为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Add-on Excessive Permission Request

  • 3 个回答
  • 1 人有此问题
  • 7 次查看
  • 最后回复者为 Matt

more options

My Compact Header Add-on must be replaced after upgrade. Both available current options are asking for Permission to "Have full, unrestricted access to Thunderbird, and your computer". That "Full access ... to your computer" for an Add-on is a complete breach of all computer safety practice. I am a licensed Computer Engineer and I believe this is a serious breach of security and Mozilla should reject any Add-On which asks for such a permission. I/Users trust Mozilla/Thunderbird and have granted them full computer access. But the Add-ons are NOT Mozilla. Why on earth would an 3rd-party Add-on need access to anything except Thunderbird?? And the "Thunderbird add-ons" FAQ item "How do I install an add-on?" makes zero mention of any permissions granting needed at all.

This needs to change -- no one should accept a Permissions request for "Full access ... to your computer" from 3rd party actors. Know any other trustworthy Compact Header Add-ons?

My Compact Header Add-on must be replaced after upgrade. Both available current options are asking for Permission to "Have full, unrestricted access to Thunderbird, and your computer". That "Full access ... to your computer" for an Add-on is a complete breach of all computer safety practice. I am a licensed Computer Engineer and I believe this is a serious breach of security and Mozilla should reject any Add-On which asks for such a permission. I/Users trust Mozilla/Thunderbird and have granted them full computer access. But the Add-ons are NOT Mozilla. Why on earth would an 3rd-party Add-on need access to anything except Thunderbird?? And the "Thunderbird add-ons" FAQ item "How do I install an add-on?" makes zero mention of any permissions granting needed at all. This needs to change -- no one should accept a Permissions request for "Full access ... to your computer" from 3rd party actors. Know any other trustworthy Compact Header Add-ons?

所有回复 (3)

more options

Permission request messages for Firefox extensions and Tips for assessing the safety of an extension

Perhaps you are better placed to investigate whether the add-on actually abuses its "full access" to your computer. I'm no computer engineer, I wouldn't know where to start. Such findings would definitely help inform a lot of its users' decisions, don't you think?

more options

The problem is that once Full Computer Access is granted, the Add-On could at any time in the future be hacked and a malicious party gets access to your computer. Mozilla should solve this issue at the root and NEVER have apps requesting such permission unless they are an app that intentionally deals with your files outside the Thunderbird/Firefox world. Working only with e-mail within Thunderbird as these apps do is NOT an excuse to have full computer access. It is Dangerous!

more options

rickclemenzi said

The problem is that once Full Computer Access is granted, the Add-On could at any time in the future be hacked and a malicious party gets access to your computer. Mozilla should solve this issue at the root and NEVER have apps requesting such permission unless they are an app that intentionally deals with your files outside the Thunderbird/Firefox world. Working only with e-mail within Thunderbird as these apps do is NOT an excuse to have full computer access. It is Dangerous!

What does full access mean in this context? I don't know. But I do know I allowed it because I wanted a compact header addon. Or did I. The web page says it requires no permissions. I installed this. https://addons.thunderbird.net/en-US/thunderbird/addon/compact-headers/

However If you want to talk about permissions in detail I suggest you join the addon developer list at https://thunderbird.topicbox.com/groups/addons

But be aware the status of addons until Thunderbird 78 was that all addons had full access to everything. So the existence of permissions is relatively new, particularly in the mail context and from my reading developers are more interested in expanding what they can access using the API than permissions which really have little on no value in a fat email client where there is an expectation that an addon can access your mail and save it anywhere you want on the local machine that the user has access to..