Skip to content

Commit

Permalink
Update 2023-09-10-Firefox-Part-3.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@ColoursofOSINT
ColoursofOSINT committed Sep 11, 2023
1 parent 1633e9d commit 59be380
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions _posts/2023-09-10-Firefox-Part-3.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
title: Investigating “Recommended Extensions” - Part 3
date: 2023-09-15 12:00:00 +0800
date: 2023-09-10 12:00:00 +0800
categories: [Technology, Browser]
tags: [firefox, privacy, security] # TAG names should always be lowercase
toc: true
Expand All @@ -12,7 +12,7 @@ My findings about the Recommended Extensions in Firefox is that the program is g

## Policy Problems: No requirement to allow examination of code

Extensions can use a custom licence or end user agreement which has consumer limiting terms that prevent the examination of source code. It's very hard to find malicious code if the user is prevented from searching for such code. Furthermore, for Firefox to claim that recommended extensions have the “highest standards of security” is dubious, since exposing or even investigating malicious code can come with risks of financial and legal repercussions.
- Extensions can use a custom licence or end user agreement which has consumer limiting terms that prevent the examination of source code. It's very hard to find malicious code if the user is prevented from searching for such code. Furthermore, for Firefox to claim that recommended extensions have the “highest standards of security” is dubious, since exposing or even investigating malicious code can come with risks of financial and legal repercussions.

For example, Enhancer for YouTube has a licence that states "nobody has the right to review the Source Code" and that "nobody has the right to reverse-engineer" while promising legal action should the terms be violated. If malicious code was found in an investigation, I wouldn't feel comfortable reporting it for fear of legal issues.

Expand All @@ -29,6 +29,9 @@ The developers asseration that if there was "do not collect data of any sort, an

Recommended extensions should be held to the highest standards. Users should be allowed to search for malware, adware and spyware without worrying about legal consequences.

- Overly Permissive Permissions


## Extension Examination Failures
- Search for common terms
- Permission scope analysis
Expand Down

0 comments on commit 59be380

Please sign in to comment.