Closed
Bug 640695
Opened 14 years ago
Closed 14 years ago
Plugins can open a web page without the user's permission
Categories
(Firefox :: General, defect)
Firefox
General
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: majik, Unassigned)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
Almost every time I install a addon, after Firefox restarts, the addon opens a web page to congratulate me for installing the addon.
This is a violation of my privacy and a violation of my rights as user.
Maybe I didn't want to open that web page. Maybe I have metered bandwidth and opening that web page just cost me some money or meant I can spend a little less time on the web this month. Or maybe I don't want to open that addon's web page and give the company that made it forced ad impressions.
Additionally, this is a security risk. Any plug-in developer can force my browser to open any web page without asking first.
No software should ever be allowed to force my browser to open a web page without asking for my permission.
Reproducible: Always
Steps to Reproduce:
Example plugins include Firefox Sync, Adblock Plus and Greasemonkey.
Expected Results:
Any time some addon or other mechanism attempts to open a web page without my permission, present a dialog asking if I want to open the web page instead of assuming I want to open the web page.
Software should never be allowed to open a web page without asking permission first.
Comment 1•14 years ago
|
||
This is by design.
Every Extension can format your HDD, send your passwords to another server or open websites. Only jetpack based extensions can be controlled and jetpack extensions will probably replace the current extension system.
But unless that happens this bug can not be fixed.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•