MozillaZine

Plug-ins danger for popularity of Firefox!

Discussion about official Mozilla Firefox builds
raoul_teeuwen
 
Posts: 11
Joined: October 1st, 2004, 12:50 pm

Post Posted April 19th, 2005, 10:17 pm

(if this is not posted in a thread that is watched by Firefox-developers, can someone please make it so that one of those people notice this message?)

I have read and heard several stories of people that experience problems when installing a newer version of Firefox. SOME find out it is a specific plug-in that, once de-activated, causes Firefox to run as expected. But how many people would turn away from Firefox because of problems with plug-ins? Is Firefox losing users as a cause of plug-in-problems?

I do not know what possible solutions there are to solve this. Maybe make it so that a message appears whenever a new version is installed/run for the 1st time that explains possible problems with plugins and gives a choice of running WITH or WITHOUT plug-ins and have Firefox detect whether it succesfully connected to for instance the firefox-website???

I hope this helps in spreading firefox. Thanks for all the good work. Kindest regards,

Raoul.

sulla
 
Posts: 47
Joined: June 17th, 2004, 3:08 pm
Location: Innsbruck, Austria

Post Posted April 19th, 2005, 11:50 pm

incompatible extensions should be deactivated automatically, shouldn't they? At least this was the behaviour that I expected myself when I upgraded from 0.9 to 1.0

My concern about plug-ins rather has to do with the signature feature. WHEN WILL THIS BE IMPLEMENTED??

Greetinx, sulla

Robert S.

User avatar
 
Posts: 4399
Joined: April 24th, 2004, 3:04 am
Location: Bay Area, CA

Post Posted April 20th, 2005, 12:17 am

Currently, the version number used for checking incompatibility is only being bumped for x.X.x releases so it doesn't apply to 1.0.3

What value is signing going to provide besides knowing whether the extension has been modified since creation? Also, I have used a test cert to sign an extension and Firefox recognized it as signed and I don't believe there is anything preventing signing extensions at present - the only reason I don't sign my extension is due to the cost of a certificate especially in regards to working on the extension during my spare time for free and that it provides a false sense of security to many people that seem to believe that a signed extension means that it won't break Firefox or that it doesn't contain malware.

sulla
 
Posts: 47
Joined: June 17th, 2004, 3:08 pm
Location: Innsbruck, Austria

Post Posted April 20th, 2005, 1:26 am

Signing for me would have to be a security feature:

signing of an extension would have to be done by the mozilla foundation, i.e. by a mozilla team that checks whether an extension
* is correctly labelled as compatible with x.X.x (i.e. like 1.0.3 and not 9.9.9)
* is indeed compatible with the version stated (run tests to see if the extension does not crash firefox)
* MOST IMPORTANTLY: check if the extension does what it claims to do and is no virus or trojan

i.e. users could be sure that an extension signed with the certificate of the mozilla foundation could be trusted NOT TO BE MALWARE and NOT TO CRASH MOZILLA.

Also, firefox could be made to deny the installation of extensions not signed by the mozilla foundation. That would be the basic idea for me behind signatures.

If just anybody can sign any extension, then I agree, signing would be worth absolutely nothing.

But its at least good to know that compatibility checks are only run on x.X.x, not on x.x.X
"love is a matter of chemistry -
but sex is a matter of physics!"

Robert S.

User avatar
 
Posts: 4399
Joined: April 24th, 2004, 3:04 am
Location: Bay Area, CA

Post Posted April 20th, 2005, 4:21 am

sulla wrote:Signing for me would have to be a security feature:

signing of an extension would have to be done by the mozilla foundation, i.e. by a mozilla team that checks whether an extension
* is correctly labelled as compatible with x.X.x (i.e. like 1.0.3 and not 9.9.9)
* is indeed compatible with the version stated (run tests to see if the extension does not crash firefox)
* MOST IMPORTANTLY: check if the extension does what it claims to do and is no virus or trojan

i.e. users could be sure that an extension signed with the certificate of the mozilla foundation could be trusted NOT TO BE MALWARE and NOT TO CRASH MOZILLA.

Also, firefox could be made to deny the installation of extensions not signed by the mozilla foundation. That would be the basic idea for me behind signatures.

If just anybody can sign any extension, then I agree, signing would be worth absolutely nothing.

But its at least good to know that compatibility checks are only run on x.X.x, not on x.x.X

The actual work of checking is what provides this and not the signing. The extensions could be checked and signed or be checked and not be signed... the signing itself in no way provides or gaurantees this. I think many people equate it to a seal of approval but it in way gaurantees that it has been checked.

What signing does provide is that from the moment it was packaged and signed it has not been modified. I could for example, take a signed extension, modify it, repackage it, and sign it again. IMO the value in signing is that it is extremely unlikely that someone is going to sign a malware extension but then again an extension author creating an extension for free is very unlikely to pay for a certificate to sign their extension. There is also the potential value that if the ftp sites that host the extensions is compromised, the extensions replaced with malware, that a user installing one of these extensions during the time prior to the admins have not removed access to the extensions of seeing it isn't signed and not installing it. I say potential since this hasn't happened or come close to happening with these servers as far as I personally know. Also, if the person that compromised the servers had a signing cert they could have signed the extensions they used to replace though I admit that the chances of them having a signing cert is rather unlikely but not much more so than the servers being compromised.

Also, ayone can sign an extension. I can for example take an extension I didn't author and sign it. The only requirement besides having the extension is having a valid code signing certificate.

sulla
 
Posts: 47
Joined: June 17th, 2004, 3:08 pm
Location: Innsbruck, Austria

Post Posted April 20th, 2005, 4:59 am

all right, all right, all right

lets stop this topic somewhere here as it has nothing to do with the original question of the topic any more, and lets not trouble raoul_teeuwen with the signature-discussion, we had them in the past.

wig_out_on_me, I completely agree to your overall argument, though not to all parts:

* when installing signed extensions you would not only get the info: Signed YES/NO but: Signed BY WHOM. The BY WHOM is critical.
* if somebody tries to install malware on firefox users, it is very likely that he purchaes a certificate, as this will make FF users believe that the extension is "good".
* the using of certificates to guarantee that extensions are not modified since packaging is, IMHO, really a rather useless function
* checking of extensions by mozilla foundation is fine, but how should I know the extension has been checked? A certificate BY THE MOZILLA FOUNDATION would guarantee that. And the FF installer would say: "certificate form the mozilla foundation" and i would KNOW that it is not malware. If the installer says "certificate from John Doe" I would know that i have to be CAREFUL with this extension
* if somebody hijacks the mozilla server, replaces the extensions there, he would still not be able to sign them WITH THE MOZILLA FOUNDATION keys, but only with John Doe keys, and users would immediately be alarmed.

And it happens:
I once visited a page that wanted to install an exension just due to visiting the page. I decided not to install the extension, as I didn't know the author, had he signed the extension or not. Had this extension been signed with the keys of the MOZILLA FOUNDATION I would probably have installed the extension.

Robert S.

User avatar
 
Posts: 4399
Joined: April 24th, 2004, 3:04 am
Location: Bay Area, CA

Post Posted April 20th, 2005, 5:19 am

Sorry raoul_teeuwen but these kind of beliefs really do concern me.
If the extension is from a site you trust would the signing matter? I don't see the signing as being critical but I do see the site I am installing from as being critical.
I agree that there is no way to know if the extension has been checked. My point is that signing it is no gaurantee or way to know that it has been checked.
I expect most users wouldn't notice who it was signed by and I am very sure most users don't understand what signing actually provides as well as feel a false sense of trust into extensions that are signed.
They wouldn't be able to sign it with the same certificate but I personally believe most people would install it anyway whether it was signed or not if for no other reason than the number of extensions that have been installed to date that haven't been signed.

I have seen sites that try to force an install as well. Knowing the author or not any site trying to force an install is probably trying to get you to install malware and the MOZILLA FOUNDATION would probably revoke a cert if they had issued it to a site that tried to force an install without the user initiating the install (e.g. a click). It goes against much of the philosophy behind Mozilla. I am also concerned about these sort of sites using signed extensions and thereby gaining the trust of someone that thinks signing means it is valid.

0live
 
Posts: 799
Joined: June 15th, 2004, 7:28 am
Location: Brussels

Post Posted April 20th, 2005, 7:03 am

Not directly related to the extensions compatibility w/ v1.0.3 issue, but if a newbie installs a couple of (unstable) extensions then starts having problems on some sites, he or she may not see the connection and blame Firefox itself for being unstable. As obvious as it may seem to more experienced guys, newbies should be advised to uninstall/disable recently installed extensions in case they're experiencing problems.
Linux i686 (ubuntu-gutsy) | Minefield (20081118020400) | Tb 2.0.0.17pre (2008092517) w/ Lightning

raoul_teeuwen
 
Posts: 11
Joined: October 1st, 2004, 12:50 pm

Post Posted April 20th, 2005, 8:02 am

I feel humble reading this discussion, as the people that replied seem to know a lot of usefull things i do not know to much of. It looks like a usefull discussion though :-).

I do not know one of the people replying is in the core FF development-team. I hope my concern gets noticed. I agree that experienced users would/should know dependencies between stability and plug-ins, but i would like a mechanism to protect newbies as well, as i think we need those newbies to keep (building/growing) mass of FF-users.

Raoul.

Robert S.

User avatar
 
Posts: 4399
Joined: April 24th, 2004, 3:04 am
Location: Bay Area, CA

Post Posted April 20th, 2005, 5:15 pm

Raoul - I was thinking a bit about this and believe a better way for this to get noticed is to outline how you think it should work and file an enhancement bug in bugzilla. Members of the core dev team are few and don't read the forums much but they do read the bugs in bugzilla.

Spewey
Folder@Home

User avatar
 
Posts: 5799
Joined: January 25th, 2003, 2:06 pm
Location: St. Paul, Minnes°ta

Post Posted April 20th, 2005, 5:39 pm

My undies are in a bunch and I'm wrapped around the axle because the core devs won't listen to me. I told them I want everything to work all the time and they ignored me.

Robert S.

User avatar
 
Posts: 4399
Joined: April 24th, 2004, 3:04 am
Location: Bay Area, CA

Post Posted April 20th, 2005, 5:45 pm

Spewey - I didn't know you wore underwear... :P

Spewey
Folder@Home

User avatar
 
Posts: 5799
Joined: January 25th, 2003, 2:06 pm
Location: St. Paul, Minnes°ta

Post Posted April 20th, 2005, 5:53 pm

No, man, I told ya: Not only do they have to make the browser, they have to keep track of extension compatibility! Know why? 'cuz extension authors are lazy! Especially the popular complicated ones! Those are the ones that always break!

Robert S.

User avatar
 
Posts: 4399
Joined: April 24th, 2004, 3:04 am
Location: Bay Area, CA

Post Posted April 20th, 2005, 6:42 pm

I wouldn't say that extension author's are lazy but yes, the complicated ones do often break. Also, I don't think that MoFo does keep track or has to keep track of extension compatibility. What they do currently is bump the x.X.x minor version number for those releases and extensions that use the maxVersion the way it is suppose to be used will automatically be disabled if the author hasn't updated that field in their extension or their extension's update rdf. The closest thing that MoFo has done to keep track of extension compatibility that I have seen was with a blog entry by Asa for the 1.0.3 release along with the bug he opened for this... the rest is just bumping a version number which is just part of releasing software in general.

Also, with the 1.0.3 release it was stated that extensions should use XPCNativeWrapper which would protect against many of the security issues addressed in 1.0.3. The sad fact of the matter is that there are only three hits on www.mozilla.org for XPCNativeWrapper and these are all for changelogs... there is not one document, tutorial, what ever stating that this should be used there. Also, there were sections in the Firefox codebase that should have been using XPCNativeWrapper that were not and were discovered during the 1.0.3 release. The only tutorial I found for XPCNativeWrapper was on a wiki and it is somewhat vague but don't get me wrong, I do appreciate the tutorial.

As a point of fact, several of the simpler extensions broke with 1.0.3 due to changes that were not announced IMO all that well and extension authors were not given much time between the announcement and the 1.0.3 release... it all happened very quickly with some of the patches that affected this being added within the last day or two before release. Once again, I understand this will sometimes be necessary but it isn't the extension authors fault that this is so and they were unable to update their extension in time any more that it is the dev's fault for making these changes within a day or two before release.

Spewey
Folder@Home

User avatar
 
Posts: 5799
Joined: January 25th, 2003, 2:06 pm
Location: St. Paul, Minnes°ta

Post Posted April 20th, 2005, 6:57 pm

wig_out_on_me wrote:The sad fact of the matter is that there are only three hits on www.mozilla.org for XPCNativeWrapper and these are all for changelogs... there is not one document, tutorial, what ever stating that this should be used there.

They always do this. Behind the scenes, they have a problem and a deadline and the two go together like shit and fan. The juggled balls are all the same ones we hear about everywhere else: security, backwards compatability, and robustness. But they have to make 'em land somewhere all the same, each time, no matter what.

wig_out_on_me wrote:As a point of fact, several of the simpler extensions broke with 1.0.3 due to changes that were not announced IMO all that well and extension authors were not given much time between the announcement and the 1.0.3 release... it all happened very quickly with some of the patches that affected this being added within the last day or two before release. Once again, I understand this will sometimes be needed but it isn't the extension authors fault that this is so and they were unable to update their extension in time any more that it is the dev's fault for making these changes within a day or two before release.

I would never get you wrong, you are too great an asset, irreplacable, and lovable to boot. None of the extension authors are to blame. If MoFo could dedicate resources to nurturing, developing, and guarding all extensions like members of a cute, furry goose flock I'm sure they would do it. As it is, they are left hanging on their own and only the Strong survive.

It always happens quickly. Right after powerusers whine in here for several months that the new version is overdue a new version comes out and they just light into it because they can't believe it would break stuff that way.

We all need to repeat: 45 million users, 28 languages, 3 platforms, and eternally weak documentation. Of course, holes will always slip through.

Return to Firefox Builds


Who is online

Users browsing this forum: No registered users and 4 guests