Closed Bug 275683 Opened 20 years ago Closed 20 years ago

Software installation is not blocked when going directly to an XPI URL

Tracking

()

Status:

VERIFIED INVALID

People

(Reporter: benw, Assigned: bugs)

Details

Ben Williams

Reporter

Description

•

20 years ago

Firefox is supposed to block installation of externsions from non-whitelisted
sites, but if I navigate directly to the URL of an XPI file the installation is
not blocked. For example, typing this link in the URL bar:
http://mozdev.xmundo.net/flashblock/flashblock-1.2.5.xpi
goes straight to the software installation dialogue rather than giving me the
blocked notification, I can install the extension without ever adding the site
to the whitelist. Note that you must copy and paste or type the URL rather than
clicking on it to reproduce the bug.

Matthias Versen [:Matti]

Comment 1

•

20 years ago

that is by design

Status: UNCONFIRMED → RESOLVED

Closed: 20 years ago

Resolution: --- → INVALID

Ben Williams

Reporter

Comment 2

•

20 years ago

Huh? Why? Seems like a security hole to me.

Mike Kowalski

Updated

•

20 years ago

Status: RESOLVED → VERIFIED

Nobody; OK to take it and work on it

Updated

•

16 years ago

Product: Firefox → Toolkit

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Software installation is not blocked when going directly to an XPI URL

Categories

(Toolkit :: Add-ons Manager, defect)

Tracking

()

People

(Reporter: benw, Assigned: bugs)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Comment 2

Updated

Updated