Closed
Bug 578085
Opened 14 years ago
Closed 14 years ago
Blocklist all versions of Mozilla Sniffer
Categories
(Toolkit :: Blocklist Policy Requests, defect, P1)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
FIXED
5.11.4
People
(Reporter: jorgev, Assigned: morgamic)
References
()
Details
(Whiteboard: [qa-])
The Mozilla Sniffer add-on (176005) has been found to be insecure to use and must be blocklisted at once. It is currently disabled on AMO and has about 266 active daily users.
Comment 1•14 years ago
|
||
GUID is {E8E88AB0-7182-11DF-904E-6045E0D72085}
Updated•14 years ago
|
Assignee: nobody → morgamic
Assignee | ||
Updated•14 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Comment 2•14 years ago
|
||
Admin panel was generating errors so I filed bug 578125. Query is INSERT INTO `remora`.`blitems` ( `guid` ) VALUES ( '{E8E88AB0-7182-11DF-904E-6045E0D72085}' ); I'll put it on the blocklist page later. Is there a bug we can reference that describes the issues you are talking about? Usually I link to that originating bug.
Comment 3•14 years ago
|
||
I forwarded you the email, there wasn't a bug.
Updated•14 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 4•14 years ago
|
||
I'm going to opt to not publish this on mozilla.com. It has a small following and isn't announcement worthy. Mostly, blocking "Mozilla Sniffer" isn't newsworthy since it's just sounds bad to begin with.
Updated•14 years ago
|
Whiteboard: [qa-]
Comment 5•14 years ago
|
||
(In reply to comment #4) > I'm going to opt to not publish this on mozilla.com. It has a small following > and isn't announcement worthy. Mostly, blocking "Mozilla Sniffer" isn't > newsworthy since it's just sounds bad to begin with. I think we should inform users who were using this add-on. Users data was exposed and they need to make changes to keep themselves safe. As far as I know the only way to do this is via the blocklist page on mozilla.com. If we aren't using that are there other ways to communicate with them?
Comment 6•14 years ago
|
||
(In reply to comment #5) > I think we should inform users who were using this add-on. Users data was > exposed and they need to make changes to keep themselves safe. > > As far as I know the only way to do this is via the blocklist page on > mozilla.com. If we aren't using that are there other ways to communicate with > them? We're going to be blogging about it. A draft of the blog post is being passed around now among the various involved parties.
Assignee | ||
Comment 7•14 years ago
|
||
Up to you guys -- it looks weird in the current list... I'd like to have the blocklist page point to the blog post since this bug isn't really informative as far as they why. Not having additional information to point to (originating bug with reasoning) was the main reason why I didn't post it on mozilla.com. I think that'd be pretty weak. So maybe once the blog post exists so people can understand more we can post it -- sounds fine w/ me.
Assignee | ||
Comment 8•14 years ago
|
||
Err... "as far as the why"
Comment 9•14 years ago
|
||
(In reply to comment #6) > We're going to be blogging about it. A draft of the blog post is being passed > around now among the various involved parties. Cool, thanks for the update.
Reporter | ||
Comment 10•14 years ago
|
||
Here's the post for both CoolPreviews and Mozilla Sniffer: http://blog.mozilla.com/addons/2010/07/13/add-on-security-announcement/
Updated•8 years ago
|
Product: addons.mozilla.org → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•