Closed Bug 1615847 Opened 6 years ago Closed 4 years ago

Prevent installation of addons except through the addon manager or an approved addon policy for corporate use..

Categories

(Thunderbird :: Add-Ons: General, defect)

Product:
Thunderbird
Component:
Add-Ons: General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1700279

People

(Reporter: unicorn.consulting, Unassigned)

References

(Blocks 1 open bug,
URL
)

Details

Currently, we have third-party software installing addons in Thunderbird. This varies from antivirus products inserting their own versions of SPAM and SCAM filtering to password managers. Having other software randomly insert their own code into Thunderbird without the user explicitly making some sort of authorization in Thunderbird leads to confusion, where Thunderbird is blamed for things it is not involved it.

This also represents a significate point of penetration for malware into Thunderbird as it can be installed without user involvement and subsequently significantly impact on their privacy, being able to undertake any action an extension can undertake. (CC copies of every business email to a third party). I am not a fan of addon signing, but a mechanism is required to protect the user from third party products modifying Thunderbird without relevant permissions being granted.

With Thunderbird TB78.11 the ExtensionSettings policy has been fully enabled:
https://github.com/thundernest/policy-templates#extensionsettings

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.