(wiki.mozilla.org)

288 points fernandotakai | 2 comments | 11 Aug 15 03:51 UTC | HN request time: 0.432s | source

1. tyho ◴[11 Aug 15 06:56 UTC] No.10039451[source]▶

How does this policy interact with greasemonkey, an extension that allows running random JavaScript on sites with access to the extension API. You could write your malware as a greasemonkey extension, convince a user to install a signed greasemonkey release, and then convince them to install your malicious extension.

replies(1): >>10044914 #

2. paulryanrogers ◴[11 Aug 15 22:44 UTC] No.10044914[source]▶

>>10039451 (TP) #

Great point. Does anyone know what--if any--limits Grease Monkey puts in place to prevent users from bring exploited?

↑

Firefox 42 will not allow unsigned extensions