Closed Bug 1833209 Opened 1 year ago Closed 1 year ago

Allow recommended extensions access to Quarantined domains

Categories

(WebExtensions :: General, enhancement, P2)

Product:
WebExtensions
Component:
General
Type:
enhancement

Tracking

(firefox115 fixed)

Status:
RESOLVED FIXED
Milestone:
115 Branch
Tracking Flags:
Tracking Status
firefox115 --- fixed

People

(Reporter: zombie, Assigned: rpl)

References

(Blocks 2 open bugs)

Details

Attachments

(2 files)

Bug 1833209 - Allow recommended extensions access to Quarantined domains. r?willdurand!,zombie
48 bytes, text/x-phabricator-request
Details | Review
Bug 1833209 - Propagate recommendationState from AddonDB into activeAddons details stored into the XPIStates. r?willdurand!,robwu
48 bytes, text/x-phabricator-request
Details | Review

To minimize disruption, we might want to allow the set of "trusted" addons to access Quarantined domains. Certainly privileged, builtin and system, and potentially also for Recommended.

For some reason, I don't see a Confidential checkbox while filing a new bug.

Group: firefox-core-security → mozilla-employee-confidential

Andreas, does this match your expectation about Recommended extensions? Are we're ok to give them access to Quarantined domains without user needing to take any action?

Flags: needinfo?(awagner)

Konstantin, given our limited review capacity going forward, what do you think is the best course of action here? I don't know what the plan looks like, so I am wondering if it's safe to do that for Recommended Extensions.

Flags: needinfo?(awagner) → needinfo?(kplotnikov)

In the office hours, Andreas said we should check in with legal about this, as it might be considered "preferential treatment". I believe this concern (if valid) goes away in 116 when we allow users to override the quarantine.

Also he says that exempting recommended today would prevent us from ever skipping pre-review on them in the future.

But I don't think this needs to be a "forever" decision. It could be temporary just for 115 (until we have user override), and/or we can make this depend on remote settings flag to be able to change our mind later if needed.

I chatted with Konstantin about this. We will exempt any addon with a recommended state (recommended, line, etc). If a solid reason turns up we can reverse that. The goal is to reduce the impact of the current block, especially since initially there will not be user control. As will, there is minimal risk with these addons.

Legal was going to make the same suggestion, they were thinking along the same lines. So, we will exempt builtin, system, any recommended including line extensions.

Severity: -- → N/A
Priority: -- → P2
Summary: Allow privileged and recommended extensions access to Quarantined domains → Allow recommended extensions access to Quarantined domains

any recommended including line extensions

Fwiw, those two sets are mutually exclusive.

In the office hours, Andreas said we should check in with legal about this, as it might be considered "preferential treatment". I believe this concern (if valid) goes away in 116 when we allow users to override the quarantine.

Does that mean in 116, we will no longer allow access to quarantined domains by default for the aforementioned promoted groups? If not, the concern won't go away.

Also, we recently removed some add-ons from being Recommended. As far as I understand, if there is no newer public version, the installed version would still be considered Recommended and thus have access to quarantined domains, right? Is that a concern?

Flags: needinfo?(kplotnikov)

Konstantin, what about the questions in comment 7 and 8?

Flags: needinfo?(kplotnikov)
Blocks: 1834825
No longer blocks: 1745823

(In reply to Andreas Wagner [:TheOne] [use NI] from comment #8)

Also, we recently removed some add-ons from being Recommended. As far as I understand, if there is no newer public version, the installed version would still be considered Recommended and thus have access to quarantined domains, right? Is that a concern?

If we remove something from recommended, either it is malicious or it is not. If it is we can block it with the traditional blocklist.

Does that mean in 116, we will no longer allow access to quarantined domains by default for the aforementioned promoted groups? If not, the concern won't go away.

No, it means the are allowed access. The concern was already discussed, Feldman and others were going to suggest this approach.

(In reply to Andreas Wagner [:TheOne] [use NI] from comment #8)

Also, we recently removed some add-ons from being Recommended. As far as I understand, if there is no newer public version, the installed version would still be considered Recommended and thus have access to quarantined domains, right? Is that a concern?

Recommendations expire after 5 years. E.g. this is what the (prettified) mozilla-recommendation.json file in uBlock Origin version 1.49.2 looks like:

    {
        "addon_id": "uBlock0@raymondhill.net",
        "states": [
            "recommended-android",
            "recommended"
        ],
        "validity": {
            "not_after": "2028-05-02T22:25:54Z",
            "not_before": "2023-05-03T16:25:54Z"
        },
        "schema_version": 1
    }
Assignee: nobody → lgreco
Status: NEW → ASSIGNED
Attachment #9336184 - Attachment description: WIP: Bug 1833209 - Allow recommended extensions access to Quarantined domains. → Bug 1833209 - Allow recommended extensions access to Quarantined domains. r?willdurand!,zombie
Blocks: 1835787
Blocks: 1835938
Flags: needinfo?(kplotnikov)
Group: mozilla-employee-confidential
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: