I was wrong on WebExtensions

WebExtensions > legacy addons.
Firefox legacy addons basically have unrestricted, full access to everything browser does.
They are barely step behind ActiveX. They can download arbitrary data and execute it.

They can download arbitrary data and execute it.

That's a significant part of what the Internet is for.

>>2
They can download .exe files too, FlashGot extension use external program.

>>1

Firefox legacy addons basically have unrestricted, full access to everything browser does.

But this is good. Allows for more powerful addons.

They are barely step behind ActiveX.

Troll post. Usually you don't willingly download ActiveX extensions like addons, and ActiveX gave more access.

>>4
Download Flashgot on windows. It will download an .exe program which will run without user consent(if you start downloading).

>>5
Yes, but you have to go to the addons page and install flashgot in the first place.

>>6
You can't silently download .exe with WebExtensions and run them

Basically what i'm telling you:
Legacy Addons==Do w/e you want, Run random executables from internet.
Firefox was right on deprecating them and WebExtension permission model is superior to blanket consent to do anything.
WebExtensions==permissions, restricted, sandboxed.

https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/permissions

>>8
But couldn't they keep them in behind a feature flag in about:config? I want to keep using add-ons that change the behavior of the browser.

I don't even use firefox.

>>10
elinks is better

>>4
+1

>>8
Fuck this "permissions" bureaucracy bullshit. Yet another excuse for those bastards to take control away from developers and users and keep it all to themselves.

Whatever happened to "ask for forgiveness, not permission" and "that which is not explicitly prohibited is allowed"?

I hope I don't live to see the day when you need "permission" to breathe, think, or live...

>>12
Ask for forgiveness:"We totally didn't mean to download 20 trojans and viruses. Oh and sorry for adding several adware programs to your startup file. We didn't mean it."
Ask for permission:"Can I pls download tottallyNotAVirus.exe and run it?"

>>12
hey Cudder do you run everything as root as well? insecurity is freedom so why not?

Information Wants to Be Free

>>12
Best keep those eyes closed

>>13
Completely wrong context. The user still has to install the addon in the first place.

>>14
Actually I do. I use a physically separate machine for trying out suspicious executables that I can't be bothered decompiling and analysing, but there hasn't been too many of those over the years...

...and I've been doing that for decades without any problems. Whereas some dumbfucks will still manage to screw themselves multiple times with a highly-locked down and otherwise useless-for-doing-anything-productive mobile device.

>>17
airgapping is security too. anyway, I'm not defending the mobile industry practices. but there's difference between that shit and security. a well-configured Linux server is secure but it doesn't mean you as its owner don't have control over it.

>>18

a well-configured Linux server is secure

Unix-like operating systems can't be secure.