Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

When developing my first Chrome Extension, it didn't take me long until i got the thought of "keylogging might be possible".

So i tried it, and sure - i was even able to replace password logins in the DOM with fake ones.

Firefox extensions does the same thing really, so now i only use a few "safe" extensions.

I'm surprised that this hasen't gotten more attention.



At least Firefox extensions on Mozilla's add-ons site gets more thoroughly reviewed on every update. The add-ons installed from outside of the add-ons site can be very dangerous, but Mozilla tries to block these too: List of blocked add-ons with reasons: https://addons.mozilla.org/en-US/firefox/blocked/


Now I have to wonder... What permissions do Firefox extensions have? How do I check or verify these things?


Firefox extensions have the same permissions as browser itself.


I'm pretty judicious when trying extensions... but really only use a handful of them.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: