Mozilla had to stop Firefox add-ons from working after the past weekend to update the browser and get things to work properly again. The company issued a detailed description of what happened, officially apologized to the affected users and promised to delete any private data collected from the users that installed the first fix.
Many Mozilla users keep data-collection options disabled to protect their privacy, however, a fix issued via Firefox’s Studies system required telemetries to be enabled. Mozilla promised that all the data collected due to the new fix will be deleted.
Mozilla CTO Eric Rescorla had previously commented, in a post on the Mozilla Hacks blog, on some core issues with Firefox add-ons. The problems were generated by a compromised security certificate.
In the following post, published on Mozilla’s main blog, vice-president of engineering Joe Hildebrand officially apologized, stating that Mozilla “strives to make Firefox a great experience”, and that his company is sorry for failing to do so on this last occasion.
He goes on providing a simplified explanation of what happened last week: “We’ve spent a great deal of time over the past few years coming up with ways to make add-ons safer and more secure. However, because add-ons are so powerful, we’ve also worked hard to build and deploy systems to protect you from malicious add-ons. The problem here was an implementation error in one such system, with the failure mode being that add-ons were disabled. Although we believe that the basic design of our add-ons system is sound, we will be working to refine these systems so similar problems do not occur in the future.” He reassured all the users concerned about the data collected by Firefox after the initial emergency fix was issued.
To provide a quick and efficient solution, the company used the “Studies” system to distribute the fix. It required the activation of the telemetry, and some users that had opted out from it had to opt back in to get the fix as soon as possible. According to Mozilla’s post, there is no longer the need to have Studies to receive updates. The company advises users to review the settings and match them with their personal preferences before the13th of this month when Studies will be reactivated.
Hildebrand reassured all the users concerned about the data collected by Firefox after the initial emergency fix was issued: “In order to respect our users’ potential intentions as much as possible, based on our current set up, we will be deleting all of our source Telemetry and Studies data for our entire user population collected between 2019-05-04T11:00:00Z and 2019-05-11T11:00:00Z.”
Mozilla is determined to keep away from the privacy issues of its bigger peers in the search-engine business. It is important to win back users’ confidence, and the company has stated that will keep its users updated and everything that will come up in the aftermath of this event will be made public.