It's not "vaguely possible sometime hack". it's definitely possible sometimes hack. Although to my knowledge the sometimes has turned out to be extremely rare. So, you do have a point.
By modern web browser security standards, the old method is far too open with the potential for abuse. Since I suspect Mozilla (they still manage Firefox don't they) doesn't want to have to police the add-in library as heavily as Apple polices the IOS marketplace, they decided to remove the openness of the way extensions work. The threat is simple, although pretty much unrealized. The architecture of XUL pretty much gave the extension developers full access to your computer. Which means you have to trust them to write good code. The folks that manage the Firefox add-ons website will get a lot of flack if they let an extension in that turns out to be a back door into consumer desktops. Instead of trying to wrap a sandbox around the XUL system, they decided to replace it with a more modern and limited framework. Note: I am not supporting the decision, only providing a bit more context behind why they might have decided to go this way. I actually like the openness of the old way. I, like many of you, thought it was a strength even if it did require more diligence on my part. On Wednesday, October 4, 2017 at 1:39:41 PM UTC-4, @TiddlyTweeter wrote: > > Ciao Rob > > I do understand the concern. But it was pretty much a concern without > proven foundation. > > I NEVER, in years, had any problem. AND there is NOTHING I have ever seen > that indicates the FF extension system was seriously abused. > > It seems to me that legitimate paranoia got mixed up with "vaguely > possible sometime hack". IMO there is a larger story going on beyond basic > web security about "Memes Of Modern Thought" that posit threats where they > don't, pragmatically, function. > > Anyway, its a done deal. AND the issue is WebExtensions at the moment, are > no way capable of replacing the previous saving system. > > With TW that's an issue, but not fatal, with many other extensions it is > death. > > Best wishes > Josiah > > Rob Hoelz wrote: >> >> I can see where RichardWilliamSmith is coming from - I think Mozilla >> realized just how *dangerous *it is for extensions from third party >> developers to have unfettered access to various OS services such as files, >> especially in this day and age. >> > -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/tiddlywiki. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/62e4870d-4d22-4623-8f54-b15af250b280%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
