Mozilla this week announced plans to update its Add-on Policy for Firefox, to ban extensions that contain obfuscated code.
The ban will enter into effect on June 10, at which point Mozilla plans to remove all Firefox extensions that don’t meet these criteria and shoot down any future extension submissions that fail to provide full access to their source code.
Developers with extensions that are using obfuscated code are urged to update their applications to remove it and submit a new version by June 10 to avoid having them rejected or blocked.
Mozilla’s team will also be more aggressive in blocking and disabling Firefox add-ons in users’ browsers that are found to be violating one of the company’s policies.
Minified code can be easily de-minified, while deobfuscating obfuscated code takes a lot of time, and using it in the first place has no performance benefits –with its main benefit being of hiding malicious code from source code reviewers.
“We will no longer accept extensions that contain obfuscated code,” said Caitlin Neiman, Add-ons Community Manager at Mozilla.
This is great, obfuscated code doesn’t really belong anywhere in the frontend, since you have access to the code and can figure out what the program does given enough time, so why not just make it readable.