GNU bug report logs - #76956
librewolf: Outdated and potentially unsafe extensions from Mozzarella

Previous Next

To reply to this bug, email your comments to 76956 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Snikta <snikta <at> bahnhof.se>
To: bug-guix <at> gnu.org
Subject: librewolf: Outdated and potentially unsafe extensions from Mozzarella
Date: Tue, 11 Mar 2025 21:23:20 +0100

[Message part 1 (text/plain, inline)]

The Guix package for Librewolf points at 
https://gnuzilla.gnu.org/mozzarella instead of the official Mozilla 
add-ons repository. The add-ons provided by Mozzarella are very 
outdated. E.g: the Bitwarden extension is from 2023.

It is likely very wise to remove Mozzarella add-ons repository from the 
Guix package for Librewolf.

https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/librewolf.scm?id=5b4ae0b5c2d63e40c8adaf15d9ce0c456189f321#n530

Regards,
Snikta

[OpenPGP_0x8CF8982C455FAB05.asc (application/pgp-keys, attachment)]

[OpenPGP_signature.asc (application/pgp-signature, attachment)]

Message #8 received at 76956 <at> debbugs.gnu.org (full text, mbox):

From: Ian Eure <ian <at> retrospec.tv>
To: 76956 <at> debbugs.gnu.org, Snikta <snikta <at> bahnhof.se>
Subject: Re: librewolf: Outdated and potentially unsafe extensions from
 Mozzarella
Date: Thu, 03 Apr 2025 15:36:54 -0700

Hi Snikta,

Thanks for the report, however, there’s not much I can do here. 
The Mozilla extension repo can’t be used in Guix browsers, because 
it contains non-free extensions.  I think the alternative would be 
disabling extension repos entirely, which I’m not sure is a thing 
that’s reasonably doable.

If Mozzarella has outdated extensions, I think a bug report to the 
folks who maintain that is the most straightforward option.  But 
if you have another suggestion, I’d love to hear it.

Thanks,

 -- Ian

Message #11 received at 76956 <at> debbugs.gnu.org (full text, mbox):

From: Clément Lassieur <clement <at> lassieur.org>
To: Snikta <snikta <at> bahnhof.se>
Cc: 76956 <at> debbugs.gnu.org, Ian Eure <ian <at> retrospec.tv>
Subject: Re: bug#76956: librewolf: Outdated and potentially unsafe
 extensions from Mozzarella
Date: Mon, 07 Apr 2025 15:22:43 +0200

Hi,

You can use addons from https://addons.mozilla.org anyway, if you go
there and click "Add to Firefox".

On Tue, Mar 11 2025, Snikta wrote:

> The Guix package for Librewolf points at https://gnuzilla.gnu.org/mozzarella
> instead of the official Mozilla add-ons repository. The add-ons provided by
> Mozzarella are very outdated. E.g: the Bitwarden extension is from 2023.

If you choose to download the add-on from Mozzarella, the first version
can be outdated but once you press the "Check for Updates" button, the
outdated add-on will update from... https://addons.mozilla.org.

So it won't be outdated anymore.  (And maybe won't be free anymore
either, who knows.)

> It is likely very wise to remove Mozzarella add-ons repository from the Guix
> package for Librewolf.
>
> https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/librewolf.scm?id=5b4ae0b5c2d63e40c8adaf15d9ce0c456189f321#n530

Or the source of the add-ons could be Guix, which actually guarantees
that they are free, and remain free.  You can already install some
add-ons from Guix (e.g. 'guix install ublock-origin-icecat').  Feel free
to update them or add more.

Cheers,
Clément

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.