Closed Bug 1412561 Opened 2 years ago Closed 4 months ago
Add-on installation should be blocked when in full-screen mode
47 bytes, text/x-phabricator-request
|Details | Review|
The page mentioned in bug 1412559 (if it sometimes decides not to make the browser instantly unusable / locked up) switches the browser into fullscreen mode and then pops up the add-on installation doorhanger notification. Allowing the add-on installation doorhanger notification to appear in fullscreen mode is bad for two reasons: - It is possibly easier for a malicious website to try to trick the user by showing fake browser or operating system UI - It is much more intimidating so the user is more likely to allow the installation. I think an attempt to install add-ons should (silently?) fail when in fullscreen mode. I can't see any reason why a legitimate website would require to initiate add-on installation in full-screen mode. (The .xpi the page attempts to install should probably be blacklisted if this isn't the case already. I have no idea how / where to report this.)  This is probably the wrong name: It's not asking "Do you want to install the following add-on" but the "Firefox prevented the site from asking you to install an add-on" message, but that's not much better as it's just one more click.
Agreed, I think we should prevent installation because it's no longer clear this isn't content creating those popups. Could you please file a bug in Bugzilla under Toolkit > Blocklisting outlining why you think the add-on should be blocked.
(In reply to Andy McKay [:andym] from comment #1) > Agreed, I think we should prevent installation because it's no longer clear > this isn't content creating those popups. > > Could you please file a bug in Bugzilla under Toolkit > Blocklisting > outlining why you think the add-on should be blocked. Filed Bug 1413665.
Status: UNCONFIRMED → NEW
Ever confirmed: true
You need to log in before you can comment on or make changes to this bug.