Open Bug 1203170 Opened 4 years ago Updated 3 years ago
redesign the distribution/ feature to support signing or search plugins with low startup impact
The current way search plugins can be changed using the distribution/ feature is too easy to hijack, we need to design something better that will require the engines to be signed (or somehow verified). This shouldn't negatively affect performance.
putting low priority - but need to start with BD early and move up once impact/discussions have been had. shell put on agenda for bi-weekly discussion.
Priority: -- → P4
I've gone through the data, and we have very low cases of search engine hijacking via the distribution/searchplugins directory. Access to that directory requires admin access and once the user has given that, anything in Firefox can be modified (including replacing omni.ja).
Hi Florian, Based on what Mike looked at - do we want to resolve this won't fix or just put as a P4.
Flags: needinfo?(sescalante) → needinfo?(florian)
(In reply to :shell escalante from comment #3) > Hi Florian, Based on what Mike looked at - do we want to resolve this won't > fix or just put as a P4. Shell, the next step here is Mike and me discussing this in person in London. P4 is fine for now.
You need to log in before you can comment on or make changes to this bug.