Closed Bug 1342379 Opened 8 years ago Closed 8 years ago

Content scripts on restricted pages

Categories

(WebExtensions :: General, defect)

Product:
WebExtensions
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1334918

People

(Reporter: cmcaine, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0 Build ID: 20161213225041 Steps to reproduce: Related bugs that don't quite fit: 1270412 Disallowing content scripts from running on certain pages is a big change from previous Firefox APIs. This will negatively affect some popular addons, such as Vimperator and Leechblock. We would like to understand the Firefox team's decision here and to offer our counterarguments. ## Risks as we understand them 1. Privilege escalation from WebExtension to full control of the browser allows: 1. Malicious addons to access the host system and Firefox internals 2. Malware to target privileged addons 3. Addon developers to reduce the stability of Firefox by deliberately or accidentally escaping the sandbox ## Additional risks as articulated on #WebExtensions 2. The necessary severe warnings to the user are problematic for usability, security and other reasons. Before we offer our counterarguments, is this a fair characterisation of the risks?
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Product: Toolkit → WebExtensions
You need to log in before you can comment on or make changes to this bug.