Microsoft Edge and Google Chrome’s enhanced spell checking and the Microsoft Editor browser extension could send sensitive data like PII and even passwords to Microsoft and Googles web services.
This article will show you how to prevent that by disabling enhanced spell checking and the Microsoft Editor browser extension.
Some extensions installed by millions of users have been found to steal or leak Personally Identifiable Information (PII), passwords or other secrets, take screenshots, act as a key logger, cause phishing, spamming and so on.
This article will show you why and how to implement browser extension whitelisting, preventing the installation of extensions not explicitly allowed by you.
The Group Policy setting Administrative Templates/Mozilla/Firefox/Extensions/Extension Management allows you to insert JSON formatted data, that defines the extension settings for Firefox.
To create an extension whitelisting policy, "*" needs to be blocked, and only explicitly allowed extension Ids are allowed.
This script imports the explicitly allowed extension Ids from a CSV file and then creates the needed JSON data to be used in the GPO.