are better for enabling a large number of people to talk to each other.

Keeping track of all of the posts across all of the channels is hard. Speaking as one of the people who tries to answer questions as time allows, it’s much more practical to keep an eye on a small number of channels than to try to be everywhere all the time.