Closed Bug 275683 Opened 21 years ago Closed 21 years ago

Software installation is not blocked when going directly to an XPI URL

Categories

(Toolkit :: Add-ons Manager, defect)

Product:
Toolkit
Component:
Add-ons Manager
Version:
1.7 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
VERIFIED INVALID

People

(Reporter: benw, Assigned: bugs)

Details

Firefox is supposed to block installation of externsions from non-whitelisted sites, but if I navigate directly to the URL of an XPI file the installation is not blocked. For example, typing this link in the URL bar: http://mozdev.xmundo.net/flashblock/flashblock-1.2.5.xpi goes straight to the software installation dialogue rather than giving me the blocked notification, I can install the extension without ever adding the site to the whitelist. Note that you must copy and paste or type the URL rather than clicking on it to reproduce the bug.
that is by design
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → INVALID
Huh? Why? Seems like a security hole to me.
Status: RESOLVED → VERIFIED
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.