Mozilla’s New Feature Blocks Risky Add-Ons on Certain Websites to Keep Users Safe
Mozilla has announced that some add-ons may be blocked from running on certain sites as part of a new feature called Quarantined Domains.
“We’ve introduced a new back-end feature to only allow some extensions that are monitored by Mozilla to run on certain websites for a variety of reasons, including security concerns,” the company added. said in the Release Notes for Firefox 115.0 released last week.
The company says the openness afforded by the additional ecosystem can be exploited by bad actors to their advantage.
“This feature allows us to prevent attacks by bad actors targeting specific domains when we have reason to believe that there may be a malicious add-on that we have not discovered,” Mozilla said. said in a separate supporting document.
Users are expected to have more control over the settings for each add-on, starting with Firefox version 116. That said, it can be disabled by loading “about:config” in the address bar and setting “extensions.quarantinedDomains.enabled” to FALSE.
The development adds to Mozilla’s existing capabilities for remotely disable individual extensions that pose a risk to user privacy and security.
It should be noted that the warning appears in the Extensions popup rather than the Extensions icon in the current implementation, as a result the warning is not shown if the add-on is pinned to the toolbar.
“Apparently when you pin an extension to the toolbar, it no longer appears in the Extensions popup!”, security researcher and add-on developer Jeff Johnson noted.
“As a result, the quarantined domain warning no longer appears in the Extensions popup. In fact, there is no Extensions popup anymore: clicking the Extensions toolbar icon only opens the about:addons page, which does not display the quarantined domain warning anywhere.”
🔐 Privileged Access Management: Learn How to Beat Key Challenges
Discover different approaches to conquering Preferred Account Management (PAM) challenges and enhance your privileged access security strategy.
“This is appalling user interface design for the so-called new ‘security’ feature, which silently disables extensions while hiding warnings from users,” Johnson added.
Mozilla has said that they intend to improve the user experience in future releases, although they did not provide a definite timeline.
The change also comes as Mozilla has criticized a browser-based website blocking proposal put forward by France that would require browser vendors to establish mechanisms to compulsorily block websites on a list provided by the government to tackle online fraud.
“Such a move would overturn decades of established norms of content moderation and provide a playbook for authoritarian governments that would easily negate the existence of censorship circumvention tools,” the company said. said.
