A missing and important #security feature for : add a per-subscription option for whether each subscription is allowed to use trusted filters, and make it default to unchecked for all

David@infosec.exchange to

uBlockOrigin@lemmy.ml · 19 days ago

A missing and important #security feature for @ublockorigin: add a per-subscription option for whether each subscription is allowed to use trusted filters, and make it default to unchecked for all non-default subscriptions. As it stands malicious compromise of any filter subscription allows arbitrary code injection into any or every page, using, for example, trusted-replace-node-text on any script element. It’s the same #supplyChain threat model as malicious Python/Ruby/Node/R/etc. packages or malicious VS Code or browser extensions.

#uBlockOrigin #supplyChainSecurity #supplyChainAttack

You must log in or # to comment.

Chat

uBlockOrigin@lemmy.ml

ublockorigin@lemmy.ml

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !ublockorigin@lemmy.ml

uBlock Origin - Free, open-source ad content blocker. Easy on CPU and memory.

Related communities: c/linux, c/opensource, c/privacy, c/firefox, c/security, c/librewolf, c/iceraven

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

2 users / day
3 users / week
60 users / month
112 users / 6 months
1 local subscriber
1.07K subscribers
22 Posts
5 Comments
Modlog

mods:
Noah@lemmy.ml