SUMO community discussions

firefox 60 to restrict access for webextensions to sumo

  • 5 Replies
  • Last reply by philipp
  1. philipp
    philipp 1300 posts
    more options

    firefox 60 will restrict webextensions from running on a number of mozilla domains, including sumo.

    if you are using extensions to help you with some tasks on this site & trust them, then you can work around that restriction by manually removing the sumo domain from the extensions.webextensions.restrictedDomains preference in about:config: https://bugzilla.mozilla.org/show_bug.cgi?id=1445650#c3

    i noticed the issue, when clippings stopped working on the site - features like firefox screenshots will also be affected...

    firefox 60 will restrict webextensions from running on a number of mozilla domains, including sumo. if you are using extensions to help you with some tasks on this site & trust them, then you can work around that restriction by manually removing the sumo domain from the ''extensions.webextensions.restrictedDomains'' preference in ''about:config'': https://bugzilla.mozilla.org/show_bug.cgi?id=1445650#c3 i noticed the issue, when [https://addons.mozilla.org/firefox/addon/clippings/ clippings] stopped working on the site - features like firefox screenshots will also be affected...

    Modified by philipp on

  2. Chris Ilias
    Chris Ilias 2448 posts
    more options

    Thanks for the warning. It looks like bug 1415644 is restricted. Do you have any idea why they webextensions are restricted on specific domains?

    Thanks for the warning. It looks like bug 1415644 is restricted. Do you have any idea why they webextensions are restricted on specific domains?
  3. philipp
    philipp 1300 posts
    more options

    sorry, i'm not in a position to tell

    sorry, i'm not in a position to tell
  4. FredMcD
    FredMcD 923 posts
    more options

    You are not authorized to access bug 1415644

    You are not authorized to access bug 1415644
  5. jscher2000 - Support Volunteer
    jscher2000 - Support Volunteer 832 posts
    more options

    Beta has this list (I added spaces after the commas to make the lines wrap) (all.js):

    accounts-static.cdn.mozilla.net, accounts.firefox.com, addons.cdn.mozilla.net, addons.mozilla.org, api.accounts.firefox.com, content.cdn.mozilla.net, content.cdn.mozilla.net, discovery.addons.mozilla.org, input.mozilla.org, install.mozilla.org, oauth.accounts.firefox.com, profile.accounts.firefox.com, support.mozilla.org, sync.services.mozilla.com, testpilot.firefox.com

    Users probably should be very cautious in editing the list to avoid opening up the possibility of bad extensions data mining or tampering with their Firefox Account data or credentials.

    Beta has this list (I added spaces after the commas to make the lines wrap) ([https://dxr.mozilla.org/mozilla-beta/source/modules/libpref/init/all.js#5114 all.js]): accounts-static.cdn.mozilla.net, accounts.firefox.com, addons.cdn.mozilla.net, addons.mozilla.org, api.accounts.firefox.com, content.cdn.mozilla.net, content.cdn.mozilla.net, discovery.addons.mozilla.org, input.mozilla.org, install.mozilla.org, oauth.accounts.firefox.com, profile.accounts.firefox.com, '''support.mozilla.org''', sync.services.mozilla.com, testpilot.firefox.com Users probably should be ''very'' cautious in editing the list to avoid opening up the possibility of bad extensions data mining or tampering with their Firefox Account data or credentials.

    Modified by jscher2000 - Support Volunteer on

  6. philipp
    philipp 1300 posts
    more options

    the original sec bug got opened up in the meantime, in case people are still interested in reading up on it...

    the original sec bug got opened up in the meantime, in case people are still interested in reading up on it...