Comments on: 100 up-to-date Firefox extensions http://www.squarefree.com/2004/07/10/100-up-to-date-firefox-extensions/ Jesse Ruderman on Firefox, security, and more Tue, 06 Jan 2009 07:09:19 +0000 http://wordpress.org/?v=2.5 By: arielb http://www.squarefree.com/2004/07/10/100-up-to-date-firefox-extensions/#comment-645 arielb Tue, 30 Nov 1999 00:00:00 +0000 http://www.squarefree.com/test/wp15/wordpress/?p=153#comment-645 I feel for the sake of security, that update.mozilla.org should be the only place where firefox should be able to download an extension. I feel for the sake of security, that update.mozilla.org should be the only place where firefox should be able to download an extension.

]]> By: Jed http://www.squarefree.com/2004/07/10/100-up-to-date-firefox-extensions/#comment-646 Jed Tue, 30 Nov 1999 00:00:00 +0000 http://www.squarefree.com/test/wp15/wordpress/?p=153#comment-646 Why? What if I were to tell you that some of the same people who do the update.mozilla.org checkings/updates are the same who maintain the ExtensionRoom database. Also, if anyone know of any extensions that DO NOT work in Firefox 0.9 + please let us know! Thanks Why? What if I were to tell you that some of the same people who do the update.mozilla.org checkings/updates are the same who maintain the ExtensionRoom database.

Also, if anyone know of any extensions that DO NOT work in Firefox 0.9 + please let us know!
Thanks

]]> By: alanjstr http://www.squarefree.com/2004/07/10/100-up-to-date-firefox-extensions/#comment-647 alanjstr Tue, 30 Nov 1999 00:00:00 +0000 http://www.squarefree.com/test/wp15/wordpress/?p=153#comment-647 That's a nice sentiment, Jed, but ER is really being neglected. It has for a long time. But I'm not saying I agree with the previous comment, either. Until UMO has the ability for authors to update their own entries, not everyone will choose to list theirs. One reason why ER has so many is that we don't ask for permission to list something, nor do we actually install it and make sure it doesn't hose your system. With UMO, we only accept author-submitted entries and we validate them (to a degree). That’s a nice sentiment, Jed, but ER is really being neglected. It has for a long time.

But I’m not saying I agree with the previous comment, either. Until UMO has the ability for authors to update their own entries, not everyone will choose to list theirs.

One reason why ER has so many is that we don’t ask for permission to list something, nor do we actually install it and make sure it doesn’t hose your system. With UMO, we only accept author-submitted entries and we validate them (to a degree).

]]> By: arielb http://www.squarefree.com/2004/07/10/100-up-to-date-firefox-extensions/#comment-648 arielb Tue, 30 Nov 1999 00:00:00 +0000 http://www.squarefree.com/test/wp15/wordpress/?p=153#comment-648 well! right now in the latest build I have, firefox will only from mozilla.org, mozdev and texturizer but you can add more if you like. It is very important that extensions are tested. If they are untested and buggy they may create exploitable problems. Imagine this scenario. Unsupported extension "X" is very popular, it digs deep into mozilla core. Someone finds an exploit for mozilla + extension x. Now how is mozilla.org supposed to deal with problems created by buggy unsupported extensions? well! right now in the latest build I have, firefox will only from mozilla.org, mozdev and texturizer but you can add more if you like.
It is very important that extensions are tested. If they are untested and buggy they may create exploitable problems. Imagine this scenario. Unsupported extension “X” is very popular, it digs deep into mozilla core. Someone finds an exploit for mozilla + extension x. Now how is mozilla.org supposed to deal with problems created by buggy unsupported extensions?

]]> By: alanjstr http://www.squarefree.com/2004/07/10/100-up-to-date-firefox-extensions/#comment-649 alanjstr Tue, 30 Nov 1999 00:00:00 +0000 http://www.squarefree.com/test/wp15/wordpress/?p=153#comment-649 Um, exactly how much testing do you think we do? I don't look at the code, I just make sure it's relatively normal. Hopefully the Mozilla core itself is protected enough that an extension isn't able to make it vulnerable. There is no way to make extensions run inside a sandbox, since that would limit the functionality too much. I'm not sure where 100 extensions comes from, since I only see 97 listed for Firefox 0.9. Of course our database backend says 114, and I know there are some non-FX extensions in there. Um, exactly how much testing do you think we do? I don’t look at the code, I just make sure it’s relatively normal. Hopefully the Mozilla core itself is protected enough that an extension isn’t able to make it vulnerable. There is no way to make extensions run inside a sandbox, since that would limit the functionality too much.

I’m not sure where 100 extensions comes from, since I only see 97 listed for Firefox 0.9. Of course our database backend says 114, and I know there are some non-FX extensions in there.

]]> By: Jesse Ruderman http://www.squarefree.com/2004/07/10/100-up-to-date-firefox-extensions/#comment-650 Jesse Ruderman Tue, 30 Nov 1999 00:00:00 +0000 http://www.squarefree.com/test/wp15/wordpress/?p=153#comment-650 I got 100 from the <a href="http://update.mozilla.org/">http://update.mozilla.org/</a> front page. Was I wrong to assume all were 0.9-compatible? I got 100 from the http://update.mozilla.org/ front page. Was I wrong to assume all were 0.9-compatible?

]]>