If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Can install addons with entering the URL directly to the url bar even if the domain is not allowed to install

RESOLVED DUPLICATE of bug 322697

Status

()

Toolkit
Add-ons Manager
RESOLVED DUPLICATE of bug 322697
10 years ago
9 years ago

People

(Reporter: himorin, Unassigned)

Tracking

Trunk
x86
Windows XP
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

10 years ago
Step
0. erase all allowed domains for addon installation
1. open new tab
2. paste some url for .xpi into URL bar
3. press return
4. get software installation dialog

The same for FF3b5, FF2.0.0.14
The untrusted site waning is not displayed. This can be reproduced when the link is sent from other applications. Isn't this critical issue??
Severity: minor → normal
Status: UNCONFIRMED → NEW
Ever confirmed: true
See Bug 363591 Comment #2 for a quick explanation. I'm looking for the bug that added the xpinstall whitelist which explains this in greater detail. Essentially, the xpinstall whitelist is to prevent drive by installation prompts (similar in functionality to a popup blocker) from web pages and not to prevent user initiated installs as described in this bug.
From Bug 322697 Comment #7
See bug 259670 and bug 240552 (especially bug 240552, comment 38) for an
explanation.
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 322697
(Assignee)

Updated

9 years ago
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.