How Firefox Will Get Better Security By Changing Its Add-ons Model

Mozilla announced three significant changes to Firefox's add-on model, which also involve many tradeoffs that many of its users are guaranteed to dislike. However, the changes should ultimately significantly improve Firefox's security architecture and put it more in line with Chrome and Microsoft's recently released Edge browser.

Electrolysis Sandboxing

"Elecrolysis" is Mozilla's project to bring a multi-process sandbox system to Firefox, similar to what Chrome has had since day one of its existence, and what Microsoft's Edge browser has now. There are some differences between the three sandbox models, though, and so far Mozilla's system still seems to be the weakest one, although it will improve later on.

Elecrolysis will initially only separate the web content into another process. This means it shouldn't consume quite as much RAM as Chrome, but at the same time it won't be as secure, either. Over time, Mozilla will work on splitting the web content into multiple processes, too.

Right now, Chrome keeps every tab and extension in a different process, which makes it much harder for malicious web code to attack other parts of the browser. Microsoft's Edge also uses "app containers" for every tab, for the same reason, and it could prove to be an even better model.

The reason Elecrolysis is not quite as strong as the others is because unlike Chrome and Edge, Firefox wasn't written from scratch to use a multi-process sandbox system. Mozilla largely has to work around existing features of Firefox to provide this system.

That's why Mozilla announced today that Elecrolysis will require its add-on system to become much more simplified. In order to do that, the company created the "WebExtensions API," which is largely compatible with Chrome's extension model.

This hits two birds with one stone, as developers won't have to rewrite their Chrome extensions to work for Firefox to a large extent. Opera has already made it possible for Chrome extensions to work in its browser, and Microsoft promised something similar for Edge.

Elecrolysis should go live in the release channel starting with Firefox 43, which should ship by the end of the year.

Extension Signing

Mozilla recently announced that it intends to require all extensions to be cryptographically signed by the company itself. The reasoning behind this is that adware providers manage to sneak through unsigned add-ons on millions of users' PCs, and Mozilla believes that its vetting process for extensions combined with cryptographic signing should greatly reduce this risk.

Mozilla has to manually verify the code of these extensions, which can take weeks or months in some cases because the current add-ons are more complex. The new WebExtensions API should help developers build cleaner extensions that are easier to read by Mozilla's employees during the vetting process. The company hopes this will reduce the vetting time to only five days per extension.

Mozilla expects to start enforcing the extension signing beginning with Firefox 42.

Deprecating The Old Add-On Model

One of Mozilla's biggest features has always been its permissive add-on model that gave add-ons power over the browser's internals. This has been great for developers coming up with new innovative features for browsers.

However, it also means that whenever Mozilla changes something more significant in Firefox's core, those add-ons will stop working because of the lack of modularity. Sometimes those add-ons will also crash the Firefox browser itself, because of their tight interconnection.

Mozilla even said that without a fundamental shift to how Firefox add-ons work, technologies such as Elecrolysis, Servo (the much faster rendering engine that's written in Rust, Mozilla's new programming language) and browser.html wouldn't be able to exist in Firefox.

Mozilla said that add-ons that use XUL, XPCOM and XBL technologies will be deprecated within 12 to 18 months, and developers should switch to using the new WebExtensions API. Most of the older add-ons should be ported easily. For those who can't work within the WebExtensions framework, Mozilla is willing to listen to suggestions and feedback from developers for how to make them compatible with the new system.

Starting Fresh

Over the next few years, Firefox should go through some painful transitions, because many things will need to stop working the way they did in order to make room for the new features and the improved security architecture (which might still not be as good as Chrome's and Edge's in the end).

However, one has to wonder whether it may have been better for Mozilla to deprecate Firefox entirely and create a brand new, highly secure, and ultra-fast browser, all written in Rust.

After many failed attempts from Microsoft to improve Internet Explorer, it decided that it's better to start fresh, and that allowed Edge to have likely the strongest security model right now, as well as high performance.

Mozilla could do the same thing instead of trying to port new technologies to an old browser core. It may even rejuvenate excitement about the company's new "modern browser" (whichever it may be), because Firefox's market share has kept declining over the past few years, even though it's been keeping up with Chrome in terms of support for new web features.

Follow us @tomshardware, on Facebook and on Google+.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • TechyInAZ
    Interesting. Glad Firefox is catching up to the race.

    While it would be a good idea and create a new browser (firebird? lol), they could still use the word firefox and create an entirely new type of browser.
  • Cryio
    Electrolysis, aka Firefox is finally ... FINALLY, after 6 years, Firefox is getting multithreaded. Even IE was faster to get this.

    It was time Firefox got the speed and stability improvements IE (v8+), Opera (v15+), Chrome and Edge have been enjoying for some time now
  • ChronosVRdS
    Interesting. Glad Firefox is catching up to the race.

    While it would be a good idea and create a new browser (firebird? lol), they could still use the word firefox and create an entirely new type of browser.
    Firefox was originally Phoneix but got in name conflict with Phoenix Technologies, they changed to Firebird but there got on another name conflict with the Firebird Database from Firebird Project so Firefox is what was left XD
  • randomizer
    I run the beta channel and the first thing I did was disable signing requirement. Mozilla is far too slow approving changes (that's the reason for the signing), so my addons may not be signed for weeks or months.

    Electrolysis, aka Firefox is finally ... FINALLY, after 6 years, Firefox is getting multithreaded. Even IE was faster to get this.

    Multi-process, not multi-threaded. Firefox is already multi-threaded.
  • genrldisaray
    Good to see Firefox moving in the right direction. Between this and IE being put out to pasture, the browser world is really taking a step up.

    Also, it says "Elecrolysis" six times in this article.
  • Darkk
    I actually like Firefox for it's stability and quick response on various websites. Google Chrome isn't what it used to be and stopped using it.

    Firefox + AdBlock = Awesomeness on my Linux Mint 17.2 workstation!!
  • alidan
    looks like i need to get the latest version of firefox as it will be the last version of it i use,
    i use it because i can have an absolutely stupid number of tabs open without ram issues, opening 3-15 chrome tabs is equal to almost 300 firefox tabs depending on the website.

    i also love how firefox extensions can add functionality to the browser in a fairly major way...
  • eodeo
    I use and prefer Firefox because of the many addons it supports far far far better than chrome ever did. Because of this, Firefox has no actual counterpart.

    If I wanted barren wasteland of a speedy, memory hungry browser, I'd use Chrome. I don't. I prefer comfort and usefulness of my browser over the rest.
  • dorsai
    The last few versions of Firefox have gotten very buggy for me...I have done the reset process and even uninstalled/reinstalled and it still hangs and pauses. I fond myself going to Chrome more and more because it just works...
  • ynhockey
    I am hopeful, as this could finally entice the Firefox developers to create better features out of the box, unlike previously when the browser relied mainly on extensions even for core features. It didn't help that the main developers (especially Asa Dotzler) were dismissive of criticism and didn't improve the product significantly for a long time.

    I have been using the product since Phoenix (probably v0.4, don't remember exactly) in and out, but it was never possible to make it my main browser because it took hours to find the right extensions, and after that they stopped working with each new version. The lack of features out of the box was the killer.

    Many here will remember that Firefox mostly achieved its success because the competition was really bad in the beginning, specifically IE 6, and Opera cost money at the time. When Opera became free, it was too little too late, and by the time it solved some basic rendering problems and started gaining popularity, Chrome came out and was essentially better than both browsers from the start.

    I really hope the planned versions of Firefox provide a good alternative to Chrome and its clones, I really hope Webkit doesn't become a monopoly.