Closed Bug 265351 Opened 20 years ago Closed 20 years ago

Referrer URL Added to Extension Whitelist can Install Extensions from Referred URL

Categories

(Toolkit :: Add-ons Manager, defect)

Product:
Toolkit
Component:
Add-ons Manager
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: paul, Assigned: bugs)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.3) Gecko/20041020 Firefox/1.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.3) Gecko/20041020 Firefox/1.0

Please note that this is not a duplicate of bug 261026 since that bug refers to
the wrong site being added to the whitelist will not allow the intended url to
install the extension. This bug refers to the fact that at
http://weblogs.mozillazine.org/doron/archives/006710.html, if the Get it Here
link is clicked on, Firefox will notify that http://weblogs.mozillazine.org
needs to be on the extensions whitelist. This is not the URL at which the
extension is located. So far, this seems to be the same as bug 261026, however,
the difference appears when the requested address (weblogs.mozillazine.org) is
added to the whitelist. Then, clicking on the link to
http://www.nexgenmedia.net/extensions/gm-notifier/gm-notifier_0_4_beta.xpi
brings up the confirmation dialogue for an installation ALTHOUGH nexgenmedia.net
is not on the whitelist.

Reproducible: Always
Steps to Reproduce:
1.Goto http://www.nexgenmedia.net/extensions/gm-notifier/gm-notifier_0_4_beta.xpi
2.Click on link to "Get it here"
3.If weblogs.mozillazine.org is not on whitelist, see notification bar that
Firefox blocked attempted install.
4.Add weblogs.mozillazine.org to whitelist, as browser requests.
5.Attempt to click on link again
6.See that Firefox pops up installation confirmation dialogue although the
domain of the extension (nexgenmedia.net) is not on the whitelist.

Actual Results:  
Firefox asked me whether I wished to install the extension.

Expected Results:  
As per bug 261026, the domain hosting the extension for installation should have
been notified in the notification bar of having been blocked. However, this not
being the case, adding the referrer (weblogs.mozillazine.org) to the whitelist
should not allow the browser to pop up a confirmation dialogue to install the
extension.
Sorry, I messed up the steps up there. The URL to "Goto" (Step 1) should be
http://weblogs.mozillazine.org/doron/archives/006710.html .
This is by design. See bug 240552 comment 38 and bug 240552 comment 60.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → INVALID
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.