Proof of concept:
fetch('http://192.168.1.1/').then(function(response) { return response.text(); }).then(function(text) { alert('fulfilled\n\n' + text); }).catch(function(e) { alert('rejected\n\n' + String(e)); });
In the absence of other filtering extensions (e.g. uMatrix), this extension, by default, allows an arbitrary webpage to send GET requests to and read responses from sites it should not.
While vanilla Firefox allows sending GET requests to an arbitrary URL, it only allow the responses to be accessible to the request origin if and only if the target host allows it.
(Tested on Firefox ESR 60.4.0)