Closed
Bug 1455121
Opened 7 years ago
Closed 8 months ago
Prevent updates from themes to webextensions
Categories
(Toolkit :: Add-ons Manager, enhancement, P3)
Toolkit
Add-ons Manager
Tracking
()
RESOLVED
DUPLICATE
of bug 1750565
People
(Reporter: aswan, Unassigned)
References
Details
I haven't verified this but from inspection it looks like a theme can be updated to a webextension. We would still show a permission prompt if the extension has any promptable permissions but this is probably something we just shouldn't allow at all.
|
||
Updated•7 years ago
|
Priority: -- → P3
|
||
Updated•2 years ago
|
Severity: normal → S3
|
||
Comment 1•8 months ago
|
||
I fixed this in bug 1750565, by disallowing add-on type changes on update.
Note that there was a unit test that tests the reverse, the "update theme to extension" scenario, which I removed in bug 1903794 because it is no longer possible to encounter that scenario in practice.
Status: NEW → RESOLVED
Closed: 8 months ago
Duplicate of bug: CVE-2022-22754
Resolution: --- → DUPLICATE
See Also: → 1903794
You need to log in
before you can comment on or make changes to this bug.
Description
•