(attackanddefense.dev)

182 points evilpie | 1 comments | 09 Apr 25 09:34 UTC | HN request time: 0s | source

Show context

davidmurdoch ◴[09 Apr 25 10:51 UTC] No.43630753[source]▶

>>43630388 (OP) #

Firefox really needs to fix their CSP for extensions before this kind of thing.

Here is the 9 year old bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1267027

And their extension store does not permit workarounds, even though they themselves have confirmed it's a bug.

replies(4): >>43630784 #>>43630796 #>>43630948 #>>43630984 #

Semaphor ◴[09 Apr 25 10:58 UTC] No.43630784[source]▶

>>43630753 #

Having fewer permissions for extensions than one might want seems fairly less important to making the browser more secure…

replies(2): >>43631143 #>>43641315 #

1. raxxorraxor ◴[10 Apr 25 06:46 UTC] No.43641315[source]▶

>>43630784 #

In the current browser landscape I would think not. Firefox is no less secure than Chrome or Safari and both are subject to economic incentives. You could even argue these issues negatively relate to security as well.

↑

Hardening the Firefox Front End with Content Security Policies