Why is it removed from the Firefox addon place?

ajayyy / DeArrow

Crowdsourcing better titles and thumbnails on YouTube

https://dearrow.ajay.app

GNU General Public License v3.0

1.37k stars 39 forks source link

Why is it removed from the Firefox addon place? #122

Closed MrGoatsy closed 1 year ago

MrGoatsy commented 1 year ago

Why did it get removed?

ajayyy commented 1 year ago

The Mozilla reviewer spotted an XSS vulnerability in the code and took it down. I have fixed the bug in https://github.com/ajayyy/DeArrow/releases/tag/1.2.6 and now we will have to wait for them to review it.

The good news is that no one has abused this, and there is a server-side mitigation to make it so it can't be abused even on older extension versions.

ajayyy commented 1 year ago

Screenshot_20230809-085951