Microsoft .Net forces an add-on that disallows uninstall in Firefox

RESOLVED DUPLICATE of bug 446139

Status

()

Firefox
General
RESOLVED DUPLICATE of bug 446139
9 years ago
9 years ago

People

(Reporter: Steve, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

9 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7

This potentially could be an exploit by bad guys.
Microsoft .net update (Ver 3.5+) adds an add-on to Firefox, without user notification. Also it does not provide ordinary easy way to uninstall the add-on. Add-on's easy, open and transparent uninstall is a great feature of Firefox. This bug could potentially be used as exploits.
Detail:
Add-on has no Uninstall button, to allow Firefox user to easily uninstall the add-on. 
Uninstalling is complicated to ordinary Firefox user, and requires admin rights. See Microsoft link above. 

Firefox add-on methodology is user centric, does not require admin rights to install-uninstall.

On lighter side: No Uninstall button in an Add-on violates Firefox design ethics. 
On serious side: Bad guys can exploit it, such as forced advertising, pop-ups, limit functions, break Firefox security, etc.

Please treat it as a bug.


Reproducible: Always

Steps to Reproduce:
1. Install Microsoft .net 3.5 update
2. In Firefox, open Tools--add-ons menu
3. In the list, select .net add-on. No Uninstall button to uninstall.
4. Must do complicated Registry edit and about:config editing, see Microsoft link above.
Actual Results:  
Step 4 requires fairly high technical skills to rid the .net add-on. Admin rights is also required.

Expected Results:  
Firefox should plug the hole to prevent potential exploit, be it by big guys or small.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 446139
You need to log in before you can comment on or make changes to this bug.