How Does Pale Moon Stand in regards to Add-on Function Isolation?

[Pallid Planetoid]

How does Pale Moon stand in regards to these specific Extension vulnerabilities?
NoScript and other popular Firefox add-ons open millions to new attack
Unlike many browsers, Firefox doesn't always isolate an add-on’s functions.
by Dan Goodin - Apr 5, 2016 10:02 pm UTC

[Fedor2]

"NoScript and other popular Firefox add-ons open millions to new attack" consider this statement - fear the noscript wo-o-o!
It is clear that addons share varibales, memory e.t.c, but how it follows that someone can do bad things because of this sharing. Consider as attcker i have to make a target install my bad add-on to do nasty things throu another add-on, but if the target do not have any add-on at all or do not want install my bad add-on, what a fail.

I say that any stupid attacks of this is possible only through users ignorance, and ignorance must not be encouraged.

[Moonchild]

Extensions by design have access to the browser chrome (application-level) code. This is exactly why you have to be mindful what you install and why there are blocklists for bad/malware extensions.

Pale Moon's stand is that this native access is by design. Trying to sandbox that inherently means you are preventing most extensions from performing their tasks.
Of course this native access means there is a risk that bad code will do something bad. That is why there are safeguards to prevent unwanted installation and user confirmation is required when you install extensions.

If you want true extensibility, it comes with the responsibility of being careful what you install.

[GMforker]

See also viewtopic.php?f=46&t=11685

[IHG Greg]

Please be reminded that my extension Image-Host Grabber cannot work unless it can write files to your computer. We are open source and even if not you can read our code just from our download, just change the xpi to zip and unzip it, and you can verify we intend no harm.

Firefox is killing us soon, with the new restrictions (deletion of XUL etc.) and we are glad PaleMoon is here or as an extension we'd be dead.

Do you want an application to write files to your computer? How about if you are downloading image sets? The new FF will not let you d that.

[Pallid Planetoid]

Extensions by design have access to the browser chrome (application-level) code. This is exactly why you have to be mindful what you install and why there are blocklists for bad/malware extensions.

Pale Moon's stand is that this native access is by design. Trying to sandbox that inherently means you are preventing most extensions from performing their tasks.
Of course this native access means there is a risk that bad code will do something bad. That is why there are safeguards to prevent unwanted installation and user confirmation is required when you install extensions.

If you want true extensibility, it comes with the responsibility of being careful what you install.

Oh I get it, I misunderstood the premise, this is not a case of properly written (secure) add-on code getting malevolently exploited (which I thought was the premise) but rather a case of either poorly written (insecure) add-on code or possibly malicious intent by design that is intrinsic to the add-on that presents potential vulnerabilities. So it's not that all add-ons are inherently vulnerable irrespective of design and therefore are all necessarily potentially vulnerable but rather the culpability regarding whatever vulnerability to malicious exploitation that might exist with add-ons in general is confined to the developer in regards to the efficacy of the add-on. And with that said, just as you say, the responsibility to stay safe is with the user making sound decisions regarding add-ons exclusive of whatever blacklist or warnings that my be available to assist decision making as well.

[timofonic]

The premise behind noscript (blocking essential parts of the modern web, aiming to only allow the minimum possible) is disabling functionality - this goes right against the core goal behind the browser.

Yes and no. NoScript is about enabling users to decide which parts of the modern web they will or will not trust. Since the alternative is that the browser pretty much trusts the whole web, yes, this takes the form of optionally un-trusting things.

This is something I disagree with ALL browser projects: I don't trust the web at all, I even don't trust myself. I don't care about "core goals" and all these corporate-like words that Mozilla used too, sorry ifg ity may offend you.

And in its default configuration, yes, it is default-deny. But that is purely a default, based on the assumption that those who want to take control will probably want that posture. Just select the 'Scripts Globally Allowed' menu item, and voila! It's default-allow. A built-in version could easily use default-allow.

The browser itself should focus on presenting websites exactly as-intended by their designers. That includes using all scripts.

Should it, though? It should enable users to view websites exactly as intended by their designers, yes. But what if the user would like something different? Shouldn't the browser support that?

I hate to have dictatorships known as "Web Designers":
- I yet fail to understand what a "web designer" is in it's core: To me it's some kind of graphics designer with some coding skills.
- I don't like others impossing me how information should be consumed/viewed: I may prefer to change the design because personal or disability preferences I often try to make all sites in high contrast (console/terminal/ncurses style: black blackground, green foreground, some blue and green, etc).
- I hate Flash for playing videos: I want to play all them in HTML5, even better if there's a button to play it in my preferred media player (MPV).
- Sites are plagued of useless JavaScript that eat tons of CPU cycles, those can be replaced or directly removed.
- Most sites waste tons of space in stupid stuff, not only ads. This is noticeable even on 1080p sites.

The Hyptertext Network was focused on showing information (like Gopher),so their design was aimed at users able to modify how can be shown. These days websites are becoming boring impissitions of crappy and selfish concepts of GUIs and stetics, instead an open API that adapts to the local system (CSS somewhat solves it, but impossed too many crap too).

- I yet hate how forms are managed on web browsers: I would love to have them saved ALL TIME, able to edit them by my preferred text editor.

/

In addition, building it into Pale Moon would take away people's choice to decide if any, the amount, granularity, and method of blocked content from web sites.

I don't understand this. NoScript gives quite a lot of control over all of those things, whereas without it you have no choice except a big red OFF switch. How would incorporating it take away choice?

NoScript is causing problems even for people who have explicitly chosen to install and enable it (knowing they can expect limits/issues); can you imagine what it would do if applied to people who just want everything to work?

The forums are free, and you can even post in the support forum without registering.

I think Pale Moon should give total priority to the users, no to web designers. It's going to be a rebel browser, because it bornt as a Firefox fork and the shadow will always be there. Deal with it and put users on user side, we really feel quite ignored these days!

[dark_moon]

Off-topic:
@timofonic: Thanks for the MPV link !

[Moonchild]

This is something I disagree with ALL browser projects: I don't trust the web at all, I even don't trust myself. I don't care about "core goals" and all these corporate-like words that Mozilla used too, sorry ifg ity may offend you.

I think Pale Moon should give total priority to the users, no to web designers. It's going to be a rebel browser, because it bornt as a Firefox fork and the shadow will always be there.

If you think you can do it better, then feel free to make your own fork that implements all your preferred priorities!
I'm sure you'll have an audience that agrees with your fully distrusting approach to anything on the web -- for Pale Moon, however, it is important to not break the web any more than it already is, and that means that the core of the browser should be about focusing on enabling people to view websites as intended by their designers.

As an aside, having a defined set of properties to work within (the core goals) has nothing to do with being corporate or not, and everything with defining your scope. Any project needs to do this, whether it is FOSS or proprietary closed-source. If you don't, then you'll end up with ambiguous results and software that tries to do everything (and will never excel at anything and likely fail at many of its goals).

[half-moon]

Another thing that timofonic doesn't understand is how a lot of PM user are people that just want everything to work out of the box and that they don't have to mess with anything to watch their cat videos.

[satrow]

If you happen to follow the security scene, you must have noticed a lot of buzz around various security issues discovered this month. Namely, a critical vulnerability in the Microsoft Graphics Component, as outlined in the MS16-039 bulletin, stories and rumors around something called Badlock bug, and risks associated using Firefox add-ons. All well and good, except it's nothing more than clickbait hype nonsense.

Reading the articles fueled my anger to such heights that I had to wait a day or two before writing this piece. Otherwise, it would have just been venom and expletives. But it is important to express myself and protect the Internet users from the torrent of pointless, amateurish, sensationalist wanna-be hackerish security diarrhea that has been produced this month. Follow me.

http://www.dedoimedo.com/computers/apri ... alism.html

[Thehandyman1957]

If you happen to follow the security scene, you must have noticed a lot of buzz around various security issues discovered this month. Namely, a critical vulnerability in the Microsoft Graphics Component, as outlined in the MS16-039 bulletin, stories and rumors around something called Badlock bug, and risks associated using Firefox add-ons. All well and good, except it's nothing more than clickbait hype nonsense.

Reading the articles fueled my anger to such heights that I had to wait a day or two before writing this piece. Otherwise, it would have just been venom and expletives. But it is important to express myself and protect the Internet users from the torrent of pointless, amateurish, sensationalist wanna-be hackerish security diarrhea that has been produced this month. Follow me.

http://www.dedoimedo.com/computers/apri ... alism.html

All of this sounds a little bit like this. Be afraid, be very afraid!
https://www.youtube.com/watch?v=sQ8l07a4d_0