Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security #7

Closed
grahamperrin opened this issue Apr 27, 2021 · 4 comments
Closed

Security #7

grahamperrin opened this issue Apr 27, 2021 · 4 comments

Comments

@grahamperrin
Copy link

From mozilla/multi-account-containers#2001 (comment) (not my question):

wouldn't there be any security issues using Always In Container? …

From Add-on Badges | Firefox Help:

… Most extensions are created by trustworthy developers. …

@naoliden for the other part of your question, mozilla/multi-account-containers#2001 (comment)
@grahamperrin grahamperrin mentioned this issue Apr 27, 2021
Open
@tiansh
Copy link
Owner

tiansh commented Apr 27, 2021

I'm glad to see some other extensions, especially something like MAC, may have similar features included. So I won't need to maintain this extension but get same functionally to my Firefox.
I will however try my best to fix any security issues if anyone may find out some.
Although I'm not aimed to create vulnerable extensions. This extension, as comes with MPL-2.0: "without warranty of any kind, either expressed, implied, or statutory, including, without limitation, warranties that the Covered Software is free of defects, merchantable, fit for a particular purpose or non-infringing"

@grahamperrin
Copy link
Author

Thank you.

image

https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions#w_access-your-data-for-all-websites Access your data for all websites

https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions#w_access-browser-tabs Access browser tabs

Please, can the extension work as well without data for all websites?

@tiansh
Copy link
Owner

tiansh commented Apr 28, 2021
edited
Loading

Please, can the extension work as well without data for all websites?

This extension use very same logic as what MAC do. Also some source codes are based on MAC. As a result, it requires same permissions like what MAC do. That permissions helps extension to stop / cancel web requests out of containers. I didn't see a better way to exclude these permissions. Fell free to comment / PR / fork if you have any idea of improvements.

@grahamperrin
Copy link
Author

Thanks for the explanation.

I had not thought to compare with permissions for Multi-Account Containers:

image

https://github.com/mozilla/multi-account-containers/wiki/Permissions

I'm not a developer, so (for Always In Container) I can not imagine an alternative permissions model.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@grahamperrin @tiansh