Comment by konform

I had similar frustrations and been maintaining a Firefox fork trying to fill a gap there. The result is Konform Browser and I think it might be relevant to you; please check it out!

> every single extension provides 100% access to my websites to whoever controls the extension

That feels a like a bit of overstatement and depends on what addons you use and how you install them... CSPs at least make it possible to restrict such things by policy (assuming user has been exposed to it and parsed it...). https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web... MV3 introduced further restrictions and controls regarding addon capabilities. While I agree the UI and UX around this could be much better, it's not all hopeless. The underlying pieces are mostly there.

While the fundamental addon execution security model in Konform Browser is inherited from upstream, for core addons like uBO you can improve the supply-chain security situation by loading it under "system scope" and disable addon updates in the browser itself. So while we don't (yet) improve on the runtime aspects you speak of, at least for now we can tighten up the supply-chain side to minimize risk of bad code running in the first place.

Literally `apt-get install webext-ublock-origin-firefox`.

"Enterprise policy files" can be used to change Firefox behavior and tweak security model around addon loading. A little explanation and reference of how it works if you want to do the same in other FF build or for other addons:

0 comments

konform

Reply