I previously wrote about how simple it is to infect Firefox add-ons with malware. But, what if legitimate extension authors overstep boundaries? It has already happened.
If you use Firefox then no doubt you've heard about - or possibly even use - NoScript and AdBlock Plus, and possibly Easylist. Did you know that there was a potentially dangerous rivalry involved between the authors of those tools?
In a nutshell, AdBlock is very much against overt advertising and NoScript uses advertising to raise funds for whatever purpose. The two philosophical standpoints obviously don't mix, and eventually issues came to a boiling point and the author of NoScript rather overtly overstepped boundaries by adding code to his extension that modifies the behavior of AdBlock and Easylist.
Given what I wrote in the previous blog article about infectingn Firefox add-ons with malware, it's easy to see how even legitimate extension authors might become pushed into doing things they might not otherwise dream of - such as modifying the behavior of your browser without your permission.
