cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mawy
New member
Status: New idea

I have added my banking site and github to extensions.webextensions.restrictedDomains, to ensure a rouge extension cannot steal sessions cookies from there. Unfortunately I have discovered that when I use a subdomain (gist.github.com), firefox will happily give the extensions access to my sessions cookies. This seems like an oversight. I believe it should restrict all subdomains on a site or at least allow wildcards, to properly lock down firefox, like *.github.com.

Would also be cool if you could explicitly blacklist and whitelist certain sites on a global or per extension basis. Especially since extensions now have 1000s of dependencies and are increasingly becoming an attack vector.

1 Comment
Status changed to: New idea
Jon
Community Manager
Community Manager

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.