The Firefox uMatrix addon is not quite dead (so far)

August 9, 2021

One of my core Firefox addons is uMatrix, which I use as my primary tool for blocking Javascript and other annoyances. When I most recently wrote about my Firefox addons back at the end of February, people commented to note that uMatrix development has stopped (eg, also). At the time I expressed hopes that uMatrix would keep on working despite this as Firefox evolved, because for me it seems to basically work fine in its current state. However, it recently turned out that uMatrix is not quite as dead as you might think.

In the middle of July, a security researcher posted about a denial of service vulnerability in uBlock Origin, uMatrix, and forks of them. The specific issue is probably not something to worry about for most people even in isolation, so I wasn't too worried that this issue was going to remain in uMatrix. But then not long after, two new versions of uMatrix were released to fix the issue and make other small changes. So despite uMatrix development being ended, Raymond Hill has been willing to fix a security issue in it.

(If you use uBlock Origin together with uMatrix, as I do, I think that you can probably turn off uMatrix's use of blocklists and so avoid this particular issue and any like it in the future. I'd assume that uBlock Origin's own blocks makes all blocklists in uMatrix unnecessary. See here for some additional commentary on that that's probably more informed than I am.)

Of course, a one time fix isn't everything. There's no guarantee that any future security issues will be fixed (especially promptly), or that more work would be done to update uMatrix to work with any future Firefox addons changes that require it. But now we know that uMatrix is not quite dead yet.

Part of my general lack of concern about uMatrix's practical future is that I have a general relaxed attitude about things that have more or less ended their development, and I use any number of them. Not all software is like a shark, where it has to keep moving or die. There's plenty of programs where you can hit the point of diminishing returns, both in improvements and in what you want to do, and in that situation it's both reasonable and natural to declare that you're done and, at most, you'll try to fix future security issues. That uMatrix's author decided they were done developing it is not a surprising or unnatural thing, and since it works for me, I'm happy to keep on using it just as I keep on using other software where the development has more or less finished.

Written on 09 August 2021.
« The xterm terminal emulator can do a lot more than just display text
The meaning of "hysteresis" and how it relates to alerts »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Mon Aug 9 23:19:29 2021
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.