Mozilla announced three significant changes to Firefox's add-on model, which also involve many tradeoffs that many of its users are guaranteed to dislike. However, the changes should ultimately significantly improve Firefox's security architecture and put it more in line with Chrome and Microsoft's recently released Edge browser.
"Elecrolysis" is Mozilla's project to bring a multi-process sandbox system to Firefox, similar to what Chrome has had since day one of its existence, and what Microsoft's Edge browser has now. There are some differences between the three sandbox models, though, and so far Mozilla's system still seems to be the weakest one, although it will improve later on.
Elecrolysis will initially only separate the web content into another process. This means it shouldn't consume quite as much RAM as Chrome, but at the same time it won't be as secure, either. Over time, Mozilla will work on splitting the web content into multiple processes, too.
Right now, Chrome keeps every tab and extension in a different process, which makes it much harder for malicious web code to attack other parts of the browser. Microsoft's Edge also uses "app containers" for every tab, for the same reason, and it could prove to be an even better model.
The reason Elecrolysis is not quite as strong as the others is because unlike Chrome and Edge, Firefox wasn't written from scratch to use a multi-process sandbox system. Mozilla largely has to work around existing features of Firefox to provide this system.
That's why Mozilla announced today that Elecrolysis will require its add-on system to become much more simplified. In order to do that, the company created the "WebExtensions API," which is largely compatible with Chrome's extension model.
This hits two birds with one stone, as developers won't have to rewrite their Chrome extensions to work for Firefox to a large extent. Opera has already made it possible for Chrome extensions to work in its browser, and Microsoft promised something similar for Edge.
Elecrolysis should go live in the release channel starting with Firefox 43, which should ship by the end of the year.
Mozilla recently announced that it intends to require all extensions to be cryptographically signed by the company itself. The reasoning behind this is that adware providers manage to sneak through unsigned add-ons on millions of users' PCs, and Mozilla believes that its vetting process for extensions combined with cryptographic signing should greatly reduce this risk.
Mozilla has to manually verify the code of these extensions, which can take weeks or months in some cases because the current add-ons are more complex. The new WebExtensions API should help developers build cleaner extensions that are easier to read by Mozilla's employees during the vetting process. The company hopes this will reduce the vetting time to only five days per extension.
Mozilla expects to start enforcing the extension signing beginning with Firefox 42.
Deprecating The Old Add-On Model
One of Mozilla's biggest features has always been its permissive add-on model that gave add-ons power over the browser's internals. This has been great for developers coming up with new innovative features for browsers.
However, it also means that whenever Mozilla changes something more significant in Firefox's core, those add-ons will stop working because of the lack of modularity. Sometimes those add-ons will also crash the Firefox browser itself, because of their tight interconnection.
Mozilla even said that without a fundamental shift to how Firefox add-ons work, technologies such as Elecrolysis, Servo (the much faster rendering engine that's written in Rust, Mozilla's new programming language) and browser.html wouldn't be able to exist in Firefox.
Mozilla said that add-ons that use XUL, XPCOM and XBL technologies will be deprecated within 12 to 18 months, and developers should switch to using the new WebExtensions API. Most of the older add-ons should be ported easily. For those who can't work within the WebExtensions framework, Mozilla is willing to listen to suggestions and feedback from developers for how to make them compatible with the new system.
Over the next few years, Firefox should go through some painful transitions, because many things will need to stop working the way they did in order to make room for the new features and the improved security architecture (which might still not be as good as Chrome's and Edge's in the end).
However, one has to wonder whether it may have been better for Mozilla to deprecate Firefox entirely and create a brand new, highly secure, and ultra-fast browser, all written in Rust.
After many failed attempts from Microsoft to improve Internet Explorer, it decided that it's better to start fresh, and that allowed Edge to have likely the strongest security model right now, as well as high performance.
Mozilla could do the same thing instead of trying to port new technologies to an old browser core. It may even rejuvenate excitement about the company's new "modern browser" (whichever it may be), because Firefox's market share has kept declining over the past few years, even though it's been keeping up with Chrome in terms of support for new web features.