Closed Bug 1450097 Opened Last year Closed Last year

Incompatible (legacy) addons can be installed by the "Extensions" policy

Categories

(Firefox :: Enterprise Policies, defect)

61 Branch
defect
Not set

Tracking

()

VERIFIED FIXED
Firefox 61
Tracking Status
firefox60 --- verified
firefox61 --- verified

People

(Reporter: Abe_LV, Assigned: mkaply)

References

Details

Attachments

(1 file)

Steps to reproduce:
Screen capture- https://testing-1.tinytake.com/sf/MjQ4MTExN183NDcyNjIw

1. Use this policy:
{
  "policies": {
    "Extensions": {
      "Install": [
        "https://addons.mozilla.org/firefox/downloads/file/593058/firebug-2.0.19-fx.xpi",
        "https://addons.mozilla.org/firefox/downloads/file/324966/dom_inspector-2.0.16-sm+fn+tb+fx.xpi",
        "https://addons.mozilla.org/firefox/downloads/file/133781/disable_add_on_compatibility_checks-1.3-fx+fn+sm+tb.xpi"
      ]
    }
  }
}

2. Restart the browser
3. Go to about:support->extensions
4. observe installed extensions

Actual Result:
It is possible to install incompatible add-ons through this policy even though they are disabled.

Expected result:
The incompatible addon should not be installed by the policy
Flags: needinfo?(mozilla)
Comment on attachment 8963765 [details]
Bug 1450097 - Don't allow legacy add-ons to be installed via policy.

https://reviewboard.mozilla.org/r/232638/#review238080


Code analysis found 1 defect in this patch:
 - 1 defect found by mozlint

You can run this analysis locally with:
 - `./mach lint path/to/file` (JS/Python)


If you see a problem in this automated review, please report it here: http://bit.ly/2y9N9Vx


::: browser/components/enterprisepolicies/Policies.jsm:312
(Diff revision 1)
>                    log.error(`Download failed - ${location}`);
>                  },
>                  onInstallFailed: () => {
>                    log.error(`Installation failed - ${location}`);
>                  },
> -                onInstallEnded: () => {
> +                onInstallEnded: (install, addon) => {

Error: 'install' is already declared in the upper scope. [eslint: no-shadow]
Comment on attachment 8963765 [details]
Bug 1450097 - Don't allow legacy add-ons to be installed via policy.

https://reviewboard.mozilla.org/r/232638/#review238086


Code analysis found 3 defects in this patch:
 - 3 defects found by mozlint

You can run this analysis locally with:
 - `./mach lint path/to/file` (JS/Python)


If you see a problem in this automated review, please report it here: http://bit.ly/2y9N9Vx


::: browser/components/enterprisepolicies/Policies.jsm:307
(Diff revision 2)
>                url = Services.io.newFileURI(xpiFile).spec;
>              }
>              AddonManager.getInstallForURL(url, (install) => {
> +              if (install.addon && install.addon.appDisabled) {
> +                log.error(`Incompatible add-on - ${location}`);
> +                install.cancel()

Error: Missing semicolon. [eslint: semi]

::: browser/components/enterprisepolicies/Policies.jsm:311
(Diff revision 2)
> +                log.error(`Incompatible add-on - ${location}`);
> +                install.cancel()
> +                return;
> +              }
>                let listener = {
> +                onDownloadEnded: (install) => {

Error: 'install' is already declared in the upper scope. [eslint: no-shadow]

::: browser/components/enterprisepolicies/Policies.jsm:314
(Diff revision 2)
> +              }
>                let listener = {
> +                onDownloadEnded: (install) => {
> +                  if (install.addon && install.addon.appDisabled) {
> +                    log.error(`Incompatible add-on - ${location}`);
> +                    install.cancel()

Error: Missing semicolon. [eslint: semi]
Comment on attachment 8963765 [details]
Bug 1450097 - Don't allow legacy add-ons to be installed via policy.

https://reviewboard.mozilla.org/r/232638/#review238090
Attachment #8963765 - Flags: review?(felipc) → review+
Pushed by mozilla@kaply.com:
https://hg.mozilla.org/integration/autoland/rev/dc3d940feb18
Don't allow legacy add-ons to be installed via policy. r=Felipe
https://hg.mozilla.org/mozilla-central/rev/dc3d940feb18
Status: NEW → RESOLVED
Closed: Last year
Resolution: --- → FIXED
Target Milestone: --- → Firefox 61
Flags: needinfo?(mozilla)
This fix was merged on the uplift of bug 1449021
We tested this on latest nightly and it is verified as fixed.
With this fix, the policy does not allow legacy add-ons to be installed.
Status: RESOLVED → VERIFIED
Assignee: nobody → mozilla
You need to log in before you can comment on or make changes to this bug.