Can add-ons ever access passwords I enter on a web page?
Another top browser (sorry!) displays privileges used by add-ons, such as "Access your data on all websites." The accepted thinking seems to be that if the privilege is reasonable for the add-on to do it's work AND the developer seems like a trusted source, then it's okay to use the add-on. Unless I'm off base in my understanding, that sounds like passwords I enter on a website can potentially be captured by the developer. I have read the Firefox policy about editorial software review, but I am still uneasy. Can you provide additional information or assurance in this regard?
Toutes les réponses (4)
If you install add-ons from https://addons.mozilla.org/ then you will see whether they have been reviewed (most are) and warned if not. You can read the review policies at https://addons.mozilla.org/en-US/developers/docs/policies/reviews The add-on reviewers take security seriously and wouldn't allow an add-on to access passwords used on a website unless it was explicitly stated as the purpose of the extension. All updates from extensions installed via addons.mozilla.org are also reviewed. Let me know if you still have more questions.
hello TheBilliken, the blunt answer is that firefox' addon system is far more powerful than that of "the other top browser" and extensions can in principle alter/change/access any part of the whole firefox code base - that's why it's not really possible to display generalized permission categories that are used by addons. the fact that most extensions are open source and the review system at addons.mozilla.org for new & updated extensions should mitigate the risks that are inherent to such an open model, as far as that's possible...
Thanks for your reply - and for mentioning updates as I wondered about them too.
Your perspective in terms of open source makes me consider security a little differently. It makes a little more sense to me now.