We pointed out, at the time, that not only was Chrome's webextension store like the Wild West, but that many app devs there do not have the Open Source ethics of legacy devs.Some Mozilla toady wrote:More Secure Extensions
Because (legacy) extensions built with the Add-on SDK can request XPCOM privileges, they could still introduce unintentional security and stability issues into Firefox. Even add-ons written by well-meaning developers can accidentally introduce vulnerabilities that could allow malicious code to execute with the full privileges of the browser. WebExtensions uses its manifest.json to mitigate this by requiring add-on authors to declare up front which permissions their code will need to operate. Unlike the Add-on SDK, WebExtensions does not allow arbitrary XUL/XPCOM access, so even insecure/vulnerable code is limited to its whitelisted subset of functionality. This vastly reduces the vulnerability surface of a WebExtension, leading to faster review times and a more stable browser.
You see, for over 12 years Firefox extensions and themes were written, primarily, by Open Source devs, who not only wrote safe stuff for users, but were also reviewing other people's stuff on AMO. It was also legacy devs who were reporting extensions that were felt to have in some way slipped through the net. Some may recall how we unleashed fire and brimstone onto Mozilla's head for allowing a huge bunch of unscrupulous toolbars?
Obviously, all of this fell on deaf ears with Mozilla, who knew better.
Which brings us up to today - http://www.dailymail.co.uk/sciencetech/ ... users.html
https://www.ghacks.net/2018/08/17/mozil ... xtensions/
As you all know, only Firefox is allowed to snoop on Firefox users (some may recall my thoughts on the 'telemetry' gathered) - https://www.ghacks.net/2018/08/07/firef ... -browsing/
Well done, Mozilla, no one ever saw that one coming.
Now, at this point, I was going to post the 'Smug Mrs Doyle Face' gif, but after searching for it, to be honest, I found this much more amusing. So here it is instead - https://www.youtube.com/watch?v=ogrfAgbIfFo