Closed Bug 449262 Opened 17 years ago Closed 17 years ago

No confirmation for add-on installation

Categories

(Toolkit :: Add-ons Manager, defect)

Product:
Toolkit
Component:
Add-ons Manager
Version:
1.9.0 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 439681

People

(Reporter: brettwjohnson, Unassigned)

Details

Attachments

(3 files)

extensions.ini file for debug
220 bytes, text/plain
Details
extension.cache for debug
212 bytes, text/plain
Details
extension.rdf for debug
1.80 KB, application/rdf+xml
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 Although I have the TOOLS-OPTION-SeCURITY "Warn me when sites try to install add-ons" the addon window came up and told me a new addon had been installed. No dialogue was presented to request confirmation and no detail was presented on what add-on was installed. Reproducible: Always Steps to Reproduce: 1. 2. 3.
This message generally comes up after you install an add-on and restart the browser. So if you installed an add-on in your previous Firefox session, then continued using the browser, closed it and started it again only now - that's when this add-on would actually be installed, and the message would also show up only at that point. If that's not what happened for you, giving us the list of add-ons you have installed (Tools / Add-ons) would be a starting point.
I do not believe I installed any add-ons in a previous browser session. I *did* however run Microsoft Update just prior to this. I also updated Firefox recently, but don't recall how recently. Might have been today, might not. Extensions - none Themes - default only Plug-ins (top to bottom) (no way to get a text list, I can cut & paste?) Adobe Acrobat Java Platform SE Microsoft DRM Mozilla Default Plug-in Windows Media Player Plug-in DLL Interestingly enough the last time I looked Flash Player was listed (disabled), now it no longer shows up. Is this more Flash Player malware bypassing the ability of the browser to lock it out? As a test I went to Honda.com (a flash enabled site). Sure enough everything displays, so Flash Player is loaded, but Firefox is not listing it as an add-on - apparently bypassing the browser control. Either it's malware or it's using a private API? I will add from a security perspective, IMHO the default for updating add-ons should be FALSE. I *always* uncheck these, but periodically after an update the auto update gets re-enabled.
Did the initial dialog tell you what new add-on had just been installed?
No. IIRC the window had a line at the top saying "A new add-on has been installed. X" Below that there was nothing listed.
Summary: No confirmation for add-on → No confirmation for add-on installation
Does somebody know whether this window is also shown for installations outside of Firefox? E.g. if an add-on is installed via Windows registry or by unpacking the add-on to the extensions directory "manually". Would be one possible explanation - malware already active on computer and using the "hidden" flag to hide its extensions.
It is shown for all new add-on installs, even by third party applications. There are also a couple of problem cases which I haven't been able to properly identify where it pops up on its own. I have a suspicion of what this one is about though. Brett, Please can you attach copies of extensions.log, extensions.ini, extensions.cache and extensions.rdf from your profile folder to this bug report. If some of them don't exist let me know. http://support.mozilla.com/en-US/kb/Profiles
Component: Security → Add-ons Manager
Product: Firefox → Toolkit
QA Contact: firefox → extension.manager
Version: unspecified → 1.9.0 Branch
Folder path: C:\Documents and Settings\Brett W. Johnson\Application Data\Mozilla\Firefox\Profiles\fsk8z27s.default\ Files: extensions.rdf extensions.ini extensions.cache Had to unhide all the system files, since MS doesn't believe users should see this stuff. I will attach these files.
Attachment #332646 - Attachment description: extension file for debug → extensions.ini file for debug
Attachment #332646 - Attachment mime type: application/octet-stream → text/plain
Attachment #332647 - Attachment mime type: application/octet-stream → text/plain
Ok this is bug 439681, The Java runtime installs a hidden java console extension.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: