Mozilla's diligent cleanup rather than catching malicious add-ons before they reach the public has rankled some in the security community

By Thomas Claburn

Mozilla's commitment to secure software products is coming into question after a recent malware product software incident.
Earlier this month, the lack of security oversight in the Mozilla Firefox add-on community became apparent when Adblock Plus developer Wladimir Palant criticized Giorgio Maone, creator of the JavaScript-blocking extension NoScript, for altering NoScript to interfere with Adblock Plus.

Though Maone subsequently apologized, the issue of evil extensions has not gone away. Last week, security researcher Duarte Silva proposed the portmanteau "maldon," not to be confused with the salt brand, to describe ffspy, his proof-of-concept malicious add-on for Firefox.
Mozilla insists that it's committed to safeguarding user security, privacy, and control.

Following the Adblock-NoScript controversy, Mozilla add-ons lead Nick Nguyen said in an e-mail, "Moving forward we're paying special attention to ensure changes of this sort are caught through things like monitoring the community and remaining accessible so we can react quickly when problems arise. In the case of NoScript, as soon as the problem was identified and elevated, corrective action was taken. We can also retroactively block any add-ons that we find malicious."

Spotted here