Closed Bug 1538536 Opened 6 years ago Closed 6 years ago

Extension Block Request: TxP

Categories

(Toolkit :: Blocklist Policy Requests, task)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
task
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: zitrobugs, Assigned: Fallen)

Details
Extension name TxP
Extension versions affected <all versions>
Platforms affected <all platforms>
Block severity hard

Reason

Remote script injection
Search hijacking

Extension GUIDs

{54c7e57f-8ef0-48d5-92a0-6e95d193a12c}
{32d262da-e3cd-4300-aa0b-c284eb4e17bf}

after installing this extension, it is not possible to uninstall, because i can not open about:addons, it opens only google.

Group: firefox-core-security

There is a high security risk for users when installing such an extension. It must not be possible that basic functions of Firefox be annulled by extensions.

Jorge: looks like Andreas is on vacation. Who else should look into things like this?

Flags: needinfo?(jorge)

Philipp can look into this.

Assignee: nobody → philipp
Flags: needinfo?(jorge) → needinfo?(philipp)

This doesn't look like it needs to be a security sensitive bug. We are aware add-ons have the possibility to avoid about:addons, unfortunately there are enough ways for malicious developers to do this, even with just the tabs API.

Status: NEW → ASSIGNED
Flags: needinfo?(philipp)
Group: firefox-core-security

Reasons: Search hijacking and avoiding about:addons. Masking as legit add-on.

The block has been staged. Andreas, can you review and push?

Flags: needinfo?(awagner)
Flags: needinfo?(awagner) → needinfo?(jorge)

Approved and pushed

Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Flags: needinfo?(jorge)
Resolution: --- → FIXED
Type: enhancement → task
You need to log in before you can comment on or make changes to this bug.