Great question!

IOW, could your custom API possibly be opening the browser up to attacks?

Back in the days, Firefox addons were running with full privileges, that is, full access to the system. Today, addons are WebExtensions which run isolated from each other and with little powers by default. For advanced privileges, the browser provides a set of specific APIs for which addons must request individual permission. Even though the APIs themselves are fully privileged, they only export some carefully designed "secure" API methods for addons to use.

Since, famously, there is no built-in UI modifcation API, Paxmod supplies two new APIs itself, and you can see which API functions they expose to the WebExt in their respective schemas here and here. As I see it, only the stylesheet.load() function would at all be of interest to a potential attacker who may attempt to leverage it to inject their own CSS. However, there is not much opportunity to do so because the dynamic parts of Paxmod's stylesheets only depend on user settings and favicon colors. So, since the custom APIs are limited in power, not really exposed to untrusted input, and no extension besides Paxmod can use them, there isn't much of an added attack surface here.

However, keep in mind that Paxmod fetches updates automatically from this Github repo. If one day I turn evil, or someone gains push access to this repo, they could add malicious code to the API implementation, delivered to your machine with the next auto update. (In contrast, a malicious update to a regular FF addon would remain restricted to the builtin APIs [those which the user has granted access to] and couldn't just compromise your system.)

If that is a concern to you, the best practice is to disable auto updates for Paxmod (at about:addons -> Paxmod -> Details), and install new releases manually after verifying that the code changes from the previous version seem plausible.

TL;DR The bundled APIs, as they are written and used, don't add much exposure. But you need to trust future updates, or review them before installation.

Is using Paxmod secure? #73

Description

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions