{"id":39878,"date":"2019-11-01T12:10:42","date_gmt":"2019-11-01T12:10:42","guid":{"rendered":"http:\/\/icloud.pe\/blog\/?guid=d81a2dfe488af50ece1a40a8bcb7cc76"},"modified":"2019-11-01T12:10:42","modified_gmt":"2019-11-01T12:10:42","slug":"firefox-scraps-extension-sideloading-over-malware-fears","status":"publish","type":"post","link":"https:\/\/icloud.pe\/blog\/firefox-scraps-extension-sideloading-over-malware-fears\/","title":{"rendered":"Firefox scraps extension sideloading over malware fears"},"content":{"rendered":"<p><span class=\"field field-name-field-author field-type-node-reference field-label-hidden\"><br \/>\n      <span class=\"field-item even\"><a href=\"https:\/\/www.cloudpro.co.uk\/authors\/keumars-afifi-sabet\">Keumars Afifi-Sabet<\/a><\/span><br \/>\n  <\/span><\/p>\n<div class=\"field field-name-field-published-date field-type-datetime field-label-hidden\">\n<div class=\"field-items\">\n<div class=\"field-item even\"><span class=\"date-display-single\">1 Nov, 2019<\/span><\/div>\n<\/p><\/div>\n<\/div>\n<p class=\"short-teaser\">\n<a href=\"https:\/\/www.cloudpro.co.uk\/\" title=\"\" class=\"combined-link\"><\/a><\/p>\n<div class=\"field field-name-body\">\n<p>Support for sideloaded extensions in the Firefox browser will be discontinued from next year following concerns that the function could be exploited to install <a href=\"https:\/\/www.itpro.co.uk\/malware\/28076\/what-is-malware\" >malware<\/a> onto devices.<\/p>\n<p>Sideloading is a method of installing a browser extension that adds the file to a specific location on a user&#8217;s machine through an executable application installer. These are different from conventional add-ons, which are assigned to profiles, and are also available to download outside official Firefox channels.<\/p>\n<p>From 11 February 2020, the Firefox browser will continue to read sideloaded files, but will copy these over to a user&#8217;s individual profile and install them as regular add-ons. Then from 10 March, sideloaded extensions will be phased out entirely.<\/p>\n<p>Mozilla argues that for some users it&#8217;s difficult to remove sideloaded extensions completely, as these cannot be fully removed from Firefox&#8217;s Add-ons Manager. This has also proved a popular method of installing malware, the firm said.<\/p>\n<p>&#8220;Sideloaded extensions frequently cause issues for users since they did not explicitly choose to install them and are unable to remove them from the Add-ons Manager,&#8221; <a href=\"https:\/\/blog.mozilla.org\/addons\/2019\/10\/31\/firefox-to-discontinue-sideloaded-extensions\/\" >said Firefox&#8217;s add-ons community manager Caitlin Neiman<\/a>.<\/p>\n<p>&#8220;This mechanism has also been employed in the past to install malware into Firefox. To give users more control over their extensions, support for sideloaded extensions will be discontinued.&#8221;<\/p>\n<p>The transition period between February and March has been put in place to ensure that no pre-installed sideloaded extensions will be lost from users&#8217; profiles, given they will have been copied over as conventional add-ons.<\/p>\n<p>Developers have also been urged to update install flows, and direct users to download extensions through either their own web pages or the Firefox Add-Ons hub.<\/p>\n<p>One prominent example of malware installed via side-loading, albeit not on Firefox itself, was <a href=\"https:\/\/www.itpro.co.uk\/malware\/26895\/pok-mon-go-spawns-over-200-pok-malware-clones\" >a Pokemon Go clone released in 2016<\/a> that allowed cyber criminals to gain full control to victims&#8217; smartphones.<\/p>\n<p>Before Pokemon Go was available in Europe, the cyber criminals publicised a non-official version of the app that could be downloaded from sources beyond the Google Play Store. <\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>      Keumars Afifi-Sabet<\/p>\n<p>        1 Nov, 2019    <\/p>\n<p>      Support for sideloaded extensions in the Firefox browser will be discontinued from next year following concerns that the function could be exploited to install malware onto devices.<br \/>\nSidelo&#8230;<\/p>\n","protected":false},"author":433,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-39878","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/39878","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/users\/433"}],"replies":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/comments?post=39878"}],"version-history":[{"count":1,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/39878\/revisions"}],"predecessor-version":[{"id":39879,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/39878\/revisions\/39879"}],"wp:attachment":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/media?parent=39878"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/categories?post=39878"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/tags?post=39878"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}