https://addons.mozilla.org allows install even if compatibility is denied

RESOLVED WORKSFORME

Status

()

Toolkit
Add-ons Manager
RESOLVED WORKSFORME
2 years ago
2 years ago

People

(Reporter: Ingo, Unassigned)

Tracking

42 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

2 years ago
User Agent: Mozilla/5.0 (en-US) Gecko Firefox/20
Build ID: 20140314220517

Steps to reproduce:

I visited https://addons.mozilla.org  and tried to install my add-on BetterPrivacy on FF 42. 



Actual results:

It worked, but it it should not. I set compatibility information to 41.0. maximum.


Expected results:

Installation should have been denied - or at least a compatibility warning should have been shown.
(Reporter)

Updated

2 years ago
Pretty sure this is as-designed now: too many add-ons were getting blocked because the maximum wasn't updated, but they really were compatible after all. I think we now assume compatibility (that is, ignore maxVersion) unless it's been explicitly marked as incompatible in the compatibility information the client downloads from addons.mozilla.org, and it will only be marked incompatible there if people report problems with the add-on.

Moving components and adding people who can give a definitive answer.

This is not a security bug and doesn't need to be hidden.
Group: firefox-core-security
Component: Untriaged → Add-ons Manager
Product: Firefox → Toolkit
The maximum app version is not meant to be enforced unless:

* Your install.rdf has em:strictCompatibility set to "true",
* Your browser has the "extensions.strictCompatibility" preference set to true,
* Your add-on has binary components registered in its chrome.manifest, or,
* We set an explicit compatibility override from an AMO admin interface.

This applies to the maxVersion set in your install.rdf and the the one set via the AMO developer hub.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.