Mozilla has made the decision to add McAfee’s ScriptScan add-on for the Firefox web browser to the so called Blocklist. The Blocklist lists add-ons and plugins that are known to “cause serious security, stability, or performance issues with Firefox”.
When users try to open the McAfee ScriptScan or McAfee SiteAdvisor page at the official Mozilla Add-on repository, they are redirected to the add-on’s Blocklist entry.
The reason for blocking the add-on is a high volume of crashes according to that page. Affected by the block are all ScriptScan versions 14.4.0 and below for Firefox and Seamonkey, and users of McAfee SiteAdvisor.
Firefox users who run one of the blocked add-ons in the browser will see the following message in the web browser: Firefox has determined that the following add-ons are known to cause stability or security problems
A click on Restart will disable the add-ons completely. Users who try to install the add-on see a similar message: The add-on name has a high risk of causing stability or security problems and can’t be installed.
The initial bug report requested to add McAfee ScriptScan and McAfee SiteAdvisor add-ons to the blocklist. It also mentions that both add-ons have caused more than 10,000 crashes in a one week period for Firefox 6.0.2 and Firefox 7 users.
Even worse, if you follow the initial bug reports you will find a comment by Robert Kaiser who mentioned that Mcafee ScriptScan alone was responsible for more than 15,000 crashes on September 28.
We had 1555 processed crashes on 6.* yesterday, with the 10% throttling rate, this means that roughly 15,000 crashes happened during a single day with this signature!
Something really needs to happen here, do we have any contact with them to get on this fast?
The Blocklist page only lists the block of McAfee ScriptScan on October 3. If you go through the list you find a McAfee SiteAdvisor from March 14.
Users who try to open the McAfee SiteAdvisor add-on page get the same blocked information page though, which means that both add-ons have been blocked by Mozilla.
It is good to see that Mozilla is taking a stand, even if it means to pull add-ons from a big company from the site. It is not the first time that big companies got hit with a block. If you look at the list you will see applications by Microsoft, Yahoo, AVG or Skype on there as well.
McAfee reportedly is working on a fix, according to a moderator response:
1) It’s NOT a security issue
2) It’s a decision made by Mozilla based on crashes that have been reported to Mozilla
3) McAfee is aware of it, has a bug filed and is working with Mozilla to address the problem
4) Until it is fixed, the primary workaround is to re-enable the ScriptScanner. Alternatives include use another browser for now (with most browsers you can import bookmarks and homepages). Also, SiteAdvisor 3.4 will provide *some* overlapping protection, specifically for scripts run in iFrames on webpages
Ed Bott now suspects that McAfee is not solely to blame for the crashes. In his opinion, it is the rapid release process that “plays havoc with the makers of browser add-ons”. Bott supports the claim by mentioning that Symantec also experienced compatibility issues in some of their products.
What’s your take on the issue?
© Martin Brinkmann for gHacks Technology News | Latest Tech News, Software And Tutorials, 2011. | Permalink |
Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: firefox add-ons, mcafee, mozilla, mozilla blocklist, mozilla-firefox
0 comments:
Post a Comment