Block Add-on GUID {A34CAF42-A3E3-11E5-945F-18C31D5D46B0}

RESOLVED FIXED

Status

()

RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: TheOne, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(firefox49 affected)

Details

(Reporter)

Description

2 years ago
Block {A34CAF42-A3E3-11E5-945F-18C31D5D46B0} 3.2.0 and earlier. For details, see:
https://addons.mozilla.org/en-US/editors/review/mococheck-wap-browser
(Reporter)

Comment 1

2 years ago
Yes, the developer has been contacted.

The reasons for blocking this add-on:
* Modifying important security preferences weakening the security of users.
* Downgrading all iframes from https to http.
Blocked:
https://addons.mozilla.org/en-US/firefox/blocked/i1227

- the following preferences are reset also:
* security.csp.enable
* security.fileuri.strict_origin_policy
* security.mixed_content.block_active_content
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED

Comment 3

2 years ago
Is there a possibility to unblock the add-on by fixing the listed issues? I would like to upload a fix  as a new version of the same add-on. Can I do that?
I have enabled your add-on page again. Please upload a new version and let us know when it's up so it can be looked at and the block adjusted.

Comment 5

2 years ago
Thanks a lot. I've uploaded a new version. Please, take a look.
ni Andreas for verification
Flags: needinfo?(awagner)
(Reporter)

Comment 7

2 years ago
The questions raised in the review note have not been answered yet. Especially proxying almost all requests through http is concerning.
Flags: needinfo?(awagner)

Comment 8

2 years ago
Due to negative reviews, we've adjusted our product so we can send unchanged requests to a new proxy server. Requests originated in our product are still opened in a special window. Using the add-on, we're intercepting such requests and sending them to the proxy which handles them further.

We are using proxyFilterService, but we've stumbled upon unresolveable issue, as far as we can see it at the moment. In applyFilter function, we do not have enough information about request origin so we can distinguish our requests from the others.

We would like to know if there a possibility to get window object inside of proxyFilterService, or if we can get it on any layer below or above, so we can properly differentiate between the requests and send only ours to the proxy. Or, alternatively, if it is possible to change request somewhere in proxyFilterService or after, specifically GET parameters, without redirection and repeating the whole request cycle again. Or if we can access the headers... Or anything that can help us mark our request, or recognize it in some way inside proxyFilterService, without affecting its validity.

Thanks a lot for your time, we're looking forward to hearing from you. Best regards!
Flags: needinfo?(awagner)
(Reporter)

Comment 9

2 years ago
Please direct development related questions to our forums http://discourse.mozilla-community.org/c/add-ons/

Thank you.
Flags: needinfo?(awagner)

Comment 10

2 years ago
OK, no problem, thank you a lot.
You need to log in before you can comment on or make changes to this bug.