This "feature", "Recommended Extensions" of course comes from Mozilla.
What is happening
In the about:addons page of Purebrowser in the Extensions tab, there is a section at the end of the page called: "Recommended Extensions", and lists extensions recommended according to the description that:
"Some of these recommendations are personalized. They are based on other extensions you’ve installed, profile preferences, and usage statistics."
If you try to install one of these recommended extensions it will be installed.
Since some of these extensions are not packaged as *.deb packages, and they can be installed this leads to several assumptions:
- They came from addons.mozilla.org
- This system/feature bypasses the modifications we included in Purebrowser to disable addons.mozilla.org as a software source. To confirm this i tested this in a image of Purebrowser in a VM with no modifications (no firefox compatibility or anything like that).
In essence (involuntarily) we have a third party software source enabled in Purebrowser.
Another implication from the description of this feature is that there is some telemetry involved in order to: "recommend the addons", and it is not compleatly clear every ways this is done.
Here is a screenshot of the page with this "Feature":
And a video demonstration of installing an addon of mozilla addons via this way:
And a screenshot of me attemting to search a addon in about:addons page in the "normal way", not in the recommended extension section, to confirm that our standard block of addons from mozilla was still in place:
Meaning that while our block is in place this recommended addons feature bypasses it.
Suggestions: remove/block this recommended addons feature.
I would categorize this as a Freedom Issue, in the sense that this enables in Purebrowser a third party software source we do not control and that most likely does not comply with FSDG.