cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mawy
New member
Status: New idea

I have added my banking site and github to extensions.webextensions.restrictedDomains, to ensure a rouge extension cannot steal sessions cookies from there. Unfortunately I have discovered that when I use a subdomain (gist.github.com), firefox will happily give the extensions access to my sessions cookies. This seems like an oversight. I believe it should restrict all subdomains on a site or at least allow wildcards, to properly lock down firefox, like *.github.com.

Would also be cool if you could explicitly blacklist and whitelist certain sites on a global or per extension basis. Especially since extensions now have 1000s of dependencies and are increasingly becoming an attack vector.

2 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

easel
New member

Same. I second this.