Avatar for Username

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

话题已存档。 如果需要帮助请提出新问题。

Concerning about Add-on permission...

  • 1 个回答
  • 2 人有此问题
  • 1 次查看
  • 最后回复者为 TyDraniu

xswordsmanx
xswordsmanx
more options

Lately this have been bothering me, What the exact are the creator looking at when we give them the permission to access to our data? I recall it say they can read our username and password? I was thinking that can't be right.. I'm assuming they can see what website we go to, but not see what we're typing or looking at on the screen right?

What exactly are we giving them permission to? When it say accessing to our data and others permission they're asking us?

I was reading one of the support online, https://support.mozilla.org/en-US/questions/1211369

This guy was telling the poster that he shouldn't type in username and password because they can see it! I was thinking that can't be right, we're not giving them permission to see our Credit Card numbers or our username and password!!

Can someone please show me what exactly are the creators of the Add-on are seeing on the sites we go to like Youtube for example?

Thank you xswordsmanx

Lately this have been bothering me, What the exact are the creator looking at when we give them the permission to access to our data? I recall it say they can read our username and password? I was thinking that can't be right.. I'm assuming they can see what website we go to, but not see what we're typing or looking at on the screen right? What exactly are we giving them permission to? When it say accessing to our data and others permission they're asking us? I was reading one of the support online, https://support.mozilla.org/en-US/questions/1211369 This guy was telling the poster that he shouldn't type in username and password because they can see it! I was thinking that can't be right, we're not giving them permission to see our Credit Card numbers or our username and password!! Can someone please show me what exactly are the creators of the Add-on are seeing on the sites we go to like Youtube for example? Thank you xswordsmanx

所有回复 (1)

TyDraniu
TyDraniu
  • Top 25 Contributor
more options

The permission “Access your data for all websites”, is not about reading your passwords etc. It's ability to read and modify websites you visit, and to fire an event based on its content.

The reason why it’s worded this way is because a web page can contain virtually anything, and some extensions need to read everything on it in order to perform an action based on what the page contains.

For example, an ad blocker needs to read all web page content to identify and remove ad code.

Since these types of extensions wouldn’t know whether any particular web page contains the bit it needs to modify until it’s loaded, and neither does Firefox, it needs access to everything on a page so it can look for and modify the appropriate parts. This means that in theory, while rare, a malicious developer could tell you their extension does one thing while it actually does something else.

We have been taking steps to reduce the risk of extensions, the most significant of which was moving to a WebExtensions architecture with the release of Firefox 57 last fall. The new APIs limit an extension’s ability to access certain parts of the browser and the information they process. We also have a variety of security measures in place, such as a review process that is designed to make it difficult for malicious developers to publish extensions. Nevertheless, these systems cannot guarantee that extensions will be 100% safe.

由TyDraniu于修改