Computerworld is reporting that the forthcoming version of Firefox 3.6 will include a feature which disables the ability for other applications to “sneakily” install add-ons without the users knowledge. One can assume this is in response to Microsoft’s sneaky move which installed an add-on without notifying users at all – and exposed users to malware.
In an email to Computerworld, Johnathan Nightingale, manager of the Firefox front-end development team said
“We’re doing this for stability and user control, Dropping raw components in this way was never an officially supported way of doing things, which means it lacks things like a way to specify compatibility. When a new version of Firefox comes out that these components aren’t compatible with, the result can be a real pain for our shared users.”
Nightingale goes on to say; “Now that those components will be packaged like regular add-ons, they will specify the versions they are compatible with, and Firefox can disable any that it knows are likely to cause problems,”
Developers will now be required to package their extensions as “regular addons” – which are the XPI-based files that are usually downloaded from Mozilla Addons. The new feature locks down the components directory entirely, so all applications will be forced to use the regular XPI install process to install their addons now, which may create problems for older applications after the change.
Nightingale also added that “We’ll be working with third-party developers over the next while to help them make the transition to a supported extension mechanism, The main result for users will be less breakage, not more. But one reason we announce this and get it out in betas is to make sure we know what all the major impacts will be before we release it to a couple hundred million users.”
Firefox 3.6 Beta 3 is planned for release later today and will include the new lockdown feature. Current beta users will be updated automatically.