Firefox 3.6 to prevent harmful add-ons
The soon-to-be shipped version 3.6 of the Firefox browser will have a new feature that will make it more stable. It is called Component Directory Lockdown, and it prevents third-party applications (add-ons and plugins) to store their own code into the “components” directory, where most of Firefox’s own code is stored.
The change was announced by Johnathan Nightingale of the Firefox development team, on their official blog. He says that this should not represent major problems for developer add-ons. “If you’re already packaging your additions as an XPI, installed as an add-on it’s business as usual. If you have been dropping components directly, though, you’ll need to change to an XPI-based approach,” he writes, and directs them to migration instructions.
This seems like a most positive change, and one wonders that it hasn’t been thought of earlier, since – as Nightingale states – there are no special abilities that can be gained by add-ons installing their code in the said directory, and it only brought problems to Firefox AND the developers of these add-ons.