|
|
|
|
|
|
by aswan
2313 days ago
|
|
|
> To be clear, this is more of a criticism to Mozilla Firefox's security model, not to this particular extension. It's a fair comment, but this extension works by injecting javascript into every page the browser loads. If this capability were removed or even changed, it would break a ton of existing extensions (and compatibility with the many extensions written for Chrome). Given the nature of javascript and the web, once you can run a bit of javascript on a page, you can do just about anything, so the phrasing "can access data" sounds scary but it is accurate. Of course, "can" doesn't mean "does", hence all the other commenters suggesting auditing the code. Speaking of auditing extension code, I like https://addons.mozilla.org/en-US/firefox/addon/crxviewer/ |
|
|