-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is using Paxmod secure? #73
Comments
Great question!
Back in the days, Firefox addons were running with full privileges, that is, full access to the system. Today, addons are WebExtensions which run isolated from each other and with little powers by default. For advanced privileges, the browser provides a set of specific APIs for which addons must request individual permission. Even though the APIs themselves are fully privileged, they only export some carefully designed "secure" API methods for addons to use. Since, famously, there is no built-in UI modifcation API, Paxmod supplies two new APIs itself, and you can see which API functions they expose to the WebExt in their respective schemas here and here. As I see it, only the However, keep in mind that Paxmod fetches updates automatically from this Github repo. If one day I turn evil, or someone gains push access to this repo, they could add malicious code to the API implementation, delivered to your machine with the next auto update. (In contrast, a malicious update to a regular FF addon would remain restricted to the builtin APIs [those which the user has granted access to] and couldn't just compromise your system.) If that is a concern to you, the best practice is to disable auto updates for Paxmod (at TL;DR The bundled APIs, as they are written and used, don't add much exposure. But you need to trust future updates, or review them before installation. |
Thanks! I'll install it and try it out later. You can go ahead and close this, but may I suggest adding either the text or a link to it to the FAQ. |
I added a note in the readme's FAQ section. |
I'm interested in trying this out, since the lack of TMP is the main thing holding me back from using Firefox, but since it uses its own API, which manipulates Firefox, I'm wondering if that might be opening it up to exploits. IOW, could your custom API possibly be opening the browser up to attacks?
The text was updated successfully, but these errors were encountered: