This evening I landed Bug 728429 on mozilla-central. Firefox will now refuse to load XPCOM component DLLs that do not implement ASLR. ASLR is an important defense-in-depth mechanism that makes it more difficult to successfully exploit a security vulnerability. Firefox has used ASLR on its core components for some time now, but many extensions that ship with binary components do not.

ASLR is on by default on modern versions of Visual Studio, so extension authors will only need to ensure that they haven’t flipped the switch to turn it off. MSDN documentation on ASLR options is available here. Further reading about the benefits of ASLR is available here.

If no unexpected problems arise, this change will ship in Firefox 13.