This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Mozilla Connect
- Ideas
- extensions.webextensions.restrictedDomains should ...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
mawy
New member
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
04-15-2025
11:43 AM
Status:
New idea
I have added my banking site and github to extensions.webextensions.restrictedDomains, to ensure a rouge extension cannot steal sessions cookies from there. Unfortunately I have discovered that when I use a subdomain (gist.github.com), firefox will happily give the extensions access to my sessions cookies. This seems like an oversight. I believe it should restrict all subdomains on a site or at least allow wildcards, to properly lock down firefox, like *.github.com.
Would also be cool if you could explicitly blacklist and whitelist certain sites on a global or per extension basis. Especially since extensions now have 1000s of dependencies and are increasingly becoming an attack vector.
1 Comment
Idea Statuses
- New idea 7,135
- Trending idea 68
- Needs more 2
- In review 11
- Exploring more 10
- In development 68
- Not right now 4
- Delivered 143
- Closed 12
Top Kudoed Posts
