Lets assume that malicious page A, can figure out what extensions a user is running.
They figure out that some user has extensions, A, B, C and D.
Extension D is actually an email client extension which is terribly coded. The victim uses the very same email provider for all of his mail. The malicious website figures out that he can safely send POSTs to the mail provider through this extension that will alter the victims mails filter.
So the malicious website tells it to forward all email received to `foobar@email.com`.
Additionally, any email from @super-bank.com should be deleted. And any emails from @godaddy.com should also be deleted after it gets forwarded to the malicious user.
Now, the malicious user requests new passwords on Godaddy for example and receives the passwords then he transfers all of his domains out. Win for the malicious website.
Lets assume that malicious page A, can figure out what extensions a user is running.
They figure out that some user has extensions, A, B, C and D.
Extension D is actually an email client extension which is terribly coded. The victim uses the very same email provider for all of his mail. The malicious website figures out that he can safely send POSTs to the mail provider through this extension that will alter the victims mails filter.
So the malicious website tells it to forward all email received to `foobar@email.com`. Additionally, any email from @super-bank.com should be deleted. And any emails from @godaddy.com should also be deleted after it gets forwarded to the malicious user.
Now, the malicious user requests new passwords on Godaddy for example and receives the passwords then he transfers all of his domains out. Win for the malicious website.