Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

holy false equivalence batman. it's definitely harder to buy/compromise firefox


Yes, that's true, but it would be correspondingly more difficult to find an alternative. If a plugin is compromised you're much more likely to be able to easily find an alternative. So it's a trade-off either way.


the cost of a compromised plugin is not just the inconvenience, but also all the passwords you might enter on forms if the plugin has full permissions granted


That's a stretch. We're talking about a translation plugin here. If FF doesn't have a mechanism to keep passwords safe from that, then that is the problem, not the lack of native translation.


if a plugin can read what's in a field, it can read the passwords therein, I'm not talking about the password file.


I am not wise in the ways of Firefox plugins, but if the ability of a plugin to read a password field is not a separate permission, then that is a much more serious problem than the lack of native translation. That's just a huge gaping security hole, full stop. If that is indeed how Firefox is designed, then the lack of native translation should be the least of your concerns.


> I am not wise in the ways of Firefox plugins

> That's just a huge gaping security hole

> If that is indeed how Firefox is designed

that's the whole point I'm trying to make! goddamit stop working on assumption and hypothetical thinking I'm a lunatic, this is a real issue and the actual way firefox works, how do you think all password manager work?

here look yourself https://support.mozilla.org/en-US/kb/permission-request-mess...

and guess what permission the language extension need?

https://addons.mozilla.org/en-US/firefox/addon/automatic-spe...


Go back to this ancestor comment in this thread:

https://qqrl.tk/item?id=21323832

We're not talking about password managers here, we're talking about spelling checkers. If a spelling checker can read passwords, then Firefox has a problem that that has nothing to do with spelling checkers or password managers. You cannot safely use any plugin.

Now, it's possible that Firefox does indeed have this very serious problem, I don't know. But I think it's much more likely that the FF engineers did the obvious thing and excluded password fields from being accessed by plugins by default if they can access text fields. If this were not the case, the complaint would not have been, "FF doesn't have native spell checking", the complaint would have been, "FF has this gaping security hole through which you can drive an M1 Abrams tank."


good thing then that I linked you to the very spell checker parent included to show you that it's flagged with that goddamn permission I'll put it here as well since you have missed it > https://addons.mozilla.org/en-US/firefox/addon/automatic-spe...

you're not listening and you're having a very strong opinion on a topic you don't know about, which makes having a discussion frustrating, tedious and very unhackernews-like, the data is before your eyes, believe what you will.

but if you are unwilling to listen, then why ask and answer?


> that goddamn permission

What permission is that? The only permission I see is "Access your data for all websites." If that includes passwords, then FF has much bigger problems than not having native spell checking.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: