cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
sfink
Employee
Employee
Status: New idea

Inspired by https://github.com/classvsoftware/under-new-management it seems like the browser itself ought to watch out for extensions changing ownership, and give users the option to decide whether they want to keep using it.

This appears to be a very active form of abuse right now, where extension authors are inundated with buyout offers from sleazy people/companies who will add in tracking or whatever.

Perhaps this could take the form of automatically revoking all permissions on an ownership change, and re-requesting?

8 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

quiet_nooks
New member

this would be great if built in and give Firefox another notch in its belt of superiority

Mizar
Familiar face

Ngl, that's a great idea.

myspace
Making moves

This is a really good idea 👍

luis123456789
Strollin' around

This is one of the basics I would expect from an extension store tbh. Implement, pronto.

okay_okay
Making moves

+1 This is a must have 

jscher2000
Leader

I currently use manual update for extensions (migrated from ancient times), and it would be helpful if this issue was highlighted on the cards on that list.

For users that use automatic updates for their extensions, turning off automatic updates for an individual extension with an author change also could be an option, although those users may never think to look for the Available Updates list, so probably not enough.

BeefSupreme
Strollin' around

This is an attack vector that I had never even considered until now. I don't use a ton of extensions and am careful about which ones I install but if uBlock Origin suddenly decided to sell out to malware groups (unlikely but not impossible) then a lot of FF users would be affected and Mozilla would have a bad situation on their hands. This just seems like the type of OpSec we've come to expect from Firefox, kind of surprised this hasn't been implemented already.