User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:220.127.116.11) Gecko/2009021910 Firefox/3.0.7 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:18.104.22.168) Gecko/2009021910 Firefox/3.0.7 This potentially could be an exploit by bad guys. Microsoft .net update (Ver 3.5+) adds an add-on to Firefox, without user notification. Also it does not provide ordinary easy way to uninstall the add-on. Add-on's easy, open and transparent uninstall is a great feature of Firefox. This bug could potentially be used as exploits. Detail: Add-on has no Uninstall button, to allow Firefox user to easily uninstall the add-on. Uninstalling is complicated to ordinary Firefox user, and requires admin rights. See Microsoft link above. Firefox add-on methodology is user centric, does not require admin rights to install-uninstall. On lighter side: No Uninstall button in an Add-on violates Firefox design ethics. On serious side: Bad guys can exploit it, such as forced advertising, pop-ups, limit functions, break Firefox security, etc. Please treat it as a bug. Reproducible: Always Steps to Reproduce: 1. Install Microsoft .net 3.5 update 2. In Firefox, open Tools--add-ons menu 3. In the list, select .net add-on. No Uninstall button to uninstall. 4. Must do complicated Registry edit and about:config editing, see Microsoft link above. Actual Results: Step 4 requires fairly high technical skills to rid the .net add-on. Admin rights is also required. Expected Results: Firefox should plug the hole to prevent potential exploit, be it by big guys or small.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 446139
You need to log in before you can comment on or make changes to this bug.