CRXaminer

[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Last scanned: about 10 hours ago

Extension Details

Context-Aware Verdict

MEDIUM

Overall Risk

Trust Factors: The extension lacks critical identifying information including name, description, author details, user count, and ratings, making it impossible to assess developer credibility or community trust. This absence of basic metadata is concerning for transparency and accountability.

Concerns:

- Missing essential extension metadata raises transparency issues

- Broad host permissions to Mozilla addon sites could enable data collection from Firefox addon browsing

- Unlimited storage permission allows indefinite local data accumulation

- Combination of scripting and declarativeNetRequestWithHostAccess permissions provides significant control over web requests

- Content script injection on Mozilla addon pages could modify user experience or collect browsing data

- Offscreen permission enables background processing that may not be visible to users

- The specific focus on Mozilla/Firefox addon sites suggests potential cross-browser data collection

Recommendations:

Consider running this extension in a separate Chrome profile to isolate potential risks. Before installation, research the extension's actual name and developer to verify legitimacy. Monitor your browsing behavior on Mozilla addon sites if you choose to install it. Given the broad permissions and missing metadata, consider whether the extension's functionality justifies these risks. Look for alternative extensions with clearer documentation and more limited permissions if similar functionality is available elsewhere.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

MEDIUM

Medium-Risk Permission: unlimitedStorage

This extension has the unlimitedStorage permission. Can store unlimited data locally.

Security Analysis Details

Required Permissions:

alarms
storage
unlimitedStorage
offscreen
scripting
sidePanel
declarativeNetRequestWithHostAccess

Optional Permissions:

tabs
downloads

Host Permissions:

https://addons.cdn.mozilla.net/user-media/addons/*

Embedded URLs (21 total):

https://fonts.googleapis.com/css2?family=Inter:wght@400	http://www.w3.org/2000/svg
https://addons.mozilla.org/en-US/firefox/addon/	https://foxified.org/warning
https://github.com/uuidjs/uuid#getrandomvalues-not-supported	https://www.google-analytics.com/mp/collect
https://addons.mozilla.org/firefox/downloads/latest/	http://stuartk.com/jszip
https://raw.github.com/Stuk/jszip/main/LICENSE.markdown.	https://github.com/nodeca/pako/blob/main/LICENSE
https://stuk.github.io/jszip/documentation/howto/read_zip.html	https://foxified.org/installed
https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/runtime/onMessage	http://www.w3.org/1999/xlink
http://www.w3.org/1998/Math/MathML	https://vuejs.org/error-reference/#runtime-
https://clients2.google.com/service/update2/crx	https://foxified.org
https://addons.mozilla.org/	https://addons.cdn.mozilla.net/user-media/addons/
https://foxified.org/

Raw Manifest

{
  "name": "__MSG_extName__",
  "icons": {
    "16": "assets/img/icon-16px.png",
    "19": "assets/img/icon-19px.png",
    "38": "assets/img/icon-38px.png",
    "48": "assets/img/icon-48px.png",
    "128": "assets/img/icon-128px.png"
  },
  "action": {
    "default_icon": "assets/img/icon-38px.png",
    "default_popup": "ff-popup.html"
  },
  "author": "Foxified",
  "sandbox": {
    "pages": [
      "ff-sandbox.html"
    ]
  },
  "version": "2.1.4",
  "background": {
    "service_worker": "assets/js/ff-background.js"
  },
  "options_ui": {
    "page": "ff-options.html",
    "open_in_tab": true
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_extDescription__",
  "permissions": [
    "alarms",
    "storage",
    "unlimitedStorage",
    "offscreen",
    "scripting",
    "sidePanel",
    "declarativeNetRequestWithHostAccess"
  ],
  "homepage_url": "https://foxified.org",
  "default_locale": "en",
  "content_scripts": [
    {
      "js": [
        "assets/js/ff-store.js"
      ],
      "run_at": "document_start",
      "matches": [
        "https://addons.mozilla.org/*/firefox/addon/*"
      ]
    }
  ],
  "host_permissions": [
    "https://addons.cdn.mozilla.net/user-media/addons/*"
  ],
  "manifest_version": 3,
  "optional_permissions": [
    "tabs",
    "downloads"
  ],
  "externally_connectable": {
    "matches": [
      "https://foxified.org/*"
    ]
  },
  "minimum_chrome_version": "120",
  "web_accessible_resources": [
    {
      "matches": [
        "<all_urls>"
      ],
      "resources": [
        "ff-options.html",
        "ff-sandbox.html"
      ]
    }
  ],
  "optional_host_permissions": [
    "http://*/*",
    "https://*/*"
  ]
}

by ✦ Astarte

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Optional Permissions:

Host Permissions:

Embedded URLs (21 total):

Raw Manifest

Detections

Manifest Findings