Please pardon my ignorance regarding this topic, but I cannot help having several questions after having read Firefox "Permission request messages for Firefox extensions"… (read more)
Please pardon my ignorance regarding this topic, but I cannot help having several questions after having read Firefox "Permission request messages for Firefox extensions" (https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions#w_access-your-data-for-all-websites), particularly "Access your data for all websites" Permission:
"The extension can read the content of any web page you visit as well as data you enter into those web pages, such as usernames and passwords." -Scary!
Note: These questions are not related to a particular extension and/or developer, these are merely questions regarding all extensions requiring "Access your data for all websites" Permission. Any and all references made to any particular extension in this thread are for the sole purposes to facilitate discussion and/or visualization, and Not to be construed in any negative manner on my part. I am merely seeking clarification regarding security concerns I and/or others may have in the future and perhaps aid browser development team, the community and extension developers to improve its security documentation and/or functions.
1. Does that mean said extensions can read the content of any and "ALL" web page you visit as well as data you enter into those web pages, such as usernames and passwords "EVER" visited in the past and in the future?
2. Regardless whether or not such extensions disabled?
3. Regardless whether or not web page is open and/or sign-in?
4. Regardless if a Firefox Login "Master Password" is being used?
5. Other than not using such extensions, what precautions users can take to minimize/eliminate such security breaches?
6. How can such extensions have a Firefox "Recommended" designation?
7. Why "some" such extensions opt to collect contributions "outside" Mozilla's Add-ons extension's landing page? Could that be used to raise a suspicious concerns?
8. Can extensions change their current permissions to a higher level from their initial installation via an user requested update performed from within Firefox's Extensions utility without the users knowledge?
9. How can users discern when extensions has a legitimate need for "Access your data for all websites" permission?
10. Do download extensions (and others) need "Access your data for all websites" permission along, and if so why (...is it due to browser technical limitation)?
11. Would it be possible for Mozilla's Add-ons extension's landing page to display whether or not "Access your data for all websites" is necessary and why?
These concerns came up when searching for a YouTube download extension.
Example: "Easy Youtube Video Downloader Express" by Dishita (https://addons.mozilla.org/en-US/firefox/addon/easy-youtube-video-download/?src=search)
Apologies for lengthy questions. Thank you!
PS: Quick response would be appreciated.