Open
Bug 1390740
Opened 7 years ago
Updated 2 years ago
No safe warning or sandbox when load an add-on from about:debugging#addons
Categories
(DevTools :: about:debugging, enhancement, P3)
DevTools
about:debugging
Tracking
(Not tracked)
NEW
People
(Reporter: yfdyh000, Unassigned)
References
(Depends on 1 open bug)
Details
(Keywords: csectype-other, dupeme)
I was surprised that it was still not being added any warnings or restrictions. Assuming an article guides users to open this page and load an add-on to achieve a goal, the add-on may do a lot of things, like sending, tamper or deletes the user's history, bookmarks, and so on. Scratchpad and Web Console have related warnings, but here is not yet.
Comment 1•7 years ago
|
||
Blocking this on dt-onboarding. The onboarding flow should be enough to prevent accidental/malicious usage of devtools.
Updated•6 years ago
|
Product: Firefox → DevTools
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•