Closed
Bug 1450097
Opened 6 years ago
Closed 6 years ago
Incompatible (legacy) addons can be installed by the "Extensions" policy
Categories
(Firefox :: Enterprise Policies, defect)
Tracking
()
VERIFIED
FIXED
Firefox 61
People
(Reporter: Abe_LV, Assigned: mkaply)
References
Details
Attachments
(1 file)
Steps to reproduce: Screen capture- https://testing-1.tinytake.com/sf/MjQ4MTExN183NDcyNjIw 1. Use this policy: { "policies": { "Extensions": { "Install": [ "https://addons.mozilla.org/firefox/downloads/file/593058/firebug-2.0.19-fx.xpi", "https://addons.mozilla.org/firefox/downloads/file/324966/dom_inspector-2.0.16-sm+fn+tb+fx.xpi", "https://addons.mozilla.org/firefox/downloads/file/133781/disable_add_on_compatibility_checks-1.3-fx+fn+sm+tb.xpi" ] } } } 2. Restart the browser 3. Go to about:support->extensions 4. observe installed extensions Actual Result: It is possible to install incompatible add-ons through this policy even though they are disabled. Expected result: The incompatible addon should not be installed by the policy
Reporter | ||
Updated•6 years ago
|
Flags: needinfo?(mozilla)
Comment hidden (mozreview-request) |
Comment 2•6 years ago
|
||
mozreview-review |
Comment on attachment 8963765 [details] Bug 1450097 - Don't allow legacy add-ons to be installed via policy. https://reviewboard.mozilla.org/r/232638/#review238080 Code analysis found 1 defect in this patch: - 1 defect found by mozlint You can run this analysis locally with: - `./mach lint path/to/file` (JS/Python) If you see a problem in this automated review, please report it here: http://bit.ly/2y9N9Vx ::: browser/components/enterprisepolicies/Policies.jsm:312 (Diff revision 1) > log.error(`Download failed - ${location}`); > }, > onInstallFailed: () => { > log.error(`Installation failed - ${location}`); > }, > - onInstallEnded: () => { > + onInstallEnded: (install, addon) => { Error: 'install' is already declared in the upper scope. [eslint: no-shadow]
Comment hidden (mozreview-request) |
Comment 4•6 years ago
|
||
mozreview-review |
Comment on attachment 8963765 [details] Bug 1450097 - Don't allow legacy add-ons to be installed via policy. https://reviewboard.mozilla.org/r/232638/#review238086 Code analysis found 3 defects in this patch: - 3 defects found by mozlint You can run this analysis locally with: - `./mach lint path/to/file` (JS/Python) If you see a problem in this automated review, please report it here: http://bit.ly/2y9N9Vx ::: browser/components/enterprisepolicies/Policies.jsm:307 (Diff revision 2) > url = Services.io.newFileURI(xpiFile).spec; > } > AddonManager.getInstallForURL(url, (install) => { > + if (install.addon && install.addon.appDisabled) { > + log.error(`Incompatible add-on - ${location}`); > + install.cancel() Error: Missing semicolon. [eslint: semi] ::: browser/components/enterprisepolicies/Policies.jsm:311 (Diff revision 2) > + log.error(`Incompatible add-on - ${location}`); > + install.cancel() > + return; > + } > let listener = { > + onDownloadEnded: (install) => { Error: 'install' is already declared in the upper scope. [eslint: no-shadow] ::: browser/components/enterprisepolicies/Policies.jsm:314 (Diff revision 2) > + } > let listener = { > + onDownloadEnded: (install) => { > + if (install.addon && install.addon.appDisabled) { > + log.error(`Incompatible add-on - ${location}`); > + install.cancel() Error: Missing semicolon. [eslint: semi]
Comment hidden (mozreview-request) |
Comment 6•6 years ago
|
||
mozreview-review |
Comment on attachment 8963765 [details] Bug 1450097 - Don't allow legacy add-ons to be installed via policy. https://reviewboard.mozilla.org/r/232638/#review238090
Attachment #8963765 -
Flags: review?(felipc) → review+
Comment hidden (mozreview-request) |
Comment hidden (mozreview-request) |
Pushed by mozilla@kaply.com: https://hg.mozilla.org/integration/autoland/rev/dc3d940feb18 Don't allow legacy add-ons to be installed via policy. r=Felipe
Comment 10•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/dc3d940feb18
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 61
Assignee | ||
Updated•6 years ago
|
Flags: needinfo?(mozilla)
Comment 11•6 years ago
|
||
This fix was merged on the uplift of bug 1449021
status-firefox60:
--- → fixed
Reporter | ||
Comment 12•6 years ago
|
||
We tested this on latest nightly and it is verified as fixed. With this fix, the policy does not allow legacy add-ons to be installed.
Status: RESOLVED → VERIFIED
Reporter | ||
Updated•6 years ago
|
Updated•6 years ago
|
Assignee: nobody → mozilla
You need to log in
before you can comment on or make changes to this bug.
Description
•