261178 - In Options: "Allow web sites to instal software" triggers out viruses

Status: RESOLVED INVALID

(Firefox :: General, defect)

Description

[Peter]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10

This option allowed to install on my PC melicious virus keylogger.trojan when
accessed the affected web site (can't remember url). In my opinion this option
should be removed or at least turned off to let turn it on manually when it's
needed.
Why I think it is caused by this browser?
1. I'm currently using only Mozilla Firefox (I'm not using other browsers)
2. I didn't open any attachments, I didn't click "ok" in any popups, etc.
4. The virus has been existing since 2002 and I got it straight after I've
installed the Mozilla browser

Reproducible: Always
Steps to Reproduce:
1. Access the web site that spreads the virus (unfortunately can't remember the rl)
2.
3.

Actual Results:  
the virus instals itself on the PC under different file names, I've found it in
dc1.exe, issas32.exe, lol.dll

Comment 1

[Mike Connor [:mconnor]]

Its unlikely that you got the virus that way.  That preference refers to
allowing XPI packages to be installed, for extensions etc.  If the site isn't
known, you get the info bar stating that site X attempted to start an install. 
If you've previously chosen to allow that site to trigger installs, you get an
installation dialog that you can't accept for three seconds (to prevent various
hack-like tricks to get you to agree before you can read the prompt).

Resolving INVALID, this was either user-initiated or has nothing to do with
Firefox.  If you can provide a site that installs any sort of software without
both prompting and being in the allowed sites list, please reopen this bug with
those specific details.