Closed
Bug 483060
Opened 16 years ago
Closed 16 years ago
Microsoft .Net forces an add-on that disallows uninstall in Firefox
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 446139
People
(Reporter: mozilla, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7
This potentially could be an exploit by bad guys.
Microsoft .net update (Ver 3.5+) adds an add-on to Firefox, without user notification. Also it does not provide ordinary easy way to uninstall the add-on. Add-on's easy, open and transparent uninstall is a great feature of Firefox. This bug could potentially be used as exploits.
Detail:
Add-on has no Uninstall button, to allow Firefox user to easily uninstall the add-on.
Uninstalling is complicated to ordinary Firefox user, and requires admin rights. See Microsoft link above.
Firefox add-on methodology is user centric, does not require admin rights to install-uninstall.
On lighter side: No Uninstall button in an Add-on violates Firefox design ethics.
On serious side: Bad guys can exploit it, such as forced advertising, pop-ups, limit functions, break Firefox security, etc.
Please treat it as a bug.
Reproducible: Always
Steps to Reproduce:
1. Install Microsoft .net 3.5 update
2. In Firefox, open Tools--add-ons menu
3. In the list, select .net add-on. No Uninstall button to uninstall.
4. Must do complicated Registry edit and about:config editing, see Microsoft link above.
Actual Results:
Step 4 requires fairly high technical skills to rid the .net add-on. Admin rights is also required.
Expected Results:
Firefox should plug the hole to prevent potential exploit, be it by big guys or small.
Updated•16 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•