mintycactus, avatar

Check this

But there is no easy way to detect all extensions, instead most popular ones. My Kiwi Browser on Android has only 2 extensions and only uBlock Origin was detected. Firefox won’t leak them at all.

Retiring, avatar

This says it only detects chrome extensions, so I am not surprised it doesn’t detect your Firefox extensions. Why do you say that Firefox won’t leak extensions at all? Do you have a source for that?

mintycactus, avatar

Not really. But the site says it works only with chrome desktop, not firefox desktop. I have Kiwi installed and Firefox as well to test both, Firefox extensions were not detected.

Atemu, avatar

The way it’s written doesn’t say whether it simply isn’t made to work for Firefox or whether it couldn’t be made to work for Firefox. Fortunately, the latter appears to be the case.

ReveredOxygen, avatar

if you click read more, it mentions that it can’t be made to work with firefox

Atemu, avatar

Detecting extensions using web accessible resources is not possible on Firefox as Firefox extension ID’s are unique for every browser instance. Therefore the URL of the extension resources cannot be known by third parties.

and also for Chrome:

in manifest v3 extensions will be able to enable ‘use_dynamic_url’ option, which will change the resource URL for each session (browser restart). This will render this detection method unusable.

Though it should be noted that this method isn’t the only way to detect extensions.

mintycactus, avatar

Do you mean this issue is going to be solved only with mv3 implementation? That leaves other chromium browsers staying with both mv2 and mv3 with this issue unresolved…

TCB13, avatar

But there is no easy way to detect all extensions, instead most popular ones

It doesn’t really matter if its easy or hard, I’m sure Google already has automated processes in-place to detect all extensions published to the store and fingerprint browsers. They might even have the same for Firefox extensions, who knows.


This is actually a good point. It’s not just a proof of concept for one extension, either: it’s a proof of concept for a wide array of handpicked ones, and the script for it could easily be shrunken.

Ironic that Firefox protects your extensions better, considering Chrome Manifest V3 (the adblock killer) is locking down so much functionality.

I guess Google is too busy locking down the functionality that people want, than to lock down the functionality that would make people more secure.


Not really, because AFAIK extension detection needs to be built on a per-extension basis.

  • Wszystkie
  • Subskrybowane
  • Moderowane
  • Ulubione
  • [email protected]
  • random
  • polska
  • memy
  • astronomia
  • hosting
  • krotkofalarstwo
  • ukraina
  • Geopolityka
  • kopnij
  • Wszystkie magazyny