Mozilla will introduce mandatory certification add-ons for Firefox

The company Mozilla in its blog announced new security rules relating to the additions to their browser Firefox. At the moment, the add-on can be installed either from their AMO collection or from any other site. Because of this freedom for add-on developers, the occurrence of malicious extensions has become more frequent. They substitute parts of the page, insert advertising into the pages, or perform other unpleasant actions. Therefore, in the near future add-ons that can be installed in the browser will undergo the procedure of mandatory verification and signature.

Add-ons that are in the AMO collection, in any case, are checked and will be signed automatically. Other add-ons can be submitted for automatic verification and subsequent signature, and if they do not go automatic verification, it will be possible to request verification manually. The transition period will take 12 weeks. After that, the Release and Beta versions of the browser will not be able to install unsigned add-ons.

Add-on developers will be able to test unsigned versions on nightly builds or special editions of the browser for developers. For those who use proprietary non-public add-ons for their projects, it will be possible to continue to do so. Thus, Mozilla hopes to increase the security of their browser for users. These plans do not yet apply to other projects of the company, Thunderbird or SeaMonkey.