MozillaZine

PCWorld.com Reviews Mozilla Firefox 0.8

Thursday February 19th, 2004

Scott I. Remick writes: "PC World has put up a nice review of Firefox 0.8. While mostly positive, it does point to a few shortcomings, such as how the extensions site wasn't able to handle the onslaught right after release, which for 2 days kept the reviewer from accessing the site. He also mentions troubles managing extensions, and the issue of many sites only working with IE (which he admits isn't Firefox's fault)."


#15 Re: Re: New Extension Server

by jgraham

Friday February 20th, 2004 3:27 AM

You are replying to this message

More to the point, what are the requirements for getting an extension hosted on mozilla.org. All extensions that are hosted on mozilla.org should be held to the same quality standards as other code avaliable from mozilla.org; which suggests rather extensive QA (extensions must work with an arbitary combination of other mozilla.org hosted extensions) and code review. Unfortunately, that's a big task (code review especially) and I'm not sure that there are lots of people who are willing to step up and put the effort in. On the other hand, if no one does this, could we end up with an extension being distributed via mozilla.org which installs a keylogger into the browser?

On the theme of security and extensions, are there plans to sign extensions avaliable from mozilla.org? As many email viruses and spyware programs demonstrate, people aren't afraid to click on random links on the internet and let software be installed. In this way, Mozilla programs are just as vunerable to spyware and other nasties as IE is via ActiveX (obviously if IE have holes that allow unprompted installation of extensions that's worse). Perhaps the default firefox configuration should only allow code signed by mozilla.org to be installed? Then if companies require internal extensions, they can add their own certificate to the list of those accepted. Is there a better solution?