clipboardRead is currently a required extension permission for vimium on firefox. This means vimium has completely unrestricted access to the OS clipboard. This differs from chrome where clipboard access is web-permission-gated.
Leaving clipboardRead in the required permissions opens up a very nasty exfiltration vector with no way for the user to opt-out (post-FF147, there's no way to disable the async clipboard via prefs). That's not to say I think vimium is malicious, but there's no way to predict what will get hit by the next supply chain attack (these seem to be happening daily now).
Clipboard access is uniquely dangerous in that running the extension under a separate profile does not protect you. The extension has access to a global OS state, not just whatever is in the browser.
I don't have numbers on this, but anecdotally speaking, an extension requiring clipboard read access seems to be rather unusual. Of the dozen or so extensions I keep my eye on, a few them require clipboardWrite and a few have clipboardRead as optional. Vimium is the only extension I've seen that requires clipboardRead.
And of course clipboardWrite has its own set of problems, but it's not as devastating as clipboardRead.
Personally, I don't paste URLs into vimium, so the read access is just a giant exfil vector that I gain nothing from and can't disable. There is currently no way to disable required extension permissions in firefox. Even the future blocked_permissions policy property won't work properly for this use-case.
Please consider moving clipboardRead to optional_permissions. I'd press for clipboardWrite to be made optional too.
clipboardReadis currently a required extension permission for vimium on firefox. This means vimium has completely unrestricted access to the OS clipboard. This differs from chrome where clipboard access is web-permission-gated.Leaving
clipboardReadin the required permissions opens up a very nasty exfiltration vector with no way for the user to opt-out (post-FF147, there's no way to disable the async clipboard via prefs). That's not to say I think vimium is malicious, but there's no way to predict what will get hit by the next supply chain attack (these seem to be happening daily now).Clipboard access is uniquely dangerous in that running the extension under a separate profile does not protect you. The extension has access to a global OS state, not just whatever is in the browser.
I don't have numbers on this, but anecdotally speaking, an extension requiring clipboard read access seems to be rather unusual. Of the dozen or so extensions I keep my eye on, a few them require
clipboardWriteand a few haveclipboardReadas optional. Vimium is the only extension I've seen that requiresclipboardRead.And of course
clipboardWritehas its own set of problems, but it's not as devastating asclipboardRead.Personally, I don't paste URLs into vimium, so the read access is just a giant exfil vector that I gain nothing from and can't disable. There is currently no way to disable required extension permissions in firefox. Even the future
blocked_permissionspolicy property won't work properly for this use-case.Please consider moving
clipboardReadtooptional_permissions. I'd press forclipboardWriteto be made optional too.