Firefox already mitigates this by randomizing the extension path:

jsheard • yesterday at 9:15 PM • 1 reply • view on HN

Firefox already mitigates this by randomizing the extension path: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web...

    The file is then available using a URL like: moz-extension://<extension-UUID>/images/my-image.png"
    <extension-UUID> is not your extension's ID. This ID is randomly generated for every browser instance.
    This prevents websites from fingerprinting a browser by examining the extensions it has installed.

Replies

zahlman • yesterday at 9:21 PM

Doesn't the browser know which script it's running?

Why can't it just deny access to the specified path, except to the extension itself?

➕ show 1 reply

alt Hacker News

Replies