Closed Bug 1227464 Opened 10 years ago Closed 7 years ago

Implement a warning mechanism that detects suspicious add-on behavior and reports them to Telemetry

Categories

(Core :: XPConnect, defect)

Product:
Core
Component:
XPConnect
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INACTIVE

People

(Reporter: gkrizsanits, Unassigned)

References

Details

This is a hard problem but Bug 1199628 made me realize that our review practice is not reliable enough. Instead of static analysis we should do monitoring after signing. If an add-on does something suspicious we can report that, and after investigation we can blacklist the add-on if needed. Suspicious action could be creating objects into system compartments that do not belong to the add-on, overwriting properties on objects from these scopes, or downloading and executing scripts without user permission.
I talked to Andy about the priority of this bug. Right now this feature is not a priority for add-ons. So I'll put this one on hold until that changes.
Per policy at https://wiki.mozilla.org/Bug_Triage/Projects/Bug_Handling/Bug_Husbandry#Inactive_Bugs. If this bug is not an enhancement request or a bug not present in a supported release of Firefox, then it may be reopened.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INACTIVE
You need to log in before you can comment on or make changes to this bug.