Extensions are one of the key reasons we love Firefox. However, one extension developer found the security model for Firefox extensions so disturbing that she's stopped using them altogether.
In a fascinating presentation at Linux.conf.au 2011, Anna Gerber outlined the development of LORE, a complex Firefox extension designed to help literary scholars annotate texts, create compound objects which combine multiple texts and notes and share their work. Gerber works as a senior software engineer with the ITEE eResearch Lab at the University of Queensland, and the project was developed as a Firefox extension because most researchers are used to working in a browser environment, and it enables installation easily even on locked-down machines. (You can see some of its functions in the video above.)
While the LORE project has been very successful so far, Gerber said that the entire experience was a real eye-opener in terms of how Firefox extensions actually work and where the development process needs to improve. In particular, the open-ended privileges which Firefox extensions have is a concern:
It's all or nothing. Firefox extensions run in this privileged environment -- it's really scary what they can do. Since writing this, I don't run any Firefox extensions anymore. I just don't trust them.
Building the extension was also tricky, though Gerber stressed that this was in large part because LORE is a multi-faceted extension with its own GUI, rather than the more typical single-function add-on. "It works great for simple tasks," she said. "But for complex extensions, it's really, really difficult. There are almost no tools you can use for debugging them. The tools that work for web development don't work within the extension environment. Chromebug is so flaky it's not funny. There's a real gap there for people developing complex extensions." Constant changes to the Firefox API are also an issue, meaning lots of features break as new versions appear.
The inevitable question: does Chrome do better? Gerber thinks so -- "they have what seems to be what seems to a be a well thought out extension framework" -- though again she stressed that this is partly because Chrome's developers have been able to learn from the Firefox experience and start with a more efficient and secure model. She can also see potential in the Mozilla Jetpack project for this kind of development.
Arguably none of that means you should be throwing out your tried and trusted Firefox extensions, but it's a reminder to remain cautious when installing unfamiliar software and to have a little sympathy if your favourite extension doesn't immediately update when Firefox does. Thanks again to Anna for a great presentation!