Enhance page source monitoring and threat response

.gitignore

@@ -177,6 +177,7 @@ config/local-config.json
 config/development.json
 config/production.json
 config/test.json
+manifest.chrome.json
 
 # Sensitive configuration files
 config/secrets.json

CONTRIBUTING.md

@@ -1,13 +1,32 @@
 # Contributing to Check
 
-Thanks for taking the time to contribute! These guidelines help keep contributions consistent and reliable for this Chrome extension.
+Thanks for taking the time to contribute! These guidelines help keep contributions consistent and reliable for this cross-browser extension.
 
 ## Development Setup
+
+### Chrome/Edge
 - Fork the repository and clone your fork.
-- In Chrome or a Chromium-based browser, open `chrome://extensions`.
+- Run `npm run build:chrome` to configure for Chrome/Edge.
+- In Chrome or Edge, open `chrome://extensions` or `edge://extensions`.
 - Enable **Developer mode** and choose **Load unpacked**.
 - Select the repository root to load the extension. Reload the extension after making changes.
 
+### Firefox
+- Fork the repository and clone your fork.
+- Run `npm run build:firefox` to configure for Firefox.
+- In Firefox, open `about:debugging#/runtime/this-firefox`.
+- Click **Load Temporary Add-on** and select `manifest.json`.
+- Reload the extension after making changes.
+- See [Firefox Support Guide](docs/firefox-support.md) for more details.
+
+## Cross-Browser Compatibility
+- The extension supports Chrome, Edge, and Firefox through browser polyfills.
+- Always test changes in both Chrome and Firefox before submitting.
+- Use the browser polyfill APIs in your code:
+  - In ES modules: `import { chrome, storage } from "./browser-polyfill.js"`
+  - In traditional scripts: The polyfill is auto-loaded, just use `chrome.*` as normal
+- Avoid browser-specific features unless absolutely necessary.
+
 ## Coding Standards (ESLint)
 - No ESLint configuration is committed to the repository. Maintain the existing code style (2 spaces, semicolons, ES modules).
 - If you have ESLint installed locally, run `npx eslint scripts options popup` with the default recommended rules and resolve any issues before committing.
@@ -18,10 +37,12 @@ Thanks for taking the time to contribute! These guidelines help keep contributio
 
 ## Testing Expectations
 - Automated tests are not currently available. Manually test changes by loading the extension and verifying:
-  - The background service worker initializes without errors.
+  - The background service worker/script initializes without errors.
   - Content scripts inject and execute as expected.
   - Options and popup pages function correctly.
-- Include a brief summary of manual testing in your pull request.
+- **Test in both Chrome and Firefox** to ensure cross-browser compatibility.
+- See [Firefox Support Guide](docs/firefox-support.md) for Firefox testing instructions.
+- Include a brief summary of manual testing in your pull request, noting which browsers were tested.
 
 ## Scripted Deployment Updates
 - Any new configuration settings result in a need to be managed by scripted deployment. As such, the following files need to be reviewed and have the settings added:

README.md

@@ -5,6 +5,8 @@ impersonate Microsoft 365 sign-in pages.
 
 Install it from the [Chrome](https://chromewebstore.google.com/detail/benimdeioplgkhanklclahllklceahbe) Store here or the [Edge](https://microsoftedge.microsoft.com/addons/detail/check-by-cyberdrain/knepjpocdagponkonnbggpcnhnaikajg) store here.
 
+**Firefox Support**: The extension also works on Firefox 109+. See [Firefox Support](docs/firefox-support.md) for installation instructions.
+
 ## Features 
 
 - **Detection engine** – loads rules from `rules/detection-rules.json` and
@@ -21,19 +23,27 @@ Install it from the [Chrome](https://chromewebstore.google.com/detail/benimdeiop
 
 ## Requirements
 
-- Chrome 88+ or other Chromium-based browsers supporting Manifest V3
+- Chrome 88+, Edge 88+, or Firefox 109+ (browsers supporting Manifest V3)
 - Optional enterprise management via Group Policy or Microsoft Intune for
   policy enforcement
 
 ## Installation
 
 ### Manual
 
+#### Chrome/Edge
 1. Clone this repository.
-2. In Chrome/Edge open `chrome://extensions/` and enable **Developer mode**.
+2. In Chrome/Edge open `chrome://extensions/` or `edge://extensions` and enable **Developer mode**.
 3. Click **Load unpacked** and select the project directory.
 4. Verify the extension using `test-extension-loading.html`.
 
+#### Firefox
+1. Clone this repository.
+2. Run `npm run build:firefox` to configure for Firefox.
+3. Open `about:debugging#/runtime/this-firefox` in Firefox.
+4. Click **Load Temporary Add-on** and select `manifest.json`.
+5. For more details, see [Firefox Support](docs/firefox-support.md).
+
 ### Enterprise
 
 Package the extension directory (zip) and deploy through your browser’s policy

config/managed_schema.json

@@ -13,6 +13,14 @@
       "type": "boolean",
       "default": true
     },
+    "validPageBadgeTimeout": {
+      "title": "Valid Page Badge Timeout (seconds)",
+      "description": "Auto-dismiss timeout for the valid page badge in seconds. Set to 0 for no timeout (badge stays visible until manually dismissed).",
+      "type": "integer",
+      "minimum": 0,
+      "maximum": 300,
+      "default": 5
+    },
     "enablePageBlocking": {
       "title": "Page Blocking Enabled",
       "description": "Enable blocking of malicious pages",

docs/README.md

@@ -20,10 +20,12 @@ layout:
 
 ## What is Check?
 
-**Check** is an browser extension that provides real-time protection against Microsoft 365 phishing attacks. 
+**Check** is a browser extension that provides real-time protection against Microsoft 365 phishing attacks. 
 
 Specifically designed for enterprises and managed service providers, Check uses sophisticated detection algorithms to identify and block malicious login pages before credentials can be stolen by bad actors.
 
+Check is available for **Chrome**, **Microsoft Edge**, and **Firefox** (109+).
+
 The extension integrates seamlessly with existing security workflows, offering centralized management, comprehensive logging, and offers an optional CIPP integration for MSPs managing multiple Microsoft 365 tenants. 
 
 Check is completely free, open source, and can be delivered to users completely white-label, it is an open source project licensed under AGPL-3. You can contribute to check at [https://github.com/cyberdrain/Check](https://github.com/cyberdrain/Check). 
@@ -32,6 +34,8 @@ Installing the plugin immediately gives you protection against AITM attacks, and
 
 <a href="https://microsoftedge.microsoft.com/addons/detail/check-by-cyberdrain/knepjpocdagponkonnbggpcnhnaikajg" class="button primary">Install for Edge</a> **OR**  <a href="https://chromewebstore.google.com/detail/benimdeioplgkhanklclahllklceahbe" class="button primary">Install for Chrome</a>
 
+**Firefox users:** See the [Firefox Support](firefox-support.md) guide for installation instructions.
+
 ## Why was Check created?
 
 Check was created out of a need to have better protection against AITM attacks. During a CyberDrain brainstorming session CyberDrain's lead dev came up with the idea to create a Chrome extension to protect users:

docs/SUMMARY.md

@@ -1,6 +1,7 @@
 # Table of contents
 
 - [About](README.md)
+- [Firefox Support](firefox-support.md)
 
 ## Deployment
 
@@ -10,6 +11,7 @@
     - [Domain Deployment](deployment/chrome-edge-deployment-instructions/windows/domain-deployment.md)
     - [RMM Deployment](deployment/chrome-edge-deployment-instructions/windows/rmm-deployment.md)
   - [MacOS](deployment/chrome-edge-deployment-instructions/macos.md)
+- [Firefox Deployment](deployment/firefox-deployment.md)
 
 ## Settings