Closed
Bug 300885
Opened 19 years ago
Closed 19 years ago
Can bypass XPI whitelist by dragging .xpi link to another tab
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 259670
People
(Reporter: bzgimpson, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5 For non-whitelisted sites dragging an extension's .xpi link to an open tab instead of clicking will trigger the Software Installation dialog, rather than the yellow security bar. Reproducible: Always Steps to Reproduce: 1. Create a new profile or remove http://www.extensionsmirror.nl/ from whitelist 2. Open 2 tabs, surf to http://www.extensionsmirror.nl/ in one 3. Drag any of the "Install" extension links to the other tab Actual Results: Software Installation dialog prompts user to install from "unsafe" non-whitelisted site. Expected Results: Whitelist should function normally with the security bar popping to alert the user. To protect my computer, Firefox should prevent the site from installing software. Presumably related to Bug 284577? .xpi links could also be dragged to the statusbar to trigger the Software Installation dialog on my usual profile, but not on a new one.
|
||
Comment 1•19 years ago
|
||
Yeah, I see the same (but only with a new profile). Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b3) Gecko/20050714 Firefox/1.0+ ID:2005071423
|
||
Updated•19 years ago
|
Component: Software Update → Security
QA Contact: software.update → firefox
|
||
Comment 2•19 years ago
|
||
Surprised I didn't a dup fo this. CONFIRMING
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Comment 3•19 years ago
|
||
AFAIK, this is invalid. When dragging the xpi onto a new tab, the new tab becomes the source of the xpi. Since it is a blank page, the whitelist will not be triggered as it's assumed this is trusted. I could be wrong, but this is what I believe occurs. If it's not invalid, then probably a wontfix.
|
|
||
Comment 4•19 years ago
|
||
Retracting comment 3, thought reporter meant dragging into a blank tab (which is why I thought this would be invalid and such, oh well). Confirmed Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050715 Firefox/1.0+ ID:2005071506
|
||
Comment 5•19 years ago
|
||
That is the intended behavior. See bug 259670 and bug 240552, comment 38 for an explanation. *** This bug has been marked as a duplicate of 259670 ***
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•