Mozilla Targets Security And Stability With New Firefox Beta

Mozilla is looking to improve both the stability and security of the new Firefox 3.6 beta, after updating it so that it can prevent add-ons from adding code to Firefox’s components directory.

Firefox’s components directory houses much of the browser’s own code, and the change to prevent third-party applications from adding code to it, will therefore keep developers and software vendors from silently installing Firefox add-ons without the user’s permission. It also will reduce the number of crashes, according to Mozilla.

Components installed by the addition of third-party code to the component directory cannot be managed by users through the add-ons manager or disabled if they are causing problems, Mozilla Human Shield Johnathan Nightingale wrote on the Mozilla Security Blog.

“What’s worse, components dropped blindly into Firefox in this way don’t carry version information with them, which means that when users upgrade Firefox and these components become incompatible, there’s no way to tell Firefox to disable them,” Nightingale continued. “This can lead to all kinds of unfortunate behaviour: lost functionality, performance woes and outright crashing – often immediately on startup.”

Though the components directory will be only for Firefox, “Third-party applications can still extend Firefox via add-ons and plug-ins,” he wrote. Developers accustomed to “dropping components directly … [will] need to change to an XPI-based approach,” he added. To help with that, Mozilla has released a migration document that outlines the necessary changes.

“The good news is that once you’ve done this, your add-on will actually be visible to users and will support proper version information so that our shared users are guaranteed a more positive experience,” Nightingale wrote.

Mozilla Firefox 3.6 Beta 3 is available for download here.