Vulnerable extensions survey · 2009-02-05 16:49 by Wladimir Palant
I spent in total something like 10 hours searching 78 of the top 100 extensions for signs of unsafe interactions with the web (yes, I failed downloading the extensions that are hidden behind a EULA, will do better next time). The result: 14 extensions with severe vulnerabilities (typically the kind of vulnerability that lets a web page take over your browser and even the computer if your browser runs with administrator privileges) and several proof of concept exploits. The good news: I don’t think that I missed too many vulnerable extensions, when I searched for more patterns I just kept finding new issues in the extensions that were already known to be vulnerable. More good news: none of the top 10 most popular extensions made the list. The bad news: many of the remaining extensions didn’t make this list simply because they don’t interact with the web or only interact with the web in ways that are relatively unproblematic. Some others were just too messy to get an overview in reasonable time, so it was impossible to understand whether questionable coding practices actually caused security issues.
Displaying web content in an extension - without security issues · 2009-01-28 12:02 by Wladimir Palant
Putting an icon inside a menulist · 2006-06-15 18:17 by Wladimir Palant
So I wanted the inline editor for Adblock Plus filters to have an icon that cancels it. Shouldn’t be much of a problem? Yes, that’s what I thought. But the editor is an editable
menuitem — and a look at
chrome://global/content/bindings/menulist.xml shows that you have to use a regular
menulist if you want an image there.