This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new!

The annoyances of proprietary Firefox extensions

Posted by: Anonymous [ip:] on December 24, 2008 12:32 PM
The biggest insecurity is with extensions that ask for a login and password of an external site to be filled, such as the social networks plugin Yoono is proposing. They probably save it externally (they are not even clear about that). This is outrageous. It should be explained crystal clear what exactly they want to do with that information. PS. On top of that, you can have all your bookmarks transmitted to their servers if you don't carefully read while you configure it.

Anyway, addons are inherently unsafe if you don't know the maker as a trusted partner of some kind. There could be efforts, automated or semi-automated, to scan plugins on (potential) malicious code. But this too becomes difficult in cases where a dll is included (as is the case with the IETab addon (although this dll is just needed to load IE in a Firefox tab, I think). Automated tools would be necessary in all cases where the javascript has been obfuscated (=almost unreadable for a human being).


Return to The annoyances of proprietary Firefox extensions