[tmikaeld]

When developing my first Chrome Extension, it didn't take me long until i got the thought of "keylogging might be possible".

So i tried it, and sure - i was even able to replace password logins in the DOM with fake ones.

Firefox extensions does the same thing really, so now i only use a few "safe" extensions.

I'm surprised that this hasen't gotten more attention.

[spyder]

At least Firefox extensions on Mozilla's add-ons site gets more thoroughly reviewed on every update. The add-ons installed from outside of the add-ons site can be very dangerous, but Mozilla tries to block these too: List of blocked add-ons with reasons: https://addons.mozilla.org/en-US/firefox/blocked/

[daveid]

Now I have to wonder... What permissions do Firefox extensions have? How do I check or verify these things?

[anonymfus]

Firefox extensions have the same permissions as browser itself.

[tracker1]

I'm pretty judicious when trying extensions... but really only use a handful of them.