KeePassXC-Browser por KeePassXC Team

4,3 estrellas de 5

Revisado por Usuario de Firefox 17416689

by Usuario de Firefox 17416689, hace 3 años

With respect to functionality the add-on works generally very well. Unfortunately, even with newest versions of Firefox, listing open port connections still shows several open connections from the keepassxc-proxy add-on to sites like googleusercontent.com, cloudfront.net, amazonaws.com and akamaitechnologies.com. Developers claim that this is a bug in Firefox beyond their control, however, the open ports are reported specifically for the keepassxc-proxy process, not for the parent firefox process. This behaviour is not particularly trust inducing.

Respuesta del desarrollador

publicado el hace 3 años

This is not the first time this issue is mentioned. And still, it is a Firefox issue. Native Messaging launches a child process from the browser, and for some reason Firefox also copies the socket handles to the child process. Because of this the proxy shows connections to locations it doesn't have an access to. Some of the handles can be connections that are already terminated. The only thing the proxy does is listening for stdin and connecting to a local Unix socket by KeePassXC. Anyone can take a look at the source code and verify this, or compile a build manually where the problem still exists.