1299571 - Can remove about:addons

Status: REOPENED

(WebExtensions :: General, defect, P3)

Description

[Andy McKay]

Attachment: close-about-addons.xpi

We've seen add-ons that do malicious things like blank out about:addons. The intention is to not allow a user to spot the malicious add-on and uninstall it. 

If that about:addons is special, then WebExtensions can similar remove access to about:addons by just closing the tab.

Attached example.

Comment 1

[Kris Maglione [:kmag]]

On the upside, users can always start Firefox in safe mode to fix this.

It would definitely be nice to prevent add-ons from doing something like this maliciously, but I'm not sure that we could do it without significantly handicapping tab add-ons, and the like. But maybe we can restrict them so that they can only navigate away from pages like about:addons in response to user input of some sort.

Comment 2

[Andy McKay]

I don't think there's much we should do here. WebExtensions aren't perfect, but we also don't want to make them too complicated with these sorts of changes.

Comment 5

[David Durst [:ddurst]]

I don't know that there's much we should do, but doing nothing leaves a problem open (such as what a block was used for in https://bugzilla.mozilla.org/show_bug.cgi?id=1454691#c0). #c1 makes sense to me, seems like we should see if we can prevent the obvious cases that would befuddle users.

Maybe we should discuss whether or not there's a known subset of things we can guard against, or whether our approach for these myriad kinds of problems should rely on blocklisting.

Comment 6

[Andy McKay]

If the long term plan is to remove about:addons and move the logic over to about:preferences, perhaps focusing on that page might be the way to go. Since about:preferences is used to show the impact of extensions, that might be a legitimate target anyway.

One other thought I had in relation to moving out of about:addons is moving the add-on data to a location which can not be affected by add-ons at all. Unlike a tab. For example, the jigsaw button in the menu bar could be turned into an add-on listing and WebExtensions cannot remove that.

Comment 7

[David Durst [:ddurst]]

Any links you can provide for that long-term plan would certainly be helpful for the increasing questions about it. :)

Comment 8

[Andy McKay]

If I remember correctly, that's project Medley which Emanuela was working on, they might be able to help.

Comment 9

[emanuela [ux]]

Yes, there are still plans to leave about:addons *bye bye* and move the managament of extensions in about:preferences. 
Unfortunatly, I cannot provide a proper timeline for this. Maybe David can help us.

Comment 10

[David Durst [:ddurst]]

Prioritization would happen after we have a clear plan, and signoff from the team that owns about:preferences.

Comment 11

[Mike Conca [:mconca]]

Similar to Comment 6 by Andy (new to Bugzilla ;-) we talked about having a "Disable Extensions" menu item, or even listing of extensions, as a submenu to the puzzle piece.  There are a lot of ways to do this, but the idea is the same - have a definitive place users can go where they can disable/manage extensions, which means it needs to be "above the fold" and part of the browser chrome.

Comment 12

[Shane Caraveo (:mixedpuppy)]

My first thought was to just shut off any notifications to extensions regarding about urls (e.g. tabs.onUpdated).  That of course will break some legit use.  To fix that, we can introduce a systemTabs permission.  Any extension that wants to get the events will require that permission.  At least in that way, we would have an identifier.

Comment 13

[Firefox Bug Husbandry Bot]

Bulk move of bugs per https://bugzilla.mozilla.org/show_bug.cgi?id=1483958