Hello brain8891, your previous review on the add-on disappeared and your rating changed also. May I ask for a feedback of why ? If there's something wrong which happened with the add-on, I'd like to know to get things corrected if possible.
Thank you in advance, aaFn.
------------------ Update following reply ---------------------
[lost previous reply, not sure why .. redoing it ..]
Hello brain8891, thank you for your detailed answer.
I guess there was a glitch on GitHub, I verified, everything is accessible and working now.
On the permissions, the reason for each is very simple, and most come from limitations of the Frefox API :-(. I documented them there for public refernce to all
-> https://github.com/aaFn/Bookmark-search-plus-2/wiki/Permissions <-
as I believe this is making that post too long, hence had to redo it ..
The last permission in the list is the storage.js file you mentioned was alerted by Kaspersky. It is not executable at all.
It contains a structured set of bookmark titles, URLs and favicons. I guess one of the titles or URLs that you have bookmarked made Kaspersky react and believe there is something bad in there. If you have a doubt, open it with an editor, this is a json data file, there is no code in there and so no virus.
I hope this is clear and as transparent as possible .
If you want to get assurance by yourself, the code is open, plain text, and fully commented, so you can have a look at it at any time (take the .xpi file in your Firefox profile, add .zip to it, and open it with you preferred zip archive to look at the sources in files which are there).
You can also post issues on https://github.com/aaFn/Bookmark-search-plus-2/issues if you want more explanations.
------------------ Update following update :-) ---------------------
If one of your URL's or one of your favicons has something in it corresponding to its pattern base, then it will raise the flag.
The culprit is one of the URL's most probably (I do not believe it can be in the favicons). The problem would be to know which one ... Maybe you can send Kapersky the storage.js file if you still have it somewhere and ask them to explain which part of it (so which URL / which string) is raising the alert ?
That is probably the best thing to do.
Also, BSP2 is running inside Firefox, and Firefox is doing all they can to protect you (this is why by the way the add-on needs to request the permissions you listed and for which you now have the explanation).
Add-ons therefore cannot get out of Firefox to your computer nor do harm to it.
I don't know what to say more. As always, you have to exercise your own judgement. Kaspersky or Avast or whatever else are not absolute counter measures against things in the world, they miss some of the things, and they will overdo on others ...