Closed Bug 268925 Opened 18 years ago Closed 18 years ago
Ability to execute arbitrary remote js, including js that writes local files
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → INVALID
Extensions can run arbitrary native code. Therefore, they can download and run arbitrary native code. Hence "If you install a malicious extension, you have already lost. Invalid." If you think extensions should be less powerful (unable to create files, run programs, etc), file a bug for that. But I don't think that's going to happen.
Fair enough. I do think extensions will become an issue later, especially as Firefox gains popularity. The vetting process for any extensions hosted at umo will need to be very strict (if it's not already, and I gather from talking to the maintainer that it's not), and a concerted effort to make sure Joe User understands that extensions aren't part of or supported by Firefox will need to be made. Savvy users understand this already, but it's not the savvy users who are most often affected by any sort of malware. I'll cut out the Henny Penny act now, though. Thanks for reviewing the bug report.
You need to log in before you can comment on or make changes to this bug.