How is FireSheep able to open devices in promiscuous mode?

FireSheep is able to use pcap in promiscuous mode to listen to other computers on the network. But promiscous mode requires root privileges, or at least access to /dev/bpf* on *nix machines. How is this done? Do Firefox extensi开发者_如何学编程ons run with root privs?

It has run_privileged methods which run the required operations as root using OS-specific mechanisms such as AuthorizationCreate (OS X), pkexec (Linux) (but this is apparently not supported, yet), and of course return true on Windows (since pretty much everyone runs as admin anyway).