New Firefox rules block extensions with obfuscated code

Updated add-on policy takes effect today

Firefox extensions containing obfuscated code will be disabled as of today (June 10), according to an updated add-on policy from Mozilla.

The rules, announced last month, will result in add-ons that hide any of their functionality being automatically blocked from Mozilla’s submission process, in order to create a safer experience for Firefox users.

In the original announcement on May 2, Caitlin Neiman, add-ons community manager at Firefox, said: “We will continue to allow minified, concatenated, or otherwise machine-generated code as long as the source code is included.

“If your extension is using obfuscated code, it is essential to submit a new version by June 10 that removes it to avoid having it rejected or blocked.”

The change to Mozilla’s requirements follows similar steps taken by Google last year to stop allowing extensions with obfuscated code on the Chrome Web Store.

“Today over 70% of malicious and policy violating extensions that we block from Chrome Web Store contain obfuscated code,” reads the Chromium Blog on October 1, 2018.

“At the same time, because obfuscation is mainly used to conceal code functionality, it adds a great deal of complexity to our review process.

“This is no longer acceptable given the aforementioned review process changes.”

In light of the scheduled rollout, a spokesperson from Mozilla told The Daily Swig: “Add-ons that violate the Firefox Distribution Agreement and the add-on policies will be removed in accordance with the content removal section.

“To respect the privacy of our add-on developers, we prefer not to share statistics on the number of obfuscated add-ons.

“Developers have been informed about these changes and were encouraged to submit a new version of their add-on without the use of obfuscation.”

According to Neiman’s announcement, ‘blocklisting’ – a method to disable third-party software that has been installed on Firefox – will also be more proactively implemented from today.

RELATED Firefox extends anti-tracking feature to all users by default