Closed Bug 1412561 Opened 7 years ago Closed 6 years ago

Add-on installation should be blocked when in full-screen mode

Categories

(Toolkit :: Add-ons Manager, enhancement, P2)

Product:
Toolkit
Component:
Add-ons Manager
Version:
56 Branch
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla68
Tracking Flags:
Tracking Status
firefox57 --- wontfix
firefox68 --- fixed

People

(Reporter: andreasjunghw, Assigned: emz)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Bug 1412561 - Block addon installation prompts in fullscreen mode. r=johannh
47 bytes, text/x-phabricator-request
Details | Review
The page mentioned in bug 1412559 (if it sometimes decides not to make the browser instantly unusable / locked up) switches the browser into fullscreen mode and then pops up the add-on installation doorhanger notification.[1] Allowing the add-on installation doorhanger notification to appear in fullscreen mode is bad for two reasons: - It is possibly easier for a malicious website to try to trick the user by showing fake browser or operating system UI - It is much more intimidating so the user is more likely to allow the installation. I think an attempt to install add-ons should (silently?) fail when in fullscreen mode. I can't see any reason why a legitimate website would require to initiate add-on installation in full-screen mode. (The .xpi the page attempts to install should probably be blacklisted if this isn't the case already. I have no idea how / where to report this.) [1] This is probably the wrong name: It's not asking "Do you want to install the following add-on" but the "Firefox prevented the site from asking you to install an add-on" message, but that's not much better as it's just one more click.
Component: General → Add-ons Manager
Product: Firefox → Toolkit
Agreed, I think we should prevent installation because it's no longer clear this isn't content creating those popups. Could you please file a bug in Bugzilla under Toolkit > Blocklisting outlining why you think the add-on should be blocked.
status-firefox57: --- → wontfix
Flags: needinfo?(andreasjunghw)
Priority: -- → P2
See Also: → 1413665
(In reply to Andy McKay [:andym] from comment #1) > Agreed, I think we should prevent installation because it's no longer clear > this isn't content creating those popups. > > Could you please file a bug in Bugzilla under Toolkit > Blocklisting > outlining why you think the add-on should be blocked. Filed Bug 1413665.
Flags: needinfo?(andreasjunghw)
Blocks: eviltraps
Status: UNCONFIRMED → NEW
Ever confirmed: true
Assignee: nobody → pzuhlcke
Attachment #9058654 - Flags: checkin+
Keywords: checkin-needed
Attachment #9058654 - Flags: checkin+

We should send out a short notice about this to dev-addons once the current storm has calmed.

Pushed by csabou@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/2268e6a9359e
Block addon installation prompts in fullscreen mode. r=johannh,aswan

Keywords: checkin-needed

https://hg.mozilla.org/mozilla-central/rev/2268e6a9359e

Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox68: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla68
Blocks: 1558439
Regressions: 1583665
No longer regressions: 1583665
Regressions: 1583665
See Also: → 1596189
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: