Closed
Bug 247768
Opened 20 years ago
Closed 20 years ago
Default focus in Theme/Extension install dialog should be "Cancel" (and not "Install") - like it is in Seamonkey
Categories
(Toolkit :: Add-ons Manager, defect)
Toolkit
Add-ons Manager
Tracking
()
VERIFIED
DUPLICATE
of bug 240637
People
(Reporter: askwar, Assigned: bugs)
References
()
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040615 Firefox/0.9 (NESI) Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040615 Firefox/0.9 When installing an Extension (or Theme), a dialog window is shown with a warning text and a timeout. Only after the timeout has elapsed, the user can click on Install to get the Extension installed. However, he can also simply press Return, because "Install" has the default focus in this Extension install window. In Seamonkey 1.7, this is not so. Pressing return doesn't do anything. This behaviour "must" be duplicated in Fx. The reason I say "must", is that this can be a security problem for the user. For instance, take the URL I mentioned . This site tries to trick the user to install an XPI which will then install a so-called "Dialer". This is a malware program (for Windows) which resets the dial-up number to some extremely expensive number. Now, if the user did not pay close attention, he installed that dialer and thus has to reinstall the OS. While I *do* think that users are responsible for what they are doing on their computer, Fx should not make it too easy to have a user shoot himself. Reproducible: Always Steps to Reproduce: The URL I mentioned, is a porn site and thus contains "sexually explicit" material. In pre-0.9 (and pre-SM-1.7) times, it tried to install the XPI directly when the user entered the site. BTW: No, I don't go to such sites. But the site has been mentioned by Heise (a very large and influential german IT news site - http://www.heise.de/security/artikel/48349). This commentary by Heise sparked some very heated discussions in various german newsgroups.
Reporter | ||
Updated•20 years ago
|
Flags: blocking1.0?
Comment 1•20 years ago
|
||
It's pointless to hide a bug reported by the press, should not be "Security-Sensitive". Corresponding seamonkey bug is 149478. Problem due to forking?
Updated•20 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Reporter | ||
Comment 2•20 years ago
|
||
(In reply to comment #1) > It's pointless to hide a bug reported by the press, should not be > "Security-Sensitive". Well, I do think that it is security related, but I do agree that it should not be hidden. However, I cannot uncheck that checkbox. I would, if I could. Should I open another bug without the security check box checked? > Corresponding seamonkey bug is 149478. Yes, this seems to be very much related. > Problem due to forking? Don't know. Suppose so.
Comment 4•20 years ago
|
||
I think the place to fix this is here: http://lxr.mozilla.org/mozilla/source/toolkit/mozapps/xpinstall/content/xpinstallConfirm.js#44
Is this a duplicate of bug #240637 ?
Reporter | ||
Comment 6•20 years ago
|
||
(In reply to comment #5) > Is this a duplicate of bug #240637 ? Yes, I think so. *** This bug has been marked as a duplicate of 240637 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Updated•20 years ago
|
Flags: blocking-aviary1.0?
Updated•16 years ago
|
Product: Firefox → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•