FoxFilter - The content filter!
Version 10.0 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has a moderate user base of 5,000 users and a below-average rating of 3.4 stars from 108 reviews, which suggests mixed user experiences. The developer provides a website (foxfilter.com) which adds some legitimacy, though the relatively low rating raises concerns about functionality or user satisfaction.
The extension requests several high-risk permissions that seem excessive for a content filter. The "management" permission is particularly concerning as it allows control over other extensions, which is unnecessary for content filtering. The "tabs" permission combined with broad content script injection across all URLs creates significant privacy risks, as the extension can monitor and modify any website you visit. The ability to inject scripts into all websites means it could potentially capture sensitive information like passwords or personal data.
The combination of these permissions creates a powerful surveillance and manipulation capability that extends far beyond what a typical content filter would need. Content filters typically only need to block or modify specific content, not manage other extensions or access detailed tab information.
Consider running this extension in a separate Chrome profile to isolate it from your main browsing activities. Look for alternative content filtering extensions with more limited permissions. If you must use this extension, regularly review what other extensions you have installed, as this extension can manage them. Monitor your browsing behavior for any unexpected changes or blocked content that seems inappropriate.
Findings
Security Analysis Details
Required Permissions:
- tabs
- contextMenus
- storage
- management
Embedded URLs (61 total):
| https://clients2.google.com/service/update2/crx | http://daneden.me/animate | |
| http://opensource.org/licenses/MIT | https://github.com/nickpettit/glide | |
| http://getbootstrap.com | https://github.com/twbs/bootstrap/blob/master/LICENSE | |
| https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css | https://github.com/twbs/bootstrap/issues/10106 | |
| http://getbootstrap.com/getting-started/#third-box-sizing | http://a11yproject.com/posts/how-to-hide-content | |
| http://www.w3.org/TR/2013/NOTE-WCAG20-TECHS-20130905/G1 | https://developer.mozilla.org/en-US/docs/Web/Events/click#Safari_Mobile | |
| https://github.com/twbs/bootstrap/pull/11526 | https://github.com/twbs/bootstrap/issues/4885 | |
| https://github.com/twbs/bootstrap/issues/5257 | https://github.com/twbs/bootstrap/issues/11660 | |
| https://github.com/twbs/bootstrap/issues/11623 | https://github.com/twbs/bootstrap/issues/14837 | |
| https://github.com/twbs/bootstrap/issues/12359. | https://github.com/twbs/bootstrap/issues/13141 | |
| https://github.com/necolas/normalize.css/issues/214 | https://github.com/twbs/bootstrap/issues/11655 | |
| https://github.com/twbs/bootstrap/issues/11586. | https://bugs.webkit.org/show_bug.cgi?id=139848 | |
| https://github.com/twbs/bootstrap/issues/15074. | https://github.com/twbs/bootstrap/pull/3552. | |
| https://github.com/twbs/bootstrap/pull/12794 | https://github.com/twbs/bootstrap/pull/14559 | |
| https://github.com/twbs/bootstrap/issues/11561#issuecomment-28936855 | https://github.com/h5bp/html5-boilerplate/issues/984#issuecomment-3985989 | |
| https://github.com/twbs/bootstrap/pull/10951. | https://developer.mozilla.org/en-US/docs/Web/Events/click#Internet_Explorer | |
| http://nicolasgallagher.com/micro-clearfix-hack/ | https://github.com/h5bp/html5-boilerplate/commit/aa0396eae757 | |
| https://github.com/twbs/bootstrap/issues/10497 | http://getbootstrap.com/getting-started/#support-ie10-width | |
| http://timkadlec.com/2013/01/windows-phone-8-and-device-width/ | http://timkadlec.com/2012/10/ie10-snap-mode-and-responsive-design/ | |
| http://fontawesome.io | http://fontawesome.io/license | |
| http://j.mp/metronictheme | http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd | |
| https://www.foxfilter.com/foxfilter-protection | https://www.foxfilter.com/subscribe | |
| http://www.mysite.com/alert.html | http://www.yahoo.com | |
| http://www.foxfilter.com | https://www.foxfilter.com/forgot-password | |
| https://developer.mozilla.org/en-US/Firefox/The_about_protocol | https://www.foxfilter.com/subscribe?email= | |
| https://www.foxfilter.com/api/v1/login | https://www.foxfilter.com/api/v1/subscriptions?email= | |
| https://www.foxfilter.com/api/v1/free-profile | https://www.foxfilter.com/api/v1/subscriptions | |
| http://www.google.com/ | https://en.m.wikipedia.org/wiki/Fish | |
| https://www.foxfilter.com/subscribe?action=subscribe | https://www.foxfilter.com/subscribe?action=renew&email= | |
| https://github.com/mouse0270/bootstrap-growl | http://xoxco.com/clickable/jquery-tags-input | |
| http://www.opensource.org/licenses/mit-license.php |
Raw Manifest
{ "name": "FoxFilter - The content filter!", "icons": { "16": "images/logo16.png", "48": "images/logo48.png", "128": "images/logo128.png" }, "version": "10.0", "background": { "service_worker": "js/ext/background.js" }, "options_ui": { "page": "html/start.html?show_tip=1", "open_in_tab": true }, "short_name": "FoxFilter", "update_url": "https://clients2.google.com/service/update2/crx", "description": "FoxFilter helps block pornographic and any other user-defined content. Great for use in your home, business, library or classroom.", "permissions": [ "tabs", "contextMenus", "storage", "management" ], "content_scripts": [ { "js": [ "js/ext/contentscript.js" ], "run_at": "document_start", "matches": [ "<all_urls>" ], "all_frames": true } ], "manifest_version": 3, "browser_specific_settings": { "gecko": { "id": "foxfilter@inspiredeffect.net", "data_collection_permissions": { "optional": [], "required": [ "none" ] } }, "safari": { "id": "foxfilter@inspiredeffect.net" }, "gecko_android": {} } }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.