Gregory's Server"Firefox 115 can silently remotely disable (any) extension on any site"
|
61 comments
 @dethos it definitely feels sus, though I could see some potentially reasonable use-cases. Like banking websites, where maybe some shifty extensions should be disabled. But this needs to be done with the consent of the user and making sure that the user is well-informed about what's going on. Clearly that is not the case. Sigh.   @ariadne @rysiek @dethos first, as mentioned in the article, the ad blocker uBlock is a trusted addon, and thus not blocked by the new feature. It appears that it will only affect add-ons that aren't checked by Mozilla. Second, it's up to Mozilla which websites are protected, not up to the website owners themselves.  @dethos@s.ovalerio.net well shit guess ill have to start patching the source and building it myself @dethos I am wondering if this puts FF over the bar of invasiveness Chrome and Edge set as a baseline, seems like it is creeping towards it at least. @dethos Would this also affect any Firefox-based browsers like LibreWolf? @rvaweather@dmv.community @dethos@s.ovalerio.net technically not really, as one can disable such functionality from their forks. it's not hardcoded like most of the functionalities from chrome, surprisingly.  @dethos it would be fine if the extension was some sort of malware but excuse me? what if it blocked uBlock or Decentraleyes? 🙈🙉🙊 I'm still rebuilding my internet news network after quitting Reddit. The outrage would have happened weeks before the release and it could have been reverted had the discussion been on there. @abcdefgary@linux.social @dethos@s.ovalerio.net You can use LibreWolf it's a fork of firefox with a lot of things disabled.   @dethos You needed to remove a whitelist entry to have your extensions work on AMO for quite some time. @dethos This is a bit weird. If I put my Devil's Advocate hat on, I can imagine that this could be useful in a corporate environment where there are many restrictive IT policies (and also many malicious extensions). It's still a bit unsettling though. I hope there's a way to turn it off. The confidentiality part is odd too.   @dethos The only valid reason for doing this is to stop malicious extensions from communicating across sites, to which the solution is to give the user a warning popup and an option to disable it, and also finally add in functionality to change extension permissions to anything the user wants... @dethos Also, hard no on the blocklist. That's just waiting to be abused. Give a warning. We can read. We're not idiots. @dethos@s.ovalerio.net Sounds concerning, but I think it might be a security feature to stop detected exploits from being executed, as extensions may now access things in the operating system beyond what a regular script can (see cables.gl for an example).  every firefox release i have to comb the release notes looking for the burning present mozilla brought me. thanks, saved me a click @dethos@s.ovalerio.net not sure if im interpreting this wrong but doesn't this mean you can bypass it?  What happens when Firefox is being used in a managed setup in an enterprise context? Will this list be controlled by Firefox or by the enterprise? Can Firefox still be used in an enterprise context without a compliance violation?  @dethos@s.ovalerio.net welp. Time to chose a Firefox fork that doesn't break websites like librewolf  @dethos   @dethos One more reason to use #librewolf ! |
@dethos pretty curious. Will Mozilla rent out this feature , like for preventing adblockers for any particular customer?